initial import from svn trunk revision 2950
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..373ce23
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,37 @@
+SUBDIRS=libsepol libselinux libsemanage sepolgen checkpolicy policycoreutils # policy
+PYSUBDIRS=libselinux libsemanage
+
+ifeq ($(DEBUG),1)
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+ export LDFLAGS = -g
+endif
+
+install relabel:
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+install-pywrap swigify:
+ @for subdir in $(PYSUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+clean:
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+distclean:
+ @for subdir in libselinux libsemanage; do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+test:
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+indent:
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
diff --git a/checkpolicy/COPYING b/checkpolicy/COPYING
new file mode 100644
index 0000000..5b6e7c6
--- /dev/null
+++ b/checkpolicy/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+�
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+�
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+�
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+�
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/checkpolicy/ChangeLog b/checkpolicy/ChangeLog
new file mode 100644
index 0000000..21a7dd5
--- /dev/null
+++ b/checkpolicy/ChangeLog
@@ -0,0 +1,354 @@
+2.0.16 2008-05-27
+ * Update checkpolicy for user and role mapping support from Joshua Brindle.
+
+2.0.15 2008-05-05
+ * Fix for policy module versions that look like IPv4 addresses from Jim Carter.
+ Resolves bug 444451.
+
+2.0.14 2008-03-24
+ * Add permissive domain support from Eric Paris.
+
+2.0.13 2008-03-05
+ * Split out non-grammar parts of policy_parse.yacc into
+ policy_define.c and policy_define.h from Todd C. Miller.
+
+2.0.12 2008-03-04
+ * Initialize struct policy_file before using it, from Todd C. Miller.
+
+2.0.11 2008-03-03
+ * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller.
+
+2.0.10 2008-02-28
+ * Use yyerror2() where appropriate from Todd C. Miller.
+
+2.0.9 2008-02-04
+ * Update dispol for libsepol avtab changes from Stephen Smalley.
+
+2.0.8 2008-01-24
+ * Deprecate role dominance in parser.
+
+2.0.7 2008-01-02
+ * Added support for policy capabilities from Todd Miller.
+
+2.0.6 2007-11-15
+ * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
+
+2.0.5 2007-11-01
+ * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
+
+2.0.4 2007-09-18
+ * Merged handle unknown policydb flag support from Eric Paris.
+ Adds new command line options -U {allow, reject, deny} for selecting
+ the flag when a base module or kernel policy is built.
+
+2.0.3 2007-05-31
+ * Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
+ * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
+
+2.0.2 2007-04-12
+ * Merged checkmodule man page fix from Dan Walsh.
+
+2.0.1 2007-02-20
+ * Merged patch to allow dots in class identifiers from Caleb Case.
+
+2.0.0 2007-02-01
+ * Merged patch to use new libsepol error codes by Karl MacMillan.
+
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.1 2006-11-13
+ * Collapse user identifiers and identifiers together.
+
+1.32 2006-10-17
+ * Updated version for release.
+
+1.30.12 2006-09-28
+ * Merged user and range_transition support for modules from
+ Darrel Goeddel
+
+1.30.11 2006-09-05
+ * merged range_transition enhancements and user module format
+ changes from Darrel Goeddel
+
+1.30.10 2006-08-03
+ * Merged symtab datum patch from Karl MacMillan.
+
+1.30.9 2006-06-29
+ * Lindent.
+
+1.30.8 2006-06-29
+ * Merged patch to remove TE rule conflict checking from the parser
+ from Joshua Brindle. This can only be done properly by the
+ expander.
+
+1.30.7 2006-06-27
+ * Merged patch to make checkpolicy/checkmodule handling of
+ duplicate/conflicting TE rules the same as the expander
+ from Joshua Brindle.
+
+1.30.6 2006-06-26
+ * Merged optionals in base take 2 patch set from Joshua Brindle.
+
+1.30.5 2006-05-05
+ * Merged compiler cleanup patch from Karl MacMillan.
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.4 2006-04-05
+ * Changed require_class to reject permissions that have not been
+ declared if building a base module.
+
+1.30.3 2006-03-28
+ * Fixed checkmodule to call link_modules prior to expand_module
+ to handle optionals.
+
+1.30.2 2006-03-28
+ * Fixed require_class to avoid shadowing permissions already defined
+ in an inherited common definition.
+
+1.30.1 2006-03-22
+ * Moved processing of role and user require statements to 2nd pass.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.5 2006-03-09
+ * Fixed bug in role dominance (define_role_dom).
+
+1.29.4 2006-02-14
+ * Added a check for failure to declare each sensitivity in
+ a level definition.
+
+1.29.3 2006-02-13
+ * Changed to clone level data for aliased sensitivities to
+ avoid double free upon sens_destroy. Bug reported by Kevin
+ Carr of Tresys Technology.
+
+1.29.2 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.29.1 2006-02-01
+ * Merged sepol_av_to_string patch from Joshua Brindle.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.20 2005-12-02
+ * Merged checkmodule man page from Dan Walsh, and edited it.
+
+1.27.19 2005-12-01
+ * Added error checking of all ebitmap_set_bit calls for out of
+ memory conditions.
+
+1.27.18 2005-12-01
+ * Merged removal of compatibility handling of netlink classes
+ (requirement that policies with newer versions include the
+ netlink class definitions, remapping of fine-grained netlink
+ classes in newer source policies to single netlink class when
+ generating older policies) from George Coker.
+
+1.27.17 2005-10-25
+ * Merged dismod fix from Joshua Brindle.
+
+1.27.16 2005-10-20
+ * Removed obsolete cond_check_type_rules() function and call and
+ cond_optimize_lists() call from checkpolicy.c; these are handled
+ during parsing and expansion now.
+
+1.27.15 2005-10-19
+ * Updated calls to expand_module for interface change.
+
+1.27.14 2005-10-19
+ * Changed checkmodule to verify that expand_module succeeds
+ when building base modules.
+
+1.27.13 2005-10-19
+ * Merged module compiler fixes from Joshua Brindle.
+
+1.27.12 2005-10-19
+ * Removed direct calls to hierarchy_check_constraints() and
+ check_assertions() from checkpolicy since they are now called
+ internally by expand_module().
+
+1.27.11 2005-10-18
+ * Updated for changes to sepol policydb_index_others interface.
+
+1.27.10 2005-10-17
+ * Updated for changes to sepol expand_module and link_modules interfaces.
+
+1.27.9 2005-10-13
+ * Merged support for require blocks inside conditionals from
+ Joshua Brindle (Tresys).
+
+1.27.8 2005-10-06
+ * Updated for changes to libsepol.
+
+1.27.7 2005-10-05
+ * Merged several bug fixes from Joshua Brindle (Tresys).
+
+1.27.6 2005-10-03
+ * Merged MLS in modules patch from Joshua Brindle (Tresys).
+
+1.27.5 2005-09-28
+ * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
+
+1.27.4 2005-09-26
+ * Merged bugfix for dup role transition error messages from
+ Karl MacMillan (Tresys).
+
+1.27.3 2005-09-23
+ * Merged policyver/modulever patches from Joshua Brindle (Tresys).
+
+1.27.2 2005-09-20
+ * Fixed parse_categories handling of undefined category.
+
+1.27.1 2005-09-16
+ * Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.12 2005-08-22
+ * Fixed handling of validatetrans constraint expressions.
+ Bug reported by Dan Walsh for checkpolicy -M.
+
+1.25.11 2005-08-18
+ * Merged use-after-free fix from Serge Hallyn (IBM).
+ Bug found by Coverity.
+
+1.25.10 2005-08-15
+ * Fixed further memory leaks found by valgrind.
+
+1.25.9 2005-08-15
+ * Changed checkpolicy to destroy the policydbs prior to exit
+ to allow leak detection.
+ * Fixed several memory leaks found by valgrind.
+
+1.25.8 2005-08-11
+ * Updated checkpolicy and dispol for the new avtab format.
+ Converted users of ebitmaps to new inline operators.
+ Note: The binary policy format version has been incremented to
+ version 20 as a result of these changes. To build a policy
+ for a kernel that does not yet include these changes, use
+ the -c 19 option to checkpolicy.
+
+1.25.7 2005-08-11
+ * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
+
+1.25.6 2005-08-10
+ * Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
+
+1.25.5 2005-08-09
+ * Fixed call to hierarchy checking code to pass the right policydb.
+
+1.25.4 2005-08-02
+ * Merged patch to update dismod for the relocation of the
+ module read/write code from libsemanage to libsepol, and
+ to enable build of test subdirectory from Jason Tang (Tresys).
+
+1.25.3 2005-07-18
+ * Merged hierarchy check fix from Joshua Brindle (Tresys).
+
+1.25.2 2005-07-06
+ * Merged loadable module support from Tresys Technology.
+
+1.25.1 2005-06-24
+ * Merged patch to prohibit the use of * and ~ in type sets
+ (other than in neverallow statements) and in role sets
+ from Joshua Brindle (Tresys).
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.4 2005-05-19
+ * Merged cleanup patch from Dan Walsh.
+
+1.23.3 2005-05-13
+ * Added sepol_ prefix to Flask types to avoid namespace
+ collision with libselinux.
+
+1.23.2 2005-04-29
+ * Merged identifier fix from Joshua Brindle (Tresys).
+
+1.23.1 2005-04-13
+ * Merged hierarchical type/role patch from Tresys Technology.
+ * Merged MLS fixes from Darrel Goeddel of TCS.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.4 2005-02-17
+ * Moved genpolusers utility to libsepol.
+ * Merged range_transition support from Darrel Goeddel (TCS).
+
+1.21.3 2005-02-16
+ * Merged define_user() cleanup patch from Darrel Goeddel (TCS).
+
+1.21.2 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.1 2005-01-26
+ * Merged enhanced MLS support from Darrel Goeddel (TCS).
+
+1.20 2005-01-04
+ * Merged typeattribute statement patch from Darrel Goeddel of TCS.
+ * Changed genpolusers to handle multiple user config files.
+ * Merged nodecon ordering patch from Chad Hanson of TCS.
+
+1.18 2004-10-07
+ * MLS build fix.
+ * Fixed Makefile dependencies (Chris PeBenito).
+ * Merged fix for role dominance ordering issue from Chad Hanson of TCS.
+ * Preserve portcon ordering and apply more checking.
+
+1.16 2004-08-13
+ * Allow empty conditional clauses.
+ * Moved genpolbools utility to libsepol.
+ * Updated for libsepol set functions.
+ * Changed to link with libsepol.a.
+ * Moved core functionality into libsepol.
+ * Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys.
+ * Added genpolusers program.
+ * Fixed bug in checkpolicy conditional code.
+
+1.14 2004-06-28
+ * Merged fix for MLS logic from Daniel Thayer of TCS.
+ * Require semicolon terminator for typealias statement.
+
+1.12 2004-06-16
+ * Merged fine-grained netlink class support.
+
+1.10 2004-04-07
+ * Merged ipv6 support from James Morris of RedHat.
+ * Fixed compute_av bug discovered by Chad Hanson of TCS.
+
+1.8 2004-03-09
+ * Merged policydb MLS patch from Chad Hanson of TCS.
+ * Fixed mmap of policy file.
+
+1.6 2004-02-18
+ * Merged conditional policy extensions from Tresys Technology.
+ * Added typealias declaration support per Russell Coker's request.
+ * Added support for excluding types from type sets based on
+ a patch by David Caplan, but reimplemented as a change to the
+ policy grammar.
+ * Merged patch from Colin Walters to report source file name and line
+ number for errors when available.
+ * Un-deprecated role transitions.
+
+1.4 2003-12-01
+ * Regenerated headers.
+ * Merged patches from Bastian Blank and Joerg Hoh.
+
+1.2 2003-09-30
+ * Merged MLS build patch from Karl MacMillan of Tresys.
+ * Merged checkpolicy man page from Magosanyi Arpad.
+
+1.1 2003-08-13
+ * Fixed endian bug in policydb_write for behavior value.
+ * License -> GPL.
+ * Merged coding style cleanups from James Morris.
+
+1.0 2003-07-11
+ * Initial public release.
+
diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
new file mode 100644
index 0000000..e5fae3d
--- /dev/null
+++ b/checkpolicy/Makefile
@@ -0,0 +1,64 @@
+#
+# Makefile for building the checkpolicy program
+#
+PREFIX ?= $(DESTDIR)/usr
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+TARGETS = checkpolicy checkmodule
+
+YACC = bison -y
+
+CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
+
+override CFLAGS += -I. -I${INCLUDEDIR}
+
+CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
+ policy_define.o
+CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
+CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
+
+LDLIBS=$(LIBDIR)/libsepol.a -lfl
+
+GENERATED=lex.yy.c y.tab.c y.tab.h
+
+all: $(TARGETS)
+ $(MAKE) -C test
+
+checkpolicy: $(CHECKPOLOBJS)
+
+checkmodule: $(CHECKMODOBJS)
+
+%.o: %.c
+ $(CC) $(CFLAGS) -o $@ -c $<
+
+y.tab.o: y.tab.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
+
+lex.yy.o: lex.yy.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -o $@ -c $<
+
+y.tab.c: policy_parse.y
+ $(YACC) -d policy_parse.y
+
+lex.yy.c: policy_scan.l y.tab.c
+ $(LEX) policy_scan.l
+
+install: all
+ -mkdir -p $(BINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 755 $(TARGETS) $(BINDIR)
+ install -m 644 checkpolicy.8 $(MANDIR)/man8
+ install -m 644 checkmodule.8 $(MANDIR)/man8
+
+relabel: install
+ /sbin/restorecon $(BINDIR)/checkpolicy
+ /sbin/restorecon $(BINDIR)/checkmodule
+
+clean:
+ -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
+ $(MAKE) -C test clean
+
+indent:
+ ../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
diff --git a/checkpolicy/VERSION b/checkpolicy/VERSION
new file mode 100644
index 0000000..a14da29
--- /dev/null
+++ b/checkpolicy/VERSION
@@ -0,0 +1 @@
+2.0.16
diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
new file mode 100644
index 0000000..7bc4fd2
--- /dev/null
+++ b/checkpolicy/checkmodule.8
@@ -0,0 +1,58 @@
+.TH CHECKMODULE 8
+.SH NAME
+checkmodule \- SELinux policy module compiler
+.SH SYNOPSIS
+.B checkmodule
+.I "[-b] [-m] [-M] [-V] [-o output_file] [input_file]"
+.SH "DESCRIPTION"
+This manual page describes the
+.BR checkmodule
+command.
+.PP
+.B checkmodule
+is a program that checks and compiles a SELinux security policy module
+into a binary representation. It can generate either a base policy
+module (default) or a non-base policy module (-m option); typically,
+you would build a non-base policy module to add to an existing module
+store that already has a base module provided by the base policy. Use
+semodule_package to combine this module with its optional file
+contexts to create a policy package, and then use semodule to install
+the module package into the module store and load the resulting policy.
+
+.SH OPTIONS
+.TP
+.B \-b
+Read an existing binary policy module file rather than a source policy
+module file. This option is a development/debugging aid.
+.TP
+.B \-m
+Generate a non-base policy module.
+.TP
+.B \-M
+Enable the MLS/MCS support when checking and compiling the policy module.
+.TP
+.B \-V
+ Show policy versions created by this program
+.TP
+.B \-o filename
+Write a binary policy module file to the specified filename.
+Otherwise, checkmodule will only check the syntax of the module source file
+and will not generate a binary module at all.
+
+.SH EXAMPLE
+.nf
+# Build a MLS/MCS-enabled non-base policy module.
+$ checkmodule -M -m httpd.te -o httpd.mod
+.fi
+
+.SH "SEE ALSO"
+.B semodule(8), semodule_package(8)
+SELinux documentation at http://www.nsa.gov/selinux,
+especially "Configuring the SELinux Policy".
+
+
+.SH AUTHOR
+This manual page was copied from the checkpolicy man page
+written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
+and edited by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
new file mode 100644
index 0000000..cbbaca2
--- /dev/null
+++ b/checkpolicy/checkmodule.c
@@ -0,0 +1,291 @@
+/*
+ * Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ *
+ * Copyright (C) 2004-5 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <getopt.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/sidtab.h>
+
+#include "queue.h"
+#include "checkpolicy.h"
+#include "parse_util.h"
+
+extern char *optarg;
+extern int optind;
+
+static sidtab_t sidtab;
+
+extern int mlspol;
+
+static int handle_unknown = SEPOL_DENY_UNKNOWN;
+static char *txtfile = "policy.conf";
+static char *binfile = "policy";
+
+unsigned int policy_type = POLICY_BASE;
+unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
+
+static int read_binary_policy(policydb_t * p, char *file, char *progname)
+{
+ int fd;
+ struct stat sb;
+ void *map;
+ struct policy_file f, *fp;
+
+ fd = open(file, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ file, strerror(errno));
+ return -1;
+ }
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, "Can't stat '%s': %s\n",
+ file, strerror(errno));
+ return -1;
+ }
+ map =
+ mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, "Can't map '%s': %s\n", file, strerror(errno));
+ return -1;
+ }
+ policy_file_init(&f);
+ f.type = PF_USE_MEMORY;
+ f.data = map;
+ f.len = sb.st_size;
+ fp = &f;
+
+ if (policydb_init(p)) {
+ fprintf(stderr, "%s: policydb_init: Out of memory!\n",
+ progname);
+ return -1;
+ }
+ if (policydb_read(p, fp, 1)) {
+ fprintf(stderr,
+ "%s: error(s) encountered while parsing configuration\n",
+ progname);
+ return -1;
+ }
+
+ /* Check Policy Consistency */
+ if (p->mls) {
+ if (!mlspol) {
+ fprintf(stderr, "%s: MLS policy, but non-MLS"
+ " is specified\n", progname);
+ return -1;
+ }
+ } else {
+ if (mlspol) {
+ fprintf(stderr, "%s: non-MLS policy, but MLS"
+ " is specified\n", progname);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int write_binary_policy(policydb_t * p, char *file, char *progname)
+{
+ FILE *outfp = NULL;
+ struct policy_file pf;
+ int ret;
+
+ printf("%s: writing binary representation (version %d) to %s\n",
+ progname, policyvers, file);
+
+ outfp = fopen(file, "w");
+ if (!outfp) {
+ perror(file);
+ exit(1);
+ }
+
+ p->policy_type = policy_type;
+ p->policyvers = policyvers;
+ p->handle_unknown = handle_unknown;
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_STDIO;
+ pf.fp = outfp;
+ ret = policydb_write(p, &pf);
+ if (ret) {
+ fprintf(stderr, "%s: error writing %s\n", progname, file);
+ return -1;
+ }
+ fclose(outfp);
+ return 0;
+}
+
+static void usage(char *progname)
+{
+ printf("usage: %s [-V] [-b] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
+ printf("Build base and policy modules.\n");
+ printf("Options:\n");
+ printf(" INPUT build module from INPUT (else read from \"%s\")\n",
+ txtfile);
+ printf(" -V show policy versions created by this program\n");
+ printf(" -b treat input as a binary policy file\n");
+ printf(" -U OPTION How to handle unknown classes and permissions\n");
+ printf(" deny: Deny unknown kernel checks\n");
+ printf(" reject: Reject loading of policy with unknowns\n");
+ printf(" allow: Allow unknown kernel checks\n");
+ printf(" -m build a policy module instead of a base module\n");
+ printf(" -M enable MLS policy\n");
+ printf(" -o FILE write module to FILE (else just check syntax)\n");
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ char *file = txtfile, *outfile = NULL;
+ unsigned int binary = 0;
+ int ch;
+ int show_version = 0;
+ policydb_t modpolicydb;
+
+ while ((ch = getopt(argc, argv, "ho:dbVU:mM")) != EOF) {
+ switch (ch) {
+ case 'h':
+ usage(argv[0]);
+ break;
+ case 'o':
+ outfile = optarg;
+ break;
+ case 'b':
+ binary = 1;
+ file = binfile;
+ break;
+ case 'V':
+ show_version = 1;
+ break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
+ case 'm':
+ policy_type = POLICY_MOD;
+ policyvers = MOD_POLICYDB_VERSION_MAX;
+ break;
+ case 'M':
+ mlspol = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (show_version) {
+ printf("Module versions %d-%d\n",
+ MOD_POLICYDB_VERSION_MIN, MOD_POLICYDB_VERSION_MAX);
+ exit(0);
+ }
+
+ if (handle_unknown && (policy_type != POLICY_BASE)) {
+ printf("Handling of unknown classes and permissions is only ");
+ printf("valid in the base module\n");
+ exit(1);
+ }
+
+ if (optind != argc) {
+ file = argv[optind++];
+ if (optind != argc)
+ usage(argv[0]);
+ }
+ printf("%s: loading policy configuration from %s\n", argv[0], file);
+
+ /* Set policydb and sidtab used by libsepol service functions
+ to my structures, so that I can directly populate and
+ manipulate them. */
+ sepol_set_policydb(&modpolicydb);
+ sepol_set_sidtab(&sidtab);
+
+ if (binary) {
+ if (read_binary_policy(&modpolicydb, file, argv[0]) == -1) {
+ exit(1);
+ }
+ } else {
+ if (policydb_init(&modpolicydb)) {
+ fprintf(stderr, "%s: out of memory!\n", argv[0]);
+ return -1;
+ }
+
+ modpolicydb.policy_type = policy_type;
+ modpolicydb.mls = mlspol;
+ modpolicydb.handle_unknown = handle_unknown;
+
+ if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
+ exit(1);
+ }
+
+ if (hierarchy_check_constraints(NULL, &modpolicydb)) {
+ return -1;
+ }
+ }
+
+ if (modpolicydb.policy_type == POLICY_BASE) {
+ /* Verify that we can successfully expand the base module. */
+ policydb_t kernpolicydb;
+
+ if (policydb_init(&kernpolicydb)) {
+ fprintf(stderr, "%s: policydb_init failed\n", argv[0]);
+ exit(1);
+ }
+ if (link_modules(NULL, &modpolicydb, NULL, 0, 0)) {
+ fprintf(stderr, "%s: link modules failed\n", argv[0]);
+ exit(1);
+ }
+ if (expand_module(NULL, &modpolicydb, &kernpolicydb, 0, 1)) {
+ fprintf(stderr, "%s: expand module failed\n", argv[0]);
+ exit(1);
+ }
+ policydb_destroy(&kernpolicydb);
+ }
+
+ if (policydb_load_isids(&modpolicydb, &sidtab))
+ exit(1);
+
+ sepol_sidtab_destroy(&sidtab);
+
+ printf("%s: policy configuration loaded\n", argv[0]);
+
+ if (outfile &&
+ write_binary_policy(&modpolicydb, outfile, argv[0]) == -1) {
+ exit(1);
+ }
+ policydb_destroy(&modpolicydb);
+
+ return 0;
+}
+
+/* FLASK */
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
new file mode 100644
index 0000000..ca831e5
--- /dev/null
+++ b/checkpolicy/checkpolicy.8
@@ -0,0 +1,44 @@
+.TH CHECKPOLICY 8
+.SH NAME
+checkpolicy \- SELinux policy compiler
+.SH SYNOPSIS
+.B checkpolicy
+.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]"
+.br
+.SH "DESCRIPTION"
+This manual page describes the
+.BR checkpolicy
+command.
+.PP
+.B checkpolicy
+is a program that checks and compiles a SELinux security policy configuration
+into a binary representation that can be loaded into the kernel. If no
+input file name is specified, checkpolicy will attempt to read from
+policy.conf or policy, depending on whether the -b flag is specified.
+
+.SH OPTIONS
+.TP
+.B \-b
+Read an existing binary policy file rather than a source policy.conf file.
+.TP
+.B \-d
+Enter debug mode after loading the policy.
+.TP
+.B \-M
+Enable the MLS policy when checking and compiling the policy.
+.TP
+.B \-o filename
+Write a binary policy file to the specified filename.
+.TP
+.B \-c policyvers
+Specify the policy version, defaults to the latest.
+
+.SH "SEE ALSO"
+SELinux documentation at http://www.nsa.gov/selinux,
+especially "Configuring the SELinux Policy".
+
+
+.SH AUTHOR
+This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
+and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
new file mode 100644
index 0000000..d7772d5
--- /dev/null
+++ b/checkpolicy/checkpolicy.c
@@ -0,0 +1,1051 @@
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: James Morris <jmorris@intercode.com.au>
+ *
+ * Added IPv6 support.
+ *
+ * Updated: Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Policy Module support.
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2005 Tresys Technology, LLC
+ * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/* FLASK */
+
+/*
+ * checkpolicy
+ *
+ * Load and check a policy configuration.
+ *
+ * A policy configuration is created in a text format,
+ * and then compiled into a binary format for use by
+ * the security server. By default, checkpolicy reads
+ * the text format. If '-b' is specified, then checkpolicy
+ * reads the binary format instead.
+ *
+ * If '-o output_file' is specified, then checkpolicy
+ * writes the binary format version of the configuration
+ * to the specified output file.
+ *
+ * If '-d' is specified, then checkpolicy permits the user
+ * to interactively test the security server functions with
+ * the loaded policy configuration.
+ *
+ * If '-c' is specified, then the supplied parameter is used to
+ * determine which policy version to use for generating binary
+ * policy. This is for compatibility with older kernels. If any
+ * booleans or conditional rules are thrown away a warning is printed.
+ */
+
+#include <getopt.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/link.h>
+
+#include "queue.h"
+#include "checkpolicy.h"
+#include "parse_util.h"
+
+extern char *optarg;
+extern int optind;
+
+static policydb_t policydb;
+static sidtab_t sidtab;
+
+extern policydb_t *policydbp;
+extern int mlspol;
+
+static int handle_unknown = SEPOL_DENY_UNKNOWN;
+static char *txtfile = "policy.conf";
+static char *binfile = "policy";
+
+unsigned int policyvers = POLICYDB_VERSION_MAX;
+
+void usage(char *progname)
+{
+ printf
+ ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
+ progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
+ exit(1);
+}
+
+#define FGETS(out, size, in) \
+if (fgets(out,size,in)==NULL) { \
+ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,\
+ strerror(errno)); \
+ exit(1);\
+}
+static int print_sid(sepol_security_id_t sid,
+ context_struct_t * context
+ __attribute__ ((unused)), void *data
+ __attribute__ ((unused)))
+{
+ sepol_security_context_t scontext;
+ size_t scontext_len;
+ int rc;
+
+ rc = sepol_sid_to_context(sid, &scontext, &scontext_len);
+ if (rc)
+ printf("sid %d -> error %d\n", sid, rc);
+ else {
+ printf("sid %d -> scontext %s\n", sid, scontext);
+ free(scontext);
+ }
+ return 0;
+}
+
+struct val_to_name {
+ unsigned int val;
+ char *name;
+};
+
+static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ struct val_to_name *v = p;
+ perm_datum_t *perdatum;
+
+ perdatum = (perm_datum_t *) datum;
+
+ if (v->val == perdatum->s.value) {
+ v->name = key;
+ return 1;
+ }
+
+ return 0;
+}
+
+#ifdef EQUIVTYPES
+static int insert_type_rule(avtab_key_t * k, avtab_datum_t * d,
+ struct avtab_node *type_rules)
+{
+ struct avtab_node *p, *c, *n;
+
+ for (p = type_rules, c = type_rules->next; c; p = c, c = c->next) {
+ /*
+ * Find the insertion point, keeping the list
+ * ordered by source type, then target type, then
+ * target class.
+ */
+ if (k->source_type < c->key.source_type)
+ break;
+ if (k->source_type == c->key.source_type &&
+ k->target_type < c->key.target_type)
+ break;
+ if (k->source_type == c->key.source_type &&
+ k->target_type == c->key.target_type &&
+ k->target_class < c->key.target_class)
+ break;
+ }
+
+ /* Insert the rule */
+ n = malloc(sizeof(struct avtab_node));
+ if (!n) {
+ fprintf(stderr, "out of memory\n");
+ exit(1);
+ }
+
+ n->key = *k;
+ n->datum = *d;
+ n->next = p->next;
+ p->next = n;
+ return 0;
+}
+
+static int create_type_rules(avtab_key_t * k, avtab_datum_t * d, void *args)
+{
+ struct avtab_node *type_rules = args;
+
+ if (d->specified & AVTAB_ALLOWED) {
+ /*
+ * Insert the rule into the lists for both
+ * the source type and the target type.
+ */
+ if (insert_type_rule(k, d, &type_rules[k->source_type - 1]))
+ return -1;
+ if (insert_type_rule(k, d, &type_rules[k->target_type - 1]))
+ return -1;
+ }
+
+ return 0;
+}
+
+static void free_type_rules(struct avtab_node *l)
+{
+ struct avtab_node *tmp;
+
+ while (l) {
+ tmp = l;
+ l = l->next;
+ free(tmp);
+ }
+}
+
+static int identify_equiv_types(void)
+{
+ struct avtab_node *type_rules, *l1, *l2;
+ int i, j;
+
+ /*
+ * Create a list of access vector rules for each type
+ * from the access vector table.
+ */
+ type_rules = malloc(sizeof(struct avtab_node) * policydb.p_types.nprim);
+ if (!type_rules) {
+ fprintf(stderr, "out of memory\n");
+ exit(1);
+ }
+ memset(type_rules, 0,
+ sizeof(struct avtab_node) * policydb.p_types.nprim);
+ if (avtab_map(&policydb.te_avtab, create_type_rules, type_rules))
+ exit(1);
+
+ /*
+ * Compare the type lists and identify equivalent types.
+ */
+ for (i = 0; i < policydb.p_types.nprim - 1; i++) {
+ if (!type_rules[i].next)
+ continue;
+ for (j = i + 1; j < policydb.p_types.nprim; j++) {
+ for (l1 = type_rules[i].next, l2 = type_rules[j].next;
+ l1 && l2; l1 = l1->next, l2 = l2->next) {
+ if (l2->key.source_type == (j + 1)) {
+ if (l1->key.source_type != (i + 1))
+ break;
+ } else {
+ if (l1->key.source_type !=
+ l2->key.source_type)
+ break;
+ }
+ if (l2->key.target_type == (j + 1)) {
+ if (l1->key.target_type != (i + 1))
+ break;
+ } else {
+ if (l1->key.target_type !=
+ l2->key.target_type)
+ break;
+ }
+ if (l1->key.target_class != l2->key.target_class
+ || l1->datum.allowed != l2->datum.allowed)
+ break;
+ }
+ if (l1 || l2)
+ continue;
+ free_type_rules(type_rules[j].next);
+ type_rules[j].next = NULL;
+ printf("Types %s and %s are equivalent.\n",
+ policydb.p_type_val_to_name[i],
+ policydb.p_type_val_to_name[j]);
+ }
+ free_type_rules(type_rules[i].next);
+ type_rules[i].next = NULL;
+ }
+
+ free(type_rules);
+ return 0;
+}
+#endif
+
+extern char *av_to_string(uint32_t tclass, sepol_access_vector_t av);
+
+int display_bools()
+{
+ int i;
+
+ for (i = 0; i < policydbp->p_bools.nprim; i++) {
+ printf("%s : %d\n", policydbp->p_bool_val_to_name[i],
+ policydbp->bool_val_to_struct[i]->state);
+ }
+ return 0;
+}
+
+void display_expr(cond_expr_t * exp)
+{
+
+ cond_expr_t *cur;
+ for (cur = exp; cur != NULL; cur = cur->next) {
+ switch (cur->expr_type) {
+ case COND_BOOL:
+ printf("%s ",
+ policydbp->p_bool_val_to_name[cur->bool - 1]);
+ break;
+ case COND_NOT:
+ printf("! ");
+ break;
+ case COND_OR:
+ printf("|| ");
+ break;
+ case COND_AND:
+ printf("&& ");
+ break;
+ case COND_XOR:
+ printf("^ ");
+ break;
+ case COND_EQ:
+ printf("== ");
+ break;
+ case COND_NEQ:
+ printf("!= ");
+ break;
+ default:
+ printf("error!");
+ break;
+ }
+ }
+}
+
+int display_cond_expressions()
+{
+ cond_node_t *cur;
+
+ for (cur = policydbp->cond_list; cur != NULL; cur = cur->next) {
+ printf("expression: ");
+ display_expr(cur->expr);
+ printf("current state: %d\n", cur->cur_state);
+ }
+ return 0;
+}
+
+int change_bool(char *name, int state)
+{
+ cond_bool_datum_t *bool;
+
+ bool = hashtab_search(policydbp->p_bools.table, name);
+ if (bool == NULL) {
+ printf("Could not find bool %s\n", name);
+ return -1;
+ }
+ bool->state = state;
+ evaluate_conds(policydbp);
+ return 0;
+}
+
+static int check_level(hashtab_key_t key, hashtab_datum_t datum, void *arg)
+{
+ level_datum_t *levdatum = (level_datum_t *) datum;
+
+ if (!levdatum->isalias && !levdatum->defined) {
+ fprintf(stderr,
+ "Error: sensitivity %s was not used in a level definition!\n",
+ key);
+ return -1;
+ }
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ sepol_security_class_t tclass;
+ sepol_security_id_t ssid, tsid, *sids;
+ sepol_security_context_t scontext;
+ struct sepol_av_decision avd;
+ class_datum_t *cladatum;
+ char ans[80 + 1], *file = txtfile, *outfile = NULL, *path, *fstype;
+ size_t scontext_len, pathlen;
+ unsigned int i;
+ unsigned int protocol, port;
+ unsigned int binary = 0, debug = 0;
+ struct val_to_name v;
+ int ret, ch, fd;
+ unsigned int nel, uret;
+ struct stat sb;
+ void *map;
+ FILE *outfp = NULL;
+ char *name;
+ int state;
+ int show_version = 0;
+ struct policy_file pf;
+
+ while ((ch = getopt(argc, argv, "o:dbU:MVc:")) != EOF) {
+ switch (ch) {
+ case 'o':
+ outfile = optarg;
+ break;
+ case 'b':
+ binary = 1;
+ file = binfile;
+ break;
+ case 'd':
+ debug = 1;
+ break;
+ case 'V':
+ show_version = 1;
+ break;
+ case 'U':
+ if (!strcasecmp(optarg, "deny")) {
+ handle_unknown = DENY_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "allow")) {
+ handle_unknown = ALLOW_UNKNOWN;
+ break;
+ }
+ if (!strcasecmp(optarg, "reject")) {
+ handle_unknown = REJECT_UNKNOWN;
+ break;
+ }
+ usage(argv[0]);
+ case 'M':
+ mlspol = 1;
+ break;
+ case 'c':{
+ long int n = strtol(optarg, NULL, 10);
+ if (errno) {
+ fprintf(stderr,
+ "Invalid policyvers specified: %s\n",
+ optarg);
+ usage(argv[0]);
+ exit(1);
+ }
+ if (n < POLICYDB_VERSION_MIN
+ || n > POLICYDB_VERSION_MAX) {
+ fprintf(stderr,
+ "policyvers value %ld not in range %d-%d\n",
+ n, POLICYDB_VERSION_MIN,
+ POLICYDB_VERSION_MAX);
+ usage(argv[0]);
+ exit(1);
+ }
+ if (policyvers != n)
+ policyvers = n;
+ break;
+ }
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (show_version) {
+ printf("%d (compatibility range %d-%d)\n", policyvers,
+ POLICYDB_VERSION_MAX, POLICYDB_VERSION_MIN);
+ exit(0);
+ }
+
+ if (optind != argc) {
+ file = argv[optind++];
+ if (optind != argc)
+ usage(argv[0]);
+ }
+ printf("%s: loading policy configuration from %s\n", argv[0], file);
+
+ /* Set policydb and sidtab used by libsepol service functions
+ to my structures, so that I can directly populate and
+ manipulate them. */
+ sepol_set_policydb(&policydb);
+ sepol_set_sidtab(&sidtab);
+
+ if (binary) {
+ fd = open(file, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ file, strerror(errno));
+ exit(1);
+ }
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, "Can't stat '%s': %s\n",
+ file, strerror(errno));
+ exit(1);
+ }
+ map =
+ mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE,
+ fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, "Can't map '%s': %s\n",
+ file, strerror(errno));
+ exit(1);
+ }
+ policy_file_init(&pf);
+ pf.type = PF_USE_MEMORY;
+ pf.data = map;
+ pf.len = sb.st_size;
+ if (policydb_init(&policydb)) {
+ fprintf(stderr, "%s: policydb_init: Out of memory!\n",
+ argv[0]);
+ exit(1);
+ }
+ ret = policydb_read(&policydb, &pf, 1);
+ if (ret) {
+ fprintf(stderr,
+ "%s: error(s) encountered while parsing configuration\n",
+ argv[0]);
+ exit(1);
+ }
+ policydbp = &policydb;
+
+ /* Check Policy Consistency */
+ if (policydbp->mls) {
+ if (!mlspol) {
+ fprintf(stderr, "%s: MLS policy, but non-MLS"
+ " is specified\n", argv[0]);
+ exit(1);
+ }
+ } else {
+ if (mlspol) {
+ fprintf(stderr, "%s: non-MLS policy, but MLS"
+ " is specified\n", argv[0]);
+ exit(1);
+ }
+ }
+ } else {
+ policydb_t parse_policy;
+
+ if (policydb_init(&parse_policy))
+ exit(1);
+ /* We build this as a base policy first since that is all the parser understands */
+ parse_policy.policy_type = POLICY_BASE;
+
+ /* Let sepol know if we are dealing with MLS support */
+ parse_policy.mls = mlspol;
+ parse_policy.handle_unknown = handle_unknown;
+
+ policydbp = &parse_policy;
+
+ if (read_source_policy(policydbp, file, "checkpolicy") < 0)
+ exit(1);
+
+ if (hashtab_map(policydbp->p_levels.table, check_level, NULL))
+ exit(1);
+
+ if (policydb_init(&policydb)) {
+ fprintf(stderr, "%s: policydb_init failed\n", argv[0]);
+ exit(1);
+ }
+
+ /* Linking takes care of optional avrule blocks */
+ if (link_modules(NULL, &parse_policy, NULL, 0, 0)) {
+ fprintf(stderr, "Error while resolving optionals\n");
+ exit(1);
+ }
+
+ if (expand_module(NULL, &parse_policy, &policydb, 0, 1)) {
+ fprintf(stderr, "Error while expanding policy\n");
+ exit(1);
+ }
+ policydb_destroy(&parse_policy);
+ policydbp = &policydb;
+ }
+
+ if (policydb_load_isids(&policydb, &sidtab))
+ exit(1);
+
+ printf("%s: policy configuration loaded\n", argv[0]);
+
+ if (outfile) {
+ printf
+ ("%s: writing binary representation (version %d) to %s\n",
+ argv[0], policyvers, outfile);
+ outfp = fopen(outfile, "w");
+ if (!outfp) {
+ perror(outfile);
+ exit(1);
+ }
+
+ policydb.policy_type = POLICY_KERN;
+ policydb.policyvers = policyvers;
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_STDIO;
+ pf.fp = outfp;
+ ret = policydb_write(&policydb, &pf);
+ if (ret) {
+ fprintf(stderr, "%s: error writing %s\n",
+ argv[0], outfile);
+ exit(1);
+ }
+ fclose(outfp);
+ }
+ if (!debug) {
+ policydb_destroy(&policydb);
+ exit(0);
+ }
+
+ menu:
+ printf("\nSelect an option:\n");
+ printf("0) Call compute_access_vector\n");
+ printf("1) Call sid_to_context\n");
+ printf("2) Call context_to_sid\n");
+ printf("3) Call transition_sid\n");
+ printf("4) Call member_sid\n");
+ printf("5) Call change_sid\n");
+ printf("6) Call list_sids\n");
+ printf("7) Call load_policy\n");
+ printf("8) Call fs_sid\n");
+ printf("9) Call port_sid\n");
+ printf("a) Call netif_sid\n");
+ printf("b) Call node_sid\n");
+ printf("c) Call fs_use\n");
+ printf("d) Call genfs_sid\n");
+ printf("e) Call get_user_sids\n");
+ printf("f) display conditional bools\n");
+ printf("g) display conditional expressions\n");
+ printf("h) change a boolean value\n");
+#ifdef EQUIVTYPES
+ printf("z) Show equivalent types\n");
+#endif
+ printf("m) Show menu again\n");
+ printf("q) Exit\n");
+ while (1) {
+ printf("\nChoose: ");
+ FGETS(ans, sizeof(ans), stdin);
+ switch (ans[0]) {
+ case '0':
+ printf("source sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ssid = atoi(ans);
+
+ printf("target sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ tsid = atoi(ans);
+
+ printf("target class? ");
+ FGETS(ans, sizeof(ans), stdin);
+ if (isdigit(ans[0])) {
+ tclass = atoi(ans);
+ if (!tclass
+ || tclass > policydb.p_classes.nprim) {
+ printf("\nNo such class.\n");
+ break;
+ }
+ cladatum =
+ policydb.class_val_to_struct[tclass - 1];
+ } else {
+ ans[strlen(ans) - 1] = 0;
+ cladatum =
+ (class_datum_t *) hashtab_search(policydb.
+ p_classes.
+ table,
+ ans);
+ if (!cladatum) {
+ printf("\nNo such class\n");
+ break;
+ }
+ tclass = cladatum->s.value;
+ }
+
+ if (!cladatum->comdatum && !cladatum->permissions.nprim) {
+ printf
+ ("\nNo access vector definition for that class\n");
+ break;
+ }
+ ret = sepol_compute_av(ssid, tsid, tclass, 0, &avd);
+ switch (ret) {
+ case 0:
+ printf("\nallowed {");
+ for (i = 1; i <= sizeof(avd.allowed) * 8; i++) {
+ if (avd.allowed & (1 << (i - 1))) {
+ v.val = i;
+ ret =
+ hashtab_map(cladatum->
+ permissions.
+ table,
+ find_perm, &v);
+ if (!ret && cladatum->comdatum) {
+ ret =
+ hashtab_map
+ (cladatum->
+ comdatum->
+ permissions.table,
+ find_perm, &v);
+ }
+ if (ret)
+ printf(" %s", v.name);
+ }
+ }
+ printf(" }\n");
+ break;
+ case -EINVAL:
+ printf("\ninvalid sid\n");
+ break;
+ default:
+ printf("return code 0x%x\n", ret);
+ }
+ break;
+ case '1':
+ printf("sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ssid = atoi(ans);
+ ret = sepol_sid_to_context(ssid,
+ &scontext, &scontext_len);
+ switch (ret) {
+ case 0:
+ printf("\nscontext %s\n", scontext);
+ free(scontext);
+ break;
+ case -EINVAL:
+ printf("\ninvalid sid\n");
+ break;
+ case -ENOMEM:
+ printf("\nout of memory\n");
+ break;
+ default:
+ printf("return code 0x%x\n", ret);
+ }
+ break;
+ case '2':
+ printf("scontext? ");
+ FGETS(ans, sizeof(ans), stdin);
+ scontext_len = strlen(ans);
+ ans[scontext_len - 1] = 0;
+ ret = sepol_context_to_sid(ans, scontext_len, &ssid);
+ switch (ret) {
+ case 0:
+ printf("\nsid %d\n", ssid);
+ break;
+ case -EINVAL:
+ printf("\ninvalid context\n");
+ break;
+ case -ENOMEM:
+ printf("\nout of memory\n");
+ break;
+ default:
+ printf("return code 0x%x\n", ret);
+ }
+ break;
+ case '3':
+ case '4':
+ case '5':
+ ch = ans[0];
+
+ printf("source sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ssid = atoi(ans);
+ printf("target sid? ");
+ FGETS(ans, sizeof(ans), stdin);
+ tsid = atoi(ans);
+
+ printf("object class? ");
+ FGETS(ans, sizeof(ans), stdin);
+ if (isdigit(ans[0])) {
+ tclass = atoi(ans);
+ if (!tclass
+ || tclass > policydb.p_classes.nprim) {
+ printf("\nNo such class.\n");
+ break;
+ }
+ } else {
+ ans[strlen(ans) - 1] = 0;
+ cladatum =
+ (class_datum_t *) hashtab_search(policydb.
+ p_classes.
+ table,
+ ans);
+ if (!cladatum) {
+ printf("\nNo such class\n");
+ break;
+ }
+ tclass = cladatum->s.value;
+ }
+
+ if (ch == '3')
+ ret =
+ sepol_transition_sid(ssid, tsid, tclass,
+ &ssid);
+ else if (ch == '4')
+ ret =
+ sepol_member_sid(ssid, tsid, tclass, &ssid);
+ else
+ ret =
+ sepol_change_sid(ssid, tsid, tclass, &ssid);
+ switch (ret) {
+ case 0:
+ printf("\nsid %d\n", ssid);
+ break;
+ case -EINVAL:
+ printf("\ninvalid sid\n");
+ break;
+ case -ENOMEM:
+ printf("\nout of memory\n");
+ break;
+ default:
+ printf("return code 0x%x\n", ret);
+ }
+ break;
+ case '6':
+ sepol_sidtab_map(&sidtab, print_sid, 0);
+ break;
+ case '7':
+ printf("pathname? ");
+ FGETS(ans, sizeof(ans), stdin);
+ pathlen = strlen(ans);
+ ans[pathlen - 1] = 0;
+ printf("%s: loading policy configuration from %s\n",
+ argv[0], ans);
+ fd = open(ans, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ ans, strerror(errno));
+ break;
+ }
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, "Can't stat '%s': %s\n",
+ ans, strerror(errno));
+ break;
+ }
+ map =
+ mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, "Can't map '%s': %s\n",
+ ans, strerror(errno));
+ break;
+ }
+ ret = sepol_load_policy(map, sb.st_size);
+ switch (ret) {
+ case 0:
+ printf("\nsuccess\n");
+ break;
+ case -EINVAL:
+ printf("\ninvalid policy\n");
+ break;
+ case -ENOMEM:
+ printf("\nout of memory\n");
+ break;
+ default:
+ printf("return code 0x%x\n", ret);
+ }
+ break;
+ case '8':
+ printf("fs kdevname? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ sepol_fs_sid(ans, &ssid, &tsid);
+ printf("fs_sid %d default_file_sid %d\n", ssid, tsid);
+ break;
+ case '9':
+ printf("protocol? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ if (!strcmp(ans, "tcp") || !strcmp(ans, "TCP"))
+ protocol = IPPROTO_TCP;
+ else if (!strcmp(ans, "udp") || !strcmp(ans, "UDP"))
+ protocol = IPPROTO_UDP;
+ else {
+ printf("unknown protocol\n");
+ break;
+ }
+ printf("port? ");
+ FGETS(ans, sizeof(ans), stdin);
+ port = atoi(ans);
+ sepol_port_sid(0, 0, protocol, port, &ssid);
+ printf("sid %d\n", ssid);
+ break;
+ case 'a':
+ printf("netif name? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ sepol_netif_sid(ans, &ssid, &tsid);
+ printf("if_sid %d default_msg_sid %d\n", ssid, tsid);
+ break;
+ case 'b':{
+ char *p;
+ int family, len;
+ struct in_addr addr4;
+ struct in6_addr addr6;
+
+ printf("protocol family? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ if (!strcasecmp(ans, "ipv4"))
+ family = AF_INET;
+ else if (!strcasecmp(ans, "ipv6"))
+ family = AF_INET6;
+ else {
+ printf("unknown protocol family\n");
+ break;
+ }
+
+ printf("node address? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ if (family == AF_INET) {
+ p = (char *)&addr4;
+ len = sizeof(addr4);
+ } else {
+ p = (char *)&addr6;
+ len = sizeof(addr6);
+ }
+
+ if (inet_pton(family, ans, p) < 1) {
+ printf("error parsing address\n");
+ break;
+ }
+
+ sepol_node_sid(family, p, len, &ssid);
+ printf("sid %d\n", ssid);
+ break;
+ }
+ case 'c':
+ printf("fstype? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ sepol_fs_use(ans, &uret, &ssid);
+ switch (uret) {
+ case SECURITY_FS_USE_XATTR:
+ printf("use xattr\n");
+ break;
+ case SECURITY_FS_USE_TRANS:
+ printf("use transition SIDs\n");
+ break;
+ case SECURITY_FS_USE_TASK:
+ printf("use task SIDs\n");
+ break;
+ case SECURITY_FS_USE_GENFS:
+ printf("use genfs\n");
+ break;
+ case SECURITY_FS_USE_NONE:
+ printf("no labeling support\n");
+ break;
+ }
+ printf("sid %d\n", ssid);
+ break;
+ case 'd':
+ printf("fstype? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ fstype = strdup(ans);
+ printf("path? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ path = strdup(ans);
+ printf("object class? ");
+ FGETS(ans, sizeof(ans), stdin);
+ if (isdigit(ans[0])) {
+ tclass = atoi(ans);
+ if (!tclass
+ || tclass > policydb.p_classes.nprim) {
+ printf("\nNo such class.\n");
+ break;
+ }
+ } else {
+ ans[strlen(ans) - 1] = 0;
+ cladatum =
+ (class_datum_t *) hashtab_search(policydb.
+ p_classes.
+ table,
+ ans);
+ if (!cladatum) {
+ printf("\nNo such class\n");
+ break;
+ }
+ tclass = cladatum->s.value;
+ }
+ sepol_genfs_sid(fstype, path, tclass, &ssid);
+ printf("sid %d\n", ssid);
+ free(fstype);
+ free(path);
+ break;
+ case 'e':
+ printf("from SID? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+ ssid = atoi(ans);
+
+ printf("username? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ ret = sepol_get_user_sids(ssid, ans, &sids, &nel);
+ switch (ret) {
+ case 0:
+ if (!nel)
+ printf("\nnone\n");
+ for (i = 0; i < nel; i++)
+ print_sid(sids[i], NULL, NULL);
+ free(sids);
+ break;
+ case -ENOMEM:
+ printf("\nout of memory\n");
+ break;
+ case -EINVAL:
+ printf("\ninvalid argument\n");
+ break;
+ default:
+ printf("\nerror\n");
+ break;
+ }
+ break;
+ case 'f':
+ display_bools();
+ break;
+ case 'g':
+ display_cond_expressions();
+ break;
+ case 'h':
+ printf("name? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ name = malloc((strlen(ans) + 1) * sizeof(char));
+ if (name == NULL) {
+ fprintf(stderr, "couldn't malloc string.\n");
+ break;
+ }
+ strcpy(name, ans);
+
+ printf("state? ");
+ FGETS(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ if (atoi(ans))
+ state = 1;
+ else
+ state = 0;
+
+ change_bool(name, state);
+ free(name);
+ break;
+#ifdef EQUIVTYPES
+ case 'z':
+ identify_equiv_types();
+ break;
+#endif
+ case 'm':
+ goto menu;
+ case 'q':
+ exit(0);
+ break;
+ default:
+ printf("\nUnknown option %s.\n", ans);
+ }
+ }
+
+ return 0;
+}
+
+/* FLASK */
diff --git a/checkpolicy/checkpolicy.h b/checkpolicy/checkpolicy.h
new file mode 100644
index 0000000..3868f1f
--- /dev/null
+++ b/checkpolicy/checkpolicy.h
@@ -0,0 +1,20 @@
+#ifndef _CHECKPOLICY_H_
+#define _CHECKPOLICY_H_
+
+#include <sepol/policydb/ebitmap.h>
+
+typedef struct te_assert {
+ ebitmap_t stypes;
+ ebitmap_t ttypes;
+ ebitmap_t tclasses;
+ int self;
+ sepol_access_vector_t *avp;
+ unsigned long line;
+ struct te_assert *next;
+} te_assert_t;
+
+te_assert_t *te_assertions;
+
+extern unsigned int policyvers;
+
+#endif
diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c
new file mode 100644
index 0000000..f9a7a56
--- /dev/null
+++ b/checkpolicy/module_compiler.c
@@ -0,0 +1,1430 @@
+/* Author : Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Added support for binary policy modules
+ *
+ * Copyright (C) 2004 - 2005 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <assert.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/avrule_block.h>
+#include <sepol/policydb/conditional.h>
+
+#include "queue.h"
+#include "module_compiler.h"
+
+union stack_item_u {
+ avrule_block_t *avrule;
+ cond_list_t *cond_list;
+};
+
+typedef struct scope_stack {
+ union stack_item_u u;
+ int type; /* for above union: 1 = avrule block, 2 = conditional */
+ avrule_decl_t *decl; /* if in an avrule block, which
+ * declaration is current */
+ avrule_t *last_avrule;
+ int in_else; /* if in an avrule block, within ELSE branch */
+ int require_given; /* 1 if this block had at least one require */
+ struct scope_stack *parent, *child;
+} scope_stack_t;
+
+extern policydb_t *policydbp;
+extern queue_t id_queue;
+extern int yyerror(char *msg);
+extern void yyerror2(char *fmt, ...);
+
+static int push_stack(int stack_type, ...);
+static void pop_stack(void);
+
+/* keep track of the last item added to the stack */
+static scope_stack_t *stack_top = NULL;
+static avrule_block_t *last_block;
+static uint32_t next_decl_id = 1;
+
+int define_policy(int pass, int module_header_given)
+{
+ char *id;
+
+ if (module_header_given) {
+ if (policydbp->policy_type != POLICY_MOD) {
+ yyerror
+ ("Module specification found while not building a policy module.\n");
+ return -1;
+ }
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)) != NULL)
+ free(id);
+ } else {
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no module name");
+ return -1;
+ }
+ policydbp->name = id;
+ if ((policydbp->version =
+ queue_remove(id_queue)) == NULL) {
+ yyerror
+ ("Expected a module version but none was found.");
+ return -1;
+ }
+ }
+ } else {
+ if (policydbp->policy_type == POLICY_MOD) {
+ yyerror
+ ("Building a policy module, but no module specification found.\n");
+ return -1;
+ }
+ }
+ /* the first declaration within the global avrule
+ block will always have an id of 1 */
+ next_decl_id = 2;
+
+ /* reset the scoping stack */
+ while (stack_top != NULL) {
+ pop_stack();
+ }
+ if (push_stack(1, policydbp->global, policydbp->global->branch_list) ==
+ -1) {
+ return -1;
+ }
+ last_block = policydbp->global;
+ return 0;
+}
+
+/* Given the current parse stack, returns 1 if a declaration would be
+ * allowed here or 0 if not. For example, declarations are not
+ * allowed in conditionals, so if there are any conditionals in the
+ * current scope stack then this would return a 0.
+ */
+static int is_declaration_allowed(void)
+{
+ if (stack_top->type != 1 || stack_top->in_else) {
+ return 0;
+ }
+ return 1;
+}
+
+/* Attempt to declare a symbol within the current declaration. If
+ * currently within a non-conditional and in a non-else branch then
+ * insert the symbol, return 0 on success if symbol was undeclared.
+ * For roles and users, it is legal to have multiple declarations; as
+ * such return 1 to indicate that caller must free() the datum because
+ * it was not added. If symbols may not be declared here return -1.
+ * For duplicate declarations return -2. For all else, including out
+ * of memory, return -3. Note that dest_value and datum_value might
+ * not be restricted pointers. */
+int declare_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value)
+{
+ avrule_decl_t *decl = stack_top->decl;
+ int retval;
+
+ /* first check that symbols may be declared here */
+ if (!is_declaration_allowed()) {
+ return -1;
+ }
+ retval = symtab_insert(policydbp, symbol_type, key, datum,
+ SCOPE_DECL, decl->decl_id, dest_value);
+ if (retval == 1) {
+ symtab_datum_t *s =
+ (symtab_datum_t *) hashtab_search(policydbp->
+ symtab[symbol_type].table,
+ key);
+ assert(s != NULL);
+
+ if (symbol_type == SYM_LEVELS) {
+ *dest_value = ((level_datum_t *)s)->level->sens;
+ } else {
+ *dest_value = s->value;
+ }
+ } else if (retval == -2) {
+ return -2;
+ } else if (retval < 0) {
+ return -3;
+ } else { /* fall through possible if retval is 0 */
+ }
+ if (datum_value != NULL) {
+ if (ebitmap_set_bit(decl->declared.scope + symbol_type,
+ *datum_value - 1, 1)) {
+ return -3;
+ }
+ }
+ return retval;
+}
+
+role_datum_t *declare_role(void)
+{
+ char *id = queue_remove(id_queue), *dest_id = NULL;
+ role_datum_t *role = NULL, *dest_role = NULL;
+ int retval;
+ uint32_t value;
+
+ if (id == NULL) {
+ yyerror("no role name");
+ return NULL;
+ }
+ if ((role = (role_datum_t *) malloc(sizeof(*role))) == NULL) {
+ yyerror("Out of memory!");
+ free(id);
+ return NULL;
+ }
+ role_datum_init(role);
+
+ retval =
+ declare_symbol(SYM_ROLES, id, (hashtab_datum_t *) role, &value,
+ &value);
+ if (retval == 0) {
+ role->s.value = value;
+ if ((dest_id = strdup(id)) == NULL) {
+ yyerror("Out of memory!");
+ return NULL;
+ }
+ } else {
+ /* this role was already declared in this module, or error */
+ dest_id = id;
+ role_datum_destroy(role);
+ free(role);
+ }
+ if (retval == 0 || retval == 1) {
+ /* create a new role_datum_t for this decl, if necessary */
+ hashtab_t roles_tab;
+ assert(stack_top->type == 1);
+ if (stack_top->parent == NULL) {
+ /* in parent, so use global symbol table */
+ roles_tab = policydbp->p_roles.table;
+ } else {
+ roles_tab = stack_top->decl->p_roles.table;
+ }
+ dest_role = (role_datum_t *) hashtab_search(roles_tab, dest_id);
+ if (dest_role == NULL) {
+ if ((dest_role =
+ (role_datum_t *) malloc(sizeof(*dest_role))) ==
+ NULL) {
+ yyerror("Out of memory!");
+ free(dest_id);
+ return NULL;
+ }
+ role_datum_init(dest_role);
+ dest_role->s.value = value;
+ if (hashtab_insert(roles_tab, dest_id, dest_role)) {
+ yyerror("Out of memory!");
+ free(dest_id);
+ role_datum_destroy(dest_role);
+ free(dest_role);
+ return NULL;
+ }
+ } else {
+ free(dest_id);
+ }
+ } else {
+ free(dest_id);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return NULL;
+ }
+ case -2:{
+ yyerror("duplicate declaration of role");
+ return NULL;
+ }
+ case -1:{
+ yyerror("could not declare role here");
+ return NULL;
+ }
+ case 0:{
+ if (ebitmap_set_bit
+ (&dest_role->dominates, role->s.value - 1, 1)) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ return dest_role;
+ }
+ case 1:{
+ return dest_role; /* role already declared for this block */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+type_datum_t *declare_type(unsigned char primary, unsigned char isattr)
+{
+ char *id;
+ type_datum_t *typdatum;
+ int retval;
+ uint32_t value = 0;
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no type/attribute name?");
+ return NULL;
+ }
+ if (strcmp(id, "self") == 0) {
+ yyerror
+ ("'self' is a reserved type name and may not be declared.");
+ free(id);
+ return NULL;
+ }
+
+ typdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
+ if (!typdatum) {
+ yyerror("Out of memory!");
+ free(id);
+ return NULL;
+ }
+ type_datum_init(typdatum);
+ typdatum->primary = primary;
+ typdatum->flavor = isattr ? TYPE_ATTRIB : TYPE_TYPE;
+
+ retval = declare_symbol(SYM_TYPES, id, typdatum, &value, &value);
+ if (retval == 0 || retval == 1) {
+ if (typdatum->primary) {
+ typdatum->s.value = value;
+ }
+ } else {
+ /* error occurred (can't have duplicate type declarations) */
+ free(id);
+ type_datum_destroy(typdatum);
+ free(typdatum);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return NULL;
+ }
+ case -2:{
+ yyerror2("duplicate declaration of type/attribute");
+ return NULL;
+ }
+ case -1:{
+ yyerror("could not declare type/attribute here");
+ return NULL;
+ }
+ case 0:
+ case 1:{
+ return typdatum;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+user_datum_t *declare_user(void)
+{
+ char *id = queue_remove(id_queue), *dest_id = NULL;
+ user_datum_t *user = NULL, *dest_user = NULL;
+ int retval;
+ uint32_t value = 0;
+
+ if (id == NULL) {
+ yyerror("no user name");
+ return NULL;
+ }
+ if ((user = (user_datum_t *) malloc(sizeof(*user))) == NULL) {
+ yyerror("Out of memory!");
+ free(id);
+ return NULL;
+ }
+ user_datum_init(user);
+
+ retval =
+ declare_symbol(SYM_USERS, id, (hashtab_datum_t *) user, &value,
+ &value);
+
+ if (retval == 0) {
+ user->s.value = value;
+ if ((dest_id = strdup(id)) == NULL) {
+ yyerror("Out of memory!");
+ return NULL;
+ }
+ } else {
+ /* this user was already declared in this module, or error */
+ dest_id = id;
+ user_datum_destroy(user);
+ free(user);
+ }
+ if (retval == 0 || retval == 1) {
+ /* create a new user_datum_t for this decl, if necessary */
+ hashtab_t users_tab;
+ assert(stack_top->type == 1);
+ if (stack_top->parent == NULL) {
+ /* in parent, so use global symbol table */
+ users_tab = policydbp->p_users.table;
+ } else {
+ users_tab = stack_top->decl->p_users.table;
+ }
+ dest_user = (user_datum_t *) hashtab_search(users_tab, dest_id);
+ if (dest_user == NULL) {
+ if ((dest_user =
+ (user_datum_t *) malloc(sizeof(*dest_user))) ==
+ NULL) {
+ yyerror("Out of memory!");
+ free(dest_id);
+ return NULL;
+ }
+ user_datum_init(dest_user);
+ dest_user->s.value = value;
+ if (hashtab_insert(users_tab, dest_id, dest_user)) {
+ yyerror("Out of memory!");
+ free(dest_id);
+ user_datum_destroy(dest_user);
+ free(dest_user);
+ return NULL;
+ }
+ } else {
+ free(dest_id);
+ }
+ } else {
+ free(dest_id);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return NULL;
+ }
+ case -2:{
+ yyerror("duplicate declaration of user");
+ return NULL;
+ }
+ case -1:{
+ yyerror("could not declare user here");
+ return NULL;
+ }
+ case 0:{
+ return dest_user;
+ }
+ case 1:{
+ return dest_user; /* user already declared for this block */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+/* Return a type_datum_t for the local avrule_decl with the given ID.
+ * If it does not exist, create one with the same value as 'value'.
+ * This function assumes that the ID is within scope. c.f.,
+ * is_id_in_scope().
+ *
+ * NOTE: this function usurps ownership of id afterwards. The caller
+ * shall not reference it nor free() it afterwards.
+ */
+type_datum_t *get_local_type(char *id, uint32_t value, unsigned char isattr)
+{
+ type_datum_t *dest_typdatum;
+ hashtab_t types_tab;
+ assert(stack_top->type == 1);
+ if (stack_top->parent == NULL) {
+ /* in global, so use global symbol table */
+ types_tab = policydbp->p_types.table;
+ } else {
+ types_tab = stack_top->decl->p_types.table;
+ }
+ dest_typdatum = hashtab_search(types_tab, id);
+ if (!dest_typdatum) {
+ dest_typdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
+ if (dest_typdatum == NULL) {
+ free(id);
+ return NULL;
+ }
+ type_datum_init(dest_typdatum);
+ dest_typdatum->s.value = value;
+ dest_typdatum->flavor = isattr ? TYPE_ATTRIB : TYPE_TYPE;
+ dest_typdatum->primary = 1;
+ if (hashtab_insert(types_tab, id, dest_typdatum)) {
+ free(id);
+ type_datum_destroy(dest_typdatum);
+ free(dest_typdatum);
+ return NULL;
+ }
+
+ } else {
+ free(id);
+ if (dest_typdatum->flavor != isattr ? TYPE_ATTRIB : TYPE_TYPE) {
+ return NULL;
+ }
+ }
+ return dest_typdatum;
+}
+
+/* Given the current parse stack, returns 1 if a requirement would be
+ * allowed here or 0 if not. For example, the ELSE branch may never
+ * have its own requirements.
+ */
+static int is_require_allowed(void)
+{
+ if (stack_top->type == 1 && !stack_top->in_else) {
+ return 1;
+ }
+ return 0;
+}
+
+/* Attempt to require a symbol within the current scope. If currently
+ * within an optional (and not its else branch), add the symbol to the
+ * required list. Return 0 on success, 1 if caller needs to free()
+ * datum. If symbols may not be declared here return -1. For duplicate
+ * declarations return -2. For all else, including out of memory,
+ * return -3.. Note that dest_value and datum_value might not be
+ * restricted pointers.
+ */
+int require_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value)
+{
+ avrule_decl_t *decl = stack_top->decl;
+ int retval;
+
+ /* first check that symbols may be required here */
+ if (!is_require_allowed()) {
+ return -1;
+ }
+ retval = symtab_insert(policydbp, symbol_type, key, datum,
+ SCOPE_REQ, decl->decl_id, dest_value);
+ if (retval == 1) {
+ symtab_datum_t *s =
+ (symtab_datum_t *) hashtab_search(policydbp->
+ symtab[symbol_type].table,
+ key);
+ assert(s != NULL);
+
+ if (symbol_type == SYM_LEVELS) {
+ *dest_value = ((level_datum_t *)s)->level->sens;
+ } else {
+ *dest_value = s->value;
+ }
+ } else if (retval == -2) {
+ /* ignore require statements if that symbol was
+ * previously declared and is in current scope */
+ int prev_declaration_ok = 0;
+ if (is_id_in_scope(symbol_type, key)) {
+ if (symbol_type == SYM_TYPES) {
+ /* check that previous symbol has same
+ * type/attribute-ness */
+ unsigned char new_isattr =
+ ((type_datum_t *) datum)->flavor;
+ type_datum_t *old_datum =
+ (type_datum_t *) hashtab_search(policydbp->
+ symtab
+ [SYM_TYPES].
+ table, key);
+ assert(old_datum != NULL);
+ unsigned char old_isattr = old_datum->flavor;
+ prev_declaration_ok =
+ (old_isattr == new_isattr ? 1 : 0);
+ } else {
+ prev_declaration_ok = 1;
+ }
+ }
+ if (prev_declaration_ok) {
+ /* ignore this require statement because it
+ * was already declared within my scope */
+ stack_top->require_given = 1;
+ return 1;
+ } else {
+ /* previous declaration was not in scope or
+ * had a mismatched type/attribute, so
+ * generate an error */
+ return -2;
+ }
+ } else if (retval < 0) {
+ return -3;
+ } else { /* fall through possible if retval is 0 or 1 */
+ }
+ if (datum_value != NULL) {
+ if (ebitmap_set_bit(decl->required.scope + symbol_type,
+ *datum_value - 1, 1)) {
+ return -3;
+ }
+ }
+ stack_top->require_given = 1;
+ return retval;
+}
+
+int add_perm_to_class(uint32_t perm_value, uint32_t class_value)
+{
+ avrule_decl_t *decl = stack_top->decl;
+ scope_index_t *scope;
+
+ assert(perm_value >= 1);
+ assert(class_value >= 1);
+ scope = &decl->required;
+ if (class_value > scope->class_perms_len) {
+ int i;
+ ebitmap_t *new_map = realloc(scope->class_perms_map,
+ class_value * sizeof(*new_map));
+ if (new_map == NULL) {
+ return -1;
+ }
+ scope->class_perms_map = new_map;
+ for (i = scope->class_perms_len; i < class_value; i++) {
+ ebitmap_init(scope->class_perms_map + i);
+ }
+ scope->class_perms_len = class_value;
+ }
+ if (ebitmap_set_bit(scope->class_perms_map + class_value - 1,
+ perm_value - 1, 1)) {
+ return -1;
+ }
+ return 0;
+}
+
+static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+static void class_datum_destroy(class_datum_t * cladatum)
+{
+ if (cladatum != NULL) {
+ hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
+ hashtab_destroy(cladatum->permissions.table);
+ free(cladatum);
+ }
+}
+
+int require_class(int pass)
+{
+ char *class_id = queue_remove(id_queue);
+ char *perm_id = NULL;
+ class_datum_t *datum = NULL;
+ perm_datum_t *perm = NULL;
+ int ret;
+
+ if (pass == 2) {
+ free(class_id);
+ while ((perm_id = queue_remove(id_queue)) != NULL)
+ free(perm_id);
+ return 0;
+ }
+
+ /* first add the class if it is not already there */
+ if (class_id == NULL) {
+ yyerror("no class name for class definition?");
+ return -1;
+ }
+
+ if ((datum = calloc(1, sizeof(*datum))) == NULL ||
+ symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ ret =
+ require_symbol(SYM_CLASSES, class_id, datum, &datum->s.value,
+ &datum->s.value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ free(class_id);
+ class_datum_destroy(datum);
+ goto cleanup;
+ }
+ case -2:{
+ yyerror("duplicate declaration of class");
+ free(class_id);
+ class_datum_destroy(datum);
+ goto cleanup;
+ }
+ case -1:{
+ yyerror("could not require class here");
+ free(class_id);
+ class_datum_destroy(datum);
+ goto cleanup;
+ }
+ case 0:{
+ /* a new class was added; reindex everything */
+ if (policydb_index_classes(policydbp)) {
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ break;
+ }
+ case 1:{
+ class_datum_destroy(datum);
+ datum =
+ hashtab_search(policydbp->p_classes.table,
+ class_id);
+ assert(datum); /* the class datum should have existed */
+ free(class_id);
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+
+ /* now add each of the permissions to this class's requirements */
+ while ((perm_id = queue_remove(id_queue)) != NULL) {
+ int allocated = 0;
+
+ /* Is the permission already in the table? */
+ perm = hashtab_search(datum->permissions.table, perm_id);
+ if (!perm && datum->comdatum)
+ perm =
+ hashtab_search(datum->comdatum->permissions.table,
+ perm_id);
+ if (perm) {
+ /* Yes, drop the name. */
+ free(perm_id);
+ } else {
+ /* No - allocate and insert an entry for it. */
+ if (policydbp->policy_type == POLICY_BASE) {
+ yyerror2
+ ("Base policy - require of permission %s without prior declaration.",
+ perm_id);
+ free(perm_id);
+ goto cleanup;
+ }
+ allocated = 1;
+ if ((perm = malloc(sizeof(*perm))) == NULL) {
+ yyerror("Out of memory!");
+ free(perm_id);
+ goto cleanup;
+ }
+ memset(perm, 0, sizeof(*perm));
+ ret =
+ hashtab_insert(datum->permissions.table, perm_id,
+ perm);
+ if (ret) {
+ yyerror("Out of memory!");
+ free(perm_id);
+ free(perm);
+ goto cleanup;
+ }
+ perm->s.value = datum->permissions.nprim + 1;
+ }
+
+ if (add_perm_to_class(perm->s.value, datum->s.value) == -1) {
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+
+ /* Update number of primitives if we allocated one. */
+ if (allocated)
+ datum->permissions.nprim++;
+ }
+ return 0;
+ cleanup:
+ return -1;
+}
+
+int require_role(int pass)
+{
+ char *id = queue_remove(id_queue);
+ role_datum_t *role = NULL;
+ int retval;
+ if (pass == 2) {
+ free(id);
+ return 0;
+ }
+ if (id == NULL) {
+ yyerror("no role name");
+ return -1;
+ }
+ if ((role = malloc(sizeof(*role))) == NULL) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ role_datum_init(role);
+ retval =
+ require_symbol(SYM_ROLES, id, (hashtab_datum_t *) role,
+ &role->s.value, &role->s.value);
+ if (retval != 0) {
+ free(id);
+ role_datum_destroy(role);
+ free(role);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of role");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require role here");
+ return -1;
+ }
+ case 0:{
+ /* all roles dominate themselves */
+ if (ebitmap_set_bit
+ (&role->dominates, role->s.value - 1, 1)) {
+ yyerror("Out of memory");
+ return -1;
+ }
+ return 0;
+ }
+ case 1:{
+ return 0; /* role already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+static int require_type_or_attribute(int pass, unsigned char isattr)
+{
+ char *id = queue_remove(id_queue);
+ type_datum_t *type = NULL;
+ int retval;
+ if (pass == 2) {
+ free(id);
+ return 0;
+ }
+ if (id == NULL) {
+ yyerror("no type name");
+ return -1;
+ }
+ if ((type = malloc(sizeof(*type))) == NULL) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ type_datum_init(type);
+ type->primary = 1;
+ type->flavor = isattr ? TYPE_ATTRIB : TYPE_TYPE;
+ retval =
+ require_symbol(SYM_TYPES, id, (hashtab_datum_t *) type,
+ &type->s.value, &type->s.value);
+ if (retval != 0) {
+ free(id);
+ free(type);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of type/attribute");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require type/attribute here");
+ return -1;
+ }
+ case 0:{
+ return 0;
+ }
+ case 1:{
+ return 0; /* type already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+int require_type(int pass)
+{
+ return require_type_or_attribute(pass, 0);
+}
+
+int require_attribute(int pass)
+{
+ return require_type_or_attribute(pass, 1);
+}
+
+int require_user(int pass)
+{
+ char *id = queue_remove(id_queue);
+ user_datum_t *user = NULL;
+ int retval;
+ if (pass == 1) {
+ free(id);
+ return 0;
+ }
+ if (id == NULL) {
+ yyerror("no user name");
+ return -1;
+ }
+ if ((user = malloc(sizeof(*user))) == NULL) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ user_datum_init(user);
+ retval =
+ require_symbol(SYM_USERS, id, (hashtab_datum_t *) user,
+ &user->s.value, &user->s.value);
+ if (retval != 0) {
+ free(id);
+ user_datum_destroy(user);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of user");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require user here");
+ return -1;
+ }
+ case 0:{
+ return 0;
+ }
+ case 1:{
+ return 0; /* user already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+int require_bool(int pass)
+{
+ char *id = queue_remove(id_queue);
+ cond_bool_datum_t *booldatum = NULL;
+ int retval;
+ if (pass == 2) {
+ free(id);
+ return 0;
+ }
+ if (id == NULL) {
+ yyerror("no boolean name");
+ return -1;
+ }
+ if ((booldatum = calloc(1, sizeof(*booldatum))) == NULL) {
+ cond_destroy_bool(id, booldatum, NULL);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ retval =
+ require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
+ &booldatum->s.value, &booldatum->s.value);
+ if (retval != 0) {
+ cond_destroy_bool(id, booldatum, NULL);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of boolean");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require boolean here");
+ return -1;
+ }
+ case 0:{
+ return 0;
+ }
+ case 1:{
+ return 0; /* boolean already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+int require_sens(int pass)
+{
+ char *id = queue_remove(id_queue);
+ level_datum_t *level = NULL;
+ int retval;
+ if (pass == 2) {
+ free(id);
+ return 0;
+ }
+ if (!id) {
+ yyerror("no sensitivity name");
+ return -1;
+ }
+ level = malloc(sizeof(level_datum_t));
+ if (!level) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ level_datum_init(level);
+ level->level = malloc(sizeof(mls_level_t));
+ if (!level->level) {
+ free(id);
+ level_datum_destroy(level);
+ free(level);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ mls_level_init(level->level);
+ retval = require_symbol(SYM_LEVELS, id, (hashtab_datum_t *) level,
+ &level->level->sens, &level->level->sens);
+ if (retval != 0) {
+ free(id);
+ mls_level_destroy(level->level);
+ free(level->level);
+ level_datum_destroy(level);
+ free(level);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of sensitivity");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require sensitivity here");
+ return -1;
+ }
+ case 0:{
+ return 0;
+ }
+ case 1:{
+ return 0; /* sensitivity already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+int require_cat(int pass)
+{
+ char *id = queue_remove(id_queue);
+ cat_datum_t *cat = NULL;
+ int retval;
+ if (pass == 2) {
+ free(id);
+ return 0;
+ }
+ if (!id) {
+ yyerror("no category name");
+ return -1;
+ }
+ cat = malloc(sizeof(cat_datum_t));
+ if (!cat) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ cat_datum_init(cat);
+
+ retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat,
+ &cat->s.value, &cat->s.value);
+ if (retval != 0) {
+ free(id);
+ cat_datum_destroy(cat);
+ free(cat);
+ }
+ switch (retval) {
+ case -3:{
+ yyerror("Out of memory!");
+ return -1;
+ }
+ case -2:{
+ yyerror("duplicate declaration of category");
+ return -1;
+ }
+ case -1:{
+ yyerror("could not require category here");
+ return -1;
+ }
+ case 0:{
+ return 0;
+ }
+ case 1:{
+ return 0; /* category already required */
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+}
+
+static int is_scope_in_stack(scope_datum_t * scope, scope_stack_t * stack)
+{
+ int i;
+ if (stack == NULL) {
+ return 0; /* no matching scope found */
+ }
+ if (stack->type == 1) {
+ avrule_decl_t *decl = stack->decl;
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ if (scope->decl_ids[i] == decl->decl_id) {
+ return 1;
+ }
+ }
+ } else {
+ /* note that conditionals can't declare or require
+ * symbols, so skip this level */
+ }
+
+ /* not within scope of this stack, so try its parent */
+ return is_scope_in_stack(scope, stack->parent);
+}
+
+int is_id_in_scope(uint32_t symbol_type, hashtab_key_t id)
+{
+ scope_datum_t *scope =
+ (scope_datum_t *) hashtab_search(policydbp->scope[symbol_type].
+ table, id);
+ if (scope == NULL) {
+ return 1; /* id is not known, so return success */
+ }
+ return is_scope_in_stack(scope, stack_top);
+}
+
+static int is_perm_in_scope_index(uint32_t perm_value, uint32_t class_value,
+ scope_index_t * scope)
+{
+ if (class_value > scope->class_perms_len) {
+ return 1;
+ }
+ if (ebitmap_get_bit(scope->class_perms_map + class_value - 1,
+ perm_value - 1)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int is_perm_in_stack(uint32_t perm_value, uint32_t class_value,
+ scope_stack_t * stack)
+{
+ if (stack == NULL) {
+ return 0; /* no matching scope found */
+ }
+ if (stack->type == 1) {
+ avrule_decl_t *decl = stack->decl;
+ if (is_perm_in_scope_index
+ (perm_value, class_value, &decl->required)
+ || is_perm_in_scope_index(perm_value, class_value,
+ &decl->declared)) {
+ return 1;
+ }
+ } else {
+ /* note that conditionals can't declare or require
+ * symbols, so skip this level */
+ }
+
+ /* not within scope of this stack, so try its parent */
+ return is_perm_in_stack(perm_value, class_value, stack->parent);
+}
+
+int is_perm_in_scope(hashtab_key_t perm_id, hashtab_key_t class_id)
+{
+ class_datum_t *cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ class_id);
+ perm_datum_t *perdatum;
+ if (cladatum == NULL) {
+ return 1;
+ }
+ perdatum = (perm_datum_t *) hashtab_search(cladatum->permissions.table,
+ perm_id);
+ if (perdatum == NULL) {
+ return 1;
+ }
+ return is_perm_in_stack(perdatum->s.value, cladatum->s.value,
+ stack_top);
+}
+
+cond_list_t *get_current_cond_list(cond_list_t * cond)
+{
+ /* FIX ME: do something different here if in a nested
+ * conditional? */
+ avrule_decl_t *decl = stack_top->decl;
+ return get_decl_cond_list(policydbp, decl, cond);
+}
+
+/* Append the new conditional node to the existing ones. During
+ * expansion the list will be reversed -- i.e., the last AV rule will
+ * be the first one listed in the policy. This matches the behavior
+ * of the upstream compiler. */
+void append_cond_list(cond_list_t * cond)
+{
+ cond_list_t *old_cond = get_current_cond_list(cond);
+ avrule_t *tmp;
+ assert(old_cond != NULL); /* probably out of memory */
+ if (old_cond->avtrue_list == NULL) {
+ old_cond->avtrue_list = cond->avtrue_list;
+ } else {
+ for (tmp = old_cond->avtrue_list; tmp->next != NULL;
+ tmp = tmp->next) ;
+ tmp->next = cond->avtrue_list;
+ }
+ if (old_cond->avfalse_list == NULL) {
+ old_cond->avfalse_list = cond->avfalse_list;
+ } else {
+ for (tmp = old_cond->avfalse_list; tmp->next != NULL;
+ tmp = tmp->next) ;
+ tmp->next = cond->avfalse_list;
+ }
+}
+
+void append_avrule(avrule_t * avrule)
+{
+ avrule_decl_t *decl = stack_top->decl;
+
+ /* currently avrules follow a completely different code path
+ * for handling avrules and compute types
+ * (define_cond_avrule_te_avtab, define_cond_compute_type);
+ * therefore there ought never be a conditional on top of the
+ * scope stack */
+ assert(stack_top->type == 1);
+
+ if (stack_top->last_avrule == NULL) {
+ decl->avrules = avrule;
+ } else {
+ stack_top->last_avrule->next = avrule;
+ }
+ stack_top->last_avrule = avrule;
+}
+
+/* this doesn't actually append, but really prepends it */
+void append_role_trans(role_trans_rule_t * role_tr_rules)
+{
+ avrule_decl_t *decl = stack_top->decl;
+
+ /* role transitions are not allowed within conditionals */
+ assert(stack_top->type == 1);
+
+ role_tr_rules->next = decl->role_tr_rules;
+ decl->role_tr_rules = role_tr_rules;
+}
+
+/* this doesn't actually append, but really prepends it */
+void append_role_allow(role_allow_rule_t * role_allow_rules)
+{
+ avrule_decl_t *decl = stack_top->decl;
+
+ /* role allows are not allowed within conditionals */
+ assert(stack_top->type == 1);
+
+ role_allow_rules->next = decl->role_allow_rules;
+ decl->role_allow_rules = role_allow_rules;
+}
+
+/* this doesn't actually append, but really prepends it */
+void append_range_trans(range_trans_rule_t * range_tr_rules)
+{
+ avrule_decl_t *decl = stack_top->decl;
+
+ /* range transitions are not allowed within conditionals */
+ assert(stack_top->type == 1);
+
+ range_tr_rules->next = decl->range_tr_rules;
+ decl->range_tr_rules = range_tr_rules;
+}
+
+int begin_optional(int pass)
+{
+ avrule_block_t *block = NULL;
+ avrule_decl_t *decl;
+ if (pass == 1) {
+ /* allocate a new avrule block for this optional block */
+ if ((block = avrule_block_create()) == NULL ||
+ (decl = avrule_decl_create(next_decl_id)) == NULL) {
+ goto cleanup;
+ }
+ block->flags |= AVRULE_OPTIONAL;
+ block->branch_list = decl;
+ last_block->next = block;
+ } else {
+ /* select the next block from the chain built during pass 1 */
+ block = last_block->next;
+ assert(block != NULL &&
+ block->branch_list != NULL &&
+ block->branch_list->decl_id == next_decl_id);
+ decl = block->branch_list;
+ }
+ if (push_stack(1, block, decl) == -1) {
+ goto cleanup;
+ }
+ stack_top->last_avrule = NULL;
+ last_block = block;
+ next_decl_id++;
+ return 0;
+ cleanup:
+ yyerror("Out of memory!");
+ avrule_block_destroy(block);
+ return -1;
+}
+
+int end_optional(int pass)
+{
+ /* once nested conditionals are allowed, do the stack unfolding here */
+ pop_stack();
+ return 0;
+}
+
+int begin_optional_else(int pass)
+{
+ avrule_decl_t *decl;
+ assert(stack_top->type == 1 && stack_top->in_else == 0);
+ if (pass == 1) {
+ /* allocate a new declaration and add it to the
+ * current chain */
+ if ((decl = avrule_decl_create(next_decl_id)) == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+ stack_top->decl->next = decl;
+ } else {
+ /* pick the (hopefully last) declaration of this
+ avrule block, built from pass 1 */
+ decl = stack_top->decl->next;
+ assert(decl != NULL &&
+ decl->next == NULL && decl->decl_id == next_decl_id);
+ }
+ stack_top->in_else = 1;
+ stack_top->decl = decl;
+ stack_top->last_avrule = NULL;
+ stack_top->require_given = 0;
+ next_decl_id++;
+ return 0;
+}
+
+static int copy_requirements(avrule_decl_t * dest, scope_stack_t * stack)
+{
+ int i;
+ if (stack == NULL) {
+ return 0;
+ }
+ if (stack->type == 1) {
+ scope_index_t *src_scope = &stack->decl->required;
+ scope_index_t *dest_scope = &dest->required;
+ for (i = 0; i < SYM_NUM; i++) {
+ ebitmap_t *src_bitmap = &src_scope->scope[i];
+ ebitmap_t *dest_bitmap = &dest_scope->scope[i];
+ if (ebitmap_union(dest_bitmap, src_bitmap)) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+ }
+ /* now copy class permissions */
+ if (src_scope->class_perms_len > dest_scope->class_perms_len) {
+ ebitmap_t *new_map =
+ realloc(dest_scope->class_perms_map,
+ src_scope->class_perms_len *
+ sizeof(*new_map));
+ if (new_map == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+ dest_scope->class_perms_map = new_map;
+ for (i = dest_scope->class_perms_len;
+ i < src_scope->class_perms_len; i++) {
+ ebitmap_init(dest_scope->class_perms_map + i);
+ }
+ dest_scope->class_perms_len =
+ src_scope->class_perms_len;
+ }
+ for (i = 0; i < src_scope->class_perms_len; i++) {
+ ebitmap_t *src_bitmap = &src_scope->class_perms_map[i];
+ ebitmap_t *dest_bitmap =
+ &dest_scope->class_perms_map[i];
+ if (ebitmap_union(dest_bitmap, src_bitmap)) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+ }
+ }
+ return copy_requirements(dest, stack->parent);
+}
+
+/* During pass 1, check that at least one thing was required within
+ * this block, for those places where a REQUIRED is necessary. During
+ * pass 2, have this block inherit its parents' requirements. Return
+ * 0 on success, -1 on failure. */
+int end_avrule_block(int pass)
+{
+ avrule_decl_t *decl = stack_top->decl;
+ assert(stack_top->type == 1);
+ if (pass == 2) {
+ /* this avrule_decl inherits all of its parents'
+ * requirements */
+ if (copy_requirements(decl, stack_top->parent) == -1) {
+ return -1;
+ }
+ return 0;
+ }
+ if (!stack_top->in_else && !stack_top->require_given) {
+ if (policydbp->policy_type == POLICY_BASE
+ && stack_top->parent != NULL) {
+ /* if this is base no require should be in the global block */
+ return 0;
+ } else {
+ /* non-ELSE branches must have at least one thing required */
+ yyerror("This block has no require section.");
+ return -1;
+ }
+ }
+ return 0;
+}
+
+/* Push a new scope on to the stack and update the 'last' pointer.
+ * Return 0 on success, -1 if out * of memory. */
+static int push_stack(int stack_type, ...)
+{
+ scope_stack_t *s = calloc(1, sizeof(*s));
+ va_list ap;
+ if (s == NULL) {
+ return -1;
+ }
+ va_start(ap, stack_type);
+ switch (s->type = stack_type) {
+ case 1:{
+ s->u.avrule = va_arg(ap, avrule_block_t *);
+ s->decl = va_arg(ap, avrule_decl_t *);
+ break;
+ }
+ case 2:{
+ s->u.cond_list = va_arg(ap, cond_list_t *);
+ break;
+ }
+ default:
+ /* invalid stack type given */
+ assert(0);
+ }
+ va_end(ap);
+ s->parent = stack_top;
+ s->child = NULL;
+ stack_top = s;
+ return 0;
+}
+
+/* Pop off the most recently added from the stack. Update the 'last'
+ * pointer. */
+static void pop_stack(void)
+{
+ scope_stack_t *parent;
+ assert(stack_top != NULL);
+ parent = stack_top->parent;
+ if (parent != NULL) {
+ parent->child = NULL;
+ }
+ free(stack_top);
+ stack_top = parent;
+}
diff --git a/checkpolicy/module_compiler.h b/checkpolicy/module_compiler.h
new file mode 100644
index 0000000..fa91400
--- /dev/null
+++ b/checkpolicy/module_compiler.h
@@ -0,0 +1,105 @@
+/* Author : Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Added support for binary policy modules
+ *
+ * Copyright (C) 2004 - 2005 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#ifndef MODULE_COMPILER_H
+#define MODULE_COMPILER_H
+
+#include <sepol/policydb/hashtab.h>
+
+/* Called when checkpolicy begins to parse a policy -- either at the
+ * very beginning for a kernel/base policy, or after the module header
+ * for policy modules. Initialize the memory structures within.
+ * Return 0 on success, -1 on error. */
+int define_policy(int pass, int module_header_given);
+
+/* Declare a symbol declaration to the current avrule_decl. Check
+ * that insertion is allowed here and that the symbol does not already
+ * exist. Returns 0 on success, 1 if symbol was already there (caller
+ * needs to free() the datum), -1 if declarations not allowed, -2 for
+ * duplicate declarations, -3 for all else.
+ */
+int declare_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value);
+
+role_datum_t *declare_role(void);
+type_datum_t *declare_type(unsigned char primary, unsigned char isattr);
+user_datum_t *declare_user(void);
+
+type_datum_t *get_local_type(char *id, uint32_t value, unsigned char isattr);
+
+/* Add a symbol to the current avrule_block's require section. Note
+ * that a module may not both declare and require the same symbol.
+ * Returns 0 on success, -1 on error. */
+int require_symbol(uint32_t symbol_type,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t * dest_value, uint32_t * datum_value);
+
+/* Enable a permission for a class within the current avrule_decl.
+ * Return 0 on success, -1 if out of memory. */
+int add_perm_to_class(uint32_t perm_value, uint32_t class_value);
+
+/* Functions called from REQUIRE blocks. Add the first symbol on the
+ * id_queue to this avrule_decl's scope if not already there.
+ * c.f. require_symbol(). */
+int require_class(int pass);
+int require_role(int pass);
+int require_type(int pass);
+int require_attribute(int pass);
+int require_user(int pass);
+int require_bool(int pass);
+int require_sens(int pass);
+int require_cat(int pass);
+
+/* Check if an identifier is within the scope of the current
+ * declaration or any of its parents. Return 1 if it is, 0 if not.
+ * If the identifier is not known at all then return 1 (truth). */
+int is_id_in_scope(uint32_t symbol_type, hashtab_key_t id);
+
+/* Check if a particular permission is within the scope of the current
+ * declaration or any of its parents. Return 1 if it is, 0 if not.
+ * If the identifier is not known at all then return 1 (truth). */
+int is_perm_in_scope(hashtab_key_t perm_id, hashtab_key_t class_id);
+
+/* Search the current avrules block for a conditional with the same
+ * expression as 'cond'. If the conditional does not exist then
+ * create one. Either way, return the conditional. */
+cond_list_t *get_current_cond_list(cond_list_t * cond);
+
+/* Append rule to the current avrule_block. */
+void append_cond_list(cond_list_t * cond);
+void append_avrule(avrule_t * avrule);
+void append_role_trans(role_trans_rule_t * role_tr_rules);
+void append_role_allow(role_allow_rule_t * role_allow_rules);
+void append_range_trans(range_trans_rule_t * range_tr_rules);
+
+/* Create a new optional block and add it to the global policy.
+ * During the second pass resolve the block's requirements. Return 0
+ * on success, -1 on error.
+ */
+int begin_optional(int pass);
+int end_optional(int pass);
+
+/* ELSE blocks are similar to normal blocks with the following two
+ * limitations:
+ * - no declarations are allowed within else branches
+ * - no REQUIRES are allowed; the else branch inherits the parent's
+ * requirements
+ */
+int begin_optional_else(int pass);
+
+/* Called whenever existing an avrule block. Check that the block had
+ * a non-empty REQUIRE section. If so pop the block off of the scop
+ * stack and return 0. If not then send an error to yyerror and
+ * return -1. */
+int end_avrule_block(int pass);
+
+#endif
diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c
new file mode 100644
index 0000000..9fda5b4
--- /dev/null
+++ b/checkpolicy/parse_util.c
@@ -0,0 +1,78 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "parse_util.h"
+#include "queue.h"
+
+/* these are defined in policy_parse.y and are needed for read_source_policy */
+extern FILE *yyin;
+extern void init_parser(int);
+extern int yyparse(void);
+extern void yyrestart(FILE *);
+extern queue_t id_queue;
+extern unsigned int policydb_errors;
+extern unsigned long policydb_lineno;
+extern policydb_t *policydbp;
+extern int mlspol;
+extern void set_source_file(const char *name);
+
+int read_source_policy(policydb_t * p, const char *file, const char *progname)
+{
+ yyin = fopen(file, "r");
+ if (!yyin) {
+ fprintf(stderr, "%s: unable to open %s\n", progname, file);
+ return -1;
+ }
+ set_source_file(file);
+
+ if ((id_queue = queue_create()) == NULL) {
+ fprintf(stderr, "%s: out of memory!\n", progname);
+ return -1;
+ }
+
+ policydbp = p;
+ mlspol = p->mls;
+
+ init_parser(1);
+ if (yyparse() || policydb_errors) {
+ fprintf(stderr,
+ "%s: error(s) encountered while parsing configuration\n",
+ progname);
+ return -1;
+ }
+ rewind(yyin);
+ init_parser(2);
+ set_source_file(file);
+ yyrestart(yyin);
+ if (yyparse() || policydb_errors) {
+ fprintf(stderr,
+ "%s: error(s) encountered while parsing configuration\n",
+ progname);
+ return -1;
+ }
+ queue_destroy(id_queue);
+
+ if (policydb_errors)
+ return -1;
+
+ fclose(yyin);
+
+ return 0;
+}
diff --git a/checkpolicy/parse_util.h b/checkpolicy/parse_util.h
new file mode 100644
index 0000000..a80128a
--- /dev/null
+++ b/checkpolicy/parse_util.h
@@ -0,0 +1,35 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* Utility functions shared by checkpolicy and checkmodule */
+
+#ifndef __PARSE_UTIL_H__
+#define __PARSE_UTIL_H__
+
+#include <sepol/policydb/policydb.h>
+
+/* Read a source policy and populate the policydb passed in. The
+ * policydb must already have been created and configured (e.g.,
+ * expected policy type set. The string progname is used for
+ * error messages. No checking of assertions, hierarchy, etc.
+ * is done. */
+int read_source_policy(policydb_t * p, const char *file, const char *progname);
+
+#endif
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
new file mode 100644
index 0000000..9f49043
--- /dev/null
+++ b/checkpolicy/policy_define.c
@@ -0,0 +1,3874 @@
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: David Caplan, <dac@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@mentalrootkit.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Added support for binary policy modules
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2008 Tresys Technology, LLC
+ * Copyright (C) 2007 Red Hat Inc.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/* FLASK */
+
+#include <sys/types.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/polcaps.h>
+#include "queue.h"
+#include "checkpolicy.h"
+#include "module_compiler.h"
+#include "policy_define.h"
+
+policydb_t *policydbp;
+queue_t id_queue = 0;
+unsigned int pass;
+char *curfile = 0;
+int mlspol = 0;
+
+extern unsigned long policydb_lineno;
+extern unsigned long source_lineno;
+extern unsigned int policydb_errors;
+
+extern int yywarn(char *msg);
+extern int yyerror(char *msg);
+
+#define ERRORMSG_LEN 255
+static char errormsg[ERRORMSG_LEN + 1] = {0};
+
+static int id_has_dot(char *id);
+static int parse_security_context(context_struct_t *c);
+
+/* initialize all of the state variables for the scanner/parser */
+void init_parser(int pass_number)
+{
+ policydb_lineno = 1;
+ source_lineno = 1;
+ policydb_errors = 0;
+ pass = pass_number;
+}
+
+void yyerror2(char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vsnprintf(errormsg, ERRORMSG_LEN, fmt, ap);
+ yyerror(errormsg);
+ va_end(ap);
+}
+
+int insert_separator(int push)
+{
+ int error;
+
+ if (push)
+ error = queue_push(id_queue, 0);
+ else
+ error = queue_insert(id_queue, 0);
+
+ if (error) {
+ yyerror("queue overflow");
+ return -1;
+ }
+ return 0;
+}
+
+int insert_id(char *id, int push)
+{
+ char *newid = 0;
+ int error;
+
+ newid = (char *)malloc(strlen(id) + 1);
+ if (!newid) {
+ yyerror("out of memory");
+ return -1;
+ }
+ strcpy(newid, id);
+ if (push)
+ error = queue_push(id_queue, (queue_element_t) newid);
+ else
+ error = queue_insert(id_queue, (queue_element_t) newid);
+
+ if (error) {
+ yyerror("queue overflow");
+ free(newid);
+ return -1;
+ }
+ return 0;
+}
+
+/* If the identifier has a dot within it and that its first character
+ is not a dot then return 1, else return 0. */
+static int id_has_dot(char *id)
+{
+ if (strchr(id, '.') >= id + 1) {
+ return 1;
+ }
+ return 0;
+}
+
+int define_class(void)
+{
+ char *id = 0;
+ class_datum_t *datum = 0;
+ int ret;
+ uint32_t value;
+
+ if (pass == 2) {
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no class name for class definition?");
+ return -1;
+ }
+ datum = (class_datum_t *) malloc(sizeof(class_datum_t));
+ if (!datum) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ memset(datum, 0, sizeof(class_datum_t));
+ ret = declare_symbol(SYM_CLASSES, id, datum, &value, &value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto bad;
+ }
+ case -2:{
+ yyerror2("duplicate declaration of class %s", id);
+ goto bad;
+ }
+ case -1:{
+ yyerror("could not declare class here");
+ goto bad;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ datum->s.value = value;
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (datum)
+ free(datum);
+ return -1;
+}
+
+int define_permissive(void)
+{
+ char *type = NULL;
+ struct type_datum *t;
+ int rc = 0;
+
+ type = queue_remove(id_queue);
+
+ if (!type) {
+ yyerror2("forgot to include type in permissive definition?");
+ rc = -1;
+ goto out;
+ }
+
+ if (pass == 1)
+ goto out;
+
+ if (!is_id_in_scope(SYM_TYPES, type)) {
+ yyerror2("type %s is not within scope", type);
+ rc = -1;
+ goto out;
+ }
+
+ t = hashtab_search(policydbp->p_types.table, type);
+ if (!t) {
+ yyerror2("type is not defined: %s", type);
+ rc = -1;
+ goto out;
+ }
+
+ if (t->flavor == TYPE_ATTRIB) {
+ yyerror2("attributes may not be permissive: %s\n", type);
+ rc = -1;
+ goto out;
+ }
+
+ t->flags |= TYPE_FLAGS_PERMISSIVE;
+
+out:
+ free(type);
+ return rc;
+}
+
+int define_polcap(void)
+{
+ char *id = 0;
+ int capnum;
+
+ if (pass == 2) {
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no capability name for policycap definition?");
+ goto bad;
+ }
+
+ /* Check for valid cap name -> number mapping */
+ capnum = sepol_polcap_getnum(id);
+ if (capnum < 0) {
+ yyerror2("invalid policy capability name %s", id);
+ goto bad;
+ }
+
+ /* Store it */
+ if (ebitmap_set_bit(&policydbp->policycaps, capnum, TRUE)) {
+ yyerror("out of memory");
+ goto bad;
+ }
+
+ free(id);
+ return 0;
+
+ bad:
+ free(id);
+ return -1;
+}
+
+int define_initial_sid(void)
+{
+ char *id = 0;
+ ocontext_t *newc = 0, *c, *head;
+
+ if (pass == 2) {
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no sid name for SID definition?");
+ return -1;
+ }
+ newc = (ocontext_t *) malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+ newc->u.name = id;
+ context_init(&newc->context[0]);
+ head = policydbp->ocontexts[OCON_ISID];
+
+ for (c = head; c; c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name)) {
+ yyerror2("duplicate initial SID %s", id);
+ goto bad;
+ }
+ }
+
+ if (head) {
+ newc->sid[0] = head->sid[0] + 1;
+ } else {
+ newc->sid[0] = 1;
+ }
+ newc->next = head;
+ policydbp->ocontexts[OCON_ISID] = newc;
+
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (newc)
+ free(newc);
+ return -1;
+}
+
+int define_common_perms(void)
+{
+ char *id = 0, *perm = 0;
+ common_datum_t *comdatum = 0;
+ perm_datum_t *perdatum = 0;
+ int ret;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no common name for common perm definition?");
+ return -1;
+ }
+ comdatum = hashtab_search(policydbp->p_commons.table, id);
+ if (comdatum) {
+ yyerror2("duplicate declaration for common %s\n", id);
+ return -1;
+ }
+ comdatum = (common_datum_t *) malloc(sizeof(common_datum_t));
+ if (!comdatum) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ memset(comdatum, 0, sizeof(common_datum_t));
+ ret = hashtab_insert(policydbp->p_commons.table,
+ (hashtab_key_t) id, (hashtab_datum_t) comdatum);
+
+ if (ret == SEPOL_EEXIST) {
+ yyerror("duplicate common definition");
+ goto bad;
+ }
+ if (ret == SEPOL_ENOMEM) {
+ yyerror("hash table overflow");
+ goto bad;
+ }
+ comdatum->s.value = policydbp->p_commons.nprim + 1;
+ if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ policydbp->p_commons.nprim++;
+ while ((perm = queue_remove(id_queue))) {
+ perdatum = (perm_datum_t *) malloc(sizeof(perm_datum_t));
+ if (!perdatum) {
+ yyerror("out of memory");
+ goto bad_perm;
+ }
+ memset(perdatum, 0, sizeof(perm_datum_t));
+ perdatum->s.value = comdatum->permissions.nprim + 1;
+
+ if (perdatum->s.value > (sizeof(sepol_access_vector_t) * 8)) {
+ yyerror
+ ("too many permissions to fit in an access vector");
+ goto bad_perm;
+ }
+ ret = hashtab_insert(comdatum->permissions.table,
+ (hashtab_key_t) perm,
+ (hashtab_datum_t) perdatum);
+
+ if (ret == SEPOL_EEXIST) {
+ yyerror2("duplicate permission %s in common %s", perm,
+ id);
+ goto bad_perm;
+ }
+ if (ret == SEPOL_ENOMEM) {
+ yyerror("hash table overflow");
+ goto bad_perm;
+ }
+ comdatum->permissions.nprim++;
+ }
+
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (comdatum)
+ free(comdatum);
+ return -1;
+
+ bad_perm:
+ if (perm)
+ free(perm);
+ if (perdatum)
+ free(perdatum);
+ return -1;
+}
+
+int define_av_perms(int inherits)
+{
+ char *id;
+ class_datum_t *cladatum;
+ common_datum_t *comdatum;
+ perm_datum_t *perdatum = 0, *perdatum2 = 0;
+ int ret;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no tclass name for av perm definition?");
+ return -1;
+ }
+ cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
+ if (!cladatum) {
+ yyerror2("class %s is not defined", id);
+ goto bad;
+ }
+ free(id);
+
+ if (cladatum->comdatum || cladatum->permissions.nprim) {
+ yyerror("duplicate access vector definition");
+ return -1;
+ }
+ if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) {
+ yyerror("out of memory");
+ return -1;
+ }
+ if (inherits) {
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror
+ ("no inherits name for access vector definition?");
+ return -1;
+ }
+ comdatum =
+ (common_datum_t *) hashtab_search(policydbp->p_commons.
+ table,
+ (hashtab_key_t) id);
+
+ if (!comdatum) {
+ yyerror2("common %s is not defined", id);
+ goto bad;
+ }
+ cladatum->comkey = id;
+ cladatum->comdatum = comdatum;
+
+ /*
+ * Class-specific permissions start with values
+ * after the last common permission.
+ */
+ cladatum->permissions.nprim += comdatum->permissions.nprim;
+ }
+ while ((id = queue_remove(id_queue))) {
+ perdatum = (perm_datum_t *) malloc(sizeof(perm_datum_t));
+ if (!perdatum) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ memset(perdatum, 0, sizeof(perm_datum_t));
+ perdatum->s.value = ++cladatum->permissions.nprim;
+
+ if (perdatum->s.value > (sizeof(sepol_access_vector_t) * 8)) {
+ yyerror
+ ("too many permissions to fit in an access vector");
+ goto bad;
+ }
+ if (inherits) {
+ /*
+ * Class-specific permissions and
+ * common permissions exist in the same
+ * name space.
+ */
+ perdatum2 =
+ (perm_datum_t *) hashtab_search(cladatum->comdatum->
+ permissions.table,
+ (hashtab_key_t) id);
+ if (perdatum2) {
+ yyerror2("permission %s conflicts with an "
+ "inherited permission", id);
+ goto bad;
+ }
+ }
+ ret = hashtab_insert(cladatum->permissions.table,
+ (hashtab_key_t) id,
+ (hashtab_datum_t) perdatum);
+
+ if (ret == SEPOL_EEXIST) {
+ yyerror2("duplicate permission %s", id);
+ goto bad;
+ }
+ if (ret == SEPOL_ENOMEM) {
+ yyerror("hash table overflow");
+ goto bad;
+ }
+ if (add_perm_to_class(perdatum->s.value, cladatum->s.value)) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ }
+
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (perdatum)
+ free(perdatum);
+ return -1;
+}
+
+int define_sens(void)
+{
+ char *id;
+ mls_level_t *level = 0;
+ level_datum_t *datum = 0, *aliasdatum = 0;
+ int ret;
+ uint32_t value; /* dummy variable -- its value is never used */
+
+ if (!mlspol) {
+ yyerror("sensitivity definition in non-MLS configuration");
+ return -1;
+ }
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no sensitivity name for sensitivity definition?");
+ return -1;
+ }
+ if (id_has_dot(id)) {
+ yyerror("sensitivity identifiers may not contain periods");
+ goto bad;
+ }
+ level = (mls_level_t *) malloc(sizeof(mls_level_t));
+ if (!level) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ mls_level_init(level);
+ level->sens = 0; /* actual value set in define_dominance */
+ ebitmap_init(&level->cat); /* actual value set in define_level */
+
+ datum = (level_datum_t *) malloc(sizeof(level_datum_t));
+ if (!datum) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ level_datum_init(datum);
+ datum->isalias = FALSE;
+ datum->level = level;
+
+ ret = declare_symbol(SYM_LEVELS, id, datum, &value, &value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto bad;
+ }
+ case -2:{
+ yyerror("duplicate declaration of sensitivity level");
+ goto bad;
+ }
+ case -1:{
+ yyerror("could not declare sensitivity level here");
+ goto bad;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (id_has_dot(id)) {
+ yyerror("sensitivity aliases may not contain periods");
+ goto bad_alias;
+ }
+ aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t));
+ if (!aliasdatum) {
+ yyerror("out of memory");
+ goto bad_alias;
+ }
+ level_datum_init(aliasdatum);
+ aliasdatum->isalias = TRUE;
+ aliasdatum->level = level;
+
+ ret = declare_symbol(SYM_LEVELS, id, aliasdatum, NULL, &value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto bad_alias;
+ }
+ case -2:{
+ yyerror
+ ("duplicate declaration of sensitivity alias");
+ goto bad_alias;
+ }
+ case -1:{
+ yyerror
+ ("could not declare sensitivity alias here");
+ goto bad_alias;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ }
+
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (level)
+ free(level);
+ if (datum) {
+ level_datum_destroy(datum);
+ free(datum);
+ }
+ return -1;
+
+ bad_alias:
+ if (id)
+ free(id);
+ if (aliasdatum) {
+ level_datum_destroy(aliasdatum);
+ free(aliasdatum);
+ }
+ return -1;
+}
+
+int define_dominance(void)
+{
+ level_datum_t *datum;
+ int order;
+ char *id;
+
+ if (!mlspol) {
+ yyerror("dominance definition in non-MLS configuration");
+ return -1;
+ }
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ order = 0;
+ while ((id = (char *)queue_remove(id_queue))) {
+ datum =
+ (level_datum_t *) hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
+ if (!datum) {
+ yyerror2("unknown sensitivity %s used in dominance "
+ "definition", id);
+ free(id);
+ return -1;
+ }
+ if (datum->level->sens != 0) {
+ yyerror2("sensitivity %s occurs multiply in dominance "
+ "definition", id);
+ free(id);
+ return -1;
+ }
+ datum->level->sens = ++order;
+
+ /* no need to keep sensitivity name */
+ free(id);
+ }
+
+ if (order != policydbp->p_levels.nprim) {
+ yyerror
+ ("all sensitivities must be specified in dominance definition");
+ return -1;
+ }
+ return 0;
+}
+
+int define_category(void)
+{
+ char *id;
+ cat_datum_t *datum = 0, *aliasdatum = 0;
+ int ret;
+ uint32_t value;
+
+ if (!mlspol) {
+ yyerror("category definition in non-MLS configuration");
+ return -1;
+ }
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no category name for category definition?");
+ return -1;
+ }
+ if (id_has_dot(id)) {
+ yyerror("category identifiers may not contain periods");
+ goto bad;
+ }
+ datum = (cat_datum_t *) malloc(sizeof(cat_datum_t));
+ if (!datum) {
+ yyerror("out of memory");
+ goto bad;
+ }
+ cat_datum_init(datum);
+ datum->isalias = FALSE;
+
+ ret = declare_symbol(SYM_CATS, id, datum, &value, &value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto bad;
+ }
+ case -2:{
+ yyerror("duplicate declaration of category");
+ goto bad;
+ }
+ case -1:{
+ yyerror("could not declare category here");
+ goto bad;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ datum->s.value = value;
+
+ while ((id = queue_remove(id_queue))) {
+ if (id_has_dot(id)) {
+ yyerror("category aliases may not contain periods");
+ goto bad_alias;
+ }
+ aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t));
+ if (!aliasdatum) {
+ yyerror("out of memory");
+ goto bad_alias;
+ }
+ cat_datum_init(aliasdatum);
+ aliasdatum->isalias = TRUE;
+ aliasdatum->s.value = datum->s.value;
+
+ ret =
+ declare_symbol(SYM_CATS, id, aliasdatum, NULL,
+ &datum->s.value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto bad_alias;
+ }
+ case -2:{
+ yyerror
+ ("duplicate declaration of category aliases");
+ goto bad_alias;
+ }
+ case -1:{
+ yyerror
+ ("could not declare category aliases here");
+ goto bad_alias;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ }
+
+ return 0;
+
+ bad:
+ if (id)
+ free(id);
+ if (datum) {
+ cat_datum_destroy(datum);
+ free(datum);
+ }
+ return -1;
+
+ bad_alias:
+ if (id)
+ free(id);
+ if (aliasdatum) {
+ cat_datum_destroy(aliasdatum);
+ free(aliasdatum);
+ }
+ return -1;
+}
+
+static int clone_level(hashtab_key_t key, hashtab_datum_t datum, void *arg)
+{
+ level_datum_t *levdatum = (level_datum_t *) datum;
+ mls_level_t *level = (mls_level_t *) arg, *newlevel;
+
+ if (levdatum->level == level) {
+ levdatum->defined = 1;
+ if (!levdatum->isalias)
+ return 0;
+ newlevel = (mls_level_t *) malloc(sizeof(mls_level_t));
+ if (!newlevel)
+ return -1;
+ if (mls_level_cpy(newlevel, level)) {
+ free(newlevel);
+ return -1;
+ }
+ levdatum->level = newlevel;
+ }
+ return 0;
+}
+
+int define_level(void)
+{
+ char *id;
+ level_datum_t *levdatum;
+
+ if (!mlspol) {
+ yyerror("level definition in non-MLS configuration");
+ return -1;
+ }
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no level name for level definition?");
+ return -1;
+ }
+ levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
+ if (!levdatum) {
+ yyerror2("unknown sensitivity %s used in level definition", id);
+ free(id);
+ return -1;
+ }
+ if (ebitmap_length(&levdatum->level->cat)) {
+ yyerror2("sensitivity %s used in multiple level definitions",
+ id);
+ free(id);
+ return -1;
+ }
+ free(id);
+
+ levdatum->defined = 1;
+
+ while ((id = queue_remove(id_queue))) {
+ cat_datum_t *cdatum;
+ int range_start, range_end, i;
+
+ if (id_has_dot(id)) {
+ char *id_start = id;
+ char *id_end = strchr(id, '.');
+
+ *(id_end++) = '\0';
+
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t)
+ id_start);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_start);
+ free(id);
+ return -1;
+ }
+ range_start = cdatum->s.value - 1;
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t)
+ id_end);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_end);
+ free(id);
+ return -1;
+ }
+ range_end = cdatum->s.value - 1;
+
+ if (range_end < range_start) {
+ yyerror2("category range is invalid");
+ free(id);
+ return -1;
+ }
+ } else {
+ cdatum =
+ (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ table,
+ (hashtab_key_t) id);
+ range_start = range_end = cdatum->s.value - 1;
+ }
+
+ for (i = range_start; i <= range_end; i++) {
+ if (ebitmap_set_bit(&levdatum->level->cat, i, TRUE)) {
+ yyerror("out of memory");
+ free(id);
+ return -1;
+ }
+ }
+
+ free(id);
+ }
+
+ if (hashtab_map
+ (policydbp->p_levels.table, clone_level, levdatum->level)) {
+ yyerror("out of memory");
+ return -1;
+ }
+
+ return 0;
+}
+
+int define_attrib(void)
+{
+ if (pass == 2) {
+ free(queue_remove(id_queue));
+ return 0;
+ }
+
+ if (declare_type(TRUE, TRUE) == NULL) {
+ return -1;
+ }
+ return 0;
+}
+
+static int add_aliases_to_type(type_datum_t * type)
+{
+ char *id;
+ type_datum_t *aliasdatum = NULL;
+ int ret;
+ while ((id = queue_remove(id_queue))) {
+ if (id_has_dot(id)) {
+ free(id);
+ yyerror
+ ("type alias identifiers may not contain periods");
+ return -1;
+ }
+ aliasdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
+ if (!aliasdatum) {
+ free(id);
+ yyerror("Out of memory!");
+ return -1;
+ }
+ memset(aliasdatum, 0, sizeof(type_datum_t));
+ aliasdatum->s.value = type->s.value;
+
+ ret = declare_symbol(SYM_TYPES, id, aliasdatum,
+ NULL, &aliasdatum->s.value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ case -2:{
+ yyerror2("duplicate declaration of alias %s",
+ id);
+ goto cleanup;
+ }
+ case -1:{
+ yyerror("could not declare alias here");
+ goto cleanup;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ }
+ return 0;
+ cleanup:
+ free(id);
+ type_datum_destroy(aliasdatum);
+ free(aliasdatum);
+ return -1;
+}
+
+int define_typealias(void)
+{
+ char *id;
+ type_datum_t *t;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no type name for typealias definition?");
+ return -1;
+ }
+
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("type %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ t = hashtab_search(policydbp->p_types.table, id);
+ if (!t || t->flavor == TYPE_ATTRIB) {
+ yyerror2("unknown type %s, or it was already declared as an "
+ "attribute", id);
+ free(id);
+ return -1;
+ }
+ return add_aliases_to_type(t);
+}
+
+int define_typeattribute(void)
+{
+ char *id;
+ type_datum_t *t, *attr;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no type name for typeattribute definition?");
+ return -1;
+ }
+
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("type %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ t = hashtab_search(policydbp->p_types.table, id);
+ if (!t || t->flavor == TYPE_ATTRIB) {
+ yyerror2("unknown type %s", id);
+ free(id);
+ return -1;
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("attribute %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ attr = hashtab_search(policydbp->p_types.table, id);
+ if (!attr) {
+ /* treat it as a fatal error */
+ yyerror2("attribute %s is not declared", id);
+ free(id);
+ return -1;
+ }
+
+ if (attr->flavor != TYPE_ATTRIB) {
+ yyerror2("%s is a type, not an attribute", id);
+ free(id);
+ return -1;
+ }
+
+ if ((attr = get_local_type(id, attr->s.value, 1)) == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&attr->types, (t->s.value - 1), TRUE)) {
+ yyerror("out of memory");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+int define_type(int alias)
+{
+ char *id;
+ type_datum_t *datum, *attr;
+ int newattr = 0;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ if (alias) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return 0;
+ }
+
+ if ((datum = declare_type(TRUE, FALSE)) == NULL) {
+ return -1;
+ }
+
+ if (alias) {
+ if (add_aliases_to_type(datum) == -1) {
+ return -1;
+ }
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("attribute %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ attr = hashtab_search(policydbp->p_types.table, id);
+ if (!attr) {
+ /* treat it as a fatal error */
+ yyerror2("attribute %s is not declared", id);
+ return -1;
+ } else {
+ newattr = 0;
+ }
+
+ if (attr->flavor != TYPE_ATTRIB) {
+ yyerror2("%s is a type, not an attribute", id);
+ return -1;
+ }
+
+ if ((attr = get_local_type(id, attr->s.value, 1)) == NULL) {
+ yyerror("Out of memory!");
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&attr->types, datum->s.value - 1, TRUE)) {
+ yyerror("Out of memory");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+struct val_to_name {
+ unsigned int val;
+ char *name;
+};
+
+/* Adds a type, given by its textual name, to a typeset. If *add is
+ 0, then add the type to the negative set; otherwise if *add is 1
+ then add it to the positive side. */
+static int set_types(type_set_t * set, char *id, int *add, char starallowed)
+{
+ type_datum_t *t;
+
+ if (strcmp(id, "*") == 0) {
+ if (!starallowed) {
+ yyerror("* not allowed in this type of rule");
+ return -1;
+ }
+ /* set TYPE_STAR flag */
+ set->flags = TYPE_STAR;
+ free(id);
+ *add = 1;
+ return 0;
+ }
+
+ if (strcmp(id, "~") == 0) {
+ if (!starallowed) {
+ yyerror("~ not allowed in this type of rule");
+ return -1;
+ }
+ /* complement the set */
+ set->flags = TYPE_COMP;
+ free(id);
+ *add = 1;
+ return 0;
+ }
+
+ if (strcmp(id, "-") == 0) {
+ *add = 0;
+ free(id);
+ return 0;
+ }
+
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("type %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ t = hashtab_search(policydbp->p_types.table, id);
+ if (!t) {
+ yyerror2("unknown type %s", id);
+ free(id);
+ return -1;
+ }
+
+ if (*add == 0) {
+ if (ebitmap_set_bit(&set->negset, t->s.value - 1, TRUE))
+ goto oom;
+ } else {
+ if (ebitmap_set_bit(&set->types, t->s.value - 1, TRUE))
+ goto oom;
+ }
+ free(id);
+ *add = 1;
+ return 0;
+ oom:
+ yyerror("Out of memory");
+ free(id);
+ return -1;
+}
+
+int define_compute_type_helper(int which, avrule_t ** rule)
+{
+ char *id;
+ type_datum_t *datum;
+ class_datum_t *cladatum;
+ ebitmap_t tclasses;
+ ebitmap_node_t *node;
+ avrule_t *avrule;
+ class_perm_node_t *perm;
+ int i, add = 1;
+
+ avrule = malloc(sizeof(avrule_t));
+ if (!avrule) {
+ yyerror("out of memory");
+ return -1;
+ }
+ avrule_init(avrule);
+ avrule->specified = which;
+ avrule->line = policydb_lineno;
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&avrule->stypes, id, &add, 0))
+ return -1;
+ }
+ add = 1;
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&avrule->ttypes, id, &add, 0))
+ return -1;
+ }
+
+ ebitmap_init(&tclasses);
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ free(id);
+ goto bad;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ goto bad;
+ }
+ if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
+ yyerror("Out of memory");
+ goto bad;
+ }
+ free(id);
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no newtype?");
+ goto bad;
+ }
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("type %s is not within scope", id);
+ free(id);
+ goto bad;
+ }
+ datum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
+ (hashtab_key_t) id);
+ if (!datum || datum->flavor == TYPE_ATTRIB) {
+ yyerror2("unknown type %s", id);
+ goto bad;
+ }
+
+ ebitmap_for_each_bit(&tclasses, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ perm = malloc(sizeof(class_perm_node_t));
+ if (!perm) {
+ yyerror("out of memory");
+ return -1;
+ }
+ class_perm_node_init(perm);
+ perm->class = i + 1;
+ perm->data = datum->s.value;
+ perm->next = avrule->perms;
+ avrule->perms = perm;
+ }
+ }
+ ebitmap_destroy(&tclasses);
+
+ *rule = avrule;
+ return 0;
+
+ bad:
+ avrule_destroy(avrule);
+ free(avrule);
+ return -1;
+}
+
+int define_compute_type(int which)
+{
+ char *id;
+ avrule_t *avrule;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ if (define_compute_type_helper(which, &avrule))
+ return -1;
+
+ append_avrule(avrule);
+ return 0;
+}
+
+avrule_t *define_cond_compute_type(int which)
+{
+ char *id;
+ avrule_t *avrule;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ id = queue_remove(id_queue);
+ free(id);
+ return (avrule_t *) 1;
+ }
+
+ if (define_compute_type_helper(which, &avrule))
+ return COND_ERR;
+
+ return avrule;
+}
+
+int define_bool(void)
+{
+ char *id, *bool_value;
+ cond_bool_datum_t *datum;
+ int ret;
+ uint32_t value;
+
+ if (pass == 2) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no identifier for bool definition?");
+ return -1;
+ }
+ if (id_has_dot(id)) {
+ free(id);
+ yyerror("boolean identifiers may not contain periods");
+ return -1;
+ }
+ datum = (cond_bool_datum_t *) malloc(sizeof(cond_bool_datum_t));
+ if (!datum) {
+ yyerror("out of memory");
+ free(id);
+ return -1;
+ }
+ memset(datum, 0, sizeof(cond_bool_datum_t));
+ ret = declare_symbol(SYM_BOOLS, id, datum, &value, &value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ case -2:{
+ yyerror2("duplicate declaration of boolean %s", id);
+ goto cleanup;
+ }
+ case -1:{
+ yyerror("could not declare boolean here");
+ goto cleanup;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ datum->s.value = value;
+
+ bool_value = (char *)queue_remove(id_queue);
+ if (!bool_value) {
+ yyerror("no default value for bool definition?");
+ free(id);
+ return -1;
+ }
+
+ datum->state = (int)(bool_value[0] == 'T') ? 1 : 0;
+ return 0;
+ cleanup:
+ cond_destroy_bool(id, datum, NULL);
+ return -1;
+}
+
+avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * sl)
+{
+ if (pass == 1) {
+ /* return something so we get through pass 1 */
+ return (avrule_t *) 1;
+ }
+
+ if (sl == NULL) {
+ /* This is a require block, return previous list */
+ return avlist;
+ }
+
+ /* prepend the new avlist to the pre-existing one */
+ sl->next = avlist;
+ return sl;
+}
+
+int define_te_avtab_helper(int which, avrule_t ** rule)
+{
+ char *id;
+ class_datum_t *cladatum;
+ perm_datum_t *perdatum = NULL;
+ class_perm_node_t *perms, *tail = NULL, *cur_perms = NULL;
+ ebitmap_t tclasses;
+ ebitmap_node_t *node;
+ avrule_t *avrule;
+ unsigned int i;
+ int add = 1, ret = 0;
+ int suppress = 0;
+
+ avrule = (avrule_t *) malloc(sizeof(avrule_t));
+ if (!avrule) {
+ yyerror("memory error");
+ ret = -1;
+ goto out;
+ }
+ avrule_init(avrule);
+ avrule->specified = which;
+ avrule->line = policydb_lineno;
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_types
+ (&avrule->stypes, id, &add,
+ which == AVRULE_NEVERALLOW ? 1 : 0)) {
+ ret = -1;
+ goto out;
+ }
+ }
+ add = 1;
+ while ((id = queue_remove(id_queue))) {
+ if (strcmp(id, "self") == 0) {
+ free(id);
+ avrule->flags |= RULE_SELF;
+ continue;
+ }
+ if (set_types
+ (&avrule->ttypes, id, &add,
+ which == AVRULE_NEVERALLOW ? 1 : 0)) {
+ ret = -1;
+ goto out;
+ }
+ }
+
+ ebitmap_init(&tclasses);
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ ret = -1;
+ goto out;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table, id);
+ if (!cladatum) {
+ yyerror2("unknown class %s used in rule", id);
+ ret = -1;
+ goto out;
+ }
+ if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
+ yyerror("Out of memory");
+ ret = -1;
+ goto out;
+ }
+ free(id);
+ }
+
+ perms = NULL;
+ ebitmap_for_each_bit(&tclasses, node, i) {
+ if (!ebitmap_node_get_bit(node, i))
+ continue;
+ cur_perms =
+ (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
+ if (!cur_perms) {
+ yyerror("out of memory");
+ ret = -1;
+ goto out;
+ }
+ class_perm_node_init(cur_perms);
+ cur_perms->class = i + 1;
+ if (!perms)
+ perms = cur_perms;
+ if (tail)
+ tail->next = cur_perms;
+ tail = cur_perms;
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ cur_perms = perms;
+ ebitmap_for_each_bit(&tclasses, node, i) {
+ if (!ebitmap_node_get_bit(node, i))
+ continue;
+ cladatum = policydbp->class_val_to_struct[i];
+
+ if (strcmp(id, "*") == 0) {
+ /* set all permissions in the class */
+ cur_perms->data = ~0U;
+ goto next;
+ }
+
+ if (strcmp(id, "~") == 0) {
+ /* complement the set */
+ if (which == AVRULE_DONTAUDIT)
+ yywarn("dontaudit rule with a ~?");
+ cur_perms->data = ~cur_perms->data;
+ goto next;
+ }
+
+ perdatum =
+ hashtab_search(cladatum->permissions.table, id);
+ if (!perdatum) {
+ if (cladatum->comdatum) {
+ perdatum =
+ hashtab_search(cladatum->comdatum->
+ permissions.table,
+ id);
+ }
+ }
+ if (!perdatum) {
+ if (!suppress)
+ yyerror2("permission %s is not defined"
+ " for class %s", id,
+ policydbp->p_class_val_to_name[i]);
+ continue;
+ } else
+ if (!is_perm_in_scope
+ (id, policydbp->p_class_val_to_name[i])) {
+ if (!suppress) {
+ yyerror2("permission %s of class %s is"
+ " not within scope", id,
+ policydbp->p_class_val_to_name[i]);
+ }
+ continue;
+ } else {
+ cur_perms->data |= 1U << (perdatum->s.value - 1);
+ }
+ next:
+ cur_perms = cur_perms->next;
+ }
+
+ free(id);
+ }
+
+ ebitmap_destroy(&tclasses);
+
+ avrule->perms = perms;
+ *rule = avrule;
+
+ out:
+ return ret;
+
+}
+
+avrule_t *define_cond_te_avtab(int which)
+{
+ char *id;
+ avrule_t *avrule;
+ int i;
+
+ if (pass == 1) {
+ for (i = 0; i < 4; i++) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return (avrule_t *) 1; /* any non-NULL value */
+ }
+
+ if (define_te_avtab_helper(which, &avrule))
+ return COND_ERR;
+
+ return avrule;
+}
+
+int define_te_avtab(int which)
+{
+ char *id;
+ avrule_t *avrule;
+ int i;
+
+ if (pass == 1) {
+ for (i = 0; i < 4; i++) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return 0;
+ }
+
+ if (define_te_avtab_helper(which, &avrule))
+ return -1;
+
+ /* append this avrule to the end of the current rules list */
+ append_avrule(avrule);
+ return 0;
+}
+
+int define_role_types(void)
+{
+ role_datum_t *role;
+ char *id;
+ int add = 1;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ if ((role = declare_role()) == NULL) {
+ return -1;
+ }
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&role->types, id, &add, 0))
+ return -1;
+ }
+
+ return 0;
+}
+
+role_datum_t *merge_roles_dom(role_datum_t * r1, role_datum_t * r2)
+{
+ role_datum_t *new;
+
+ if (pass == 1) {
+ return (role_datum_t *) 1; /* any non-NULL value */
+ }
+
+ new = malloc(sizeof(role_datum_t));
+ if (!new) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ memset(new, 0, sizeof(role_datum_t));
+ new->s.value = 0; /* temporary role */
+ if (ebitmap_or(&new->dominates, &r1->dominates, &r2->dominates)) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ if (ebitmap_or(&new->types.types, &r1->types.types, &r2->types.types)) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ if (!r1->s.value) {
+ /* free intermediate result */
+ type_set_destroy(&r1->types);
+ ebitmap_destroy(&r1->dominates);
+ free(r1);
+ }
+ if (!r2->s.value) {
+ /* free intermediate result */
+ yyerror("right hand role is temporary?");
+ type_set_destroy(&r2->types);
+ ebitmap_destroy(&r2->dominates);
+ free(r2);
+ }
+ return new;
+}
+
+/* This function eliminates the ordering dependency of role dominance rule */
+static int dominate_role_recheck(hashtab_key_t key, hashtab_datum_t datum,
+ void *arg)
+{
+ role_datum_t *rdp = (role_datum_t *) arg;
+ role_datum_t *rdatum = (role_datum_t *) datum;
+ ebitmap_node_t *node;
+ int i;
+
+ /* Don't bother to process against self role */
+ if (rdatum->s.value == rdp->s.value)
+ return 0;
+
+ /* If a dominating role found */
+ if (ebitmap_get_bit(&(rdatum->dominates), rdp->s.value - 1)) {
+ ebitmap_t types;
+ ebitmap_init(&types);
+ if (type_set_expand(&rdp->types, &types, policydbp, 1)) {
+ ebitmap_destroy(&types);
+ return -1;
+ }
+ /* raise types and dominates from dominated role */
+ ebitmap_for_each_bit(&rdp->dominates, node, i) {
+ if (ebitmap_node_get_bit(node, i))
+ if (ebitmap_set_bit
+ (&rdatum->dominates, i, TRUE))
+ goto oom;
+ }
+ ebitmap_for_each_bit(&types, node, i) {
+ if (ebitmap_node_get_bit(node, i))
+ if (ebitmap_set_bit
+ (&rdatum->types.types, i, TRUE))
+ goto oom;
+ }
+ ebitmap_destroy(&types);
+ }
+
+ /* go through all the roles */
+ return 0;
+ oom:
+ yyerror("Out of memory");
+ return -1;
+}
+
+role_datum_t *define_role_dom(role_datum_t * r)
+{
+ role_datum_t *role;
+ char *role_id;
+ ebitmap_node_t *node;
+ unsigned int i;
+ int ret;
+
+ if (pass == 1) {
+ role_id = queue_remove(id_queue);
+ free(role_id);
+ return (role_datum_t *) 1; /* any non-NULL value */
+ }
+
+ yywarn("Role dominance has been deprecated");
+
+ role_id = queue_remove(id_queue);
+ if (!is_id_in_scope(SYM_ROLES, role_id)) {
+ yyerror2("role %s is not within scope", role_id);
+ free(role_id);
+ return NULL;
+ }
+ role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
+ role_id);
+ if (!role) {
+ role = (role_datum_t *) malloc(sizeof(role_datum_t));
+ if (!role) {
+ yyerror("out of memory");
+ free(role_id);
+ return NULL;
+ }
+ memset(role, 0, sizeof(role_datum_t));
+ ret =
+ declare_symbol(SYM_ROLES, (hashtab_key_t) role_id,
+ (hashtab_datum_t) role, &role->s.value,
+ &role->s.value);
+ switch (ret) {
+ case -3:{
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ case -2:{
+ yyerror2("duplicate declaration of role %s",
+ role_id);
+ goto cleanup;
+ }
+ case -1:{
+ yyerror("could not declare role here");
+ goto cleanup;
+ }
+ case 0:
+ case 1:{
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ if (ebitmap_set_bit(&role->dominates, role->s.value - 1, TRUE)) {
+ yyerror("Out of memory!");
+ goto cleanup;
+ }
+ }
+ if (r) {
+ ebitmap_t types;
+ ebitmap_init(&types);
+ ebitmap_for_each_bit(&r->dominates, node, i) {
+ if (ebitmap_node_get_bit(node, i))
+ if (ebitmap_set_bit(&role->dominates, i, TRUE))
+ goto oom;
+ }
+ if (type_set_expand(&r->types, &types, policydbp, 1)) {
+ ebitmap_destroy(&types);
+ return NULL;
+ }
+ ebitmap_for_each_bit(&types, node, i) {
+ if (ebitmap_node_get_bit(node, i))
+ if (ebitmap_set_bit
+ (&role->types.types, i, TRUE))
+ goto oom;
+ }
+ ebitmap_destroy(&types);
+ if (!r->s.value) {
+ /* free intermediate result */
+ type_set_destroy(&r->types);
+ ebitmap_destroy(&r->dominates);
+ free(r);
+ }
+ /*
+ * Now go through all the roles and escalate this role's
+ * dominates and types if a role dominates this role.
+ */
+ hashtab_map(policydbp->p_roles.table,
+ dominate_role_recheck, role);
+ }
+ return role;
+ cleanup:
+ free(role_id);
+ role_datum_destroy(role);
+ free(role);
+ return NULL;
+ oom:
+ yyerror("Out of memory");
+ goto cleanup;
+}
+
+static int role_val_to_name_helper(hashtab_key_t key, hashtab_datum_t datum,
+ void *p)
+{
+ struct val_to_name *v = p;
+ role_datum_t *roldatum;
+
+ roldatum = (role_datum_t *) datum;
+
+ if (v->val == roldatum->s.value) {
+ v->name = key;
+ return 1;
+ }
+
+ return 0;
+}
+
+static char *role_val_to_name(unsigned int val)
+{
+ struct val_to_name v;
+ int rc;
+
+ v.val = val;
+ rc = hashtab_map(policydbp->p_roles.table, role_val_to_name_helper, &v);
+ if (rc)
+ return v.name;
+ return NULL;
+}
+
+static int set_roles(role_set_t * set, char *id)
+{
+ role_datum_t *r;
+
+ if (strcmp(id, "*") == 0) {
+ free(id);
+ yyerror("* is not allowed for role sets");
+ return -1;
+ }
+
+ if (strcmp(id, "~") == 0) {
+ free(id);
+ yyerror("~ is not allowed for role sets");
+ return -1;
+ }
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ r = hashtab_search(policydbp->p_roles.table, id);
+ if (!r) {
+ yyerror2("unknown role %s", id);
+ free(id);
+ return -1;
+ }
+
+ if (ebitmap_set_bit(&set->roles, r->s.value - 1, TRUE)) {
+ yyerror("out of memory");
+ free(id);
+ return -1;
+ }
+ free(id);
+ return 0;
+}
+
+int define_role_trans(void)
+{
+ char *id;
+ role_datum_t *role;
+ role_set_t roles;
+ type_set_t types;
+ ebitmap_t e_types, e_roles;
+ ebitmap_node_t *tnode, *rnode;
+ struct role_trans *tr = NULL;
+ struct role_trans_rule *rule = NULL;
+ unsigned int i, j;
+ int add = 1;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ id = queue_remove(id_queue);
+ free(id);
+ return 0;
+ }
+
+ role_set_init(&roles);
+ ebitmap_init(&e_roles);
+ type_set_init(&types);
+ ebitmap_init(&e_types);
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_roles(&roles, id))
+ return -1;
+ }
+ add = 1;
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&types, id, &add, 0))
+ return -1;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no new role in transition definition?");
+ goto bad;
+ }
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ goto bad;
+ }
+ role = hashtab_search(policydbp->p_roles.table, id);
+ if (!role) {
+ yyerror2("unknown role %s used in transition definition", id);
+ goto bad;
+ }
+
+ /* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL))
+ goto bad;
+
+ if (type_set_expand(&types, &e_types, policydbp, 1))
+ goto bad;
+
+ ebitmap_for_each_bit(&e_roles, rnode, i) {
+ if (!ebitmap_node_get_bit(rnode, i))
+ continue;
+ ebitmap_for_each_bit(&e_types, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+
+ for (tr = policydbp->role_tr; tr; tr = tr->next) {
+ if (tr->role == (i + 1) && tr->type == (j + 1)) {
+ yyerror2("duplicate role transition for (%s,%s)",
+ role_val_to_name(i + 1),
+ policydbp->p_type_val_to_name[j]);
+ goto bad;
+ }
+ }
+
+ tr = malloc(sizeof(struct role_trans));
+ if (!tr) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(tr, 0, sizeof(struct role_trans));
+ tr->role = i + 1;
+ tr->type = j + 1;
+ tr->new_role = role->s.value;
+ tr->next = policydbp->role_tr;
+ policydbp->role_tr = tr;
+ }
+ }
+ /* Now add the real rule */
+ rule = malloc(sizeof(struct role_trans_rule));
+ if (!rule) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(rule, 0, sizeof(struct role_trans_rule));
+ rule->roles = roles;
+ rule->types = types;
+ rule->new_role = role->s.value;
+
+ append_role_trans(rule);
+
+ ebitmap_destroy(&e_roles);
+ ebitmap_destroy(&e_types);
+
+ return 0;
+
+ bad:
+ return -1;
+}
+
+int define_role_allow(void)
+{
+ char *id;
+ struct role_allow_rule *ra = 0;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ ra = malloc(sizeof(role_allow_rule_t));
+ if (!ra) {
+ yyerror("out of memory");
+ return -1;
+ }
+ role_allow_rule_init(ra);
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_roles(&ra->roles, id))
+ return -1;
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_roles(&ra->new_roles, id))
+ return -1;
+ }
+
+ append_role_allow(ra);
+ return 0;
+}
+
+static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr)
+{
+ constraint_expr_t *h = NULL, *l = NULL, *e, *newe;
+ for (e = expr; e; e = e->next) {
+ newe = malloc(sizeof(*newe));
+ if (!newe)
+ goto oom;
+ if (constraint_expr_init(newe) == -1) {
+ free(newe);
+ goto oom;
+ }
+ if (l)
+ l->next = newe;
+ else
+ h = newe;
+ l = newe;
+ newe->expr_type = e->expr_type;
+ newe->attr = e->attr;
+ newe->op = e->op;
+ if (newe->expr_type == CEXPR_NAMES) {
+ if (newe->attr & CEXPR_TYPE) {
+ if (type_set_cpy
+ (newe->type_names, e->type_names))
+ goto oom;
+ } else {
+ if (ebitmap_cpy(&newe->names, &e->names))
+ goto oom;
+ }
+ }
+ }
+
+ return h;
+ oom:
+ e = h;
+ while (e) {
+ l = e;
+ e = e->next;
+ constraint_expr_destroy(l);
+ }
+ return NULL;
+}
+
+int define_constraint(constraint_expr_t * expr)
+{
+ struct constraint_node *node;
+ char *id;
+ class_datum_t *cladatum;
+ perm_datum_t *perdatum;
+ ebitmap_t classmap;
+ ebitmap_node_t *enode;
+ constraint_expr_t *e;
+ unsigned int i;
+ int depth;
+ unsigned char useexpr = 1;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ depth = -1;
+ for (e = expr; e; e = e->next) {
+ switch (e->expr_type) {
+ case CEXPR_NOT:
+ if (depth < 0) {
+ yyerror("illegal constraint expression");
+ return -1;
+ }
+ break;
+ case CEXPR_AND:
+ case CEXPR_OR:
+ if (depth < 1) {
+ yyerror("illegal constraint expression");
+ return -1;
+ }
+ depth--;
+ break;
+ case CEXPR_ATTR:
+ case CEXPR_NAMES:
+ if (e->attr & CEXPR_XTARGET) {
+ yyerror("illegal constraint expression");
+ return -1; /* only for validatetrans rules */
+ }
+ if (depth == (CEXPR_MAXDEPTH - 1)) {
+ yyerror("constraint expression is too deep");
+ return -1;
+ }
+ depth++;
+ break;
+ default:
+ yyerror("illegal constraint expression");
+ return -1;
+ }
+ }
+ if (depth != 0) {
+ yyerror("illegal constraint expression");
+ return -1;
+ }
+
+ ebitmap_init(&classmap);
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
+ if (!cladatum) {
+ yyerror2("class %s is not defined", id);
+ ebitmap_destroy(&classmap);
+ free(id);
+ return -1;
+ }
+ if (ebitmap_set_bit(&classmap, cladatum->s.value - 1, TRUE)) {
+ yyerror("out of memory");
+ ebitmap_destroy(&classmap);
+ free(id);
+ return -1;
+ }
+ node = malloc(sizeof(struct constraint_node));
+ if (!node) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(node, 0, sizeof(constraint_node_t));
+ if (useexpr) {
+ node->expr = expr;
+ useexpr = 0;
+ } else {
+ node->expr = constraint_expr_clone(expr);
+ }
+ if (!node->expr) {
+ yyerror("out of memory");
+ return -1;
+ }
+ node->permissions = 0;
+
+ node->next = cladatum->constraints;
+ cladatum->constraints = node;
+
+ free(id);
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ ebitmap_for_each_bit(&classmap, enode, i) {
+ if (ebitmap_node_get_bit(enode, i)) {
+ cladatum = policydbp->class_val_to_struct[i];
+ node = cladatum->constraints;
+
+ perdatum =
+ (perm_datum_t *) hashtab_search(cladatum->
+ permissions.
+ table,
+ (hashtab_key_t)
+ id);
+ if (!perdatum) {
+ if (cladatum->comdatum) {
+ perdatum =
+ (perm_datum_t *)
+ hashtab_search(cladatum->
+ comdatum->
+ permissions.
+ table,
+ (hashtab_key_t)
+ id);
+ }
+ if (!perdatum) {
+ yyerror2("permission %s is not"
+ " defined", id);
+ free(id);
+ ebitmap_destroy(&classmap);
+ return -1;
+ }
+ }
+ node->permissions |=
+ (1 << (perdatum->s.value - 1));
+ }
+ }
+ free(id);
+ }
+
+ ebitmap_destroy(&classmap);
+
+ return 0;
+}
+
+int define_validatetrans(constraint_expr_t * expr)
+{
+ struct constraint_node *node;
+ char *id;
+ class_datum_t *cladatum;
+ ebitmap_t classmap;
+ constraint_expr_t *e;
+ int depth;
+ unsigned char useexpr = 1;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ return 0;
+ }
+
+ depth = -1;
+ for (e = expr; e; e = e->next) {
+ switch (e->expr_type) {
+ case CEXPR_NOT:
+ if (depth < 0) {
+ yyerror("illegal validatetrans expression");
+ return -1;
+ }
+ break;
+ case CEXPR_AND:
+ case CEXPR_OR:
+ if (depth < 1) {
+ yyerror("illegal validatetrans expression");
+ return -1;
+ }
+ depth--;
+ break;
+ case CEXPR_ATTR:
+ case CEXPR_NAMES:
+ if (depth == (CEXPR_MAXDEPTH - 1)) {
+ yyerror("validatetrans expression is too deep");
+ return -1;
+ }
+ depth++;
+ break;
+ default:
+ yyerror("illegal validatetrans expression");
+ return -1;
+ }
+ }
+ if (depth != 0) {
+ yyerror("illegal validatetrans expression");
+ return -1;
+ }
+
+ ebitmap_init(&classmap);
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ cladatum =
+ (class_datum_t *) hashtab_search(policydbp->p_classes.table,
+ (hashtab_key_t) id);
+ if (!cladatum) {
+ yyerror2("class %s is not defined", id);
+ ebitmap_destroy(&classmap);
+ free(id);
+ return -1;
+ }
+ if (ebitmap_set_bit(&classmap, (cladatum->s.value - 1), TRUE)) {
+ yyerror("out of memory");
+ ebitmap_destroy(&classmap);
+ free(id);
+ return -1;
+ }
+
+ node = malloc(sizeof(struct constraint_node));
+ if (!node) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(node, 0, sizeof(constraint_node_t));
+ if (useexpr) {
+ node->expr = expr;
+ useexpr = 0;
+ } else {
+ node->expr = constraint_expr_clone(expr);
+ }
+ node->permissions = 0;
+
+ node->next = cladatum->validatetrans;
+ cladatum->validatetrans = node;
+
+ free(id);
+ }
+
+ ebitmap_destroy(&classmap);
+
+ return 0;
+}
+
+uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
+{
+ struct constraint_expr *expr, *e1 = NULL, *e2;
+ user_datum_t *user;
+ role_datum_t *role;
+ ebitmap_t negset;
+ char *id;
+ uint32_t val;
+ int add = 1;
+
+ if (pass == 1) {
+ if (expr_type == CEXPR_NAMES) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ }
+ return 1; /* any non-NULL value */
+ }
+
+ if ((expr = malloc(sizeof(*expr))) == NULL ||
+ constraint_expr_init(expr) == -1) {
+ yyerror("out of memory");
+ free(expr);
+ return 0;
+ }
+ expr->expr_type = expr_type;
+
+ switch (expr_type) {
+ case CEXPR_NOT:
+ e1 = NULL;
+ e2 = (struct constraint_expr *)arg1;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror("illegal constraint expression");
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ e1->next = expr;
+ return arg1;
+ case CEXPR_AND:
+ case CEXPR_OR:
+ e1 = NULL;
+ e2 = (struct constraint_expr *)arg1;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror("illegal constraint expression");
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ e1->next = (struct constraint_expr *)arg2;
+
+ e1 = NULL;
+ e2 = (struct constraint_expr *)arg2;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror("illegal constraint expression");
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ e1->next = expr;
+ return arg1;
+ case CEXPR_ATTR:
+ expr->attr = arg1;
+ expr->op = arg2;
+ return (uintptr_t) expr;
+ case CEXPR_NAMES:
+ add = 1;
+ expr->attr = arg1;
+ expr->op = arg2;
+ ebitmap_init(&negset);
+ while ((id = (char *)queue_remove(id_queue))) {
+ if (expr->attr & CEXPR_USER) {
+ if (!is_id_in_scope(SYM_USERS, id)) {
+ yyerror2("user %s is not within scope",
+ id);
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ user =
+ (user_datum_t *) hashtab_search(policydbp->
+ p_users.
+ table,
+ (hashtab_key_t)
+ id);
+ if (!user) {
+ yyerror2("unknown user %s", id);
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ val = user->s.value;
+ } else if (expr->attr & CEXPR_ROLE) {
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope",
+ id);
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ role =
+ (role_datum_t *) hashtab_search(policydbp->
+ p_roles.
+ table,
+ (hashtab_key_t)
+ id);
+ if (!role) {
+ yyerror2("unknown role %s", id);
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ val = role->s.value;
+ } else if (expr->attr & CEXPR_TYPE) {
+ if (set_types(expr->type_names, id, &add, 0)) {
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ continue;
+ } else {
+ yyerror("invalid constraint expression");
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) {
+ yyerror("out of memory");
+ ebitmap_destroy(&expr->names);
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+ free(id);
+ }
+ ebitmap_destroy(&negset);
+ return (uintptr_t) expr;
+ default:
+ yyerror("invalid constraint expression");
+ constraint_expr_destroy(expr);
+ return 0;
+ }
+
+ yyerror("invalid constraint expression");
+ free(expr);
+ return 0;
+}
+
+int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
+{
+ cond_expr_t *e;
+ int depth;
+ cond_node_t cn, *cn_old;
+
+ /* expression cannot be NULL */
+ if (!expr) {
+ yyerror("illegal conditional expression");
+ return -1;
+ }
+ if (!t) {
+ if (!f) {
+ /* empty is fine, destroy expression and return */
+ cond_expr_destroy(expr);
+ return 0;
+ }
+ /* Invert */
+ t = f;
+ f = 0;
+ expr = define_cond_expr(COND_NOT, expr, 0);
+ if (!expr) {
+ yyerror("unable to invert");
+ return -1;
+ }
+ }
+
+ /* verify expression */
+ depth = -1;
+ for (e = expr; e; e = e->next) {
+ switch (e->expr_type) {
+ case COND_NOT:
+ if (depth < 0) {
+ yyerror
+ ("illegal conditional expression; Bad NOT");
+ return -1;
+ }
+ break;
+ case COND_AND:
+ case COND_OR:
+ case COND_XOR:
+ case COND_EQ:
+ case COND_NEQ:
+ if (depth < 1) {
+ yyerror
+ ("illegal conditional expression; Bad binary op");
+ return -1;
+ }
+ depth--;
+ break;
+ case COND_BOOL:
+ if (depth == (COND_EXPR_MAXDEPTH - 1)) {
+ yyerror
+ ("conditional expression is like totally too deep");
+ return -1;
+ }
+ depth++;
+ break;
+ default:
+ yyerror("illegal conditional expression");
+ return -1;
+ }
+ }
+ if (depth != 0) {
+ yyerror("illegal conditional expression");
+ return -1;
+ }
+
+ /* use tmp conditional node to partially build new node */
+ memset(&cn, 0, sizeof(cn));
+ cn.expr = expr;
+ cn.avtrue_list = t;
+ cn.avfalse_list = f;
+
+ /* normalize/precompute expression */
+ if (cond_normalize_expr(policydbp, &cn) < 0) {
+ yyerror("problem normalizing conditional expression");
+ return -1;
+ }
+
+ /* get the existing conditional node, or create a new one */
+ cn_old = get_current_cond_list(&cn);
+ if (!cn_old) {
+ return -1;
+ }
+
+ append_cond_list(&cn);
+
+ /* note that there is no check here for duplicate rules, nor
+ * check that rule already exists in base -- that will be
+ * handled during conditional expansion, in expand.c */
+
+ cn.avtrue_list = NULL;
+ cn.avfalse_list = NULL;
+ cond_node_destroy(&cn);
+
+ return 0;
+}
+
+cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void *arg2)
+{
+ struct cond_expr *expr, *e1 = NULL, *e2;
+ cond_bool_datum_t *bool_var;
+ char *id;
+
+ /* expressions are handled in the second pass */
+ if (pass == 1) {
+ if (expr_type == COND_BOOL) {
+ while ((id = queue_remove(id_queue))) {
+ free(id);
+ }
+ }
+ return (cond_expr_t *) 1; /* any non-NULL value */
+ }
+
+ /* create a new expression struct */
+ expr = malloc(sizeof(struct cond_expr));
+ if (!expr) {
+ yyerror("out of memory");
+ return NULL;
+ }
+ memset(expr, 0, sizeof(cond_expr_t));
+ expr->expr_type = expr_type;
+
+ /* create the type asked for */
+ switch (expr_type) {
+ case COND_NOT:
+ e1 = NULL;
+ e2 = (struct cond_expr *)arg1;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror("illegal conditional NOT expression");
+ free(expr);
+ return NULL;
+ }
+ e1->next = expr;
+ return (struct cond_expr *)arg1;
+ case COND_AND:
+ case COND_OR:
+ case COND_XOR:
+ case COND_EQ:
+ case COND_NEQ:
+ e1 = NULL;
+ e2 = (struct cond_expr *)arg1;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror
+ ("illegal left side of conditional binary op expression");
+ free(expr);
+ return NULL;
+ }
+ e1->next = (struct cond_expr *)arg2;
+
+ e1 = NULL;
+ e2 = (struct cond_expr *)arg2;
+ while (e2) {
+ e1 = e2;
+ e2 = e2->next;
+ }
+ if (!e1 || e1->next) {
+ yyerror
+ ("illegal right side of conditional binary op expression");
+ free(expr);
+ return NULL;
+ }
+ e1->next = expr;
+ return (struct cond_expr *)arg1;
+ case COND_BOOL:
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("bad conditional; expected boolean id");
+ free(id);
+ free(expr);
+ return NULL;
+ }
+ if (!is_id_in_scope(SYM_BOOLS, id)) {
+ yyerror2("boolean %s is not within scope", id);
+ free(id);
+ free(expr);
+ return NULL;
+ }
+ bool_var =
+ (cond_bool_datum_t *) hashtab_search(policydbp->p_bools.
+ table,
+ (hashtab_key_t) id);
+ if (!bool_var) {
+ yyerror2("unknown boolean %s in conditional expression",
+ id);
+ free(expr);
+ free(id);
+ return NULL;
+ }
+ expr->bool = bool_var->s.value;
+ free(id);
+ return expr;
+ default:
+ yyerror("illegal conditional expression");
+ return NULL;
+ }
+}
+
+static int set_user_roles(role_set_t * set, char *id)
+{
+ role_datum_t *r;
+ unsigned int i;
+ ebitmap_node_t *node;
+
+ if (strcmp(id, "*") == 0) {
+ free(id);
+ yyerror("* is not allowed in user declarations");
+ return -1;
+ }
+
+ if (strcmp(id, "~") == 0) {
+ free(id);
+ yyerror("~ is not allowed in user declarations");
+ return -1;
+ }
+
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ r = hashtab_search(policydbp->p_roles.table, id);
+ if (!r) {
+ yyerror2("unknown role %s", id);
+ free(id);
+ return -1;
+ }
+
+ /* set the role and every role it dominates */
+ ebitmap_for_each_bit(&r->dominates, node, i) {
+ if (ebitmap_node_get_bit(node, i))
+ if (ebitmap_set_bit(&set->roles, i, TRUE))
+ goto oom;
+ }
+ free(id);
+ return 0;
+ oom:
+ yyerror("out of memory");
+ return -1;
+}
+
+static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats)
+{
+ cat_datum_t *cdatum;
+ int range_start, range_end, i;
+
+ if (id_has_dot(id)) {
+ char *id_start = id;
+ char *id_end = strchr(id, '.');
+
+ *(id_end++) = '\0';
+
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t)
+ id_start);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_start);
+ return -1;
+ }
+ range_start = cdatum->s.value - 1;
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id_end);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_end);
+ return -1;
+ }
+ range_end = cdatum->s.value - 1;
+
+ if (range_end < range_start) {
+ yyerror2("category range is invalid");
+ return -1;
+ }
+ } else {
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id);
+ return -1;
+ }
+ range_start = range_end = cdatum->s.value - 1;
+ }
+
+ for (i = range_start; i <= range_end; i++) {
+ if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
+ uint32_t level_value = levdatum->level->sens - 1;
+ policydb_index_others(NULL, policydbp, 0);
+ yyerror2("category %s can not be associated "
+ "with level %s",
+ policydbp->p_cat_val_to_name[i],
+ policydbp->p_sens_val_to_name[level_value]);
+ return -1;
+ }
+ if (ebitmap_set_bit(cats, i, TRUE)) {
+ yyerror("out of memory");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static int parse_semantic_categories(char *id, level_datum_t * levdatum,
+ mls_semantic_cat_t ** cats)
+{
+ cat_datum_t *cdatum;
+ mls_semantic_cat_t *newcat;
+ unsigned int range_start, range_end;
+
+ if (id_has_dot(id)) {
+ char *id_start = id;
+ char *id_end = strchr(id, '.');
+
+ *(id_end++) = '\0';
+
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t)
+ id_start);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_start);
+ return -1;
+ }
+ range_start = cdatum->s.value;
+
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id_end);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id_end);
+ return -1;
+ }
+ range_end = cdatum->s.value;
+ } else {
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id);
+ return -1;
+ }
+ range_start = range_end = cdatum->s.value;
+ }
+
+ newcat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!newcat) {
+ yyerror("out of memory");
+ return -1;
+ }
+
+ mls_semantic_cat_init(newcat);
+ newcat->next = *cats;
+ newcat->low = range_start;
+ newcat->high = range_end;
+
+ *cats = newcat;
+
+ return 0;
+}
+
+int define_user(void)
+{
+ char *id;
+ user_datum_t *usrdatum;
+ level_datum_t *levdatum;
+ int l;
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ if (mlspol) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ id = queue_remove(id_queue);
+ free(id);
+ for (l = 0; l < 2; l++) {
+ while ((id = queue_remove(id_queue))) {
+ free(id);
+ }
+ id = queue_remove(id_queue);
+ if (!id)
+ break;
+ free(id);
+ }
+ }
+ return 0;
+ }
+
+ if ((usrdatum = declare_user()) == NULL) {
+ return -1;
+ }
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_user_roles(&usrdatum->roles, id))
+ continue;
+ }
+
+ if (mlspol) {
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("no default level specified for user");
+ return -1;
+ }
+
+ levdatum = (level_datum_t *)
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
+ if (!levdatum) {
+ yyerror2("unknown sensitivity %s used in user"
+ " level definition", id);
+ free(id);
+ return -1;
+ }
+ free(id);
+
+ usrdatum->dfltlevel.sens = levdatum->level->sens;
+
+ while ((id = queue_remove(id_queue))) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->dfltlevel.cat)) {
+ free(id);
+ return -1;
+ }
+ free(id);
+ }
+
+ id = queue_remove(id_queue);
+
+ for (l = 0; l < 2; l++) {
+ levdatum = (level_datum_t *)
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
+ if (!levdatum) {
+ yyerror2("unknown sensitivity %s used in user"
+ " range definition", id);
+ free(id);
+ return -1;
+ }
+ free(id);
+
+ usrdatum->range.level[l].sens = levdatum->level->sens;
+
+ while ((id = queue_remove(id_queue))) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->range.level[l].cat)) {
+ free(id);
+ return -1;
+ }
+ free(id);
+ }
+
+ id = queue_remove(id_queue);
+ if (!id)
+ break;
+ }
+
+ if (l == 0) {
+ if (mls_semantic_level_cpy(&usrdatum->range.level[1],
+ &usrdatum->range.level[0])) {
+ yyerror("out of memory");
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
+
+static int parse_security_context(context_struct_t * c)
+{
+ char *id;
+ role_datum_t *role;
+ type_datum_t *typdatum;
+ user_datum_t *usrdatum;
+ level_datum_t *levdatum;
+ int l;
+
+ if (pass == 1) {
+ id = queue_remove(id_queue);
+ free(id); /* user */
+ id = queue_remove(id_queue);
+ free(id); /* role */
+ id = queue_remove(id_queue);
+ free(id); /* type */
+ if (mlspol) {
+ id = queue_remove(id_queue);
+ free(id);
+ for (l = 0; l < 2; l++) {
+ while ((id = queue_remove(id_queue))) {
+ free(id);
+ }
+ id = queue_remove(id_queue);
+ if (!id)
+ break;
+ free(id);
+ }
+ }
+ return 0;
+ }
+
+ context_init(c);
+
+ /* extract the user */
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("no effective user?");
+ goto bad;
+ }
+ if (!is_id_in_scope(SYM_USERS, id)) {
+ yyerror2("user %s is not within scope", id);
+ free(id);
+ goto bad;
+ }
+ usrdatum = (user_datum_t *) hashtab_search(policydbp->p_users.table,
+ (hashtab_key_t) id);
+ if (!usrdatum) {
+ yyerror2("user %s is not defined", id);
+ free(id);
+ goto bad;
+ }
+ c->user = usrdatum->s.value;
+
+ /* no need to keep the user name */
+ free(id);
+
+ /* extract the role */
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no role name for sid context definition?");
+ return -1;
+ }
+ if (!is_id_in_scope(SYM_ROLES, id)) {
+ yyerror2("role %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
+ (hashtab_key_t) id);
+ if (!role) {
+ yyerror2("role %s is not defined", id);
+ free(id);
+ return -1;
+ }
+ c->role = role->s.value;
+
+ /* no need to keep the role name */
+ free(id);
+
+ /* extract the type */
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no type name for sid context definition?");
+ return -1;
+ }
+ if (!is_id_in_scope(SYM_TYPES, id)) {
+ yyerror2("type %s is not within scope", id);
+ free(id);
+ return -1;
+ }
+ typdatum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
+ (hashtab_key_t) id);
+ if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
+ yyerror2("type %s is not defined or is an attribute", id);
+ free(id);
+ return -1;
+ }
+ c->type = typdatum->s.value;
+
+ /* no need to keep the type name */
+ free(id);
+
+ if (mlspol) {
+ /* extract the low sensitivity */
+ id = (char *)queue_head(id_queue);
+ if (!id) {
+ yyerror("no sensitivity name for sid context"
+ " definition?");
+ return -1;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ for (l = 0; l < 2; l++) {
+ levdatum = (level_datum_t *)
+ hashtab_search(policydbp->p_levels.table,
+ (hashtab_key_t) id);
+ if (!levdatum) {
+ yyerror2("Sensitivity %s is not defined", id);
+ free(id);
+ return -1;
+ }
+ free(id);
+ c->range.level[l].sens = levdatum->level->sens;
+
+ /* extract low category set */
+ while ((id = queue_remove(id_queue))) {
+ if (parse_categories(id, levdatum,
+ &c->range.level[l].cat)) {
+ free(id);
+ return -1;
+ }
+ free(id);
+ }
+
+ /* extract high sensitivity */
+ id = (char *)queue_remove(id_queue);
+ if (!id)
+ break;
+ }
+
+ if (l == 0) {
+ c->range.level[1].sens = c->range.level[0].sens;
+ if (ebitmap_cpy(&c->range.level[1].cat,
+ &c->range.level[0].cat)) {
+
+ yyerror("out of memory");
+ goto bad;
+ }
+ }
+ }
+
+ if (!policydb_context_isvalid(policydbp, c)) {
+ yyerror("invalid security context");
+ goto bad;
+ }
+ return 0;
+
+ bad:
+ context_destroy(c);
+
+ return -1;
+}
+
+int define_initial_sid_context(void)
+{
+ char *id;
+ ocontext_t *c, *head;
+
+ if (pass == 1) {
+ id = (char *)queue_remove(id_queue);
+ free(id);
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no sid name for SID context definition?");
+ return -1;
+ }
+ head = policydbp->ocontexts[OCON_ISID];
+ for (c = head; c; c = c->next) {
+ if (!strcmp(id, c->u.name))
+ break;
+ }
+
+ if (!c) {
+ yyerror2("SID %s is not defined", id);
+ free(id);
+ return -1;
+ }
+ if (c->context[0].user) {
+ yyerror2("The context for SID %s is multiply defined", id);
+ free(id);
+ return -1;
+ }
+ /* no need to keep the sid name */
+ free(id);
+
+ if (parse_security_context(&c->context[0]))
+ return -1;
+
+ return 0;
+}
+
+int define_fs_context(unsigned int major, unsigned int minor)
+{
+ ocontext_t *newc, *c, *head;
+
+ if (pass == 1) {
+ parse_security_context(NULL);
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ newc = (ocontext_t *) malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+
+ newc->u.name = (char *)malloc(6);
+ if (!newc->u.name) {
+ yyerror("out of memory");
+ free(newc);
+ return -1;
+ }
+ sprintf(newc->u.name, "%02x:%02x", major, minor);
+
+ if (parse_security_context(&newc->context[0])) {
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ if (parse_security_context(&newc->context[1])) {
+ context_destroy(&newc->context[0]);
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ head = policydbp->ocontexts[OCON_FS];
+
+ for (c = head; c; c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name)) {
+ yyerror2("duplicate entry for file system %s",
+ newc->u.name);
+ context_destroy(&newc->context[0]);
+ context_destroy(&newc->context[1]);
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ }
+
+ newc->next = head;
+ policydbp->ocontexts[OCON_FS] = newc;
+
+ return 0;
+}
+
+int define_port_context(unsigned int low, unsigned int high)
+{
+ ocontext_t *newc, *c, *l, *head;
+ unsigned int protocol;
+ char *id;
+
+ if (pass == 1) {
+ id = (char *)queue_remove(id_queue);
+ free(id);
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ newc = malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ free(newc);
+ return -1;
+ }
+ if ((strcmp(id, "tcp") == 0) || (strcmp(id, "TCP") == 0)) {
+ protocol = IPPROTO_TCP;
+ } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
+ protocol = IPPROTO_UDP;
+ } else {
+ yyerror2("unrecognized protocol %s", id);
+ free(newc);
+ return -1;
+ }
+
+ newc->u.port.protocol = protocol;
+ newc->u.port.low_port = low;
+ newc->u.port.high_port = high;
+
+ if (low > high) {
+ yyerror2("low port %d exceeds high port %d", low, high);
+ free(newc);
+ return -1;
+ }
+
+ if (parse_security_context(&newc->context[0])) {
+ free(newc);
+ return -1;
+ }
+
+ /* Preserve the matching order specified in the configuration. */
+ head = policydbp->ocontexts[OCON_PORT];
+ for (l = NULL, c = head; c; l = c, c = c->next) {
+ unsigned int prot2, low2, high2;
+
+ prot2 = c->u.port.protocol;
+ low2 = c->u.port.low_port;
+ high2 = c->u.port.high_port;
+ if (protocol != prot2)
+ continue;
+ if (low == low2 && high == high2) {
+ yyerror2("duplicate portcon entry for %s %d-%d ", id,
+ low, high);
+ goto bad;
+ }
+ if (low2 <= low && high2 >= high) {
+ yyerror2("portcon entry for %s %d-%d hidden by earlier "
+ "entry for %d-%d", id, low, high, low2, high2);
+ goto bad;
+ }
+ }
+
+ if (l)
+ l->next = newc;
+ else
+ policydbp->ocontexts[OCON_PORT] = newc;
+
+ return 0;
+
+ bad:
+ free(newc);
+ return -1;
+}
+
+int define_netif_context(void)
+{
+ ocontext_t *newc, *c, *head;
+
+ if (pass == 1) {
+ free(queue_remove(id_queue));
+ parse_security_context(NULL);
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ newc = (ocontext_t *) malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+
+ newc->u.name = (char *)queue_remove(id_queue);
+ if (!newc->u.name) {
+ free(newc);
+ return -1;
+ }
+ if (parse_security_context(&newc->context[0])) {
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ if (parse_security_context(&newc->context[1])) {
+ context_destroy(&newc->context[0]);
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ head = policydbp->ocontexts[OCON_NETIF];
+
+ for (c = head; c; c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name)) {
+ yyerror2("duplicate entry for network interface %s",
+ newc->u.name);
+ context_destroy(&newc->context[0]);
+ context_destroy(&newc->context[1]);
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ }
+
+ newc->next = head;
+ policydbp->ocontexts[OCON_NETIF] = newc;
+ return 0;
+}
+
+int define_ipv4_node_context()
+{
+ char *id;
+ int rc = 0;
+ struct in_addr addr, mask;
+ ocontext_t *newc, *c, *l, *head;
+
+ if (pass == 1) {
+ free(queue_remove(id_queue));
+ free(queue_remove(id_queue));
+ parse_security_context(NULL);
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &addr);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 address");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv4 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET, id, &mask);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv4 mask");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ newc = malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ rc = -1;
+ goto out;
+ }
+
+ memset(newc, 0, sizeof(ocontext_t));
+ newc->u.node.addr = addr.s_addr;
+ newc->u.node.mask = mask.s_addr;
+
+ if (parse_security_context(&newc->context[0])) {
+ free(newc);
+ return -1;
+ }
+
+ /* Create order of most specific to least retaining
+ the order specified in the configuration. */
+ head = policydbp->ocontexts[OCON_NODE];
+ for (l = NULL, c = head; c; l = c, c = c->next) {
+ if (newc->u.node.mask > c->u.node.mask)
+ break;
+ }
+
+ newc->next = c;
+
+ if (l)
+ l->next = newc;
+ else
+ policydbp->ocontexts[OCON_NODE] = newc;
+ rc = 0;
+out:
+ return rc;
+}
+
+int define_ipv6_node_context(void)
+{
+ char *id;
+ int rc = 0;
+ struct in6_addr addr, mask;
+ ocontext_t *newc, *c, *l, *head;
+
+ if (pass == 1) {
+ free(queue_remove(id_queue));
+ free(queue_remove(id_queue));
+ parse_security_context(NULL);
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv6 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET6, id, &addr);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv6 address");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ id = queue_remove(id_queue);
+ if (!id) {
+ yyerror("failed to read ipv6 address");
+ rc = -1;
+ goto out;
+ }
+
+ rc = inet_pton(AF_INET6, id, &mask);
+ free(id);
+ if (rc < 1) {
+ yyerror("failed to parse ipv6 mask");
+ if (rc == 0)
+ rc = -1;
+ goto out;
+ }
+
+ newc = malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ rc = -1;
+ goto out;
+ }
+
+ memset(newc, 0, sizeof(ocontext_t));
+ memcpy(&newc->u.node6.addr[0], &addr.s6_addr32[0], 16);
+ memcpy(&newc->u.node6.mask[0], &mask.s6_addr32[0], 16);
+
+ if (parse_security_context(&newc->context[0])) {
+ free(newc);
+ rc = -1;
+ goto out;
+ }
+
+ /* Create order of most specific to least retaining
+ the order specified in the configuration. */
+ head = policydbp->ocontexts[OCON_NODE6];
+ for (l = NULL, c = head; c; l = c, c = c->next) {
+ if (memcmp(&newc->u.node6.mask, &c->u.node6.mask, 16) > 0)
+ break;
+ }
+
+ newc->next = c;
+
+ if (l)
+ l->next = newc;
+ else
+ policydbp->ocontexts[OCON_NODE6] = newc;
+
+ rc = 0;
+ out:
+ return rc;
+}
+
+int define_fs_use(int behavior)
+{
+ ocontext_t *newc, *c, *head;
+
+ if (pass == 1) {
+ free(queue_remove(id_queue));
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ newc = (ocontext_t *) malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+
+ newc->u.name = (char *)queue_remove(id_queue);
+ if (!newc->u.name) {
+ free(newc);
+ return -1;
+ }
+ newc->v.behavior = behavior;
+ if (parse_security_context(&newc->context[0])) {
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+
+ head = policydbp->ocontexts[OCON_FSUSE];
+
+ for (c = head; c; c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name)) {
+ yyerror2("duplicate fs_use entry for filesystem type %s",
+ newc->u.name);
+ context_destroy(&newc->context[0]);
+ free(newc->u.name);
+ free(newc);
+ return -1;
+ }
+ }
+
+ newc->next = head;
+ policydbp->ocontexts[OCON_FSUSE] = newc;
+ return 0;
+}
+
+int define_genfs_context_helper(char *fstype, int has_type)
+{
+ struct genfs *genfs_p, *genfs, *newgenfs;
+ ocontext_t *newc, *c, *head, *p;
+ char *type = NULL;
+ int len, len2;
+
+ if (pass == 1) {
+ free(fstype);
+ free(queue_remove(id_queue));
+ if (has_type)
+ free(queue_remove(id_queue));
+ parse_security_context(NULL);
+ return 0;
+ }
+
+ for (genfs_p = NULL, genfs = policydbp->genfs;
+ genfs; genfs_p = genfs, genfs = genfs->next) {
+ if (strcmp(fstype, genfs->fstype) <= 0)
+ break;
+ }
+
+ if (!genfs || strcmp(fstype, genfs->fstype)) {
+ newgenfs = malloc(sizeof(struct genfs));
+ if (!newgenfs) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newgenfs, 0, sizeof(struct genfs));
+ newgenfs->fstype = fstype;
+ newgenfs->next = genfs;
+ if (genfs_p)
+ genfs_p->next = newgenfs;
+ else
+ policydbp->genfs = newgenfs;
+ genfs = newgenfs;
+ }
+
+ newc = (ocontext_t *) malloc(sizeof(ocontext_t));
+ if (!newc) {
+ yyerror("out of memory");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+
+ newc->u.name = (char *)queue_remove(id_queue);
+ if (!newc->u.name)
+ goto fail;
+ if (has_type) {
+ type = (char *)queue_remove(id_queue);
+ if (!type)
+ goto fail;
+ if (type[1] != 0) {
+ yyerror2("invalid type %s", type);
+ goto fail;
+ }
+ switch (type[0]) {
+ case 'b':
+ newc->v.sclass = SECCLASS_BLK_FILE;
+ break;
+ case 'c':
+ newc->v.sclass = SECCLASS_CHR_FILE;
+ break;
+ case 'd':
+ newc->v.sclass = SECCLASS_DIR;
+ break;
+ case 'p':
+ newc->v.sclass = SECCLASS_FIFO_FILE;
+ break;
+ case 'l':
+ newc->v.sclass = SECCLASS_LNK_FILE;
+ break;
+ case 's':
+ newc->v.sclass = SECCLASS_SOCK_FILE;
+ break;
+ case '-':
+ newc->v.sclass = SECCLASS_FILE;
+ break;
+ default:
+ yyerror2("invalid type %s", type);
+ goto fail;
+ }
+ }
+ if (parse_security_context(&newc->context[0]))
+ goto fail;
+
+ head = genfs->head;
+
+ for (p = NULL, c = head; c; p = c, c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name) &&
+ (!newc->v.sclass || !c->v.sclass
+ || newc->v.sclass == c->v.sclass)) {
+ yyerror2("duplicate entry for genfs entry (%s, %s)",
+ fstype, newc->u.name);
+ goto fail;
+ }
+ len = strlen(newc->u.name);
+ len2 = strlen(c->u.name);
+ if (len > len2)
+ break;
+ }
+
+ newc->next = c;
+ if (p)
+ p->next = newc;
+ else
+ genfs->head = newc;
+ return 0;
+ fail:
+ if (type)
+ free(type);
+ context_destroy(&newc->context[0]);
+ if (fstype)
+ free(fstype);
+ if (newc->u.name)
+ free(newc->u.name);
+ free(newc);
+ return -1;
+}
+
+int define_genfs_context(int has_type)
+{
+ return define_genfs_context_helper(queue_remove(id_queue), has_type);
+}
+
+int define_range_trans(int class_specified)
+{
+ char *id;
+ level_datum_t *levdatum = 0;
+ class_datum_t *cladatum;
+ range_trans_rule_t *rule;
+ int l, add = 1;
+
+ if (!mlspol) {
+ yyerror("range_transition rule in non-MLS configuration");
+ return -1;
+ }
+
+ if (pass == 1) {
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ if (class_specified)
+ while ((id = queue_remove(id_queue)))
+ free(id);
+ id = queue_remove(id_queue);
+ free(id);
+ for (l = 0; l < 2; l++) {
+ while ((id = queue_remove(id_queue))) {
+ free(id);
+ }
+ id = queue_remove(id_queue);
+ if (!id)
+ break;
+ free(id);
+ }
+ return 0;
+ }
+
+ rule = malloc(sizeof(struct range_trans_rule));
+ if (!rule) {
+ yyerror("out of memory");
+ return -1;
+ }
+ range_trans_rule_init(rule);
+
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&rule->stypes, id, &add, 0))
+ goto out;
+ }
+ add = 1;
+ while ((id = queue_remove(id_queue))) {
+ if (set_types(&rule->ttypes, id, &add, 0))
+ goto out;
+ }
+
+ if (class_specified) {
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ free(id);
+ goto out;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ id);
+ if (!cladatum) {
+ yyerror2("unknown class %s", id);
+ goto out;
+ }
+
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1,
+ TRUE);
+ free(id);
+ }
+ } else {
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ "process");
+ if (!cladatum) {
+ yyerror2("could not find process class for "
+ "legacy range_transition statement");
+ goto out;
+ }
+
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, TRUE);
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id) {
+ yyerror("no range in range_transition definition?");
+ goto out;
+ }
+ for (l = 0; l < 2; l++) {
+ levdatum = hashtab_search(policydbp->p_levels.table, id);
+ if (!levdatum) {
+ yyerror2("unknown level %s used in range_transition "
+ "definition", id);
+ free(id);
+ goto out;
+ }
+ free(id);
+
+ rule->trange.level[l].sens = levdatum->level->sens;
+
+ while ((id = queue_remove(id_queue))) {
+ if (parse_semantic_categories(id, levdatum,
+ &rule->trange.level[l].cat)) {
+ free(id);
+ goto out;
+ }
+ free(id);
+ }
+
+ id = (char *)queue_remove(id_queue);
+ if (!id)
+ break;
+ }
+ if (l == 0) {
+ if (mls_semantic_level_cpy(&rule->trange.level[1],
+ &rule->trange.level[0])) {
+ yyerror("out of memory");
+ goto out;
+ }
+ }
+
+ append_range_trans(rule);
+ return 0;
+
+out:
+ range_trans_rule_destroy(rule);
+ return -1;
+}
+
+/* FLASK */
diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h
new file mode 100644
index 0000000..b4369f2
--- /dev/null
+++ b/checkpolicy/policy_define.h
@@ -0,0 +1,59 @@
+/* Functions used to define policy grammar components. */
+
+#ifndef _POLICY_DEFINE_H_
+#define _POLICY_DEFINE_H_
+
+/*
+ * We need the following so we have a valid error return code in yacc
+ * when we have a parse error for a conditional rule. We can't check
+ * for NULL (ie 0) because that is a potentially valid return.
+ */
+#define COND_ERR ((avrule_t *)-1)
+
+#define TRUE 1
+#define FALSE 0
+
+avrule_t *define_cond_compute_type(int which);
+avrule_t *define_cond_pol_list(avrule_t *avlist, avrule_t *stmt);
+avrule_t *define_cond_te_avtab(int which);
+cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void* arg2);
+int define_attrib(void);
+int define_av_perms(int inherits);
+int define_bool(void);
+int define_category(void);
+int define_class(void);
+int define_common_perms(void);
+int define_compute_type(int which);
+int define_conditional(cond_expr_t *expr, avrule_t *t_list, avrule_t *f_list );
+int define_constraint(constraint_expr_t *expr);
+int define_dominance(void);
+int define_fs_context(unsigned int major, unsigned int minor);
+int define_fs_use(int behavior);
+int define_genfs_context(int has_type);
+int define_initial_sid_context(void);
+int define_initial_sid(void);
+int define_ipv4_node_context(void);
+int define_ipv6_node_context(void);
+int define_level(void);
+int define_netif_context(void);
+int define_permissive(void);
+int define_polcap(void);
+int define_port_context(unsigned int low, unsigned int high);
+int define_range_trans(int class_specified);
+int define_role_allow(void);
+int define_role_trans(void);
+int define_role_types(void);
+int define_sens(void);
+int define_te_avtab(int which);
+int define_typealias(void);
+int define_typeattribute(void);
+int define_type(int alias);
+int define_user(void);
+int define_validatetrans(constraint_expr_t *expr);
+int insert_id(char *id,int push);
+int insert_separator(int push);
+role_datum_t *define_role_dom(role_datum_t *r);
+role_datum_t *merge_roles_dom(role_datum_t *r1,role_datum_t *r2);
+uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2);
+
+#endif /* _POLICY_DEFINE_H_ */
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
new file mode 100644
index 0000000..50fae2f
--- /dev/null
+++ b/checkpolicy/policy_parse.y
@@ -0,0 +1,781 @@
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: David Caplan, <dac@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@mentalrootkit.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Added support for binary policy modules
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2008 Tresys Technology, LLC
+ * Copyright (C) 2007 Red Hat Inc.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/* FLASK */
+
+%{
+#include <sys/types.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/polcaps.h>
+#include "queue.h"
+#include "checkpolicy.h"
+#include "module_compiler.h"
+#include "policy_define.h"
+
+extern policydb_t *policydbp;
+extern unsigned int pass;
+
+extern char yytext[];
+extern int yylex(void);
+extern int yywarn(char *msg);
+extern int yyerror(char *msg);
+
+typedef int (* require_func_t)();
+
+%}
+
+%union {
+ unsigned int val;
+ uintptr_t valptr;
+ void *ptr;
+ require_func_t require_func;
+}
+
+%type <ptr> cond_expr cond_expr_prim cond_pol_list cond_else
+%type <ptr> cond_allow_def cond_auditallow_def cond_auditdeny_def cond_dontaudit_def
+%type <ptr> cond_transition_def cond_te_avtab_def cond_rule_def
+%type <ptr> role_def roles
+%type <valptr> cexpr cexpr_prim op role_mls_op
+%type <val> ipv4_addr_def number
+%type <require_func> require_decl_def
+
+%token PATH
+%token CLONE
+%token COMMON
+%token CLASS
+%token CONSTRAIN
+%token VALIDATETRANS
+%token INHERITS
+%token SID
+%token ROLE
+%token ROLES
+%token TYPEALIAS
+%token TYPEATTRIBUTE
+%token TYPE
+%token TYPES
+%token ALIAS
+%token ATTRIBUTE
+%token BOOL
+%token IF
+%token ELSE
+%token TYPE_TRANSITION
+%token TYPE_MEMBER
+%token TYPE_CHANGE
+%token ROLE_TRANSITION
+%token RANGE_TRANSITION
+%token SENSITIVITY
+%token DOMINANCE
+%token DOM DOMBY INCOMP
+%token CATEGORY
+%token LEVEL
+%token RANGE
+%token MLSCONSTRAIN
+%token MLSVALIDATETRANS
+%token USER
+%token NEVERALLOW
+%token ALLOW
+%token AUDITALLOW
+%token AUDITDENY
+%token DONTAUDIT
+%token SOURCE
+%token TARGET
+%token SAMEUSER
+%token FSCON PORTCON NETIFCON NODECON
+%token FSUSEXATTR FSUSETASK FSUSETRANS
+%token GENFSCON
+%token U1 U2 U3 R1 R2 R3 T1 T2 T3 L1 L2 H1 H2
+%token NOT AND OR XOR
+%token CTRUE CFALSE
+%token IDENTIFIER
+%token NUMBER
+%token EQUALS
+%token NOTEQUAL
+%token IPV4_ADDR
+%token IPV6_ADDR
+%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
+%token POLICYCAP
+%token PERMISSIVE
+
+%left OR
+%left XOR
+%left AND
+%right NOT
+%left EQUALS NOTEQUAL
+%%
+policy : base_policy
+ | module_policy
+ ;
+base_policy : { if (define_policy(pass, 0) == -1) return -1; }
+ classes initial_sids access_vectors
+ { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; }
+ else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }}
+ opt_mls te_rbac users opt_constraints
+ { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;}
+ else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}}
+ initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts
+ ;
+classes : class_def
+ | classes class_def
+ ;
+class_def : CLASS identifier
+ {if (define_class()) return -1;}
+ ;
+initial_sids : initial_sid_def
+ | initial_sids initial_sid_def
+ ;
+initial_sid_def : SID identifier
+ {if (define_initial_sid()) return -1;}
+ ;
+access_vectors : opt_common_perms av_perms
+ ;
+opt_common_perms : common_perms
+ |
+ ;
+common_perms : common_perms_def
+ | common_perms common_perms_def
+ ;
+common_perms_def : COMMON identifier '{' identifier_list '}'
+ {if (define_common_perms()) return -1;}
+ ;
+av_perms : av_perms_def
+ | av_perms av_perms_def
+ ;
+av_perms_def : CLASS identifier '{' identifier_list '}'
+ {if (define_av_perms(FALSE)) return -1;}
+ | CLASS identifier INHERITS identifier
+ {if (define_av_perms(TRUE)) return -1;}
+ | CLASS identifier INHERITS identifier '{' identifier_list '}'
+ {if (define_av_perms(TRUE)) return -1;}
+ ;
+opt_mls : mls
+ |
+ ;
+mls : sensitivities dominance opt_categories levels mlspolicy
+ ;
+sensitivities : sensitivity_def
+ | sensitivities sensitivity_def
+ ;
+sensitivity_def : SENSITIVITY identifier alias_def ';'
+ {if (define_sens()) return -1;}
+ | SENSITIVITY identifier ';'
+ {if (define_sens()) return -1;}
+ ;
+alias_def : ALIAS names
+ ;
+dominance : DOMINANCE identifier
+ {if (define_dominance()) return -1;}
+ | DOMINANCE '{' identifier_list '}'
+ {if (define_dominance()) return -1;}
+ ;
+opt_categories : categories
+ |
+ ;
+categories : category_def
+ | categories category_def
+ ;
+category_def : CATEGORY identifier alias_def ';'
+ {if (define_category()) return -1;}
+ | CATEGORY identifier ';'
+ {if (define_category()) return -1;}
+ ;
+levels : level_def
+ | levels level_def
+ ;
+level_def : LEVEL identifier ':' id_comma_list ';'
+ {if (define_level()) return -1;}
+ | LEVEL identifier ';'
+ {if (define_level()) return -1;}
+ ;
+mlspolicy : mlspolicy_decl
+ | mlspolicy mlspolicy_decl
+ ;
+mlspolicy_decl : mlsconstraint_def
+ | mlsvalidatetrans_def
+ ;
+mlsconstraint_def : MLSCONSTRAIN names names cexpr ';'
+ { if (define_constraint((constraint_expr_t*)$4)) return -1; }
+ ;
+mlsvalidatetrans_def : MLSVALIDATETRANS names cexpr ';'
+ { if (define_validatetrans((constraint_expr_t*)$3)) return -1; }
+ ;
+te_rbac : te_rbac_decl
+ | te_rbac te_rbac_decl
+ ;
+te_rbac_decl : te_decl
+ | rbac_decl
+ | cond_stmt_def
+ | optional_block
+ | policycap_def
+ | ';'
+ ;
+rbac_decl : role_type_def
+ | role_dominance
+ | role_trans_def
+ | role_allow_def
+ ;
+te_decl : attribute_def
+ | type_def
+ | typealias_def
+ | typeattribute_def
+ | bool_def
+ | transition_def
+ | range_trans_def
+ | te_avtab_def
+ | permissive_def
+ ;
+attribute_def : ATTRIBUTE identifier ';'
+ { if (define_attrib()) return -1;}
+ ;
+type_def : TYPE identifier alias_def opt_attr_list ';'
+ {if (define_type(1)) return -1;}
+ | TYPE identifier opt_attr_list ';'
+ {if (define_type(0)) return -1;}
+ ;
+typealias_def : TYPEALIAS identifier alias_def ';'
+ {if (define_typealias()) return -1;}
+ ;
+typeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';'
+ {if (define_typeattribute()) return -1;}
+ ;
+opt_attr_list : ',' id_comma_list
+ |
+ ;
+bool_def : BOOL identifier bool_val ';'
+ {if (define_bool()) return -1;}
+ ;
+bool_val : CTRUE
+ { if (insert_id("T",0)) return -1; }
+ | CFALSE
+ { if (insert_id("F",0)) return -1; }
+ ;
+cond_stmt_def : IF cond_expr '{' cond_pol_list '}' cond_else
+ { if (pass == 2) { if (define_conditional((cond_expr_t*)$2, (avrule_t*)$4, (avrule_t*)$6) < 0) return -1; }}
+ ;
+cond_else : ELSE '{' cond_pol_list '}'
+ { $$ = $3; }
+ | /* empty */
+ { $$ = NULL; }
+cond_expr : '(' cond_expr ')'
+ { $$ = $2;}
+ | NOT cond_expr
+ { $$ = define_cond_expr(COND_NOT, $2, 0);
+ if ($$ == 0) return -1; }
+ | cond_expr AND cond_expr
+ { $$ = define_cond_expr(COND_AND, $1, $3);
+ if ($$ == 0) return -1; }
+ | cond_expr OR cond_expr
+ { $$ = define_cond_expr(COND_OR, $1, $3);
+ if ($$ == 0) return -1; }
+ | cond_expr XOR cond_expr
+ { $$ = define_cond_expr(COND_XOR, $1, $3);
+ if ($$ == 0) return -1; }
+ | cond_expr EQUALS cond_expr
+ { $$ = define_cond_expr(COND_EQ, $1, $3);
+ if ($$ == 0) return -1; }
+ | cond_expr NOTEQUAL cond_expr
+ { $$ = define_cond_expr(COND_NEQ, $1, $3);
+ if ($$ == 0) return -1; }
+ | cond_expr_prim
+ { $$ = $1; }
+ ;
+cond_expr_prim : identifier
+ { $$ = define_cond_expr(COND_BOOL,0, 0);
+ if ($$ == COND_ERR) return -1; }
+ ;
+cond_pol_list : cond_pol_list cond_rule_def
+ { $$ = define_cond_pol_list((avrule_t *)$1, (avrule_t *)$2); }
+ | /* empty */
+ { $$ = NULL; }
+ ;
+cond_rule_def : cond_transition_def
+ { $$ = $1; }
+ | cond_te_avtab_def
+ { $$ = $1; }
+ | require_block
+ { $$ = NULL; }
+ ;
+cond_transition_def : TYPE_TRANSITION names names ':' names identifier ';'
+ { $$ = define_cond_compute_type(AVRULE_TRANSITION) ;
+ if ($$ == COND_ERR) return -1;}
+ | TYPE_MEMBER names names ':' names identifier ';'
+ { $$ = define_cond_compute_type(AVRULE_MEMBER) ;
+ if ($$ == COND_ERR) return -1;}
+ | TYPE_CHANGE names names ':' names identifier ';'
+ { $$ = define_cond_compute_type(AVRULE_CHANGE) ;
+ if ($$ == COND_ERR) return -1;}
+ ;
+cond_te_avtab_def : cond_allow_def
+ { $$ = $1; }
+ | cond_auditallow_def
+ { $$ = $1; }
+ | cond_auditdeny_def
+ { $$ = $1; }
+ | cond_dontaudit_def
+ { $$ = $1; }
+ ;
+cond_allow_def : ALLOW names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_ALLOWED) ;
+ if ($$ == COND_ERR) return -1; }
+ ;
+cond_auditallow_def : AUDITALLOW names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_AUDITALLOW) ;
+ if ($$ == COND_ERR) return -1; }
+ ;
+cond_auditdeny_def : AUDITDENY names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_AUDITDENY) ;
+ if ($$ == COND_ERR) return -1; }
+ ;
+cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
+ if ($$ == COND_ERR) return -1; }
+ ;
+transition_def : TYPE_TRANSITION names names ':' names identifier ';'
+ {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
+ | TYPE_MEMBER names names ':' names identifier ';'
+ {if (define_compute_type(AVRULE_MEMBER)) return -1;}
+ | TYPE_CHANGE names names ':' names identifier ';'
+ {if (define_compute_type(AVRULE_CHANGE)) return -1;}
+ ;
+range_trans_def : RANGE_TRANSITION names names mls_range_def ';'
+ { if (define_range_trans(0)) return -1; }
+ | RANGE_TRANSITION names names ':' names mls_range_def ';'
+ { if (define_range_trans(1)) return -1; }
+ ;
+te_avtab_def : allow_def
+ | auditallow_def
+ | auditdeny_def
+ | dontaudit_def
+ | neverallow_def
+ ;
+allow_def : ALLOW names names ':' names names ';'
+ {if (define_te_avtab(AVRULE_ALLOWED)) return -1; }
+ ;
+auditallow_def : AUDITALLOW names names ':' names names ';'
+ {if (define_te_avtab(AVRULE_AUDITALLOW)) return -1; }
+ ;
+auditdeny_def : AUDITDENY names names ':' names names ';'
+ {if (define_te_avtab(AVRULE_AUDITDENY)) return -1; }
+ ;
+dontaudit_def : DONTAUDIT names names ':' names names ';'
+ {if (define_te_avtab(AVRULE_DONTAUDIT)) return -1; }
+ ;
+neverallow_def : NEVERALLOW names names ':' names names ';'
+ {if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; }
+ ;
+role_type_def : ROLE identifier TYPES names ';'
+ {if (define_role_types()) return -1;}
+ | ROLE identifier';'
+ {if (define_role_types()) return -1;}
+ ;
+role_dominance : DOMINANCE '{' roles '}'
+ ;
+role_trans_def : ROLE_TRANSITION names names identifier ';'
+ {if (define_role_trans()) return -1; }
+ ;
+role_allow_def : ALLOW names names ';'
+ {if (define_role_allow()) return -1; }
+ ;
+roles : role_def
+ { $$ = $1; }
+ | roles role_def
+ { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;}
+ ;
+role_def : ROLE identifier_push ';'
+ {$$ = define_role_dom(NULL); if ($$ == 0) return -1;}
+ | ROLE identifier_push '{' roles '}'
+ {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;}
+ ;
+opt_constraints : constraints
+ |
+ ;
+constraints : constraint_decl
+ | constraints constraint_decl
+ ;
+constraint_decl : constraint_def
+ | validatetrans_def
+ ;
+constraint_def : CONSTRAIN names names cexpr ';'
+ { if (define_constraint((constraint_expr_t*)$4)) return -1; }
+ ;
+validatetrans_def : VALIDATETRANS names cexpr ';'
+ { if (define_validatetrans((constraint_expr_t*)$3)) return -1; }
+ ;
+cexpr : '(' cexpr ')'
+ { $$ = $2; }
+ | NOT cexpr
+ { $$ = define_cexpr(CEXPR_NOT, $2, 0);
+ if ($$ == 0) return -1; }
+ | cexpr AND cexpr
+ { $$ = define_cexpr(CEXPR_AND, $1, $3);
+ if ($$ == 0) return -1; }
+ | cexpr OR cexpr
+ { $$ = define_cexpr(CEXPR_OR, $1, $3);
+ if ($$ == 0) return -1; }
+ | cexpr_prim
+ { $$ = $1; }
+ ;
+cexpr_prim : U1 op U2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, $2);
+ if ($$ == 0) return -1; }
+ | R1 role_mls_op R2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2);
+ if ($$ == 0) return -1; }
+ | T1 op T2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2);
+ if ($$ == 0) return -1; }
+ | U1 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2);
+ if ($$ == 0) return -1; }
+ | U2 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2);
+ if ($$ == 0) return -1; }
+ | U3 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2);
+ if ($$ == 0) return -1; }
+ | R1 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2);
+ if ($$ == 0) return -1; }
+ | R2 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), $2);
+ if ($$ == 0) return -1; }
+ | R3 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_XTARGET), $2);
+ if ($$ == 0) return -1; }
+ | T1 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2);
+ if ($$ == 0) return -1; }
+ | T2 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), $2);
+ if ($$ == 0) return -1; }
+ | T3 op { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_XTARGET), $2);
+ if ($$ == 0) return -1; }
+ | SAMEUSER
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ);
+ if ($$ == 0) return -1; }
+ | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ);
+ if ($$ == 0) return -1; }
+ | TARGET ROLE { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), CEXPR_EQ);
+ if ($$ == 0) return -1; }
+ | ROLE role_mls_op
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2);
+ if ($$ == 0) return -1; }
+ | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ);
+ if ($$ == 0) return -1; }
+ | TARGET TYPE { if (insert_separator(1)) return -1; } names_push
+ { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), CEXPR_EQ);
+ if ($$ == 0) return -1; }
+ | L1 role_mls_op L2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1L2, $2);
+ if ($$ == 0) return -1; }
+ | L1 role_mls_op H2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H2, $2);
+ if ($$ == 0) return -1; }
+ | H1 role_mls_op L2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1L2, $2);
+ if ($$ == 0) return -1; }
+ | H1 role_mls_op H2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1H2, $2);
+ if ($$ == 0) return -1; }
+ | L1 role_mls_op H1
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H1, $2);
+ if ($$ == 0) return -1; }
+ | L2 role_mls_op H2
+ { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L2H2, $2);
+ if ($$ == 0) return -1; }
+ ;
+op : EQUALS
+ { $$ = CEXPR_EQ; }
+ | NOTEQUAL
+ { $$ = CEXPR_NEQ; }
+ ;
+role_mls_op : op
+ { $$ = $1; }
+ | DOM
+ { $$ = CEXPR_DOM; }
+ | DOMBY
+ { $$ = CEXPR_DOMBY; }
+ | INCOMP
+ { $$ = CEXPR_INCOMP; }
+ ;
+users : user_def
+ | users user_def
+ ;
+user_def : USER identifier ROLES names opt_mls_user ';'
+ {if (define_user()) return -1;}
+ ;
+opt_mls_user : LEVEL mls_level_def RANGE mls_range_def
+ |
+ ;
+initial_sid_contexts : initial_sid_context_def
+ | initial_sid_contexts initial_sid_context_def
+ ;
+initial_sid_context_def : SID identifier security_context_def
+ {if (define_initial_sid_context()) return -1;}
+ ;
+opt_fs_contexts : fs_contexts
+ |
+ ;
+fs_contexts : fs_context_def
+ | fs_contexts fs_context_def
+ ;
+fs_context_def : FSCON number number security_context_def security_context_def
+ {if (define_fs_context($2,$3)) return -1;}
+ ;
+net_contexts : opt_port_contexts opt_netif_contexts opt_node_contexts
+ ;
+opt_port_contexts : port_contexts
+ |
+ ;
+port_contexts : port_context_def
+ | port_contexts port_context_def
+ ;
+port_context_def : PORTCON identifier number security_context_def
+ {if (define_port_context($3,$3)) return -1;}
+ | PORTCON identifier number '-' number security_context_def
+ {if (define_port_context($3,$5)) return -1;}
+ ;
+opt_netif_contexts : netif_contexts
+ |
+ ;
+netif_contexts : netif_context_def
+ | netif_contexts netif_context_def
+ ;
+netif_context_def : NETIFCON identifier security_context_def security_context_def
+ {if (define_netif_context()) return -1;}
+ ;
+opt_node_contexts : node_contexts
+ |
+ ;
+node_contexts : node_context_def
+ | node_contexts node_context_def
+ ;
+node_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def
+ {if (define_ipv4_node_context()) return -1;}
+ | NODECON ipv6_addr ipv6_addr security_context_def
+ {if (define_ipv6_node_context()) return -1;}
+ ;
+opt_fs_uses : fs_uses
+ |
+ ;
+fs_uses : fs_use_def
+ | fs_uses fs_use_def
+ ;
+fs_use_def : FSUSEXATTR identifier security_context_def ';'
+ {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
+ | FSUSETASK identifier security_context_def ';'
+ {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
+ | FSUSETRANS identifier security_context_def ';'
+ {if (define_fs_use(SECURITY_FS_USE_TRANS)) return -1;}
+ ;
+opt_genfs_contexts : genfs_contexts
+ |
+ ;
+genfs_contexts : genfs_context_def
+ | genfs_contexts genfs_context_def
+ ;
+genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
+ {if (define_genfs_context(1)) return -1;}
+ | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
+ {if (define_genfs_context(1)) return -1;}
+ | GENFSCON identifier path security_context_def
+ {if (define_genfs_context(0)) return -1;}
+ ;
+ipv4_addr_def : IPV4_ADDR
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def
+ ;
+opt_mls_range_def : ':' mls_range_def
+ |
+ ;
+mls_range_def : mls_level_def '-' mls_level_def
+ {if (insert_separator(0)) return -1;}
+ | mls_level_def
+ {if (insert_separator(0)) return -1;}
+ ;
+mls_level_def : identifier ':' id_comma_list
+ {if (insert_separator(0)) return -1;}
+ | identifier
+ {if (insert_separator(0)) return -1;}
+ ;
+id_comma_list : identifier
+ | id_comma_list ',' identifier
+ ;
+tilde : '~'
+ ;
+asterisk : '*'
+ ;
+names : identifier
+ { if (insert_separator(0)) return -1; }
+ | nested_id_set
+ { if (insert_separator(0)) return -1; }
+ | asterisk
+ { if (insert_id("*", 0)) return -1;
+ if (insert_separator(0)) return -1; }
+ | tilde identifier
+ { if (insert_id("~", 0)) return -1;
+ if (insert_separator(0)) return -1; }
+ | tilde nested_id_set
+ { if (insert_id("~", 0)) return -1;
+ if (insert_separator(0)) return -1; }
+ | identifier '-' { if (insert_id("-", 0)) return -1; } identifier
+ { if (insert_separator(0)) return -1; }
+ ;
+tilde_push : tilde
+ { if (insert_id("~", 1)) return -1; }
+ ;
+asterisk_push : asterisk
+ { if (insert_id("*", 1)) return -1; }
+ ;
+names_push : identifier_push
+ | '{' identifier_list_push '}'
+ | asterisk_push
+ | tilde_push identifier_push
+ | tilde_push '{' identifier_list_push '}'
+ ;
+identifier_list_push : identifier_push
+ | identifier_list_push identifier_push
+ ;
+identifier_push : IDENTIFIER
+ { if (insert_id(yytext, 1)) return -1; }
+ ;
+identifier_list : identifier
+ | identifier_list identifier
+ ;
+nested_id_set : '{' nested_id_list '}'
+ ;
+nested_id_list : nested_id_element | nested_id_list nested_id_element
+ ;
+nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set
+ ;
+identifier : IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+path : PATH
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+number : NUMBER
+ { $$ = strtoul(yytext,NULL,0); }
+ ;
+ipv6_addr : IPV6_ADDR
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+policycap_def : POLICYCAP identifier ';'
+ {if (define_polcap()) return -1;}
+ ;
+permissive_def : PERMISSIVE identifier ';'
+ {if (define_permissive()) return -1;}
+
+/*********** module grammar below ***********/
+
+module_policy : module_def avrules_block
+ { if (end_avrule_block(pass) == -1) return -1;
+ if (policydb_index_others(NULL, policydbp, 0)) return -1;
+ }
+ ;
+module_def : MODULE identifier version_identifier ';'
+ { if (define_policy(pass, 1) == -1) return -1; }
+ ;
+version_identifier : VERSION_IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ | ipv4_addr_def /* version can look like ipv4 address */
+ ;
+avrules_block : avrule_decls avrule_user_defs
+ ;
+avrule_decls : avrule_decls avrule_decl
+ | avrule_decl
+ ;
+avrule_decl : rbac_decl
+ | te_decl
+ | cond_stmt_def
+ | require_block
+ | optional_block
+ | ';'
+ ;
+require_block : REQUIRE '{' require_list '}'
+ ;
+require_list : require_list require_decl
+ | require_decl
+ ;
+require_decl : require_class ';'
+ | require_decl_def require_id_list ';'
+ ;
+require_class : CLASS identifier names
+ { if (require_class(pass)) return -1; }
+ ;
+require_decl_def : ROLE { $$ = require_role; }
+ | TYPE { $$ = require_type; }
+ | ATTRIBUTE { $$ = require_attribute; }
+ | USER { $$ = require_user; }
+ | BOOL { $$ = require_bool; }
+ | SENSITIVITY { $$ = require_sens; }
+ | CATEGORY { $$ = require_cat; }
+ ;
+require_id_list : identifier
+ { if ($<require_func>0 (pass)) return -1; }
+ | require_id_list ',' identifier
+ { if ($<require_func>0 (pass)) return -1; }
+ ;
+optional_block : optional_decl '{' avrules_block '}'
+ { if (end_avrule_block(pass) == -1) return -1; }
+ optional_else
+ { if (end_optional(pass) == -1) return -1; }
+ ;
+optional_else : else_decl '{' avrules_block '}'
+ { if (end_avrule_block(pass) == -1) return -1; }
+ | /* empty */
+ ;
+optional_decl : OPTIONAL
+ { if (begin_optional(pass) == -1) return -1; }
+ ;
+else_decl : ELSE
+ { if (begin_optional_else(pass) == -1) return -1; }
+ ;
+avrule_user_defs : user_def avrule_user_defs
+ | /* empty */
+ ;
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
new file mode 100644
index 0000000..1b572e3
--- /dev/null
+++ b/checkpolicy/policy_scan.l
@@ -0,0 +1,275 @@
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+/* Updated: David Caplan, <dac@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Added support for binary policy modules
+ *
+ * Copyright (C) 2003-5 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/* FLASK */
+
+%{
+#include <sys/types.h>
+#include <limits.h>
+#include <stdint.h>
+#include <string.h>
+
+typedef int (* require_func_t)();
+
+#include "y.tab.h"
+
+static char linebuf[2][255];
+static unsigned int lno = 0;
+int yywarn(char *msg);
+
+void set_source_file(const char *name);
+
+char source_file[PATH_MAX];
+unsigned long source_lineno = 1;
+
+unsigned long policydb_lineno = 1;
+
+unsigned int policydb_errors = 0;
+%}
+
+%option noinput nounput
+
+%array
+letter [A-Za-z]
+digit [0-9]
+alnum [a-zA-Z0-9]
+hexval [0-9A-Fa-f]
+
+%%
+\n.* { strncpy(linebuf[lno], yytext+1, 255);
+ linebuf[lno][254] = 0;
+ lno = 1 - lno;
+ policydb_lineno++;
+ source_lineno++;
+ yyless(1); }
+CLONE |
+clone { return(CLONE); }
+COMMON |
+common { return(COMMON); }
+CLASS |
+class { return(CLASS); }
+CONSTRAIN |
+constrain { return(CONSTRAIN); }
+VALIDATETRANS |
+validatetrans { return(VALIDATETRANS); }
+INHERITS |
+inherits { return(INHERITS); }
+SID |
+sid { return(SID); }
+ROLE |
+role { return(ROLE); }
+ROLES |
+roles { return(ROLES); }
+TYPES |
+types { return(TYPES); }
+TYPEALIAS |
+typealias { return(TYPEALIAS); }
+TYPEATTRIBUTE |
+typeattribute { return(TYPEATTRIBUTE); }
+TYPE |
+type { return(TYPE); }
+BOOL |
+bool { return(BOOL); }
+IF |
+if { return(IF); }
+ELSE |
+else { return(ELSE); }
+ALIAS |
+alias { return(ALIAS); }
+ATTRIBUTE |
+attribute { return(ATTRIBUTE); }
+TYPE_TRANSITION |
+type_transition { return(TYPE_TRANSITION); }
+TYPE_MEMBER |
+type_member { return(TYPE_MEMBER); }
+TYPE_CHANGE |
+type_change { return(TYPE_CHANGE); }
+ROLE_TRANSITION |
+role_transition { return(ROLE_TRANSITION); }
+RANGE_TRANSITION |
+range_transition { return(RANGE_TRANSITION); }
+SENSITIVITY |
+sensitivity { return(SENSITIVITY); }
+DOMINANCE |
+dominance { return(DOMINANCE); }
+CATEGORY |
+category { return(CATEGORY); }
+LEVEL |
+level { return(LEVEL); }
+RANGE |
+range { return(RANGE); }
+MLSCONSTRAIN |
+mlsconstrain { return(MLSCONSTRAIN); }
+MLSVALIDATETRANS |
+mlsvalidatetrans { return(MLSVALIDATETRANS); }
+USER |
+user { return(USER); }
+NEVERALLOW |
+neverallow { return(NEVERALLOW); }
+ALLOW |
+allow { return(ALLOW); }
+AUDITALLOW |
+auditallow { return(AUDITALLOW); }
+AUDITDENY |
+auditdeny { return(AUDITDENY); }
+DONTAUDIT |
+dontaudit { return(DONTAUDIT); }
+SOURCE |
+source { return(SOURCE); }
+TARGET |
+target { return(TARGET); }
+SAMEUSER |
+sameuser { return(SAMEUSER);}
+module|MODULE { return(MODULE); }
+require|REQUIRE { return(REQUIRE); }
+optional|OPTIONAL { return(OPTIONAL); }
+OR |
+or { return(OR);}
+AND |
+and { return(AND);}
+NOT |
+not { return(NOT);}
+xor |
+XOR { return(XOR); }
+eq |
+EQ { return(EQUALS);}
+true |
+TRUE { return(CTRUE); }
+false |
+FALSE { return(CFALSE); }
+dom |
+DOM { return(DOM);}
+domby |
+DOMBY { return(DOMBY);}
+INCOMP |
+incomp { return(INCOMP);}
+fscon |
+FSCON { return(FSCON);}
+portcon |
+PORTCON { return(PORTCON);}
+netifcon |
+NETIFCON { return(NETIFCON);}
+nodecon |
+NODECON { return(NODECON);}
+fs_use_xattr |
+FS_USE_XATTR { return(FSUSEXATTR);}
+fs_use_task |
+FS_USE_TASK { return(FSUSETASK);}
+fs_use_trans |
+FS_USE_TRANS { return(FSUSETRANS);}
+genfscon |
+GENFSCON { return(GENFSCON);}
+r1 |
+R1 { return(R1); }
+r2 |
+R2 { return(R2); }
+r3 |
+R3 { return(R3); }
+u1 |
+U1 { return(U1); }
+u2 |
+U2 { return(U2); }
+u3 |
+U3 { return(U3); }
+t1 |
+T1 { return(T1); }
+t2 |
+T2 { return(T2); }
+t3 |
+T3 { return(T3); }
+l1 |
+L1 { return(L1); }
+l2 |
+L2 { return(L2); }
+h1 |
+H1 { return(H1); }
+h2 |
+H2 { return(H2); }
+policycap |
+POLICYCAP { return(POLICYCAP); }
+permissive |
+PERMISSIVE { return(PERMISSIVE); }
+"/"({alnum}|[_.-/])* { return(PATH); }
+{letter}({alnum}|[_-])*([.]?({alnum}|[_-]))* { return(IDENTIFIER); }
+{digit}+ { return(NUMBER); }
+{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
+#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); }
+#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; }
+#[^\n]* { /* delete comments */ }
+[ \t\f]+ { /* delete whitespace */ }
+"==" { return(EQUALS); }
+"!=" { return (NOTEQUAL); }
+"&&" { return (AND); }
+"||" { return (OR); }
+"!" { return (NOT); }
+"^" { return (XOR); }
+"," |
+":" |
+";" |
+"(" |
+")" |
+"{" |
+"}" |
+"[" |
+"-" |
+"." |
+"]" |
+"~" |
+"*" { return(yytext[0]); }
+. { yywarn("unrecognized character");}
+%%
+int yyerror(char *msg)
+{
+ if (source_file[0])
+ fprintf(stderr, "%s:%ld:",
+ source_file, source_lineno);
+ else
+ fprintf(stderr, "(unknown source)::");
+ fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
+ msg,
+ yytext,
+ policydb_lineno,
+ linebuf[0], linebuf[1]);
+ policydb_errors++;
+ return -1;
+}
+
+int yywarn(char *msg)
+{
+ if (source_file[0])
+ fprintf(stderr, "%s:%ld:",
+ source_file, source_lineno);
+ else
+ fprintf(stderr, "(unknown source)::");
+ fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
+ msg,
+ yytext,
+ policydb_lineno,
+ linebuf[0], linebuf[1]);
+ return 0;
+}
+
+void set_source_file(const char *name)
+{
+ source_lineno = 1;
+ strncpy(source_file, name, sizeof(source_file)-1);
+ source_file[sizeof(source_file)-1] = '\0';
+}
diff --git a/checkpolicy/queue.c b/checkpolicy/queue.c
new file mode 100644
index 0000000..272079c
--- /dev/null
+++ b/checkpolicy/queue.c
@@ -0,0 +1,180 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * Implementation of the double-ended queue type.
+ */
+
+#include <stdlib.h>
+#include "queue.h"
+
+queue_t queue_create(void)
+{
+ queue_t q;
+
+ q = (queue_t) malloc(sizeof(struct queue_info));
+ if (q == NULL)
+ return NULL;
+
+ q->head = q->tail = NULL;
+
+ return q;
+}
+
+int queue_insert(queue_t q, queue_element_t e)
+{
+ queue_node_ptr_t newnode;
+
+ if (!q)
+ return -1;
+
+ newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+ if (newnode == NULL)
+ return -1;
+
+ newnode->element = e;
+ newnode->next = NULL;
+
+ if (q->head == NULL) {
+ q->head = q->tail = newnode;
+ } else {
+ q->tail->next = newnode;
+ q->tail = newnode;
+ }
+
+ return 0;
+}
+
+int queue_push(queue_t q, queue_element_t e)
+{
+ queue_node_ptr_t newnode;
+
+ if (!q)
+ return -1;
+
+ newnode = (queue_node_ptr_t) malloc(sizeof(struct queue_node));
+ if (newnode == NULL)
+ return -1;
+
+ newnode->element = e;
+ newnode->next = NULL;
+
+ if (q->head == NULL) {
+ q->head = q->tail = newnode;
+ } else {
+ newnode->next = q->head;
+ q->head = newnode;
+ }
+
+ return 0;
+}
+
+queue_element_t queue_remove(queue_t q)
+{
+ queue_node_ptr_t node;
+ queue_element_t e;
+
+ if (!q)
+ return NULL;
+
+ if (q->head == NULL)
+ return NULL;
+
+ node = q->head;
+ q->head = q->head->next;
+ if (q->head == NULL)
+ q->tail = NULL;
+
+ e = node->element;
+ free(node);
+
+ return e;
+}
+
+queue_element_t queue_head(queue_t q)
+{
+ if (!q)
+ return NULL;
+
+ if (q->head == NULL)
+ return NULL;
+
+ return q->head->element;
+}
+
+void queue_destroy(queue_t q)
+{
+ queue_node_ptr_t p, temp;
+
+ if (!q)
+ return;
+
+ p = q->head;
+ while (p != NULL) {
+ temp = p;
+ p = p->next;
+ free(temp);
+ }
+
+ free(q);
+}
+
+int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
+{
+ queue_node_ptr_t p;
+ int ret;
+
+ if (!q)
+ return 0;
+
+ p = q->head;
+ while (p != NULL) {
+ ret = f(p->element, vp);
+ if (ret)
+ return ret;
+ p = p->next;
+ }
+ return 0;
+}
+
+void queue_map_remove_on_error(queue_t q,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *), void *vp)
+{
+ queue_node_ptr_t p, last, temp;
+ int ret;
+
+ if (!q)
+ return;
+
+ last = NULL;
+ p = q->head;
+ while (p != NULL) {
+ ret = f(p->element, vp);
+ if (ret) {
+ if (last) {
+ last->next = p->next;
+ if (last->next == NULL)
+ q->tail = last;
+ } else {
+ q->head = p->next;
+ if (q->head == NULL)
+ q->tail = NULL;
+ }
+
+ temp = p;
+ p = p->next;
+ g(temp->element, vp);
+ free(temp);
+ } else {
+ last = p;
+ p = p->next;
+ }
+ }
+
+ return;
+}
+
+/* FLASK */
diff --git a/checkpolicy/queue.h b/checkpolicy/queue.h
new file mode 100644
index 0000000..655c94b
--- /dev/null
+++ b/checkpolicy/queue.h
@@ -0,0 +1,62 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A double-ended queue is a singly linked list of
+ * elements of arbitrary type that may be accessed
+ * at either end.
+ */
+
+#ifndef _QUEUE_H_
+#define _QUEUE_H_
+
+typedef void *queue_element_t;
+
+typedef struct queue_node *queue_node_ptr_t;
+
+typedef struct queue_node {
+ queue_element_t element;
+ queue_node_ptr_t next;
+} queue_node_t;
+
+typedef struct queue_info {
+ queue_node_ptr_t head;
+ queue_node_ptr_t tail;
+} queue_info_t;
+
+typedef queue_info_t *queue_t;
+
+queue_t queue_create(void);
+int queue_insert(queue_t, queue_element_t);
+int queue_push(queue_t, queue_element_t);
+queue_element_t queue_remove(queue_t);
+queue_element_t queue_head(queue_t);
+void queue_destroy(queue_t);
+
+/*
+ Applies the specified function f to each element in the
+ specified queue.
+
+ In addition to passing the element to f, queue_map
+ passes the specified void* pointer to f on each invocation.
+
+ If f returns a non-zero status, then queue_map will cease
+ iterating through the hash table and will propagate the error
+ return to its caller.
+ */
+int queue_map(queue_t, int (*f) (queue_element_t, void *), void *);
+
+/*
+ Same as queue_map, except that if f returns a non-zero status,
+ then the element will be removed from the queue and the g
+ function will be applied to the element.
+ */
+void queue_map_remove_on_error(queue_t,
+ int (*f) (queue_element_t, void *),
+ void (*g) (queue_element_t, void *), void *);
+
+#endif
+
+/* FLASK */
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
new file mode 100644
index 0000000..fe1bf5d
--- /dev/null
+++ b/checkpolicy/test/Makefile
@@ -0,0 +1,21 @@
+#
+# Makefile for building the dispol program
+#
+PREFIX ?= $(DESTDIR)/usr
+BINDIR=$(PREFIX)/bin
+LIBDIR=$(PREFIX)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+
+CFLAGS ?= -g -Wall -O2 -pipe
+override CFLAGS += -I$(INCLUDEDIR)
+
+LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+
+all: dispol dismod
+
+dispol: dispol.o
+
+dismod: dismod.o
+
+clean:
+ -rm -f dispol dismod *.o
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
new file mode 100644
index 0000000..705f1cb
--- /dev/null
+++ b/checkpolicy/test/dismod.c
@@ -0,0 +1,957 @@
+
+/* Authors: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2003,2004,2005 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/*
+ * dismod.c
+ *
+ * Test program to the contents of a binary policy in text
+ * form.
+ *
+ * dismod binary_mod_file
+ */
+
+#include <getopt.h>
+#include <assert.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+#include <errno.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/module.h>
+#include <sepol/policydb/util.h>
+#include <sepol/policydb/polcaps.h>
+
+#include <byteswap.h>
+#include <endian.h>
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define le32_to_cpu(x) (x)
+#else
+#define le32_to_cpu(x) bswap_32(x)
+#endif
+
+static policydb_t policydb;
+extern unsigned int ss_initialized;
+
+int policyvers = MOD_POLICYDB_VERSION_BASE;
+
+static const char *symbol_labels[9] = {
+ "commons",
+ "classes", "roles ", "types ", "users ", "bools ",
+ "levels ", "cats ", "attribs"
+};
+
+void usage(char *progname)
+{
+ printf("usage: %s binary_pol_file\n\n", progname);
+ exit(1);
+}
+
+static void render_access_mask(uint32_t mask, uint32_t class, policydb_t * p,
+ FILE * fp)
+{
+ char *perm;
+ fprintf(fp, "{");
+ perm = sepol_av_to_string(p, class, mask);
+ if (perm)
+ fprintf(fp, "%s ", perm);
+ fprintf(fp, "}");
+}
+
+static void render_access_bitmap(ebitmap_t * map, uint32_t class,
+ policydb_t * p, FILE * fp)
+{
+ unsigned int i;
+ char *perm;
+ fprintf(fp, "{");
+ for (i = ebitmap_startbit(map); i < ebitmap_length(map); i++) {
+ if (ebitmap_get_bit(map, i)) {
+ perm = sepol_av_to_string(p, class, 1 << i);
+ if (perm)
+ fprintf(fp, " %s", perm);
+ }
+ }
+ fprintf(fp, " }");
+}
+
+static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type,
+ uint32_t symbol_value, char *prefix)
+{
+ char *id = p->sym_val_to_name[symbol_type][symbol_value];
+ scope_datum_t *scope =
+ (scope_datum_t *) hashtab_search(p->scope[symbol_type].table, id);
+ assert(scope != NULL);
+ if (scope->scope == SCOPE_REQ) {
+ fprintf(fp, " [%s%s]", prefix, id);
+ } else {
+ fprintf(fp, " %s%s", prefix, id);
+ }
+}
+
+int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
+ FILE * fp)
+{
+ int i, num_types;
+
+ if (set->flags & TYPE_STAR) {
+ fprintf(fp, " * ");
+ return 0;
+ } else if (set->flags & TYPE_COMP) {
+ fprintf(fp, " ~");
+ }
+
+ num_types = 0;
+ if (flags & RULE_SELF) {
+ num_types++;
+ }
+
+ for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types);
+ i++) {
+ if (!ebitmap_get_bit(&set->types, i))
+ continue;
+ num_types++;
+ if (num_types > 1)
+ break;
+ }
+
+ if (num_types <= 1) {
+ for (i = ebitmap_startbit(&set->negset);
+ i < ebitmap_length(&set->negset); i++) {
+ if (!ebitmap_get_bit(&set->negset, i))
+ continue;
+ num_types++;
+ if (num_types > 1)
+ break;
+ }
+ }
+
+ if (num_types > 1)
+ fprintf(fp, "{");
+
+ for (i = ebitmap_startbit(&set->types); i < ebitmap_length(&set->types);
+ i++) {
+ if (!ebitmap_get_bit(&set->types, i))
+ continue;
+ display_id(policy, fp, SYM_TYPES, i, "");
+ }
+
+ for (i = ebitmap_startbit(&set->negset);
+ i < ebitmap_length(&set->negset); i++) {
+ if (!ebitmap_get_bit(&set->negset, i))
+ continue;
+ display_id(policy, fp, SYM_TYPES, i, "-");
+ }
+
+ if (flags & RULE_SELF) {
+ fprintf(fp, " self");
+ }
+
+ if (num_types > 1)
+ fprintf(fp, " }");
+
+ return 0;
+}
+
+int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
+{
+ int i, num = 0;
+
+ if (roles->flags & ROLE_STAR) {
+ fprintf(fp, " * ");
+ return 0;
+ } else if (roles->flags & ROLE_COMP) {
+ fprintf(fp, " ~");
+ }
+
+ for (i = ebitmap_startbit(&roles->roles);
+ i < ebitmap_length(&roles->roles); i++) {
+ if (!ebitmap_get_bit(&roles->roles, i))
+ continue;
+ num++;
+ if (num > 1) {
+ fprintf(fp, "{");
+ break;
+ }
+ }
+
+ for (i = ebitmap_startbit(&roles->roles);
+ i < ebitmap_length(&roles->roles); i++) {
+ if (ebitmap_get_bit(&roles->roles, i))
+ display_id(p, fp, SYM_ROLES, i, "");
+ }
+
+ if (num > 1)
+ fprintf(fp, " }");
+
+ return 0;
+
+}
+
+/* 'what' values for this function */
+#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */
+#define RENDER_ENABLED 0x0002
+#define RENDER_DISABLED 0x0004
+#define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED)
+
+int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy,
+ FILE * fp)
+{
+ class_perm_node_t *cur;
+ int num_classes;
+
+ if (avrule == NULL) {
+ fprintf(fp, " <empty>\n");
+ return 0;
+ }
+ if (avrule->specified & AVRULE_AV) {
+ if (avrule->specified & AVRULE_ALLOWED) {
+ fprintf(fp, " allow");
+ }
+ if (avrule->specified & AVRULE_AUDITALLOW) {
+ fprintf(fp, " auditallow ");
+ }
+ if (avrule->specified & AVRULE_DONTAUDIT) {
+ fprintf(fp, " dontaudit");
+ }
+ } else if (avrule->specified & AVRULE_TYPE) {
+ if (avrule->specified & AVRULE_TRANSITION) {
+ fprintf(fp, " type_transition");
+ }
+ if (avrule->specified & AVRULE_MEMBER) {
+ fprintf(fp, " type_member");
+ }
+ if (avrule->specified & AVRULE_CHANGE) {
+ fprintf(fp, " type_change");
+ }
+ } else if (avrule->specified & AVRULE_NEVERALLOW) {
+ fprintf(fp, " neverallow");
+ } else {
+ fprintf(fp, " ERROR: no valid rule type specified\n");
+ return -1;
+ }
+
+ if (display_type_set(&avrule->stypes, 0, policy, fp))
+ return -1;
+
+ if (display_type_set(&avrule->ttypes, avrule->flags, policy, fp))
+ return -1;
+
+ fprintf(fp, " :");
+ cur = avrule->perms;
+ num_classes = 0;
+ while (cur) {
+ num_classes++;
+ if (num_classes > 1)
+ break;
+ cur = cur->next;
+ }
+
+ if (num_classes > 1)
+ fprintf(fp, " {");
+
+ cur = avrule->perms;
+ while (cur) {
+ display_id(policy, fp, SYM_CLASSES, cur->class - 1, "");
+ cur = cur->next;
+ }
+
+ if (num_classes > 1)
+ fprintf(fp, " }");
+ fprintf(fp, " ");
+
+ if (avrule->specified & (AVRULE_AV | AVRULE_NEVERALLOW)) {
+ render_access_mask(avrule->perms->data, avrule->perms->class,
+ policy, fp);
+ } else if (avrule->specified & AVRULE_TYPE) {
+ display_id(policy, fp, SYM_TYPES, avrule->perms->data - 1, "");
+ }
+
+ fprintf(fp, ";\n");
+
+ return 0;
+}
+
+int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ type_datum_t *type;
+ FILE *fp;
+ int i, first_attrib = 1;
+
+ type = (type_datum_t *) datum;
+ fp = (FILE *) data;
+
+ if (type->primary) {
+ display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, "");
+ fprintf(fp, " [%d]: ", type->s.value);
+ } else {
+ /* as that aliases have no value of their own and that
+ * they can never be required by a module, use this
+ * alternative way of displaying a name */
+ fprintf(fp, " %s [%d]: ", (char *)key, type->s.value);
+ }
+ if (type->flavor == TYPE_ATTRIB) {
+ fprintf(fp, "attribute for types");
+ for (i = ebitmap_startbit(&type->types);
+ i < ebitmap_length(&type->types); i++) {
+ if (!ebitmap_get_bit(&type->types, i))
+ continue;
+ if (first_attrib) {
+ first_attrib = 0;
+ } else {
+ fprintf(fp, ",");
+ }
+ display_id(&policydb, fp, SYM_TYPES, i, "");
+ }
+ } else if (type->primary) {
+ fprintf(fp, "type");
+ } else {
+ fprintf(fp, "alias for type");
+ display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, "");
+ }
+ fprintf(fp, " flags:%x\n", type->flags);
+
+ return 0;
+}
+
+int display_types(policydb_t * p, FILE * fp)
+{
+ if (hashtab_map(p->p_types.table, display_type_callback, fp))
+ return -1;
+ return 0;
+}
+
+int display_users(policydb_t * p, FILE * fp)
+{
+ int i, j;
+ ebitmap_t *bitmap;
+ for (i = 0; i < p->p_users.nprim; i++) {
+ display_id(p, fp, SYM_USERS, i, "");
+ fprintf(fp, ":");
+ bitmap = &(p->user_val_to_struct[i]->roles.roles);
+ for (j = ebitmap_startbit(bitmap); j < ebitmap_length(bitmap);
+ j++) {
+ if (ebitmap_get_bit(bitmap, j)) {
+ display_id(p, fp, SYM_ROLES, j, "");
+ }
+ }
+ fprintf(fp, "\n");
+ }
+ return 0;
+}
+
+int display_bools(policydb_t * p, FILE * fp)
+{
+ int i;
+
+ for (i = 0; i < p->p_bools.nprim; i++) {
+ display_id(p, fp, SYM_BOOLS, i, "");
+ fprintf(fp, " : %d\n", p->bool_val_to_struct[i]->state);
+ }
+ return 0;
+}
+
+void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
+{
+
+ cond_expr_t *cur;
+ for (cur = exp; cur != NULL; cur = cur->next) {
+ switch (cur->expr_type) {
+ case COND_BOOL:
+ fprintf(fp, "%s ",
+ p->p_bool_val_to_name[cur->bool - 1]);
+ break;
+ case COND_NOT:
+ fprintf(fp, "! ");
+ break;
+ case COND_OR:
+ fprintf(fp, "|| ");
+ break;
+ case COND_AND:
+ fprintf(fp, "&& ");
+ break;
+ case COND_XOR:
+ fprintf(fp, "^ ");
+ break;
+ case COND_EQ:
+ fprintf(fp, "== ");
+ break;
+ case COND_NEQ:
+ fprintf(fp, "!= ");
+ break;
+ default:
+ fprintf(fp, "error!");
+ break;
+ }
+ }
+}
+
+void display_policycon(policydb_t * p, FILE * fp)
+{
+#if 0
+ int i;
+ ocontext_t *cur;
+ char *name;
+
+ for (i = 0; i < POLICYCON_NUM; i++) {
+ fprintf(fp, "%s:", symbol_labels[i]);
+ for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) {
+ if (*(cur->u.name) == '\0') {
+ name = "{default}";
+ } else {
+ name = cur->u.name;
+ }
+ fprintf(fp, "\n%16s - %s:%s:%s", name,
+ p->p_user_val_to_name[cur->context[0].user - 1],
+ p->p_role_val_to_name[cur->context[0].role - 1],
+ p->p_type_val_to_name[cur->context[0].type -
+ 1]);
+ }
+ fprintf(fp, "\n");
+ }
+#endif
+}
+
+void display_initial_sids(policydb_t * p, FILE * fp)
+{
+ ocontext_t *cur;
+ char *user, *role, *type;
+
+ fprintf(fp, "Initial SIDs:\n");
+ for (cur = p->ocontexts[OCON_ISID]; cur != NULL; cur = cur->next) {
+ user = p->p_user_val_to_name[cur->context[0].user - 1];
+ role = p->p_role_val_to_name[cur->context[0].role - 1];
+ type = p->p_type_val_to_name[cur->context[0].type - 1];
+ fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n",
+ cur->u.name, cur->sid[0], user, role, type);
+ }
+#if 0
+ fprintf(fp, "Policy Initial SIDs:\n");
+ for (cur = p->ocontexts[OCON_POLICYISID]; cur != NULL; cur = cur->next) {
+ user = p->p_user_val_to_name[cur->context[0].user - 1];
+ role = p->p_role_val_to_name[cur->context[0].role - 1];
+ type = p->p_type_val_to_name[cur->context[0].type - 1];
+ fprintf(fp, "\t%s: sid %d, context %s:%s:%s\n",
+ cur->u.name, cur->sid[0], user, role, type);
+ }
+#endif
+}
+
+void display_role_trans(role_trans_rule_t * tr, policydb_t * p, FILE * fp)
+{
+ for (; tr; tr = tr->next) {
+ fprintf(fp, "role transition ");
+ display_mod_role_set(&tr->roles, p, fp);
+ display_type_set(&tr->types, 0, p, fp);
+ display_id(p, fp, SYM_ROLES, tr->new_role - 1, " :");
+ fprintf(fp, "\n");
+ }
+}
+
+void display_role_allow(role_allow_rule_t * ra, policydb_t * p, FILE * fp)
+{
+ for (; ra; ra = ra->next) {
+ fprintf(fp, "role allow ");
+ display_mod_role_set(&ra->roles, p, fp);
+ display_mod_role_set(&ra->new_roles, p, fp);
+ fprintf(fp, "\n");
+ }
+}
+
+int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ char *id;
+ role_datum_t *role;
+ FILE *fp;
+
+ id = key;
+ role = (role_datum_t *) datum;
+ fp = (FILE *) data;
+
+ fprintf(fp, "role:");
+ display_id(&policydb, fp, SYM_ROLES, role->s.value - 1, "");
+ fprintf(fp, " types: ");
+ display_type_set(&role->types, 0, &policydb, fp);
+ fprintf(fp, "\n");
+
+ return 0;
+}
+
+static int display_scope_index(scope_index_t * indices, policydb_t * p,
+ FILE * out_fp)
+{
+ int i;
+ for (i = 0; i < SYM_NUM; i++) {
+ int any_found = 0, j;
+ fprintf(out_fp, "%s:", symbol_labels[i]);
+ for (j = ebitmap_startbit(&indices->scope[i]);
+ j < ebitmap_length(&indices->scope[i]); j++) {
+ if (ebitmap_get_bit(&indices->scope[i], j)) {
+ any_found = 1;
+ fprintf(out_fp, " %s",
+ p->sym_val_to_name[i][j]);
+ if (i == SYM_CLASSES) {
+ if (j < indices->class_perms_len) {
+ render_access_bitmap(indices->
+ class_perms_map
+ + j, j + 1,
+ p, out_fp);
+ } else {
+ fprintf(out_fp,
+ "<no perms known>");
+ }
+ }
+ }
+ }
+ if (!any_found) {
+ fprintf(out_fp, " <empty>");
+ }
+ fprintf(out_fp, "\n");
+ }
+ return 0;
+}
+
+#if 0
+int display_cond_expressions(policydb_t * p, FILE * fp)
+{
+ cond_node_t *cur;
+ cond_av_list_t *av_cur;
+ for (cur = p->cond_list; cur != NULL; cur = cur->next) {
+ fprintf(fp, "expression: ");
+ display_expr(p, cur->expr, fp);
+ fprintf(fp, "current state: %d\n", cur->cur_state);
+ fprintf(fp, "True list:\n");
+ for (av_cur = cur->true_list; av_cur != NULL;
+ av_cur = av_cur->next) {
+ fprintf(fp, "\t");
+ render_av_rule(&av_cur->node->key, &av_cur->node->datum,
+ RENDER_CONDITIONAL, p, fp);
+ }
+ fprintf(fp, "False list:\n");
+ for (av_cur = cur->false_list; av_cur != NULL;
+ av_cur = av_cur->next) {
+ fprintf(fp, "\t");
+ render_av_rule(&av_cur->node->key, &av_cur->node->datum,
+ RENDER_CONDITIONAL, p, fp);
+ }
+ }
+ return 0;
+}
+
+int change_bool(char *name, int state, policydb_t * p, FILE * fp)
+{
+ cond_bool_datum_t *bool;
+
+ bool = hashtab_search(p->p_bools.table, name);
+ if (bool == NULL) {
+ fprintf(fp, "Could not find bool %s\n", name);
+ return -1;
+ }
+ bool->state = state;
+ evaluate_conds(p);
+ return 0;
+}
+#endif
+
+int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
+ policydb_t * policy, FILE * out_fp)
+{
+ fprintf(out_fp, "decl %u:%s\n", decl->decl_id,
+ (decl->enabled ? " [enabled]" : ""));
+ switch (field) {
+ case 0:{
+ cond_list_t *cond = decl->cond_list;
+ avrule_t *avrule;
+ while (cond) {
+ fprintf(out_fp, "expression: ");
+ display_expr(&policydb, cond->expr, out_fp);
+ fprintf(out_fp, "current state: %d\n",
+ cond->cur_state);
+ fprintf(out_fp, "True list:\n");
+ avrule = cond->avtrue_list;
+ while (avrule) {
+ display_avrule(avrule,
+ RENDER_UNCONDITIONAL,
+ &policydb, out_fp);
+ avrule = avrule->next;
+ }
+ fprintf(out_fp, "False list:\n");
+ avrule = cond->avfalse_list;
+ while (avrule) {
+ display_avrule(avrule,
+ RENDER_UNCONDITIONAL,
+ &policydb, out_fp);
+ avrule = avrule->next;
+ }
+ cond = cond->next;
+ }
+ break;
+ }
+ case 1:{
+ avrule_t *avrule = decl->avrules;
+ if (avrule == NULL) {
+ fprintf(out_fp, " <empty>\n");
+ }
+ while (avrule != NULL) {
+ if (display_avrule
+ (avrule, what, policy, out_fp)) {
+ return -1;
+ }
+ avrule = avrule->next;
+ }
+ break;
+ }
+ case 2:{ /* role_type_node */
+ break;
+ }
+ case 3:{
+ display_role_trans(decl->role_tr_rules, policy, out_fp);
+ break;
+ }
+ case 4:{
+ display_role_allow(decl->role_allow_rules, policy,
+ out_fp);
+ break;
+ }
+ case 5:{
+ if (display_scope_index
+ (&decl->required, policy, out_fp)) {
+ return -1;
+ }
+ break;
+ }
+ case 6:{
+ if (display_scope_index
+ (&decl->declared, policy, out_fp)) {
+ return -1;
+ }
+ break;
+ }
+ default:{
+ assert(0);
+ }
+ }
+ return 0; /* should never get here */
+}
+
+int display_avblock(int field, uint32_t what, policydb_t * policy,
+ FILE * out_fp)
+{
+ avrule_block_t *block = policydb.global;
+ while (block != NULL) {
+ fprintf(out_fp, "--- begin avrule block ---\n");
+ avrule_decl_t *decl = block->branch_list;
+ while (decl != NULL) {
+ if (display_avdecl(decl, field, what, policy, out_fp)) {
+ return -1;
+ }
+ decl = decl->next;
+ }
+ block = block->next;
+ }
+ return 0;
+}
+
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
+{
+ if (p->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and perms\n");
+ else if (p->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and perms\n");
+ else if (p->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and perms\n");
+ return 0;
+}
+
+static int read_policy(char *filename, policydb_t * policy)
+{
+ FILE *in_fp;
+ struct policy_file f;
+ int retval;
+ uint32_t buf[1];
+
+ if ((in_fp = fopen(filename, "rb")) == NULL) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ filename, strerror(errno));
+ exit(1);
+ }
+ policy_file_init(&f);
+ f.type = PF_USE_STDIO;
+ f.fp = in_fp;
+
+ /* peek at the first byte. if they are indicative of a
+ package use the package reader, otherwise use the normal
+ policy reader */
+ if (fread(buf, sizeof(uint32_t), 1, in_fp) != 1) {
+ fprintf(stderr, "Could not read from policy.\n");
+ exit(1);
+ }
+ rewind(in_fp);
+ if (le32_to_cpu(buf[0]) == SEPOL_MODULE_PACKAGE_MAGIC) {
+ sepol_module_package_t *package;
+ if (sepol_module_package_create(&package)) {
+ fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__);
+ exit(1);
+ }
+ package->policy = (sepol_policydb_t *) policy;
+ package->file_contexts = NULL;
+ retval =
+ sepol_module_package_read(package,
+ (sepol_policy_file_t *) & f, 1);
+ free(package->file_contexts);
+ } else {
+ if (policydb_init(policy)) {
+ fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__);
+ exit(1);
+ }
+ retval = policydb_read(policy, &f, 1);
+ }
+ fclose(in_fp);
+ return retval;
+}
+
+static void link_module(policydb_t * base, FILE * out_fp)
+{
+ char module_name[80] = { 0 };
+ int ret;
+ policydb_t module, *mods = &module;
+
+ if (base->policy_type != POLICY_BASE) {
+ printf("Can only link if initial file was a base policy.\n");
+ return;
+ }
+ printf("\nModule filename: ");
+ fgets(module_name, sizeof(module_name), stdin);
+ module_name[strlen(module_name) - 1] = '\0'; /* remove LF */
+ if (module_name[0] == '\0') {
+ return;
+ }
+
+ /* read the binary policy */
+ fprintf(out_fp, "Reading module...\n");
+ if (read_policy(module_name, mods)) {
+ fprintf(stderr,
+ "%s: error(s) encountered while loading policy\n",
+ module_name);
+ exit(1);
+ }
+ if (module.policy_type != POLICY_MOD) {
+ fprintf(stderr, "This file is not a loadable policy module.\n");
+ exit(1);
+ }
+ if (policydb_index_classes(&module) ||
+ policydb_index_others(NULL, &module, 0)) {
+ fprintf(stderr, "Could not index module.\n");
+ exit(1);
+ }
+ ret = link_modules(NULL, base, &mods, 1, 0);
+ if (ret != 0) {
+ printf("Link failed (error %d)\n", ret);
+ printf("(You will probably need to restart dismod.)\n");
+ }
+ policydb_destroy(&module);
+ return;
+}
+
+static void display_policycaps(policydb_t * p, FILE * fp)
+{
+ ebitmap_node_t *node;
+ const char *capname;
+ char buf[64];
+ int i;
+
+ fprintf(fp, "policy capabilities:\n");
+ ebitmap_for_each_bit(&p->policycaps, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ capname = sepol_polcap_getname(i);
+ if (capname == NULL) {
+ snprintf(buf, sizeof(buf), "unknown (%d)", i);
+ capname = buf;
+ }
+ fprintf(fp, "\t%s\n", capname);
+ }
+ }
+}
+
+int menu()
+{
+ printf("\nSelect a command:\n");
+ printf("1) display unconditional AVTAB\n");
+ printf("2) display conditional AVTAB\n");
+ printf("3) display users\n");
+ printf("4) display bools\n");
+ printf("5) display roles\n");
+ printf("6) display types, attributes, and aliases\n");
+ printf("7) display role transitions\n");
+ printf("8) display role allows\n");
+ printf("9) Display policycon\n");
+ printf("0) Display initial SIDs\n");
+ printf("\n");
+ printf("a) Display avrule requirements\n");
+ printf("b) Display avrule declarations\n");
+ printf("c) Display policy capabilities\n");
+ printf("l) Link in a module\n");
+ printf("u) Display the unknown handling setting\n");
+ printf("\n");
+ printf("f) set output file\n");
+ printf("m) display menu\n");
+ printf("q) quit\n");
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ FILE *out_fp = stdout;
+ char ans[81], OutfileName[121];
+
+ if (argc != 2)
+ usage(argv[0]);
+
+ /* read the binary policy */
+ fprintf(out_fp, "Reading policy...\n");
+ policydb_init(&policydb);
+ if (read_policy(argv[1], &policydb)) {
+ fprintf(stderr,
+ "%s: error(s) encountered while loading policy\n",
+ argv[0]);
+ exit(1);
+ }
+
+ if (policydb.policy_type != POLICY_BASE &&
+ policydb.policy_type != POLICY_MOD) {
+ fprintf(stderr,
+ "This file is neither a base nor loadable policy module.\n");
+ exit(1);
+ }
+
+ if (policydb_index_classes(&policydb)) {
+ fprintf(stderr, "Error indexing classes\n");
+ exit(1);
+ }
+
+ if (policydb_index_others(NULL, &policydb, 1)) {
+ fprintf(stderr, "Error indexing others\n");
+ exit(1);
+ }
+
+ if (policydb.policy_type == POLICY_BASE) {
+ printf("Binary base policy file loaded.\n\n");
+ } else {
+ printf("Binary policy module file loaded.\n");
+ printf("Module name: %s\n", policydb.name);
+ printf("Module version: %s\n", policydb.version);
+ printf("\n");
+ }
+
+ menu();
+ for (;;) {
+ printf("\nCommand (\'m\' for menu): ");
+ fgets(ans, sizeof(ans), stdin);
+ switch (ans[0]) {
+
+ case '1':{
+ fprintf(out_fp, "unconditional avtab:\n");
+ display_avblock(1, RENDER_UNCONDITIONAL,
+ &policydb, out_fp);
+ break;
+ }
+ case '2':
+ fprintf(out_fp, "conditional avtab:\n");
+ display_avblock(0, RENDER_UNCONDITIONAL, &policydb,
+ out_fp);
+ break;
+ case '3':
+ display_users(&policydb, out_fp);
+ break;
+ case '4':
+ display_bools(&policydb, out_fp);
+ break;
+ case '5':
+ if (hashtab_map
+ (policydb.p_roles.table, role_display_callback,
+ out_fp))
+ exit(1);
+ break;
+ case '6':
+ if (display_types(&policydb, out_fp)) {
+ fprintf(stderr, "Error displaying types\n");
+ exit(1);
+ }
+ break;
+ case '7':
+ fprintf(out_fp, "role transitions:\n");
+ display_avblock(3, 0, &policydb, out_fp);
+ break;
+ case '8':
+ fprintf(out_fp, "role allows:\n");
+ display_avblock(4, 0, &policydb, out_fp);
+ break;
+ case '9':
+ display_policycon(&policydb, out_fp);
+ break;
+ case '0':
+ display_initial_sids(&policydb, out_fp);
+ break;
+ case 'a':
+ fprintf(out_fp, "avrule block requirements:\n");
+ display_avblock(5, 0, &policydb, out_fp);
+ break;
+ case 'b':
+ fprintf(out_fp, "avrule block declarations:\n");
+ display_avblock(6, 0, &policydb, out_fp);
+ break;
+ case 'c':
+ display_policycaps(&policydb, out_fp);
+ break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
+ case 'f':
+ printf
+ ("\nFilename for output (<CR> for screen output): ");
+ fgets(OutfileName, sizeof(OutfileName), stdin);
+ OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */
+ if (strlen(OutfileName) == 0)
+ out_fp = stdout;
+ else if ((out_fp = fopen(OutfileName, "w")) == NULL) {
+ fprintf(stderr, "Cannot open output file %s\n",
+ OutfileName);
+ out_fp = stdout;
+ }
+ if (out_fp != stdout)
+ printf("\nOutput to file: %s\n", OutfileName);
+ break;
+ case 'l':
+ link_module(&policydb, out_fp);
+ break;
+ case 'q':
+ policydb_destroy(&policydb);
+ exit(0);
+ break;
+ case 'm':
+ menu();
+ break;
+ default:
+ printf("\nInvalid choice\n");
+ menu();
+ break;
+
+ }
+ }
+ exit(EXIT_SUCCESS);
+}
diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
new file mode 100644
index 0000000..f8c05e6
--- /dev/null
+++ b/checkpolicy/test/dispol.c
@@ -0,0 +1,511 @@
+
+/* Authors: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+/*
+ * displaypol.c
+ *
+ * Test program to the contents of a binary policy in text
+ * form. This program currently only displays the
+ * avtab (including conditional avtab) rules.
+ *
+ * displaypol binary_pol_file
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/util.h>
+#include <sepol/policydb/polcaps.h>
+#include <getopt.h>
+#include <assert.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+#include <errno.h>
+#include <stdio.h>
+#include <fcntl.h>
+
+static policydb_t policydb;
+
+void usage(char *progname)
+{
+ printf("usage: %s binary_pol_file\n\n", progname);
+ exit(1);
+}
+
+int render_access_mask(uint32_t mask, avtab_key_t * key, policydb_t * p,
+ FILE * fp)
+{
+ char *perm;
+ fprintf(fp, "{");
+ perm = sepol_av_to_string(p, key->target_class, mask);
+ if (perm)
+ fprintf(fp, "%s ", perm);
+ fprintf(fp, "}");
+ return 0;
+}
+
+int render_type(uint32_t type, policydb_t * p, FILE * fp)
+{
+ fprintf(fp, "%s", p->p_type_val_to_name[type - 1]);
+ return 0;
+}
+
+int render_key(avtab_key_t * key, policydb_t * p, FILE * fp)
+{
+ char *stype, *ttype, *tclass;
+ stype = p->p_type_val_to_name[key->source_type - 1];
+ ttype = p->p_type_val_to_name[key->target_type - 1];
+ tclass = p->p_class_val_to_name[key->target_class - 1];
+ if (stype && ttype)
+ fprintf(fp, "%s %s : %s ", stype, ttype, tclass);
+ else if (stype)
+ fprintf(fp, "%s %u : %s ", stype, key->target_type, tclass);
+ else if (ttype)
+ fprintf(fp, "%u %s : %s ", key->source_type, ttype, tclass);
+ else
+ fprintf(fp, "%u %u : %s ", key->source_type, key->target_type,
+ tclass);
+ return 0;
+}
+
+/* 'what' values for this function */
+#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */
+#define RENDER_ENABLED 0x0002
+#define RENDER_DISABLED 0x0004
+#define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED)
+
+int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what,
+ policydb_t * p, FILE * fp)
+{
+ if (!(what & RENDER_UNCONDITIONAL)) {
+ if (what != RENDER_CONDITIONAL && (((what & RENDER_ENABLED)
+ && !(key->
+ specified &
+ AVTAB_ENABLED))
+ || ((what & RENDER_DISABLED)
+ && (key->
+ specified &
+ AVTAB_ENABLED)))) {
+ return 0; /* doesn't match selection criteria */
+ }
+ }
+
+ if (!(what & RENDER_UNCONDITIONAL)) {
+ if (key->specified & AVTAB_ENABLED)
+ fprintf(fp, "[enabled] ");
+ else if (!(key->specified & AVTAB_ENABLED))
+ fprintf(fp, "[disabled] ");
+ }
+
+ if (key->specified & AVTAB_AV) {
+ if (key->specified & AVTAB_ALLOWED) {
+ fprintf(fp, "allow ");
+ render_key(key, p, fp);
+ render_access_mask(datum->data, key, p, fp);
+ fprintf(fp, ";\n");
+ }
+ if (key->specified & AVTAB_AUDITALLOW) {
+ fprintf(fp, "auditallow ");
+ render_key(key, p, fp);
+ render_access_mask(datum->data, key, p, fp);
+ fprintf(fp, ";\n");
+ }
+ if (key->specified & AVTAB_AUDITDENY) {
+ fprintf(fp, "dontaudit ");
+ render_key(key, p, fp);
+ /* We inverse the mask for dontaudit since the mask is internally stored
+ * as a auditdeny mask */
+ render_access_mask(~datum->data, key, p, fp);
+ fprintf(fp, ";\n");
+ }
+ } else if (key->specified & AVTAB_TYPE) {
+ if (key->specified & AVTAB_TRANSITION) {
+ fprintf(fp, "type_transition ");
+ render_key(key, p, fp);
+ render_type(datum->data, p, fp);
+ fprintf(fp, ";\n");
+ }
+ if (key->specified & AVTAB_MEMBER) {
+ fprintf(fp, "type_member ");
+ render_key(key, p, fp);
+ render_type(datum->data, p, fp);
+ fprintf(fp, ";\n");
+ }
+ if (key->specified & AVTAB_CHANGE) {
+ fprintf(fp, "type_change ");
+ render_key(key, p, fp);
+ render_type(datum->data, p, fp);
+ fprintf(fp, ";\n");
+ }
+ } else {
+ fprintf(fp, " ERROR: no valid rule type specified\n");
+ return -1;
+ }
+ return 0;
+}
+
+int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
+{
+ int i;
+ avtab_ptr_t cur;
+ avtab_t expa;
+
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_avtab(p, a, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+
+ /* hmm...should have used avtab_map. */
+ for (i = 0; i < expa.nslot; i++) {
+ for (cur = expa.htable[i]; cur; cur = cur->next) {
+ render_av_rule(&cur->key, &cur->datum, what, p, fp);
+ }
+ }
+ avtab_destroy(&expa);
+ fprintf(fp, "\n");
+ return 0;
+ oom:
+ fprintf(stderr, "out of memory\n");
+ return 1;
+}
+
+int display_bools(policydb_t * p, FILE * fp)
+{
+ int i;
+
+ for (i = 0; i < p->p_bools.nprim; i++) {
+ fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
+ p->bool_val_to_struct[i]->state);
+ }
+ return 0;
+}
+
+void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
+{
+
+ cond_expr_t *cur;
+ for (cur = exp; cur != NULL; cur = cur->next) {
+ switch (cur->expr_type) {
+ case COND_BOOL:
+ fprintf(fp, "%s ",
+ p->p_bool_val_to_name[cur->bool - 1]);
+ break;
+ case COND_NOT:
+ fprintf(fp, "! ");
+ break;
+ case COND_OR:
+ fprintf(fp, "|| ");
+ break;
+ case COND_AND:
+ fprintf(fp, "&& ");
+ break;
+ case COND_XOR:
+ fprintf(fp, "^ ");
+ break;
+ case COND_EQ:
+ fprintf(fp, "== ");
+ break;
+ case COND_NEQ:
+ fprintf(fp, "!= ");
+ break;
+ default:
+ fprintf(fp, "error!");
+ break;
+ }
+ }
+}
+
+int display_cond_expressions(policydb_t * p, FILE * fp)
+{
+ cond_node_t *cur;
+ cond_av_list_t *av_cur, *expl = NULL;
+ avtab_t expa;
+
+ for (cur = p->cond_list; cur != NULL; cur = cur->next) {
+ fprintf(fp, "expression: ");
+ display_expr(p, cur->expr, fp);
+ fprintf(fp, "current state: %d\n", cur->cur_state);
+ fprintf(fp, "True list:\n");
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_cond_av_list(p, cur->true_list, &expl, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+ for (av_cur = expl; av_cur != NULL; av_cur = av_cur->next) {
+ fprintf(fp, "\t");
+ render_av_rule(&av_cur->node->key, &av_cur->node->datum,
+ RENDER_CONDITIONAL, p, fp);
+ }
+ cond_av_list_destroy(expl);
+ avtab_destroy(&expa);
+ fprintf(fp, "False list:\n");
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_cond_av_list(p, cur->false_list, &expl, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+ for (av_cur = expl; av_cur != NULL; av_cur = av_cur->next) {
+ fprintf(fp, "\t");
+ render_av_rule(&av_cur->node->key, &av_cur->node->datum,
+ RENDER_CONDITIONAL, p, fp);
+ }
+ cond_av_list_destroy(expl);
+ avtab_destroy(&expa);
+ }
+ return 0;
+
+ oom:
+ fprintf(stderr, "out of memory\n");
+ return 1;
+}
+
+int display_handle_unknown(policydb_t * p, FILE * out_fp)
+{
+ if (p->handle_unknown == ALLOW_UNKNOWN)
+ fprintf(out_fp, "Allow unknown classes and permisions\n");
+ else if (p->handle_unknown == DENY_UNKNOWN)
+ fprintf(out_fp, "Deny unknown classes and permisions\n");
+ else if (p->handle_unknown == REJECT_UNKNOWN)
+ fprintf(out_fp, "Reject unknown classes and permisions\n");
+ return 0;
+}
+
+int change_bool(char *name, int state, policydb_t * p, FILE * fp)
+{
+ cond_bool_datum_t *bool;
+
+ bool = hashtab_search(p->p_bools.table, name);
+ if (bool == NULL) {
+ fprintf(fp, "Could not find bool %s\n", name);
+ return -1;
+ }
+ bool->state = state;
+ evaluate_conds(p);
+ return 0;
+}
+
+static void display_policycaps(policydb_t * p, FILE * fp)
+{
+ ebitmap_node_t *node;
+ const char *capname;
+ char buf[64];
+ int i;
+
+ fprintf(fp, "policy capabilities:\n");
+ ebitmap_for_each_bit(&p->policycaps, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ capname = sepol_polcap_getname(i);
+ if (capname == NULL) {
+ snprintf(buf, sizeof(buf), "unknown (%d)", i);
+ capname = buf;
+ }
+ fprintf(fp, "\t%s\n", capname);
+ }
+ }
+}
+
+static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type,
+ uint32_t symbol_value, char *prefix)
+{
+ char *id = p->sym_val_to_name[symbol_type][symbol_value];
+ fprintf(fp, " %s%s", prefix, id);
+}
+
+static void display_permissive(policydb_t *p, FILE *fp)
+{
+ ebitmap_node_t *node;
+ int i;
+
+ fprintf(fp, "permissive sids:\n");
+ ebitmap_for_each_bit(&p->permissive_map, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ fprintf(fp, "\t");
+ display_id(p, fp, SYM_TYPES, i - 1, "");
+ fprintf(fp, "\n");
+ }
+ }
+}
+
+int menu()
+{
+ printf("\nSelect a command:\n");
+ printf("1) display unconditional AVTAB\n");
+ printf("2) display conditional AVTAB (entirely)\n");
+ printf("3) display conditional AVTAG (only ENABLED rules)\n");
+ printf("4) display conditional AVTAB (only DISABLED rules)\n");
+ printf("5) display conditional bools\n");
+ printf("6) display conditional expressions\n");
+ printf("7) change a boolean value\n");
+ printf("\n");
+ printf("c) display policy capabilities\n");
+ printf("p) display the list of permissive types\n");
+ printf("u) display unknown handling setting\n");
+ printf("f) set output file\n");
+ printf("m) display menu\n");
+ printf("q) quit\n");
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ FILE *out_fp = stdout;
+ char ans[81], OutfileName[121];
+ int fd, ret;
+ struct stat sb;
+ void *map;
+ char *name;
+ int state;
+ struct policy_file pf;
+
+ if (argc != 2)
+ usage(argv[0]);
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ argv[1], strerror(errno));
+ exit(1);
+ }
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, "Can't stat '%s': %s\n",
+ argv[1], strerror(errno));
+ exit(1);
+ }
+ map =
+ mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, "Can't map '%s': %s\n",
+ argv[1], strerror(errno));
+ exit(1);
+ }
+
+ /* read the binary policy */
+ fprintf(out_fp, "Reading policy...\n");
+ policy_file_init(&pf);
+ pf.type = PF_USE_MEMORY;
+ pf.data = map;
+ pf.len = sb.st_size;
+ if (policydb_init(&policydb)) {
+ fprintf(stderr, "%s: Out of memory!\n", argv[0]);
+ exit(1);
+ }
+ ret = policydb_read(&policydb, &pf, 1);
+ if (ret) {
+ fprintf(stderr,
+ "%s: error(s) encountered while parsing configuration\n",
+ argv[0]);
+ exit(1);
+ }
+
+ fprintf(stdout, "binary policy file loaded\n\n");
+ close(fd);
+
+ menu();
+ for (;;) {
+ printf("\nCommand (\'m\' for menu): ");
+ fgets(ans, sizeof(ans), stdin);
+ switch (ans[0]) {
+
+ case '1':
+ display_avtab(&policydb.te_avtab, RENDER_UNCONDITIONAL,
+ &policydb, out_fp);
+ break;
+ case '2':
+ display_avtab(&policydb.te_cond_avtab,
+ RENDER_CONDITIONAL, &policydb, out_fp);
+ break;
+ case '3':
+ display_avtab(&policydb.te_cond_avtab, RENDER_ENABLED,
+ &policydb, out_fp);
+ break;
+ case '4':
+ display_avtab(&policydb.te_cond_avtab, RENDER_DISABLED,
+ &policydb, out_fp);
+ break;
+ case '5':
+ display_bools(&policydb, out_fp);
+ break;
+ case '6':
+ display_cond_expressions(&policydb, out_fp);
+ break;
+ case '7':
+ printf("name? ");
+ fgets(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ name = malloc((strlen(ans) + 1) * sizeof(char));
+ if (name == NULL) {
+ fprintf(stderr, "couldn't malloc string.\n");
+ break;
+ }
+ strcpy(name, ans);
+
+ printf("state? ");
+ fgets(ans, sizeof(ans), stdin);
+ ans[strlen(ans) - 1] = 0;
+
+ if (atoi(ans))
+ state = 1;
+ else
+ state = 0;
+
+ change_bool(name, state, &policydb, out_fp);
+ free(name);
+ break;
+ case 'c':
+ display_policycaps(&policydb, out_fp);
+ break;
+ case 'p':
+ display_permissive(&policydb, out_fp);
+ break;
+ case 'u':
+ case 'U':
+ display_handle_unknown(&policydb, out_fp);
+ break;
+ case 'f':
+ printf
+ ("\nFilename for output (<CR> for screen output): ");
+ fgets(OutfileName, sizeof(OutfileName), stdin);
+ OutfileName[strlen(OutfileName) - 1] = '\0'; /* fix_string (remove LF) */
+ if (strlen(OutfileName) == 0)
+ out_fp = stdout;
+ else if ((out_fp = fopen(OutfileName, "w")) == NULL) {
+ fprintf(stderr, "Cannot open output file %s\n",
+ OutfileName);
+ out_fp = stdout;
+ }
+ if (out_fp != stdout)
+ printf("\nOutput to file: %s\n", OutfileName);
+ break;
+ case 'q':
+ policydb_destroy(&policydb);
+ exit(0);
+ break;
+ case 'm':
+ menu();
+ break;
+ default:
+ printf("\nInvalid choice\n");
+ menu();
+ break;
+
+ }
+ }
+}
+
+/* FLASK */
diff --git a/libselinux/ChangeLog b/libselinux/ChangeLog
new file mode 100644
index 0000000..eeb8704
--- /dev/null
+++ b/libselinux/ChangeLog
@@ -0,0 +1,827 @@
+2.0.71 2008-08-05
+ * Add group support to seusers using %groupname syntax from Dan Walsh.
+ * Mark setrans socket close-on-exec from Stephen Smalley.
+ * Only apply nodups checking to base file contexts from Stephen Smalley.
+
+2.0.70 2008-07-30
+ * Merge ruby bindings from Dan Walsh.
+
+2.0.69 2008-07-29
+ * Handle duplicate file context regexes as a fatal error from Stephen Smalley.
+ This prevents adding them via semanage.
+
+2.0.68 2008-07-18
+ * Fix audit2why shadowed variables from Stephen Smalley.
+ * Note that freecon NULL is legal in man page from Karel Zak.
+
+2.0.67 2008-06-13
+ * New and revised AVC, label, and mapping man pages from Eamon Walsh.
+
+2.0.66 2008-06-11
+ * Add swig python bindings for avc interfaces from Dan Walsh.
+
+2.0.65 2008-05-27
+ * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
+ * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
+
+2.0.64 2008-04-21
+ * Fixed selinux_set_callback man page.
+
+2.0.63 2008-04-18
+ * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
+
+2.0.62 2008-04-18
+ * Fix memory leaks in matchpathcon from Eamon Walsh.
+
+2.0.61 2008-03-31
+ * Man page typo fix from Jim Meyering.
+
+2.0.60 2008-03-20
+ * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
+
+2.0.59 2008-02-29
+ * Merged new X label "poly_selection" namespace from Eamon Walsh.
+
+2.0.58 2008-02-28
+ * Merged reset_selinux_config() for load policy from Dan Walsh.
+
+2.0.57 2008-02-25
+ * Merged avc_has_perm() errno fix from Eamon Walsh.
+
+2.0.56 2008-02-21
+ * Regenerated Flask headers from refpolicy flask definitions.
+
+2.0.55 2008-02-08
+ * Merged compute_member AVC function and manpages from Eamon Walsh.
+
+2.0.54 2008-02-08
+ * Provide more error reporting on load policy failures from Stephen Smalley.
+
+2.0.53 2008-02-07
+ * Merged new X label "poly_prop" namespace from Eamon Walsh.
+
+2.0.52 2008-02-06
+ * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
+
+2.0.51 2008-02-05
+ * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
+
+2.0.50 2008-01-28
+ * Merged fix for audit2why from Dan Walsh.
+
+2.0.49 2008-01-23
+ * Merged audit2why python binding from Dan Walsh.
+
+2.0.48 2008-01-23
+ * Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
+
+2.0.47 2007-12-21
+ * Fix for the avc: granted null message bug from Stephen Smalley.
+
+2.0.46 2007-12-07
+ * matchpathcon(8) man page update from Dan Walsh.
+
+2.0.45 2007-11-20
+ * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
+
+2.0.44 2007-11-20
+ * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
+ A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
+
+2.0.43 2007-11-15
+ * Regenerated Flask headers from policy.
+
+2.0.42 2007-11-08
+ * AVC enforcing mode override patch from Eamon Walsh.
+
+2.0.41 2007-11-06
+ * Aligned attributes in AVC netlink code from Eamon Walsh.
+
+2.0.40 2007-11-01
+ * Merged refactored AVC netlink code from Eamon Walsh.
+
+2.0.39 2007-10-19
+ * Merged new X label namespaces from Eamon Walsh.
+
+2.0.38 2007-10-15
+ * Bux fix and minor refactoring in string representation code.
+
+2.0.37 2007-10-05
+ * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
+
+2.0.36 2007-09-27
+ * Fix segfault resulting from missing file_contexts file.
+
+2.0.35 2007-09-24
+ * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
+ * Pass CFLAGS when using gcc for linking from Dennis Gilmore.
+
+2.0.34 2007-09-18
+ * Fix selabel option flag setting for 64-bit from Stephen Smalley.
+
+2.0.33 2007-09-12
+ * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
+ * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
+
+2.0.32 2007-09-10
+ * Fix swig binding for rpm_execcon from James Athey.
+
+2.0.31 2007-08-23
+ * Fix file_contexts.homedirs path from Todd Miller.
+
+2.0.30 2007-08-06
+ * Fix segfault resulting from uninitialized print-callback pointer.
+
+2.0.29 2007-08-02
+ * Added x_contexts path function patch from Eamon Walsh.
+
+2.0.28 2007-08-01
+ * Fix build for EMBEDDED=y from Yuichi Nakamura.
+
+2.0.27 2007-07-25
+ * Fix markup problems in selinux man pages from Dan Walsh.
+
+2.0.26 2007-07-23
+ * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
+ * Added swigify to top-level Makefile from Dan Walsh.
+
+2.0.25 2007-07-23
+ * Fix for string_to_security_class segfault on x86_64 from Stephen
+ Smalley.
+
+2.0.24 2007-09-07
+ * Fix for getfilecon() for zero-length contexts from Stephen Smalley.
+
+2.0.23 2007-06-22
+ * Refactored SWIG bindings from James Athey.
+
+2.0.22 2007-06-20
+ * Labeling and callback interface patches from Eamon Walsh.
+
+2.0.21 2007-06-11
+ * Class and permission mapping support patches from Eamon Walsh.
+
+2.0.20 2007-06-07
+ * Object class discovery support patches from Chris PeBenito.
+
+2.0.19 2007-06-05
+ * Refactoring and errno support in string representation code.
+
+2.0.18 2007-05-31
+ * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
+ This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
+
+2.0.17 2007-05-31
+ * Updated Lindent script and reindented two header files.
+
+2.0.16 2007-05-09
+ * Merged additional swig python bindings from Dan Walsh.
+
+2.0.15 2007-04-27
+ * Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
+
+2.0.14 2007-04-24
+ * Merged build fix for avc_internal.c from Joshua Brindle.
+
+2.0.13 2007-04-12
+ * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
+
+2.0.12 2007-04-09
+ * Merged support for getting initial contexts from James Carter.
+
+2.0.11 2007-04-05
+ * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
+
+
+2.0.10 2007-04-05
+ * Merged sidput(NULL) patch from Eamon Walsh.
+
+2.0.9 2007-03-30
+ * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
+
+2.0.8 2007-03-20
+ * Merged fix for avc.h #include's from Eamon Walsh.
+
+2.0.7 2007-03-12
+ * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
+
+2.0.6 2007-03-12
+ * Merged patch to drop support for old /etc/sysconfig/selinux and
+ /etc/security policy file layout from Steve Grubb.
+
+2.0.5 2007-02-27
+ * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
+
+2.0.4 2007-02-23
+ * Removed sending of setrans init message.
+
+2.0.3 2007-02-22
+ * Merged matchpathcon memory leak fix from Steve Grubb.
+
+2.0.2 2007-02-21
+ * Merged more swig initializers from Dan Walsh.
+
+2.0.1 2007-02-20
+ * Merged patch from Todd Miller to convert int types over to C99 style.
+
+2.0.0 2007-02-01
+ * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
+ of the use of the non-standard format %as. (original patch changed
+ for style).
+ * Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
+
+1.34.1 2007-01-26
+ * Merged python binding fixes from Dan Walsh.
+
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.6 2007-01-17
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.5 2007-01-16
+ * Merged getdefaultcon utility from Dan Walsh.
+
+1.33.4 2007-01-11
+ * Merged selinux_check_securetty_context() and support from Dan Walsh.
+
+1.33.3 2007-01-04
+ * Merged patch for matchpathcon utility to use file mode information
+ when available from Dan Walsh.
+
+1.33.2 2006-11-27
+ * Merged patch to compile with -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offset table
+ limit. Patch changed to include libsepol and libsemanage in
+ addition to libselinux.
+
+1.33.1 2006-10-19
+ * Merged updated flask definitions from Darrel Goeddel.
+ This adds the context security class, and also adds
+ the string definitions for setsockcreate and polmatch.
+
+1.32 2006-10-17
+ * Updated version for release.
+
+1.30.30 2006-10-05
+ * Merged patch from Darrel Goeddel to always use untranslated
+ contexts in the userspace AVC.
+
+1.30.29 2006-09-29
+ * Merged av_permissions.h update from Steve Grubb,
+ adding setsockcreate and polmatch definitions.
+
+1.30.28 2006-09-13
+ * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
+ * Merged c++ class identifier fix from Joe Nall.
+
+1.30.27 2006-08-24
+ * Merged patch to not log avc stats upon a reset from Steve Grubb.
+ * Applied patch to revert compat_net setting upon policy load.
+
+1.30.26 2006-08-11
+ * Merged file context homedir and local path functions from
+ Chris PeBenito.
+
+1.30.25 2006-08-11
+ * Rework functions that access /proc/pid/attr to access the
+ per-thread nodes, and unify the code to simplify maintenance.
+
+1.30.24 2006-08-10
+ * Merged return value fix for *getfilecon() from Dan Walsh.
+
+1.30.23 2006-08-10
+ * Merged sockcreate interfaces from Eric Paris.
+
+1.30.22 2006-08-03
+ * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
+
+1.30.21 2006-08-03
+ * Merged netfilter_contexts support patch from Chris PeBenito.
+
+1.30.20 2006-08-01
+ * Merged context_*_set errno patch from Jim Meyering.
+
+1.30.19 2006-06-29
+ * Lindent.
+
+1.30.18 2006-06-27
+ * Merged {get,set}procattrcon patch set from Eric Paris.
+ * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
+
+1.30.17 2006-06-27
+ * Regenerated Flask headers from refpolicy.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ - Added selinux_file_context_{cmp,verify}.
+ - Added selinux_lsetfilecon_default.
+ - Delay translation of contexts in matchpathcon.
+
+1.30.15 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Added selinux_getpolicytype() function.
+ * Modified setrans code to skip processing if !mls_enabled.
+
+1.30.14 2006-06-16
+ * Set errno in the !selinux_mnt case.
+
+1.30.13 2006-06-02
+ * Allocate large buffers from the heap, not on stack.
+ Affects is_context_customizable, selinux_init_load_policy,
+ and selinux_getenforcemode.
+
+1.30.12 2006-06-02
+ * Merged !selinux_mnt checks from Ian Kent.
+
+1.30.11 2006-05-24
+ * Merged matchmediacon and trans_to_raw_context fixes from
+ Serge Hallyn.
+
+1.30.10 2006-05-22
+ * Merged simple setrans client cache from Dan Walsh.
+ Merged avcstat patch from Russell Coker.
+
+1.30.9 2006-05-22
+ * Modified selinux_mkload_policy() to also set /selinux/compat_net
+ appropriately for the loaded policy.
+
+1.30.8 2006-05-17
+ * Added matchpathcon_fini() function to free memory allocated by
+ matchpathcon_init().
+
+1.30.7 2006-05-16
+ * Merged setrans client cleanup patch from Steve Grubb.
+
+1.30.6 2006-05-08
+ * Merged getfscreatecon man page fix from Dan Walsh.
+ * Updated booleans(8) man page to drop references to the old
+ booleans file and to note that setsebool can be used to set
+ the boot-time defaults via -P.
+
+1.30.5 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.4 2006-05-05
+ * Merged setrans client support from Dan Walsh.
+ This removes use of libsetrans.
+ * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
+ * Merged swig typemap fixes from Glauber de Oliveira Costa.
+
+1.30.3 2006-04-12
+ * Added distclean target to Makefile.
+ * Regenerated swig files.
+
+1.30.2 2006-04-11
+ * Changed matchpathcon_init to verify that the spec file is
+ a regular file.
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+
+1.30.1 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.8 2006-02-27
+ * Altered rpm_execcon fallback logic for permissive mode to also
+ handle case where /selinux/enforce is not available.
+
+1.29.7 2006-01-20
+ * Merged install-pywrap Makefile patch from Joshua Brindle.
+
+1.29.6 2006-01-18
+ * Merged pywrap Makefile patch from Dan Walsh.
+
+1.29.5 2006-01-11
+ * Added getseuser test program.
+
+1.29.4 2006-01-06
+ * Added format attribute to myprintf in matchpathcon.c and
+ removed obsoleted rootlen variable in init_selinux_config().
+
+1.29.3 2006-01-04
+ * Merged several fixes and improvements from Ulrich Drepper
+ (Red Hat), including:
+ - corrected use of getline
+ - further calls to __fsetlocking for local files
+ - use of strdupa and asprintf
+ - proper handling of dirent in booleans code
+ - use of -z relro
+ - several other optimizations
+ * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
+
+1.29.2 2005-12-14
+ * Merged call to finish_context_translations from Dan Walsh.
+ This eliminates a memory leak from failing to release memory
+ allocated by libsetrans.
+
+1.29.1 2005-12-08
+ * Merged patch for swig interfaces from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.28 2005-12-01
+ * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
+ modified matchpathcon implementation to make context validation/
+ canonicalization optional at matchpathcon_init time, deferring it
+ to a successful matchpathcon by default unless the new flag is set
+ by the caller.
+
+1.27.27 2005-12-01
+ * Added matchpathcon_init_prefix() interface, and
+ reworked matchpathcon implementation to support selective
+ loading of file contexts entries based on prefix matching
+ between the pathname regex stems and the specified path
+ prefix (stem must be a prefix of the specified path prefix).
+
+1.27.26 2005-11-29
+ * Merged getsebool patch from Dan Walsh.
+
+1.27.25 2005-11-29
+ * Added -f file_contexts option to matchpathcon util.
+ Fixed warning message in matchpathcon_init().
+
+1.27.24 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.27.23 2005-11-28
+ * Merged swigify patch from Dan Walsh.
+
+1.27.22 2005-11-15
+ * Merged make failure in rpm_execcon non-fatal in permissive mode
+ patch from Ivan Gyurdiev.
+
+1.27.21 2005-11-08
+ * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
+ and modified matchpathcon_init() to skip context translation
+ if it is set by the caller.
+
+1.27.20 2005-11-07
+ * Added security_canonicalize_context() interface and
+ set_matchpathcon_canoncon() interface for obtaining
+ canonical contexts. Changed matchpathcon internals
+ to obtain canonical contexts by default. Provided
+ fallback for kernels that lack extended selinuxfs context
+ interface.
+
+1.27.19 2005-11-04
+ * Merged seusers parser changes from Ivan Gyurdiev.
+ * Merged setsebool to libsemanage patch from Ivan Gyurdiev.
+ * Changed seusers parser to reject empty fields.
+
+1.27.18 2005-11-03
+ * Merged seusers empty level handling patch from Jonathan Kim (TCS).
+
+1.27.17 2005-10-27
+ * Changed default entry for seusers to use __default__ to avoid
+ ambiguity with users named "default".
+
+1.27.16 2005-10-27
+ * Fixed init_selinux_config() handling of missing /etc/selinux/config
+ or missing SELINUXTYPE= definition.
+ * Merged selinux_translations_path() patch from Dan Walsh.
+
+1.27.15 2005-10-25
+ * Added hidden_proto/def for get_default_context_with_role.
+
+1.27.14 2005-10-25
+ * Merged selinux_path() and selinux_homedir_context_path()
+ functions from Joshua Brindle.
+
+1.27.13 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.12 2005-10-18
+ * Merged get_default_context_with_rolelevel and man pages from
+ Dan Walsh (Red Hat).
+
+1.27.11 2005-10-18
+ * Updated call to sepol_policydb_to_image for sepol changes.
+
+1.27.10 2005-10-17
+ * Changed getseuserbyname to ignore empty lines and to handle
+ no matching entry in the same manner as no seusers file.
+
+1.27.9 2005-10-13
+ * Changed selinux_mkload_policy to try downgrading the
+ latest policy version available to the kernel-supported version.
+
+1.27.8 2005-10-11
+ * Changed selinux_mkload_policy to fall back to the maximum
+ policy version supported by libsepol if the kernel policy version
+ falls outside of the supported range.
+
+1.27.7 2005-10-06
+ * Changed getseuserbyname to fall back to the Linux username and
+ NULL level if seusers config file doesn't exist unless
+ REQUIRESEUSERS=1 is set in /etc/selinux/config.
+ * Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
+
+1.27.6 2005-10-06
+ * Added selinux_init_load_policy() function as an even higher level
+ interface for the initial policy load by /sbin/init. This obsoletes
+ the load_policy() function in the sysvinit-selinux.patch.
+
+1.27.5 2005-10-06
+ * Added selinux_mkload_policy() function as a higher level interface
+ for loading policy than the security_load_policy() interface.
+
+1.27.4 2005-10-05
+ * Merged fix for matchpathcon (regcomp error checking) from Johan
+ Fischer. Also added use of regerror to obtain the error string
+ for inclusion in the error message.
+
+1.27.3 2005-10-03
+ * Changed getseuserbyname to not require (and ignore if present)
+ the MLS level in seusers.conf if MLS is disabled, setting *level
+ to NULL in this case.
+
+1.27.2 2005-09-30
+ * Merged getseuserbyname patch from Dan Walsh.
+
+1.27.1 2005-09-19
+ * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
+ This allows file_contexts with MLS fields to be processed on
+ non-MLS-enabled systems with policies that are otherwise
+ identical (e.g. same type definitions).
+ * Merged get_ordered_context_list_with_level() function from
+ Dan Walsh, and added get_default_context_with_level().
+ This allows MLS level selection for users other than the
+ default level.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.7 2005-09-01
+ * Merged modified form of patch to avoid dlopen/dlclose by
+ the static libselinux from Dan Walsh. Users of the static libselinux
+ will not have any context translation by default.
+
+1.25.6 2005-08-31
+ * Added public functions to export context translation to
+ users of libselinux (selinux_trans_to_raw_context,
+ selinux_raw_to_trans_context).
+
+1.25.5 2005-08-26
+ * Remove special definition for context_range_set; use
+ common code.
+
+1.25.4 2005-08-25
+ * Hid translation-related symbols entirely and ensured that
+ raw functions have hidden definitions for internal use.
+ * Allowed setting NULL via context_set* functions.
+ * Allowed whitespace in MLS component of context.
+ * Changed rpm_execcon to use translated functions to workaround
+ lack of MLS level on upgraded systems.
+
+1.25.3 2005-08-23
+ * Merged context translation patch, originally by TCS,
+ with modifications by Dan Walsh (Red Hat).
+
+1.25.2 2005-08-11
+ * Merged several fixes for error handling paths in the
+ AVC sidtab, matchpathcon, booleans, context, and get_context_list
+ code from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.25.1 2005-08-10
+ * Removed setupns; migrated to pam.
+ * Merged patches to rename checkPasswdAccess() from Joshua Brindle.
+ Original symbol is temporarily retained for compatibility until
+ all callers are updated.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.12 2005-06-13
+ * Merged security_setupns() from Chad Sellers.
+
+1.23.11 2005-05-19
+ * Merged avcstat and selinux man page from Dan Walsh.
+ * Changed security_load_booleans to process booleans.local
+ even if booleans file doesn't exist.
+
+1.23.10 2005-04-29
+ * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
+
+1.23.9 2005-04-26
+ * Rewrote get_ordered_context_list and helpers, including
+ changing logic to allow variable MLS fields.
+
+1.23.8 2005-04-25
+ * Merged matchpathcon and man page patch from Dan Walsh.
+
+1.23.7 2005-04-12
+ * Changed boolean functions to return -1 with errno ENOENT
+ rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
+ mounted).
+
+1.23.6 2005-04-08
+ * Fixed bug in matchpathcon_filespec_destroy.
+
+1.23.5 2005-04-05
+ * Fixed bug in rpm_execcon error handling path.
+
+1.23.4 2005-04-04
+ * Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
+ * Merged fix for getconlist utility from Andreas Steinmetz.
+
+1.23.3 2005-03-29
+ * Merged security_set_boolean_list patch from Dan Walsh.
+ This introduces booleans.local support for setsebool.
+
+1.23.2 2005-03-17
+ * Merged destructors patch from Tomas Mraz.
+
+1.23.1 2005-03-16
+ * Added set_matchpathcon_flags() function for setting flags
+ controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
+ means only process the base file_contexts file, not
+ file_contexts.homedirs or file_contexts.local, and is for use by
+ setfiles -c.
+ * Updated matchpathcon.3 man page.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.13 2005-03-08
+ * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
+
+1.21.12 2005-03-01
+ * Changed matchpathcon_common to ignore any non-format bits in the mode.
+
+1.21.11 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.10 2005-02-17
+ * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
+ * Added selinux_users_path() for path to directory containing
+ system.users and local.users.
+
+1.21.9 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.8 2005-02-07
+ * Regenerated av_permissions.h.
+
+1.21.7 2005-02-01
+ * Modified avc_dump_av to explicitly check for any permissions that
+ cannot be mapped to string names and display them as a hex value.
+
+1.21.6 2005-01-31
+ * Regenerated av_permissions.h.
+
+1.21.5 2005-01-28
+ * Generalized matchpathcon internals, exported more interfaces,
+ and moved additional code from setfiles into libselinux so that
+ setfiles can directly use matchpathcon.
+
+1.21.4 2005-01-27
+ * Prevent overflow of spec array in matchpathcon.
+
+1.21.3 2005-01-26
+ * Fixed several uses of internal functions to avoid relocations.
+ * Changed rpm_execcon to check is_selinux_enabled() and fallback to
+ a regular execve if not enabled (or unable to determine due to a lack
+ of /proc, e.g. chroot'd environment).
+
+
+1.21.2 2005-01-24
+ * Merged minor fix for avcstat from Dan Walsh.
+
+1.21.1 2005-01-19
+ * Merged patch from Dan Walsh, including:
+ - new is_context_customizable function
+ - changed matchpathcon to also use file_contexts.local if present
+ - man page cleanups
+
+1.20 2005-01-04
+ * Changed matchpathcon to return -1 with errno ENOENT for
+ <<none>> entries, and also for an empty file_contexts configuration.
+ * Removed some trivial utils that were not useful or redundant.
+ * Changed BINDIR default to /usr/sbin to match change in Fedora.
+ * Added security_compute_member.
+ * Added man page for setcon.
+ * Merged more man pages from Dan Walsh.
+ * Merged avcstat from James Morris.
+ * Merged build fix for mips from Manoj Srivastava.
+ * Merged C++ support from John Ramsdell of MITRE.
+ * Merged setcon() function from Darrel Goeddel of TCS.
+ * Merged setsebool/togglesebool enhancement from Steve Grubb.
+ * Merged cleanup patches from Steve Grubb.
+
+1.18 2004-11-01
+ * Merged cleanup patches from Steve Grubb.
+ * Added rpm_execcon.
+ * Merged setenforce and removable context patch from Dan Walsh.
+ * Merged build fix for alpha from Ulrich Drepper.
+ * Removed copyright/license from selinux_netlink.h - definitions only.
+ * Merged matchmediacon from Dan Walsh.
+ * Regenerated headers for new nscd permissions.
+ * Added get_default_context_with_role.
+ * Added set_matchpathcon_printf.
+ * Reworked av_inherit.h to allow easier re-use by kernel.
+ * Changed avc_has_perm_noaudit to not fail on netlink errors.
+ * Changed avc netlink code to check pid based on patch by Steve Grubb.
+ * Merged second optimization patch from Ulrich Drepper.
+ * Changed matchpathcon to skip invalid file_contexts entries.
+ * Made string tables private to libselinux.
+ * Merged strcat->stpcpy patch from Ulrich Drepper.
+ * Merged matchpathcon man page from Dan Walsh.
+ * Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
+ * Autobind netlink socket.
+ * Dropped compatibility code from security_compute_user.
+ * Merged fix for context_range_set from Chad Hanson.
+ * Merged allocation failure checking patch from Chad Hanson.
+ * Merged avc netlink error message patch from Colin Walters.
+
+1.16 2004-08-19
+ * Regenerated headers for nscd class.
+ * Merged man pages from Dan Walsh.
+ * Merged context_new bug fix for MLS ranges from Chad Hanson.
+ * Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
+ * Renamed change_bool and show_bools to setsebool and getsebool.
+ * Merged security_load_booleans() function from Dan Walsh.
+ * Added selinux_booleans_path() function.
+ * Changed avc_init function prototype to use const.
+ * Regenerated headers for crontab permission.
+ * Added checkAccess from Dan Walsh.
+ * Merged getenforce patch from Dan Walsh.
+ * Regenerated headers for dbus classes.
+
+1.14 2004-06-16
+ * Regenerated headers for fine-grained netlink classes.
+ * Merged selinux_config bug fix from Dan Walsh.
+ * Added userspace AVC man pages.
+ * Added man links for API calls to existing man pages documenting them.
+ * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
+ * Merged patch to determine config file paths at runtime to support
+ reorganized layout.
+ * Regenerated flask headers with stable ordering.
+ * Merged patch for man pages from Russell Coker.
+
+1.12 2004-05-10
+ * Updated flask files to include new SE-X security classes.
+ * Added security_disable function for runtime disable of SELinux prior
+ to initial policy load (for /sbin/init).
+ * Changed get_ordered_context_list to omit any reachable contexts
+ that are not explicitly listed in default_contexts, unless there
+ are no matches.
+ * Merged man pages from Russell Coker and Dan Walsh.
+ * Merged memory leak fixes from Dan Walsh.
+ * Merged policyvers errno patch from Chris PeBenito.
+
+1.10 2004-04-05
+ * Merged getenforce patch from Dan Walsh.
+ * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
+ the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
+ Based on a patch by Russell Coker.
+ * Merged matchpathcon buffer size fix from Dan Walsh.
+
+1.8 2004-03-09
+ * Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
+ * Added matchpathcon function.
+ * Updated userspace AVC to handle netlink selinux notifications.
+
+1.6 2004-02-18
+ * Merged conditional policy extensions from Tresys Technology.
+ * Added userspace avc and SID table implementation.
+ * Fixed type on size in getpeercon per Thorsten Kukuk's advice.
+ * Fixed use of getpwnam_r per Thorsten Kukuk's advice.
+ * Changed to use getpwnam_r rather than getpwnam internally to
+ avoid clobbering any existing pwd struct obtained by the caller.
+ * Added getpeercon function to encapsulate getsockopt SO_PEERSEC
+ and handle allocation ala getfilecon.
+ * Changed is_selinux_enabled to return -1 on errors.
+ * Changed to discover selinuxfs mount point via /proc/mounts
+ so that the mount point can be changed without rebuilding.
+
+1.4 2003-12-01
+ * Merged another cleanup patch from Bastian Blank and Joerg Hoh.
+ * Regenerate headers for new permissions.
+ * Merged static lib build patch from Bastian Blank and Joerg Hoh.
+ * Export SELINUXMNT definition, add SELINUXPOLICY definition.
+ * Add functions to provide access to enforce and policyvers.
+ * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
+ * Fixed type for 'size' in *getfilecon.
+ * Dropped -lattr and changed #include's to <sys/xattr.h>
+ * Merged patch to move shared library to /lib from Dan Walsh.
+ * Changed get_ordered_context_list to support a failsafe context.
+ * Added selinuxenabled utility.
+ * Merged const patch from Thorsten Kukuk.
+
+1.2 2003-09-30
+ * Change is_selinux_enabled to fail if policy isn't loaded.
+ * Changed Makefiles to allow non-root rpm builds.
+ * Added -lattr for libselinux.so to ensure proper binding.
+
+1.1 2003-08-13
+ * Ensure that context strings are padded with a null byte
+ in case the kernel didn't include one.
+ * Regenerate headers, update helpers.c for code cleanup.
+ * Pass soname flag to linker (Colin Walters).
+ * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
+
+1.0 2003-07-11
+ * Initial public release.
diff --git a/libselinux/LICENSE b/libselinux/LICENSE
new file mode 100644
index 0000000..d386268
--- /dev/null
+++ b/libselinux/LICENSE
@@ -0,0 +1,21 @@
+This library (libselinux) is public domain software, i.e. not copyrighted.
+
+Warranty Exclusion
+------------------
+You agree that this software is a
+non-commercially developed program that may contain "bugs" (as that
+term is used in the industry) and that it may not function as intended.
+The software is licensed "as is". NSA makes no, and hereby expressly
+disclaims all, warranties, express, implied, statutory, or otherwise
+with respect to the software, including noninfringement and the implied
+warranties of merchantability and fitness for a particular purpose.
+
+Limitation of Liability
+-----------------------
+In no event will NSA be liable for any damages, including loss of data,
+lost profits, cost of cover, or other special, incidental,
+consequential, direct or indirect damages arising from the software or
+the use thereof, however caused and on any theory of liability. This
+limitation will apply even if NSA has been advised of the possibility
+of such damage. You acknowledge that this is a reasonable allocation of
+risk.
diff --git a/libselinux/Makefile b/libselinux/Makefile
new file mode 100644
index 0000000..9feaf94
--- /dev/null
+++ b/libselinux/Makefile
@@ -0,0 +1,59 @@
+DISABLE_AVC ?= n
+DISABLE_SETRANS ?= n
+DISABLE_RPM ?= n
+DISABLE_BOOL ?= n
+ifeq ($(EMBEDDED),y)
+ override DISABLE_AVC=y
+ override DISABLE_SETRANS=y
+ override DISABLE_RPM=y
+ override DISABLE_BOOL=y
+endif
+ifeq ($(DISABLE_AVC),y)
+ EMFLAGS+= -DDISABLE_AVC
+endif
+ifeq ($(DISABLE_BOOL),y)
+ EMFLAGS+= -DDISABLE_BOOL
+endif
+ifeq ($(DISABLE_SETRANS),y)
+ EMFLAGS+= -DDISABLE_SETRANS
+endif
+export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS
+
+all:
+ $(MAKE) -C src
+ $(MAKE) -C utils
+
+swigify: all
+ $(MAKE) -C src swigify
+
+pywrap:
+ $(MAKE) -C src pywrap
+
+rubywrap:
+ $(MAKE) -C src rubywrap
+
+install:
+ $(MAKE) -C include install
+ $(MAKE) -C src install
+ $(MAKE) -C utils install
+ $(MAKE) -C man install
+
+install-pywrap:
+ $(MAKE) -C src install-pywrap
+
+install-rubywrap:
+ $(MAKE) -C src install-rubywrap
+
+relabel:
+ $(MAKE) -C src relabel
+
+clean distclean:
+ $(MAKE) -C src $@
+ $(MAKE) -C utils clean
+
+indent:
+ $(MAKE) -C src $@
+ $(MAKE) -C utils $@
+ $(MAKE) -C include $@
+
+test:
diff --git a/libselinux/VERSION b/libselinux/VERSION
new file mode 100644
index 0000000..701cfaf
--- /dev/null
+++ b/libselinux/VERSION
@@ -0,0 +1 @@
+2.0.71
diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile
new file mode 100644
index 0000000..e19bef8
--- /dev/null
+++ b/libselinux/include/Makefile
@@ -0,0 +1,11 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCDIR ?= $(PREFIX)/include/selinux
+
+install:
+ test -d $(INCDIR) || install -m 755 -d $(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+
+indent:
+ ../../scripts/Lindent $(wildcard selinux/*.h)
+
diff --git a/libselinux/include/selinux/av_permissions.h b/libselinux/include/selinux/av_permissions.h
new file mode 100644
index 0000000..e0a78de
--- /dev/null
+++ b/libselinux/include/selinux/av_permissions.h
@@ -0,0 +1,1006 @@
+/* This file is automatically generated. Do not edit. */
+#define COMMON_FILE__IOCTL 0x00000001UL
+#define COMMON_FILE__READ 0x00000002UL
+#define COMMON_FILE__WRITE 0x00000004UL
+#define COMMON_FILE__CREATE 0x00000008UL
+#define COMMON_FILE__GETATTR 0x00000010UL
+#define COMMON_FILE__SETATTR 0x00000020UL
+#define COMMON_FILE__LOCK 0x00000040UL
+#define COMMON_FILE__RELABELFROM 0x00000080UL
+#define COMMON_FILE__RELABELTO 0x00000100UL
+#define COMMON_FILE__APPEND 0x00000200UL
+#define COMMON_FILE__UNLINK 0x00000400UL
+#define COMMON_FILE__LINK 0x00000800UL
+#define COMMON_FILE__RENAME 0x00001000UL
+#define COMMON_FILE__EXECUTE 0x00002000UL
+#define COMMON_FILE__SWAPON 0x00004000UL
+#define COMMON_FILE__QUOTAON 0x00008000UL
+#define COMMON_FILE__MOUNTON 0x00010000UL
+#define COMMON_SOCKET__IOCTL 0x00000001UL
+#define COMMON_SOCKET__READ 0x00000002UL
+#define COMMON_SOCKET__WRITE 0x00000004UL
+#define COMMON_SOCKET__CREATE 0x00000008UL
+#define COMMON_SOCKET__GETATTR 0x00000010UL
+#define COMMON_SOCKET__SETATTR 0x00000020UL
+#define COMMON_SOCKET__LOCK 0x00000040UL
+#define COMMON_SOCKET__RELABELFROM 0x00000080UL
+#define COMMON_SOCKET__RELABELTO 0x00000100UL
+#define COMMON_SOCKET__APPEND 0x00000200UL
+#define COMMON_SOCKET__BIND 0x00000400UL
+#define COMMON_SOCKET__CONNECT 0x00000800UL
+#define COMMON_SOCKET__LISTEN 0x00001000UL
+#define COMMON_SOCKET__ACCEPT 0x00002000UL
+#define COMMON_SOCKET__GETOPT 0x00004000UL
+#define COMMON_SOCKET__SETOPT 0x00008000UL
+#define COMMON_SOCKET__SHUTDOWN 0x00010000UL
+#define COMMON_SOCKET__RECVFROM 0x00020000UL
+#define COMMON_SOCKET__SENDTO 0x00040000UL
+#define COMMON_SOCKET__RECV_MSG 0x00080000UL
+#define COMMON_SOCKET__SEND_MSG 0x00100000UL
+#define COMMON_SOCKET__NAME_BIND 0x00200000UL
+#define COMMON_IPC__CREATE 0x00000001UL
+#define COMMON_IPC__DESTROY 0x00000002UL
+#define COMMON_IPC__GETATTR 0x00000004UL
+#define COMMON_IPC__SETATTR 0x00000008UL
+#define COMMON_IPC__READ 0x00000010UL
+#define COMMON_IPC__WRITE 0x00000020UL
+#define COMMON_IPC__ASSOCIATE 0x00000040UL
+#define COMMON_IPC__UNIX_READ 0x00000080UL
+#define COMMON_IPC__UNIX_WRITE 0x00000100UL
+#define COMMON_DATABASE__CREATE 0x00000001UL
+#define COMMON_DATABASE__DROP 0x00000002UL
+#define COMMON_DATABASE__GETATTR 0x00000004UL
+#define COMMON_DATABASE__SETATTR 0x00000008UL
+#define COMMON_DATABASE__RELABELFROM 0x00000010UL
+#define COMMON_DATABASE__RELABELTO 0x00000020UL
+#define FILESYSTEM__MOUNT 0x00000001UL
+#define FILESYSTEM__REMOUNT 0x00000002UL
+#define FILESYSTEM__UNMOUNT 0x00000004UL
+#define FILESYSTEM__GETATTR 0x00000008UL
+#define FILESYSTEM__RELABELFROM 0x00000010UL
+#define FILESYSTEM__RELABELTO 0x00000020UL
+#define FILESYSTEM__TRANSITION 0x00000040UL
+#define FILESYSTEM__ASSOCIATE 0x00000080UL
+#define FILESYSTEM__QUOTAMOD 0x00000100UL
+#define FILESYSTEM__QUOTAGET 0x00000200UL
+#define DIR__IOCTL 0x00000001UL
+#define DIR__READ 0x00000002UL
+#define DIR__WRITE 0x00000004UL
+#define DIR__CREATE 0x00000008UL
+#define DIR__GETATTR 0x00000010UL
+#define DIR__SETATTR 0x00000020UL
+#define DIR__LOCK 0x00000040UL
+#define DIR__RELABELFROM 0x00000080UL
+#define DIR__RELABELTO 0x00000100UL
+#define DIR__APPEND 0x00000200UL
+#define DIR__UNLINK 0x00000400UL
+#define DIR__LINK 0x00000800UL
+#define DIR__RENAME 0x00001000UL
+#define DIR__EXECUTE 0x00002000UL
+#define DIR__SWAPON 0x00004000UL
+#define DIR__QUOTAON 0x00008000UL
+#define DIR__MOUNTON 0x00010000UL
+#define DIR__ADD_NAME 0x00020000UL
+#define DIR__REMOVE_NAME 0x00040000UL
+#define DIR__REPARENT 0x00080000UL
+#define DIR__SEARCH 0x00100000UL
+#define DIR__RMDIR 0x00200000UL
+#define FILE__IOCTL 0x00000001UL
+#define FILE__READ 0x00000002UL
+#define FILE__WRITE 0x00000004UL
+#define FILE__CREATE 0x00000008UL
+#define FILE__GETATTR 0x00000010UL
+#define FILE__SETATTR 0x00000020UL
+#define FILE__LOCK 0x00000040UL
+#define FILE__RELABELFROM 0x00000080UL
+#define FILE__RELABELTO 0x00000100UL
+#define FILE__APPEND 0x00000200UL
+#define FILE__UNLINK 0x00000400UL
+#define FILE__LINK 0x00000800UL
+#define FILE__RENAME 0x00001000UL
+#define FILE__EXECUTE 0x00002000UL
+#define FILE__SWAPON 0x00004000UL
+#define FILE__QUOTAON 0x00008000UL
+#define FILE__MOUNTON 0x00010000UL
+#define FILE__EXECUTE_NO_TRANS 0x00020000UL
+#define FILE__ENTRYPOINT 0x00040000UL
+#define FILE__EXECMOD 0x00080000UL
+#define LNK_FILE__IOCTL 0x00000001UL
+#define LNK_FILE__READ 0x00000002UL
+#define LNK_FILE__WRITE 0x00000004UL
+#define LNK_FILE__CREATE 0x00000008UL
+#define LNK_FILE__GETATTR 0x00000010UL
+#define LNK_FILE__SETATTR 0x00000020UL
+#define LNK_FILE__LOCK 0x00000040UL
+#define LNK_FILE__RELABELFROM 0x00000080UL
+#define LNK_FILE__RELABELTO 0x00000100UL
+#define LNK_FILE__APPEND 0x00000200UL
+#define LNK_FILE__UNLINK 0x00000400UL
+#define LNK_FILE__LINK 0x00000800UL
+#define LNK_FILE__RENAME 0x00001000UL
+#define LNK_FILE__EXECUTE 0x00002000UL
+#define LNK_FILE__SWAPON 0x00004000UL
+#define LNK_FILE__QUOTAON 0x00008000UL
+#define LNK_FILE__MOUNTON 0x00010000UL
+#define CHR_FILE__IOCTL 0x00000001UL
+#define CHR_FILE__READ 0x00000002UL
+#define CHR_FILE__WRITE 0x00000004UL
+#define CHR_FILE__CREATE 0x00000008UL
+#define CHR_FILE__GETATTR 0x00000010UL
+#define CHR_FILE__SETATTR 0x00000020UL
+#define CHR_FILE__LOCK 0x00000040UL
+#define CHR_FILE__RELABELFROM 0x00000080UL
+#define CHR_FILE__RELABELTO 0x00000100UL
+#define CHR_FILE__APPEND 0x00000200UL
+#define CHR_FILE__UNLINK 0x00000400UL
+#define CHR_FILE__LINK 0x00000800UL
+#define CHR_FILE__RENAME 0x00001000UL
+#define CHR_FILE__EXECUTE 0x00002000UL
+#define CHR_FILE__SWAPON 0x00004000UL
+#define CHR_FILE__QUOTAON 0x00008000UL
+#define CHR_FILE__MOUNTON 0x00010000UL
+#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
+#define CHR_FILE__ENTRYPOINT 0x00040000UL
+#define CHR_FILE__EXECMOD 0x00080000UL
+#define BLK_FILE__IOCTL 0x00000001UL
+#define BLK_FILE__READ 0x00000002UL
+#define BLK_FILE__WRITE 0x00000004UL
+#define BLK_FILE__CREATE 0x00000008UL
+#define BLK_FILE__GETATTR 0x00000010UL
+#define BLK_FILE__SETATTR 0x00000020UL
+#define BLK_FILE__LOCK 0x00000040UL
+#define BLK_FILE__RELABELFROM 0x00000080UL
+#define BLK_FILE__RELABELTO 0x00000100UL
+#define BLK_FILE__APPEND 0x00000200UL
+#define BLK_FILE__UNLINK 0x00000400UL
+#define BLK_FILE__LINK 0x00000800UL
+#define BLK_FILE__RENAME 0x00001000UL
+#define BLK_FILE__EXECUTE 0x00002000UL
+#define BLK_FILE__SWAPON 0x00004000UL
+#define BLK_FILE__QUOTAON 0x00008000UL
+#define BLK_FILE__MOUNTON 0x00010000UL
+#define SOCK_FILE__IOCTL 0x00000001UL
+#define SOCK_FILE__READ 0x00000002UL
+#define SOCK_FILE__WRITE 0x00000004UL
+#define SOCK_FILE__CREATE 0x00000008UL
+#define SOCK_FILE__GETATTR 0x00000010UL
+#define SOCK_FILE__SETATTR 0x00000020UL
+#define SOCK_FILE__LOCK 0x00000040UL
+#define SOCK_FILE__RELABELFROM 0x00000080UL
+#define SOCK_FILE__RELABELTO 0x00000100UL
+#define SOCK_FILE__APPEND 0x00000200UL
+#define SOCK_FILE__UNLINK 0x00000400UL
+#define SOCK_FILE__LINK 0x00000800UL
+#define SOCK_FILE__RENAME 0x00001000UL
+#define SOCK_FILE__EXECUTE 0x00002000UL
+#define SOCK_FILE__SWAPON 0x00004000UL
+#define SOCK_FILE__QUOTAON 0x00008000UL
+#define SOCK_FILE__MOUNTON 0x00010000UL
+#define FIFO_FILE__IOCTL 0x00000001UL
+#define FIFO_FILE__READ 0x00000002UL
+#define FIFO_FILE__WRITE 0x00000004UL
+#define FIFO_FILE__CREATE 0x00000008UL
+#define FIFO_FILE__GETATTR 0x00000010UL
+#define FIFO_FILE__SETATTR 0x00000020UL
+#define FIFO_FILE__LOCK 0x00000040UL
+#define FIFO_FILE__RELABELFROM 0x00000080UL
+#define FIFO_FILE__RELABELTO 0x00000100UL
+#define FIFO_FILE__APPEND 0x00000200UL
+#define FIFO_FILE__UNLINK 0x00000400UL
+#define FIFO_FILE__LINK 0x00000800UL
+#define FIFO_FILE__RENAME 0x00001000UL
+#define FIFO_FILE__EXECUTE 0x00002000UL
+#define FIFO_FILE__SWAPON 0x00004000UL
+#define FIFO_FILE__QUOTAON 0x00008000UL
+#define FIFO_FILE__MOUNTON 0x00010000UL
+#define FD__USE 0x00000001UL
+#define SOCKET__IOCTL 0x00000001UL
+#define SOCKET__READ 0x00000002UL
+#define SOCKET__WRITE 0x00000004UL
+#define SOCKET__CREATE 0x00000008UL
+#define SOCKET__GETATTR 0x00000010UL
+#define SOCKET__SETATTR 0x00000020UL
+#define SOCKET__LOCK 0x00000040UL
+#define SOCKET__RELABELFROM 0x00000080UL
+#define SOCKET__RELABELTO 0x00000100UL
+#define SOCKET__APPEND 0x00000200UL
+#define SOCKET__BIND 0x00000400UL
+#define SOCKET__CONNECT 0x00000800UL
+#define SOCKET__LISTEN 0x00001000UL
+#define SOCKET__ACCEPT 0x00002000UL
+#define SOCKET__GETOPT 0x00004000UL
+#define SOCKET__SETOPT 0x00008000UL
+#define SOCKET__SHUTDOWN 0x00010000UL
+#define SOCKET__RECVFROM 0x00020000UL
+#define SOCKET__SENDTO 0x00040000UL
+#define SOCKET__RECV_MSG 0x00080000UL
+#define SOCKET__SEND_MSG 0x00100000UL
+#define SOCKET__NAME_BIND 0x00200000UL
+#define TCP_SOCKET__IOCTL 0x00000001UL
+#define TCP_SOCKET__READ 0x00000002UL
+#define TCP_SOCKET__WRITE 0x00000004UL
+#define TCP_SOCKET__CREATE 0x00000008UL
+#define TCP_SOCKET__GETATTR 0x00000010UL
+#define TCP_SOCKET__SETATTR 0x00000020UL
+#define TCP_SOCKET__LOCK 0x00000040UL
+#define TCP_SOCKET__RELABELFROM 0x00000080UL
+#define TCP_SOCKET__RELABELTO 0x00000100UL
+#define TCP_SOCKET__APPEND 0x00000200UL
+#define TCP_SOCKET__BIND 0x00000400UL
+#define TCP_SOCKET__CONNECT 0x00000800UL
+#define TCP_SOCKET__LISTEN 0x00001000UL
+#define TCP_SOCKET__ACCEPT 0x00002000UL
+#define TCP_SOCKET__GETOPT 0x00004000UL
+#define TCP_SOCKET__SETOPT 0x00008000UL
+#define TCP_SOCKET__SHUTDOWN 0x00010000UL
+#define TCP_SOCKET__RECVFROM 0x00020000UL
+#define TCP_SOCKET__SENDTO 0x00040000UL
+#define TCP_SOCKET__RECV_MSG 0x00080000UL
+#define TCP_SOCKET__SEND_MSG 0x00100000UL
+#define TCP_SOCKET__NAME_BIND 0x00200000UL
+#define TCP_SOCKET__CONNECTTO 0x00400000UL
+#define TCP_SOCKET__NEWCONN 0x00800000UL
+#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
+#define TCP_SOCKET__NODE_BIND 0x02000000UL
+#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
+#define UDP_SOCKET__IOCTL 0x00000001UL
+#define UDP_SOCKET__READ 0x00000002UL
+#define UDP_SOCKET__WRITE 0x00000004UL
+#define UDP_SOCKET__CREATE 0x00000008UL
+#define UDP_SOCKET__GETATTR 0x00000010UL
+#define UDP_SOCKET__SETATTR 0x00000020UL
+#define UDP_SOCKET__LOCK 0x00000040UL
+#define UDP_SOCKET__RELABELFROM 0x00000080UL
+#define UDP_SOCKET__RELABELTO 0x00000100UL
+#define UDP_SOCKET__APPEND 0x00000200UL
+#define UDP_SOCKET__BIND 0x00000400UL
+#define UDP_SOCKET__CONNECT 0x00000800UL
+#define UDP_SOCKET__LISTEN 0x00001000UL
+#define UDP_SOCKET__ACCEPT 0x00002000UL
+#define UDP_SOCKET__GETOPT 0x00004000UL
+#define UDP_SOCKET__SETOPT 0x00008000UL
+#define UDP_SOCKET__SHUTDOWN 0x00010000UL
+#define UDP_SOCKET__RECVFROM 0x00020000UL
+#define UDP_SOCKET__SENDTO 0x00040000UL
+#define UDP_SOCKET__RECV_MSG 0x00080000UL
+#define UDP_SOCKET__SEND_MSG 0x00100000UL
+#define UDP_SOCKET__NAME_BIND 0x00200000UL
+#define UDP_SOCKET__NODE_BIND 0x00400000UL
+#define RAWIP_SOCKET__IOCTL 0x00000001UL
+#define RAWIP_SOCKET__READ 0x00000002UL
+#define RAWIP_SOCKET__WRITE 0x00000004UL
+#define RAWIP_SOCKET__CREATE 0x00000008UL
+#define RAWIP_SOCKET__GETATTR 0x00000010UL
+#define RAWIP_SOCKET__SETATTR 0x00000020UL
+#define RAWIP_SOCKET__LOCK 0x00000040UL
+#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
+#define RAWIP_SOCKET__RELABELTO 0x00000100UL
+#define RAWIP_SOCKET__APPEND 0x00000200UL
+#define RAWIP_SOCKET__BIND 0x00000400UL
+#define RAWIP_SOCKET__CONNECT 0x00000800UL
+#define RAWIP_SOCKET__LISTEN 0x00001000UL
+#define RAWIP_SOCKET__ACCEPT 0x00002000UL
+#define RAWIP_SOCKET__GETOPT 0x00004000UL
+#define RAWIP_SOCKET__SETOPT 0x00008000UL
+#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
+#define RAWIP_SOCKET__RECVFROM 0x00020000UL
+#define RAWIP_SOCKET__SENDTO 0x00040000UL
+#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
+#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
+#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
+#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
+#define NODE__TCP_RECV 0x00000001UL
+#define NODE__TCP_SEND 0x00000002UL
+#define NODE__UDP_RECV 0x00000004UL
+#define NODE__UDP_SEND 0x00000008UL
+#define NODE__RAWIP_RECV 0x00000010UL
+#define NODE__RAWIP_SEND 0x00000020UL
+#define NODE__ENFORCE_DEST 0x00000040UL
+#define NODE__DCCP_RECV 0x00000080UL
+#define NODE__DCCP_SEND 0x00000100UL
+#define NODE__RECVFROM 0x00000200UL
+#define NODE__SENDTO 0x00000400UL
+#define NETIF__TCP_RECV 0x00000001UL
+#define NETIF__TCP_SEND 0x00000002UL
+#define NETIF__UDP_RECV 0x00000004UL
+#define NETIF__UDP_SEND 0x00000008UL
+#define NETIF__RAWIP_RECV 0x00000010UL
+#define NETIF__RAWIP_SEND 0x00000020UL
+#define NETIF__DCCP_RECV 0x00000040UL
+#define NETIF__DCCP_SEND 0x00000080UL
+#define NETIF__INGRESS 0x00000100UL
+#define NETIF__EGRESS 0x00000200UL
+#define NETLINK_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_SOCKET__READ 0x00000002UL
+#define NETLINK_SOCKET__WRITE 0x00000004UL
+#define NETLINK_SOCKET__CREATE 0x00000008UL
+#define NETLINK_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_SOCKET__LOCK 0x00000040UL
+#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_SOCKET__APPEND 0x00000200UL
+#define NETLINK_SOCKET__BIND 0x00000400UL
+#define NETLINK_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
+#define PACKET_SOCKET__IOCTL 0x00000001UL
+#define PACKET_SOCKET__READ 0x00000002UL
+#define PACKET_SOCKET__WRITE 0x00000004UL
+#define PACKET_SOCKET__CREATE 0x00000008UL
+#define PACKET_SOCKET__GETATTR 0x00000010UL
+#define PACKET_SOCKET__SETATTR 0x00000020UL
+#define PACKET_SOCKET__LOCK 0x00000040UL
+#define PACKET_SOCKET__RELABELFROM 0x00000080UL
+#define PACKET_SOCKET__RELABELTO 0x00000100UL
+#define PACKET_SOCKET__APPEND 0x00000200UL
+#define PACKET_SOCKET__BIND 0x00000400UL
+#define PACKET_SOCKET__CONNECT 0x00000800UL
+#define PACKET_SOCKET__LISTEN 0x00001000UL
+#define PACKET_SOCKET__ACCEPT 0x00002000UL
+#define PACKET_SOCKET__GETOPT 0x00004000UL
+#define PACKET_SOCKET__SETOPT 0x00008000UL
+#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
+#define PACKET_SOCKET__RECVFROM 0x00020000UL
+#define PACKET_SOCKET__SENDTO 0x00040000UL
+#define PACKET_SOCKET__RECV_MSG 0x00080000UL
+#define PACKET_SOCKET__SEND_MSG 0x00100000UL
+#define PACKET_SOCKET__NAME_BIND 0x00200000UL
+#define KEY_SOCKET__IOCTL 0x00000001UL
+#define KEY_SOCKET__READ 0x00000002UL
+#define KEY_SOCKET__WRITE 0x00000004UL
+#define KEY_SOCKET__CREATE 0x00000008UL
+#define KEY_SOCKET__GETATTR 0x00000010UL
+#define KEY_SOCKET__SETATTR 0x00000020UL
+#define KEY_SOCKET__LOCK 0x00000040UL
+#define KEY_SOCKET__RELABELFROM 0x00000080UL
+#define KEY_SOCKET__RELABELTO 0x00000100UL
+#define KEY_SOCKET__APPEND 0x00000200UL
+#define KEY_SOCKET__BIND 0x00000400UL
+#define KEY_SOCKET__CONNECT 0x00000800UL
+#define KEY_SOCKET__LISTEN 0x00001000UL
+#define KEY_SOCKET__ACCEPT 0x00002000UL
+#define KEY_SOCKET__GETOPT 0x00004000UL
+#define KEY_SOCKET__SETOPT 0x00008000UL
+#define KEY_SOCKET__SHUTDOWN 0x00010000UL
+#define KEY_SOCKET__RECVFROM 0x00020000UL
+#define KEY_SOCKET__SENDTO 0x00040000UL
+#define KEY_SOCKET__RECV_MSG 0x00080000UL
+#define KEY_SOCKET__SEND_MSG 0x00100000UL
+#define KEY_SOCKET__NAME_BIND 0x00200000UL
+#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
+#define UNIX_STREAM_SOCKET__READ 0x00000002UL
+#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
+#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
+#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
+#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
+#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
+#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
+#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
+#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
+#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
+#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
+#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
+#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
+#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
+#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
+#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
+#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
+#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
+#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
+#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
+#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
+#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
+#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
+#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
+#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
+#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
+#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
+#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
+#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
+#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
+#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
+#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
+#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
+#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
+#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
+#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
+#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
+#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
+#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
+#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
+#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
+#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
+#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
+#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
+#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
+#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
+#define PROCESS__FORK 0x00000001UL
+#define PROCESS__TRANSITION 0x00000002UL
+#define PROCESS__SIGCHLD 0x00000004UL
+#define PROCESS__SIGKILL 0x00000008UL
+#define PROCESS__SIGSTOP 0x00000010UL
+#define PROCESS__SIGNULL 0x00000020UL
+#define PROCESS__SIGNAL 0x00000040UL
+#define PROCESS__PTRACE 0x00000080UL
+#define PROCESS__GETSCHED 0x00000100UL
+#define PROCESS__SETSCHED 0x00000200UL
+#define PROCESS__GETSESSION 0x00000400UL
+#define PROCESS__GETPGID 0x00000800UL
+#define PROCESS__SETPGID 0x00001000UL
+#define PROCESS__GETCAP 0x00002000UL
+#define PROCESS__SETCAP 0x00004000UL
+#define PROCESS__SHARE 0x00008000UL
+#define PROCESS__GETATTR 0x00010000UL
+#define PROCESS__SETEXEC 0x00020000UL
+#define PROCESS__SETFSCREATE 0x00040000UL
+#define PROCESS__NOATSECURE 0x00080000UL
+#define PROCESS__SIGINH 0x00100000UL
+#define PROCESS__SETRLIMIT 0x00200000UL
+#define PROCESS__RLIMITINH 0x00400000UL
+#define PROCESS__DYNTRANSITION 0x00800000UL
+#define PROCESS__SETCURRENT 0x01000000UL
+#define PROCESS__EXECMEM 0x02000000UL
+#define PROCESS__EXECSTACK 0x04000000UL
+#define PROCESS__EXECHEAP 0x08000000UL
+#define PROCESS__SETKEYCREATE 0x10000000UL
+#define PROCESS__SETSOCKCREATE 0x20000000UL
+#define IPC__CREATE 0x00000001UL
+#define IPC__DESTROY 0x00000002UL
+#define IPC__GETATTR 0x00000004UL
+#define IPC__SETATTR 0x00000008UL
+#define IPC__READ 0x00000010UL
+#define IPC__WRITE 0x00000020UL
+#define IPC__ASSOCIATE 0x00000040UL
+#define IPC__UNIX_READ 0x00000080UL
+#define IPC__UNIX_WRITE 0x00000100UL
+#define SEM__CREATE 0x00000001UL
+#define SEM__DESTROY 0x00000002UL
+#define SEM__GETATTR 0x00000004UL
+#define SEM__SETATTR 0x00000008UL
+#define SEM__READ 0x00000010UL
+#define SEM__WRITE 0x00000020UL
+#define SEM__ASSOCIATE 0x00000040UL
+#define SEM__UNIX_READ 0x00000080UL
+#define SEM__UNIX_WRITE 0x00000100UL
+#define MSGQ__CREATE 0x00000001UL
+#define MSGQ__DESTROY 0x00000002UL
+#define MSGQ__GETATTR 0x00000004UL
+#define MSGQ__SETATTR 0x00000008UL
+#define MSGQ__READ 0x00000010UL
+#define MSGQ__WRITE 0x00000020UL
+#define MSGQ__ASSOCIATE 0x00000040UL
+#define MSGQ__UNIX_READ 0x00000080UL
+#define MSGQ__UNIX_WRITE 0x00000100UL
+#define MSGQ__ENQUEUE 0x00000200UL
+#define MSG__SEND 0x00000001UL
+#define MSG__RECEIVE 0x00000002UL
+#define SHM__CREATE 0x00000001UL
+#define SHM__DESTROY 0x00000002UL
+#define SHM__GETATTR 0x00000004UL
+#define SHM__SETATTR 0x00000008UL
+#define SHM__READ 0x00000010UL
+#define SHM__WRITE 0x00000020UL
+#define SHM__ASSOCIATE 0x00000040UL
+#define SHM__UNIX_READ 0x00000080UL
+#define SHM__UNIX_WRITE 0x00000100UL
+#define SHM__LOCK 0x00000200UL
+#define SECURITY__COMPUTE_AV 0x00000001UL
+#define SECURITY__COMPUTE_CREATE 0x00000002UL
+#define SECURITY__COMPUTE_MEMBER 0x00000004UL
+#define SECURITY__CHECK_CONTEXT 0x00000008UL
+#define SECURITY__LOAD_POLICY 0x00000010UL
+#define SECURITY__COMPUTE_RELABEL 0x00000020UL
+#define SECURITY__COMPUTE_USER 0x00000040UL
+#define SECURITY__SETENFORCE 0x00000080UL
+#define SECURITY__SETBOOL 0x00000100UL
+#define SECURITY__SETSECPARAM 0x00000200UL
+#define SECURITY__SETCHECKREQPROT 0x00000400UL
+#define SYSTEM__IPC_INFO 0x00000001UL
+#define SYSTEM__SYSLOG_READ 0x00000002UL
+#define SYSTEM__SYSLOG_MOD 0x00000004UL
+#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
+#define CAPABILITY__CHOWN 0x00000001UL
+#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
+#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
+#define CAPABILITY__FOWNER 0x00000008UL
+#define CAPABILITY__FSETID 0x00000010UL
+#define CAPABILITY__KILL 0x00000020UL
+#define CAPABILITY__SETGID 0x00000040UL
+#define CAPABILITY__SETUID 0x00000080UL
+#define CAPABILITY__SETPCAP 0x00000100UL
+#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
+#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
+#define CAPABILITY__NET_BROADCAST 0x00000800UL
+#define CAPABILITY__NET_ADMIN 0x00001000UL
+#define CAPABILITY__NET_RAW 0x00002000UL
+#define CAPABILITY__IPC_LOCK 0x00004000UL
+#define CAPABILITY__IPC_OWNER 0x00008000UL
+#define CAPABILITY__SYS_MODULE 0x00010000UL
+#define CAPABILITY__SYS_RAWIO 0x00020000UL
+#define CAPABILITY__SYS_CHROOT 0x00040000UL
+#define CAPABILITY__SYS_PTRACE 0x00080000UL
+#define CAPABILITY__SYS_PACCT 0x00100000UL
+#define CAPABILITY__SYS_ADMIN 0x00200000UL
+#define CAPABILITY__SYS_BOOT 0x00400000UL
+#define CAPABILITY__SYS_NICE 0x00800000UL
+#define CAPABILITY__SYS_RESOURCE 0x01000000UL
+#define CAPABILITY__SYS_TIME 0x02000000UL
+#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
+#define CAPABILITY__MKNOD 0x08000000UL
+#define CAPABILITY__LEASE 0x10000000UL
+#define CAPABILITY__AUDIT_WRITE 0x20000000UL
+#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
+#define CAPABILITY__SETFCAP 0x80000000UL
+#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
+#define CAPABILITY2__MAC_ADMIN 0x00000002UL
+#define PASSWD__PASSWD 0x00000001UL
+#define PASSWD__CHFN 0x00000002UL
+#define PASSWD__CHSH 0x00000004UL
+#define PASSWD__ROOTOK 0x00000008UL
+#define PASSWD__CRONTAB 0x00000010UL
+#define DRAWABLE__CREATE 0x00000001UL
+#define DRAWABLE__DESTROY 0x00000002UL
+#define DRAWABLE__DRAW 0x00000004UL
+#define DRAWABLE__COPY 0x00000008UL
+#define DRAWABLE__GETATTR 0x00000010UL
+#define GC__CREATE 0x00000001UL
+#define GC__FREE 0x00000002UL
+#define GC__GETATTR 0x00000004UL
+#define GC__SETATTR 0x00000008UL
+#define WINDOW__ADDCHILD 0x00000001UL
+#define WINDOW__CREATE 0x00000002UL
+#define WINDOW__DESTROY 0x00000004UL
+#define WINDOW__MAP 0x00000008UL
+#define WINDOW__UNMAP 0x00000010UL
+#define WINDOW__CHSTACK 0x00000020UL
+#define WINDOW__CHPROPLIST 0x00000040UL
+#define WINDOW__CHPROP 0x00000080UL
+#define WINDOW__LISTPROP 0x00000100UL
+#define WINDOW__GETATTR 0x00000200UL
+#define WINDOW__SETATTR 0x00000400UL
+#define WINDOW__SETFOCUS 0x00000800UL
+#define WINDOW__MOVE 0x00001000UL
+#define WINDOW__CHSELECTION 0x00002000UL
+#define WINDOW__CHPARENT 0x00004000UL
+#define WINDOW__CTRLLIFE 0x00008000UL
+#define WINDOW__ENUMERATE 0x00010000UL
+#define WINDOW__TRANSPARENT 0x00020000UL
+#define WINDOW__MOUSEMOTION 0x00040000UL
+#define WINDOW__CLIENTCOMEVENT 0x00080000UL
+#define WINDOW__INPUTEVENT 0x00100000UL
+#define WINDOW__DRAWEVENT 0x00200000UL
+#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
+#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
+#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
+#define WINDOW__EXTENSIONEVENT 0x02000000UL
+#define FONT__LOAD 0x00000001UL
+#define FONT__FREE 0x00000002UL
+#define FONT__GETATTR 0x00000004UL
+#define FONT__USE 0x00000008UL
+#define COLORMAP__CREATE 0x00000001UL
+#define COLORMAP__FREE 0x00000002UL
+#define COLORMAP__INSTALL 0x00000004UL
+#define COLORMAP__UNINSTALL 0x00000008UL
+#define COLORMAP__LIST 0x00000010UL
+#define COLORMAP__READ 0x00000020UL
+#define COLORMAP__STORE 0x00000040UL
+#define COLORMAP__GETATTR 0x00000080UL
+#define COLORMAP__SETATTR 0x00000100UL
+#define PROPERTY__CREATE 0x00000001UL
+#define PROPERTY__FREE 0x00000002UL
+#define PROPERTY__READ 0x00000004UL
+#define PROPERTY__WRITE 0x00000008UL
+#define CURSOR__CREATE 0x00000001UL
+#define CURSOR__CREATEGLYPH 0x00000002UL
+#define CURSOR__FREE 0x00000004UL
+#define CURSOR__ASSIGN 0x00000008UL
+#define CURSOR__SETATTR 0x00000010UL
+#define XCLIENT__KILL 0x00000001UL
+#define XINPUT__LOOKUP 0x00000001UL
+#define XINPUT__GETATTR 0x00000002UL
+#define XINPUT__SETATTR 0x00000004UL
+#define XINPUT__SETFOCUS 0x00000008UL
+#define XINPUT__WARPPOINTER 0x00000010UL
+#define XINPUT__ACTIVEGRAB 0x00000020UL
+#define XINPUT__PASSIVEGRAB 0x00000040UL
+#define XINPUT__UNGRAB 0x00000080UL
+#define XINPUT__BELL 0x00000100UL
+#define XINPUT__MOUSEMOTION 0x00000200UL
+#define XINPUT__RELABELINPUT 0x00000400UL
+#define XSERVER__SCREENSAVER 0x00000001UL
+#define XSERVER__GETHOSTLIST 0x00000002UL
+#define XSERVER__SETHOSTLIST 0x00000004UL
+#define XSERVER__GETFONTPATH 0x00000008UL
+#define XSERVER__SETFONTPATH 0x00000010UL
+#define XSERVER__GETATTR 0x00000020UL
+#define XSERVER__GRAB 0x00000040UL
+#define XSERVER__UNGRAB 0x00000080UL
+#define XEXTENSION__QUERY 0x00000001UL
+#define XEXTENSION__USE 0x00000002UL
+#define PAX__PAGEEXEC 0x00000001UL
+#define PAX__EMUTRAMP 0x00000002UL
+#define PAX__MPROTECT 0x00000004UL
+#define PAX__RANDMMAP 0x00000008UL
+#define PAX__RANDEXEC 0x00000010UL
+#define PAX__SEGMEXEC 0x00000020UL
+#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
+#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
+#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
+#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
+#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
+#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
+#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
+#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
+#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
+#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
+#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
+#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
+#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
+#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
+#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
+#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
+#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
+#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
+#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
+#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
+#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
+#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
+#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
+#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
+#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
+#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
+#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
+#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
+#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
+#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
+#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
+#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
+#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
+#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
+#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
+#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
+#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
+#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
+#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
+#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
+#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
+#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
+#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
+#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
+#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
+#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
+#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
+#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
+#define DBUS__ACQUIRE_SVC 0x00000001UL
+#define DBUS__SEND_MSG 0x00000002UL
+#define NSCD__GETPWD 0x00000001UL
+#define NSCD__GETGRP 0x00000002UL
+#define NSCD__GETHOST 0x00000004UL
+#define NSCD__GETSTAT 0x00000008UL
+#define NSCD__ADMIN 0x00000010UL
+#define NSCD__SHMEMPWD 0x00000020UL
+#define NSCD__SHMEMGRP 0x00000040UL
+#define NSCD__SHMEMHOST 0x00000080UL
+#define NSCD__GETSERV 0x00000100UL
+#define NSCD__SHMEMSERV 0x00000200UL
+#define ASSOCIATION__SENDTO 0x00000001UL
+#define ASSOCIATION__RECVFROM 0x00000002UL
+#define ASSOCIATION__SETCONTEXT 0x00000004UL
+#define ASSOCIATION__POLMATCH 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
+#define APPLETALK_SOCKET__IOCTL 0x00000001UL
+#define APPLETALK_SOCKET__READ 0x00000002UL
+#define APPLETALK_SOCKET__WRITE 0x00000004UL
+#define APPLETALK_SOCKET__CREATE 0x00000008UL
+#define APPLETALK_SOCKET__GETATTR 0x00000010UL
+#define APPLETALK_SOCKET__SETATTR 0x00000020UL
+#define APPLETALK_SOCKET__LOCK 0x00000040UL
+#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
+#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
+#define APPLETALK_SOCKET__APPEND 0x00000200UL
+#define APPLETALK_SOCKET__BIND 0x00000400UL
+#define APPLETALK_SOCKET__CONNECT 0x00000800UL
+#define APPLETALK_SOCKET__LISTEN 0x00001000UL
+#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
+#define APPLETALK_SOCKET__GETOPT 0x00004000UL
+#define APPLETALK_SOCKET__SETOPT 0x00008000UL
+#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
+#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
+#define APPLETALK_SOCKET__SENDTO 0x00040000UL
+#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
+#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
+#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
+#define PACKET__SEND 0x00000001UL
+#define PACKET__RECV 0x00000002UL
+#define PACKET__RELABELTO 0x00000004UL
+#define PACKET__FLOW_IN 0x00000008UL
+#define PACKET__FLOW_OUT 0x00000010UL
+#define PACKET__FORWARD_IN 0x00000020UL
+#define PACKET__FORWARD_OUT 0x00000040UL
+#define KEY__VIEW 0x00000001UL
+#define KEY__READ 0x00000002UL
+#define KEY__WRITE 0x00000004UL
+#define KEY__SEARCH 0x00000008UL
+#define KEY__LINK 0x00000010UL
+#define KEY__SETATTR 0x00000020UL
+#define KEY__CREATE 0x00000040UL
+#define CONTEXT__TRANSLATE 0x00000001UL
+#define CONTEXT__CONTAINS 0x00000002UL
+#define DCCP_SOCKET__IOCTL 0x00000001UL
+#define DCCP_SOCKET__READ 0x00000002UL
+#define DCCP_SOCKET__WRITE 0x00000004UL
+#define DCCP_SOCKET__CREATE 0x00000008UL
+#define DCCP_SOCKET__GETATTR 0x00000010UL
+#define DCCP_SOCKET__SETATTR 0x00000020UL
+#define DCCP_SOCKET__LOCK 0x00000040UL
+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
+#define DCCP_SOCKET__RELABELTO 0x00000100UL
+#define DCCP_SOCKET__APPEND 0x00000200UL
+#define DCCP_SOCKET__BIND 0x00000400UL
+#define DCCP_SOCKET__CONNECT 0x00000800UL
+#define DCCP_SOCKET__LISTEN 0x00001000UL
+#define DCCP_SOCKET__ACCEPT 0x00002000UL
+#define DCCP_SOCKET__GETOPT 0x00004000UL
+#define DCCP_SOCKET__SETOPT 0x00008000UL
+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
+#define DCCP_SOCKET__RECVFROM 0x00020000UL
+#define DCCP_SOCKET__SENDTO 0x00040000UL
+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
+#define DB_DATABASE__CREATE 0x00000001UL
+#define DB_DATABASE__DROP 0x00000002UL
+#define DB_DATABASE__GETATTR 0x00000004UL
+#define DB_DATABASE__SETATTR 0x00000008UL
+#define DB_DATABASE__RELABELFROM 0x00000010UL
+#define DB_DATABASE__RELABELTO 0x00000020UL
+#define DB_DATABASE__ACCESS 0x00000040UL
+#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
+#define DB_DATABASE__LOAD_MODULE 0x00000100UL
+#define DB_DATABASE__GET_PARAM 0x00000200UL
+#define DB_DATABASE__SET_PARAM 0x00000400UL
+#define DB_TABLE__CREATE 0x00000001UL
+#define DB_TABLE__DROP 0x00000002UL
+#define DB_TABLE__GETATTR 0x00000004UL
+#define DB_TABLE__SETATTR 0x00000008UL
+#define DB_TABLE__RELABELFROM 0x00000010UL
+#define DB_TABLE__RELABELTO 0x00000020UL
+#define DB_TABLE__USE 0x00000040UL
+#define DB_TABLE__SELECT 0x00000080UL
+#define DB_TABLE__UPDATE 0x00000100UL
+#define DB_TABLE__INSERT 0x00000200UL
+#define DB_TABLE__DELETE 0x00000400UL
+#define DB_TABLE__LOCK 0x00000800UL
+#define DB_PROCEDURE__CREATE 0x00000001UL
+#define DB_PROCEDURE__DROP 0x00000002UL
+#define DB_PROCEDURE__GETATTR 0x00000004UL
+#define DB_PROCEDURE__SETATTR 0x00000008UL
+#define DB_PROCEDURE__RELABELFROM 0x00000010UL
+#define DB_PROCEDURE__RELABELTO 0x00000020UL
+#define DB_PROCEDURE__EXECUTE 0x00000040UL
+#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
+#define DB_COLUMN__CREATE 0x00000001UL
+#define DB_COLUMN__DROP 0x00000002UL
+#define DB_COLUMN__GETATTR 0x00000004UL
+#define DB_COLUMN__SETATTR 0x00000008UL
+#define DB_COLUMN__RELABELFROM 0x00000010UL
+#define DB_COLUMN__RELABELTO 0x00000020UL
+#define DB_COLUMN__USE 0x00000040UL
+#define DB_COLUMN__SELECT 0x00000080UL
+#define DB_COLUMN__UPDATE 0x00000100UL
+#define DB_COLUMN__INSERT 0x00000200UL
+#define DB_TUPLE__RELABELFROM 0x00000001UL
+#define DB_TUPLE__RELABELTO 0x00000002UL
+#define DB_TUPLE__USE 0x00000004UL
+#define DB_TUPLE__SELECT 0x00000008UL
+#define DB_TUPLE__UPDATE 0x00000010UL
+#define DB_TUPLE__INSERT 0x00000020UL
+#define DB_TUPLE__DELETE 0x00000040UL
+#define DB_BLOB__CREATE 0x00000001UL
+#define DB_BLOB__DROP 0x00000002UL
+#define DB_BLOB__GETATTR 0x00000004UL
+#define DB_BLOB__SETATTR 0x00000008UL
+#define DB_BLOB__RELABELFROM 0x00000010UL
+#define DB_BLOB__RELABELTO 0x00000020UL
+#define DB_BLOB__READ 0x00000040UL
+#define DB_BLOB__WRITE 0x00000080UL
+#define DB_BLOB__IMPORT 0x00000100UL
+#define DB_BLOB__EXPORT 0x00000200UL
+#define PEER__RECV 0x00000001UL
diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h
new file mode 100644
index 0000000..a31e556
--- /dev/null
+++ b/libselinux/include/selinux/avc.h
@@ -0,0 +1,433 @@
+/*
+ * Access vector cache interface for object managers.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELINUX_AVC_H_
+#define _SELINUX_AVC_H_
+
+#include <stdint.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * SID format and operations
+ */
+struct security_id {
+ security_context_t ctx;
+ unsigned int refcnt;
+};
+typedef struct security_id *security_id_t;
+
+#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
+
+/**
+ * avc_sid_to_context - get copy of context corresponding to SID.
+ * @sid: input SID
+ * @ctx: pointer to context reference
+ *
+ * Return a copy of the security context corresponding to the input
+ * @sid in the memory referenced by @ctx. The caller is expected to
+ * free the context with freecon(). Return %0 on success, -%1 on
+ * failure, with @errno set to %ENOMEM if insufficient memory was
+ * available to make the copy, or %EINVAL if the input SID is invalid.
+ */
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
+
+/**
+ * avc_context_to_sid - get SID for context.
+ * @ctx: input security context
+ * @sid: pointer to SID reference
+ *
+ * Look up security context @ctx in SID table, making
+ * a new entry if @ctx is not found. Increment the
+ * reference counter for the SID. Store a pointer
+ * to the SID structure into the memory referenced by @sid,
+ * returning %0 on success or -%1 on error with @errno set.
+ */
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
+
+/**
+ * sidget - increment SID reference counter.
+ * @sid: SID reference
+ *
+ * Increment the reference counter for @sid, indicating that
+ * @sid is in use by an (additional) object. Return the
+ * new reference count, or zero if @sid is invalid (has zero
+ * reference count). Note that avc_context_to_sid() also
+ * increments reference counts.
+ */
+int sidget(security_id_t sid);
+
+/**
+ * sidput - decrement SID reference counter.
+ * @sid: SID reference
+ *
+ * Decrement the reference counter for @sid, indicating that
+ * a reference to @sid is no longer in use. Return the
+ * new reference count. When the reference count reaches
+ * zero, the SID is invalid, and avc_context_to_sid() must
+ * be called to obtain a new SID for the security context.
+ */
+int sidput(security_id_t sid);
+
+/**
+ * avc_get_initial_sid - get SID for an initial kernel security identifier
+ * @name: input name of initial kernel security identifier
+ * @sid: pointer to a SID reference
+ *
+ * Get the context for an initial kernel security identifier specified by
+ * @name using security_get_initial_context() and then call
+ * avc_context_to_sid() to get the corresponding SID.
+ */
+int avc_get_initial_sid(const char *name, security_id_t * sid);
+
+/*
+ * AVC entry
+ */
+struct avc_entry;
+struct avc_entry_ref {
+ struct avc_entry *ae;
+};
+
+/**
+ * avc_entry_ref_init - initialize an AVC entry reference.
+ * @aeref: pointer to avc entry reference structure
+ *
+ * Use this macro to initialize an avc entry reference structure
+ * before first use. These structures are passed to avc_has_perm(),
+ * which stores cache entry references in them. They can increase
+ * performance on repeated queries.
+ */
+#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
+
+/*
+ * User-provided callbacks for memory, auditing, and locking
+ */
+
+/* These structures are passed by reference to avc_init(). Passing
+ * a NULL reference will cause the AVC to use a default. The default
+ * memory callbacks are malloc() and free(). The default logging method
+ * is to print on stderr. If no thread callbacks are passed, a separate
+ * listening thread won't be started for kernel policy change messages.
+ * If no locking callbacks are passed, no locking will take place.
+ */
+struct avc_memory_callback {
+ /* malloc() equivalent. */
+ void *(*func_malloc) (size_t size);
+ /* free() equivalent. */
+ void (*func_free) (void *ptr);
+ /* Note that these functions should set errno on failure.
+ If not, some avc routines may return -1 without errno set. */
+};
+
+struct avc_log_callback {
+ /* log the printf-style format and arguments. */
+ void (*func_log) (const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ void (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+};
+
+struct avc_thread_callback {
+ /* create and start a thread, returning an opaque pointer to it;
+ the thread should run the given function. */
+ void *(*func_create_thread) (void (*run) (void));
+ /* cancel a given thread and free its resources. */
+ void (*func_stop_thread) (void *thread);
+};
+
+struct avc_lock_callback {
+ /* create a lock and return an opaque pointer to it. */
+ void *(*func_alloc_lock) (void);
+ /* obtain a given lock, blocking if necessary. */
+ void (*func_get_lock) (void *lock);
+ /* release a given lock. */
+ void (*func_release_lock) (void *lock);
+ /* destroy a given lock (free memory, etc.) */
+ void (*func_free_lock) (void *lock);
+};
+
+/*
+ * Available options
+ */
+
+/* no-op option, useful for unused slots in an array of options */
+#define AVC_OPT_UNUSED 0
+/* override kernel enforcing mode (boolean value) */
+#define AVC_OPT_SETENFORCE 1
+
+/*
+ * AVC operations
+ */
+
+/**
+ * avc_init - Initialize the AVC.
+ * @msgprefix: prefix for log messages
+ * @mem_callbacks: user-supplied memory callbacks
+ * @log_callbacks: user-supplied logging callbacks
+ * @thread_callbacks: user-supplied threading callbacks
+ * @lock_callbacks: user-supplied locking callbacks
+ *
+ * Initialize the access vector cache. Return %0 on
+ * success or -%1 with @errno set on failure.
+ * If @msgprefix is NULL, use "uavc". If any callback
+ * structure references are NULL, use default methods
+ * for those callbacks (see the definition of the callback
+ * structures above).
+ */
+int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
+
+/**
+ * avc_open - Initialize the AVC.
+ * @opts: array of selabel_opt structures specifying AVC options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * This function is identical to avc_init(), except the message prefix
+ * is set to "avc" and any callbacks desired should be specified via
+ * selinux_set_callback(). Available options are listed above.
+ */
+int avc_open(struct selinux_opt *opts, unsigned nopts);
+
+/**
+ * avc_cleanup - Remove unused SIDs and AVC entries.
+ *
+ * Search the SID table for SID structures with zero
+ * reference counts, and remove them along with all
+ * AVC entries that reference them. This can be used
+ * to return memory to the system.
+ */
+void avc_cleanup(void);
+
+/**
+ * avc_reset - Flush the cache and reset statistics.
+ *
+ * Remove all entries from the cache and reset all access
+ * statistics (as returned by avc_cache_stats()) to zero.
+ * The SID mapping is not affected. Return %0 on success,
+ * -%1 with @errno set on error.
+ */
+int avc_reset(void);
+
+/**
+ * avc_destroy - Free all AVC structures.
+ *
+ * Destroy all AVC structures and free all allocated
+ * memory. User-supplied locking, memory, and audit
+ * callbacks will be retained, but security-event
+ * callbacks will not. All SID's will be invalidated.
+ * User must call avc_init() if further use of AVC is desired.
+ */
+void avc_destroy(void);
+
+/**
+ * avc_has_perm_noaudit - Check permissions but perform no auditing.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ * @avd: access vector decisions
+ *
+ * Check the AVC to determine whether the @requested permissions are granted
+ * for the SID pair (@ssid, @tsid), interpreting the permissions
+ * based on @tclass, and call the security server on a cache miss to obtain
+ * a new decision and add it to the cache. Update @aeref to refer to an AVC
+ * entry with the resulting decisions, and return a copy of the decisions
+ * in @avd. Return %0 if all @requested permissions are granted, -%1 with
+ * @errno set to %EACCES if any permissions are denied, or to another value
+ * upon other errors. This function is typically called by avc_has_perm(),
+ * but may also be called directly to separate permission checking from
+ * auditing, e.g. in cases where a lock must be held for the check but
+ * should be released for the auditing.
+ */
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd);
+
+/**
+ * avc_has_perm - Check permissions and perform any appropriate auditing.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ * @auditdata: auxiliary audit data
+ *
+ * Check the AVC to determine whether the @requested permissions are granted
+ * for the SID pair (@ssid, @tsid), interpreting the permissions
+ * based on @tclass, and call the security server on a cache miss to obtain
+ * a new decision and add it to the cache. Update @aeref to refer to an AVC
+ * entry with the resulting decisions. Audit the granting or denial of
+ * permissions in accordance with the policy. Return %0 if all @requested
+ * permissions are granted, -%1 with @errno set to %EACCES if any permissions
+ * are denied or to another value upon other errors.
+ */
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
+
+/**
+ * avc_audit - Audit the granting or denial of permissions.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions
+ * @avd: access vector decisions
+ * @result: result from avc_has_perm_noaudit
+ * @auditdata: auxiliary audit data
+ *
+ * Audit the granting or denial of permissions in accordance
+ * with the policy. This function is typically called by
+ * avc_has_perm() after a permission check, but can also be
+ * called directly by callers who use avc_has_perm_noaudit()
+ * in order to separate the permission check from the auditing.
+ * For example, this separation is useful when the permission check must
+ * be performed under a lock, to allow the lock to be released
+ * before calling the auditing code.
+ */
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
+
+/**
+ * avc_compute_create - Compute SID for labeling a new object.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @newsid: pointer to SID reference
+ *
+ * Call the security server to obtain a context for labeling a
+ * new object. Look up the context in the SID table, making
+ * a new entry if not found. Increment the reference counter
+ * for the SID. Store a pointer to the SID structure into the
+ * memory referenced by @newsid, returning %0 on success or -%1 on
+ * error with @errno set.
+ */
+int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
+
+/**
+ * avc_compute_member - Compute SID for polyinstantation.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @newsid: pointer to SID reference
+ *
+ * Call the security server to obtain a context for labeling an
+ * object instance. Look up the context in the SID table, making
+ * a new entry if not found. Increment the reference counter
+ * for the SID. Store a pointer to the SID structure into the
+ * memory referenced by @newsid, returning %0 on success or -%1 on
+ * error with @errno set.
+ */
+int avc_compute_member(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
+
+/*
+ * security event callback facility
+ */
+
+/* security events */
+#define AVC_CALLBACK_GRANT 1
+#define AVC_CALLBACK_TRY_REVOKE 2
+#define AVC_CALLBACK_REVOKE 4
+#define AVC_CALLBACK_RESET 8
+#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
+#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
+#define AVC_CALLBACK_AUDITDENY_ENABLE 64
+#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+
+/**
+ * avc_add_callback - Register a callback for security events.
+ * @callback: callback function
+ * @events: bitwise OR of desired security events
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions
+ *
+ * Register a callback function for events in the set @events
+ * related to the SID pair (@ssid, @tsid) and
+ * and the permissions @perms, interpreting
+ * @perms based on @tclass. Returns %0 on success or
+ * -%1 if insufficient memory exists to add the callback.
+ */
+int avc_add_callback(int (*callback)
+ (uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
+
+/*
+ * AVC statistics
+ */
+
+/* If set, cache statistics are tracked. This may
+ * become a compile-time option in the future.
+ */
+#define AVC_CACHE_STATS 1
+
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
+
+/**
+ * avc_cache_stats - get cache access statistics.
+ * @stats: reference to statistics structure
+ *
+ * Fill the supplied structure with information about AVC
+ * activity since the last call to avc_init() or
+ * avc_reset(). See the structure definition for
+ * details.
+ */
+void avc_cache_stats(struct avc_cache_stats *stats);
+
+/**
+ * avc_av_stats - log av table statistics.
+ *
+ * Log a message with information about the size and
+ * distribution of the access vector table. The audit
+ * callback is used to print the message.
+ */
+void avc_av_stats(void);
+
+/**
+ * avc_sid_stats - log SID table statistics.
+ *
+ * Log a message with information about the size and
+ * distribution of the SID table. The audit callback
+ * is used to print the message.
+ */
+void avc_sid_stats(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _SELINUX_AVC_H_ */
diff --git a/libselinux/include/selinux/context.h b/libselinux/include/selinux/context.h
new file mode 100644
index 0000000..949fb1e
--- /dev/null
+++ b/libselinux/include/selinux/context.h
@@ -0,0 +1,50 @@
+#ifndef _SELINUX_CONTEXT_H_
+#define _SELINUX_CONTEXT_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Functions to deal with security contexts in user space.
+ */
+
+ typedef struct {
+ void *ptr;
+ } context_s_t;
+
+ typedef context_s_t *context_t;
+
+/* Return a new context initialized to a context string */
+
+ extern context_t context_new(const char *);
+
+/*
+ * Return a pointer to the string value of the context_t
+ * Valid until the next call to context_str or context_free
+ * for the same context_t*
+ */
+
+ extern char *context_str(context_t);
+
+/* Free the storage used by a context */
+ extern void context_free(context_t);
+
+/* Get a pointer to the string value of a context component */
+
+ extern const char *context_type_get(context_t);
+ extern const char *context_range_get(context_t);
+ extern const char *context_role_get(context_t);
+ extern const char *context_user_get(context_t);
+
+/* Set a context component. Returns nonzero if unsuccessful */
+
+ extern int context_type_set(context_t, const char *);
+ extern int context_range_set(context_t, const char *);
+ extern int context_role_set(context_t, const char *);
+ extern int context_user_set(context_t, const char *);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/include/selinux/flask.h b/libselinux/include/selinux/flask.h
new file mode 100644
index 0000000..ac8637b
--- /dev/null
+++ b/libselinux/include/selinux/flask.h
@@ -0,0 +1,111 @@
+/* This file is automatically generated. Do not edit. */
+#ifndef _SELINUX_FLASK_H_
+#define _SELINUX_FLASK_H_
+
+/*
+ * Security object class definitions
+ */
+#define SECCLASS_SECURITY 1
+#define SECCLASS_PROCESS 2
+#define SECCLASS_SYSTEM 3
+#define SECCLASS_CAPABILITY 4
+#define SECCLASS_FILESYSTEM 5
+#define SECCLASS_FILE 6
+#define SECCLASS_DIR 7
+#define SECCLASS_FD 8
+#define SECCLASS_LNK_FILE 9
+#define SECCLASS_CHR_FILE 10
+#define SECCLASS_BLK_FILE 11
+#define SECCLASS_SOCK_FILE 12
+#define SECCLASS_FIFO_FILE 13
+#define SECCLASS_SOCKET 14
+#define SECCLASS_TCP_SOCKET 15
+#define SECCLASS_UDP_SOCKET 16
+#define SECCLASS_RAWIP_SOCKET 17
+#define SECCLASS_NODE 18
+#define SECCLASS_NETIF 19
+#define SECCLASS_NETLINK_SOCKET 20
+#define SECCLASS_PACKET_SOCKET 21
+#define SECCLASS_KEY_SOCKET 22
+#define SECCLASS_UNIX_STREAM_SOCKET 23
+#define SECCLASS_UNIX_DGRAM_SOCKET 24
+#define SECCLASS_SEM 25
+#define SECCLASS_MSG 26
+#define SECCLASS_MSGQ 27
+#define SECCLASS_SHM 28
+#define SECCLASS_IPC 29
+#define SECCLASS_PASSWD 30
+#define SECCLASS_DRAWABLE 31
+#define SECCLASS_WINDOW 32
+#define SECCLASS_GC 33
+#define SECCLASS_FONT 34
+#define SECCLASS_COLORMAP 35
+#define SECCLASS_PROPERTY 36
+#define SECCLASS_CURSOR 37
+#define SECCLASS_XCLIENT 38
+#define SECCLASS_XINPUT 39
+#define SECCLASS_XSERVER 40
+#define SECCLASS_XEXTENSION 41
+#define SECCLASS_PAX 42
+#define SECCLASS_NETLINK_ROUTE_SOCKET 43
+#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
+#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
+#define SECCLASS_NETLINK_NFLOG_SOCKET 46
+#define SECCLASS_NETLINK_XFRM_SOCKET 47
+#define SECCLASS_NETLINK_SELINUX_SOCKET 48
+#define SECCLASS_NETLINK_AUDIT_SOCKET 49
+#define SECCLASS_NETLINK_IP6FW_SOCKET 50
+#define SECCLASS_NETLINK_DNRT_SOCKET 51
+#define SECCLASS_DBUS 52
+#define SECCLASS_NSCD 53
+#define SECCLASS_ASSOCIATION 54
+#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
+#define SECCLASS_APPLETALK_SOCKET 56
+#define SECCLASS_PACKET 57
+#define SECCLASS_KEY 58
+#define SECCLASS_CONTEXT 59
+#define SECCLASS_DCCP_SOCKET 60
+#define SECCLASS_MEMPROTECT 61
+#define SECCLASS_DB_DATABASE 62
+#define SECCLASS_DB_TABLE 63
+#define SECCLASS_DB_PROCEDURE 64
+#define SECCLASS_DB_COLUMN 65
+#define SECCLASS_DB_TUPLE 66
+#define SECCLASS_DB_BLOB 67
+#define SECCLASS_PEER 68
+#define SECCLASS_CAPABILITY2 69
+
+/*
+ * Security identifier indices for initial entities
+ */
+#define SECINITSID_KERNEL 1
+#define SECINITSID_SECURITY 2
+#define SECINITSID_UNLABELED 3
+#define SECINITSID_FS 4
+#define SECINITSID_FILE 5
+#define SECINITSID_FILE_LABELS 6
+#define SECINITSID_INIT 7
+#define SECINITSID_ANY_SOCKET 8
+#define SECINITSID_PORT 9
+#define SECINITSID_NETIF 10
+#define SECINITSID_NETMSG 11
+#define SECINITSID_NODE 12
+#define SECINITSID_IGMP_PACKET 13
+#define SECINITSID_ICMP_SOCKET 14
+#define SECINITSID_TCP_SOCKET 15
+#define SECINITSID_SYSCTL_MODPROBE 16
+#define SECINITSID_SYSCTL 17
+#define SECINITSID_SYSCTL_FS 18
+#define SECINITSID_SYSCTL_KERNEL 19
+#define SECINITSID_SYSCTL_NET 20
+#define SECINITSID_SYSCTL_NET_UNIX 21
+#define SECINITSID_SYSCTL_VM 22
+#define SECINITSID_SYSCTL_DEV 23
+#define SECINITSID_KMOD 24
+#define SECINITSID_POLICY 25
+#define SECINITSID_SCMP_PACKET 26
+#define SECINITSID_DEVNULL 27
+
+#define SECINITSID_NUM 27
+
+#endif
diff --git a/libselinux/include/selinux/get_context_list.h b/libselinux/include/selinux/get_context_list.h
new file mode 100644
index 0000000..f678c18
--- /dev/null
+++ b/libselinux/include/selinux/get_context_list.h
@@ -0,0 +1,82 @@
+#ifndef _SELINUX_GET_SID_LIST_H_
+#define _SELINUX_GET_SID_LIST_H_
+
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SELINUX_DEFAULTUSER "user_u"
+
+/* Get an ordered list of authorized security contexts for a user session
+ for 'user' spawned by 'fromcon' and set *conary to refer to the
+ NULL-terminated array of contexts. Every entry in the list will
+ be authorized by the policy, but the ordering is subject to user
+ customizable preferences. Returns number of entries in *conary.
+ If 'fromcon' is NULL, defaults to current context.
+ Caller must free via freeconary. */
+ extern int get_ordered_context_list(const char *user,
+ security_context_t fromcon,
+ security_context_t ** list);
+
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+ int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t ** list);
+
+/* Get the default security context for a user session for 'user'
+ spawned by 'fromcon' and set *newcon to refer to it. The context
+ will be one of those authorized by the policy, but the selection
+ of a default is subject to user customizable preferences.
+ If 'fromcon' is NULL, defaults to current context.
+ Returns 0 on success or -1 otherwise.
+ Caller must free via freecon. */
+ extern int get_default_context(const char *user,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+ int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role. If no reachable context exists
+ for the user with that role, then return -1. */
+ int get_default_context_with_role(const char *user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role and level. If no reachable context exists
+ for the user with that role, then return -1. */
+ int get_default_context_with_rolelevel(const char *user,
+ const char *level,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Given a list of authorized security contexts for the user,
+ query the user to select one and set *newcon to refer to it.
+ Caller must free via freecon.
+ Returns 0 on sucess or -1 otherwise. */
+ extern int query_user_context(security_context_t * list,
+ security_context_t * newcon);
+
+/* Allow the user to manually enter a context as a fallback
+ if a list of authorized contexts could not be obtained.
+ Caller must free via freecon.
+ Returns 0 on success or -1 otherwise. */
+ extern int manual_user_enter_context(const char *user,
+ security_context_t * newcon);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/include/selinux/get_default_type.h b/libselinux/include/selinux/get_default_type.h
new file mode 100644
index 0000000..65c5dd4
--- /dev/null
+++ b/libselinux/include/selinux/get_default_type.h
@@ -0,0 +1,23 @@
+/* get_default_type.h - contains header information and function prototypes
+ * for functions to get the default type for a role
+ */
+
+#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
+#define _SELINUX_GET_DEFAULT_TYPE_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Return path to default type file. */
+ const char *selinux_default_type_path(void);
+
+/* Get the default type (domain) for 'role' and set 'type' to refer to it.
+ Caller must free via free().
+ Return 0 on success or -1 otherwise. */
+ int get_default_type(const char *role, char **type);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
new file mode 100644
index 0000000..82f4e13
--- /dev/null
+++ b/libselinux/include/selinux/label.h
@@ -0,0 +1,123 @@
+/*
+ * Labeling interface for userspace object managers and others.
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+#ifndef _SELABEL_H_
+#define _SELABEL_H_
+
+#include <sys/types.h>
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Opaque type used for all label handles.
+ */
+
+struct selabel_handle;
+
+/*
+ * Available backends.
+ */
+
+/* file contexts */
+#define SELABEL_CTX_FILE 0
+/* media contexts */
+#define SELABEL_CTX_MEDIA 1
+/* x contexts */
+#define SELABEL_CTX_X 2
+
+/*
+ * Available options
+ */
+
+/* no-op option, useful for unused slots in an array of options */
+#define SELABEL_OPT_UNUSED 0
+/* validate contexts before returning them (boolean value) */
+#define SELABEL_OPT_VALIDATE 1
+/* don't use local customizations to backend data (boolean value) */
+#define SELABEL_OPT_BASEONLY 2
+/* specify an alternate path to use when loading backend data */
+#define SELABEL_OPT_PATH 3
+/* select a subset of the search space as an optimization (file backend) */
+#define SELABEL_OPT_SUBSET 4
+/* total number of options */
+#define SELABEL_NOPT 5
+
+/*
+ * Label operations
+ */
+
+/**
+ * selabel_open - Create a labeling handle.
+ * @backend: one of the constants specifying a supported labeling backend.
+ * @opts: array of selabel_opt structures specifying label options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * Open a labeling backend for use. The available backend identifiers are
+ * listed above. Options may be provided via the opts parameter; available
+ * options are listed above. Not all options may be supported by every
+ * backend. Return value is the created handle on success or NULL with
+ * @errno set on failure.
+ */
+struct selabel_handle *selabel_open(unsigned int backend,
+ struct selinux_opt *opts, unsigned nopts);
+
+/**
+ * selabel_close - Close a labeling handle.
+ * @handle: specifies handle to close
+ *
+ * Destroy the specified handle, closing files, freeing allocated memory,
+ * etc. The handle may not be further used after it has been closed.
+ */
+void selabel_close(struct selabel_handle *handle);
+
+/**
+ * selabel_lookup - Perform labeling lookup operation.
+ * @handle: specifies backend instance to query
+ * @con: returns the appropriate context with which to label the object
+ * @key: string input to lookup operation
+ * @type: numeric input to the lookup operation
+ *
+ * Perform a labeling lookup operation. Return %0 on success, -%1 with
+ * @errno set on failure. The key and type arguments are the inputs to the
+ * lookup operation; appropriate values are dictated by the backend in use.
+ * The result is returned in the memory pointed to by @con and must be freed
+ * by the user with freecon().
+ */
+int selabel_lookup(struct selabel_handle *handle, security_context_t *con,
+ const char *key, int type);
+int selabel_lookup_raw(struct selabel_handle *handle, security_context_t *con,
+ const char *key, int type);
+
+/**
+ * selabel_stats - log labeling operation statistics.
+ * @handle: specifies backend instance to query
+ *
+ * Log a message with information about the number of queries performed,
+ * number of unused matching entries, or other operational statistics.
+ * Message is backend-specific, some backends may not output a message.
+ */
+void selabel_stats(struct selabel_handle *handle);
+
+/*
+ * Type codes used by specific backends
+ */
+
+/* X backend */
+#define SELABEL_X_PROP 1
+#define SELABEL_X_EXT 2
+#define SELABEL_X_CLIENT 3
+#define SELABEL_X_EVENT 4
+#define SELABEL_X_SELN 5
+#define SELABEL_X_POLYPROP 6
+#define SELABEL_X_POLYSELN 7
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _SELABEL_H_ */
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
new file mode 100644
index 0000000..3bfc0c8
--- /dev/null
+++ b/libselinux/include/selinux/selinux.h
@@ -0,0 +1,530 @@
+#ifndef _SELINUX_H_
+#define _SELINUX_H_
+
+#include <sys/types.h>
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
+extern int is_selinux_enabled(void);
+/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
+extern int is_selinux_mls_enabled(void);
+
+typedef char *security_context_t;
+
+/* Free the memory allocated for a context by any of the below get* calls. */
+extern void freecon(security_context_t con);
+
+/* Free the memory allocated for a context array by security_compute_user. */
+extern void freeconary(security_context_t * con);
+
+/* Wrappers for the /proc/pid/attr API. */
+
+/* Get current context, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getcon(security_context_t * con);
+extern int getcon_raw(security_context_t * con);
+
+/* Set the current security context to con.
+ Note that use of this function requires that the entire application
+ be trusted to maintain any desired separation between the old and new
+ security contexts, unlike exec-based transitions performed via setexeccon.
+ When possible, decompose your application and use setexeccon()+execve()
+ instead. Note that the application may lose access to its open descriptors
+ as a result of a setcon() unless policy allows it to use descriptors opened
+ by the old context. */
+extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
+
+/* Get context of process identified by pid, and
+ set *con to refer to it. Caller must free via freecon. */
+extern int getpidcon(pid_t pid, security_context_t * con);
+extern int getpidcon_raw(pid_t pid, security_context_t * con);
+
+/* Get previous context (prior to last exec), and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getprevcon(security_context_t * con);
+extern int getprevcon_raw(security_context_t * con);
+
+/* Get exec context, and set *con to refer to it.
+ Sets *con to NULL if no exec context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getexeccon(security_context_t * con);
+extern int getexeccon_raw(security_context_t * con);
+
+/* Set exec security context for the next execve.
+ Call with NULL if you want to reset to the default. */
+extern int setexeccon(security_context_t con);
+extern int setexeccon_raw(security_context_t con);
+
+/* Get fscreate context, and set *con to refer to it.
+ Sets *con to NULL if no fs create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getfscreatecon(security_context_t * con);
+extern int getfscreatecon_raw(security_context_t * con);
+
+/* Set the fscreate security context for subsequent file creations.
+ Call with NULL if you want to reset to the default. */
+extern int setfscreatecon(security_context_t context);
+extern int setfscreatecon_raw(security_context_t context);
+
+/* Get keycreate context, and set *con to refer to it.
+ Sets *con to NULL if no key create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getkeycreatecon(security_context_t * con);
+extern int getkeycreatecon_raw(security_context_t * con);
+
+/* Set the keycreate security context for subsequent key creations.
+ Call with NULL if you want to reset to the default. */
+extern int setkeycreatecon(security_context_t context);
+extern int setkeycreatecon_raw(security_context_t context);
+
+/* Get sockcreate context, and set *con to refer to it.
+ Sets *con to NULL if no socket create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getsockcreatecon(security_context_t * con);
+extern int getsockcreatecon_raw(security_context_t * con);
+
+/* Set the sockcreate security context for subsequent socket creations.
+ Call with NULL if you want to reset to the default. */
+extern int setsockcreatecon(security_context_t context);
+extern int setsockcreatecon_raw(security_context_t context);
+
+/* Wrappers for the xattr API. */
+
+/* Get file context, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getfilecon(const char *path, security_context_t * con);
+extern int getfilecon_raw(const char *path, security_context_t * con);
+extern int lgetfilecon(const char *path, security_context_t * con);
+extern int lgetfilecon_raw(const char *path, security_context_t * con);
+extern int fgetfilecon(int fd, security_context_t * con);
+extern int fgetfilecon_raw(int fd, security_context_t * con);
+
+/* Set file context */
+extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
+extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
+extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
+
+/* Wrappers for the socket API */
+
+/* Get context of peer socket, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getpeercon(int fd, security_context_t * con);
+extern int getpeercon_raw(int fd, security_context_t * con);
+
+/* Wrappers for the selinuxfs (policy) API. */
+
+typedef unsigned int access_vector_t;
+typedef unsigned short security_class_t;
+
+struct av_decision {
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ unsigned int seqno;
+};
+
+/* Structure for passing options, used by AVC and label subsystems */
+struct selinux_opt {
+ int type;
+ const char *value;
+};
+
+/* Callback facilities */
+union selinux_callback {
+ /* log the printf-style format and arguments,
+ with the type code indicating the type of message */
+ int
+#ifdef __GNUC__
+__attribute__ ((format(printf, 2, 3)))
+#endif
+ (*func_log) (int type, const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ int (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+ /* validate the supplied context, modifying if necessary */
+ int (*func_validate) (security_context_t *ctx);
+};
+
+#define SELINUX_CB_LOG 0
+#define SELINUX_CB_AUDIT 1
+#define SELINUX_CB_VALIDATE 2
+
+extern union selinux_callback selinux_get_callback(int type);
+extern void selinux_set_callback(int type, union selinux_callback cb);
+
+ /* Logging type codes, passed to the logging callback */
+#define SELINUX_ERROR 0
+#define SELINUX_WARNING 1
+#define SELINUX_INFO 2
+#define SELINUX_AVC 3
+
+/* Compute an access decision. */
+extern int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+
+/* Compute a labeling decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute a relabeling decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute a polyinstantiation member decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute the set of reachable user contexts and set *con to refer to
+ the NULL-terminated array of contexts. Caller must free via freeconary. */
+extern int security_compute_user(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+extern int security_compute_user_raw(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+
+/* Load a policy configuration. */
+extern int security_load_policy(void *data, size_t len);
+
+/* Get the context of an initial kernel security identifier by name.
+ Caller must free via freecon */
+extern int security_get_initial_context(const char *name,
+ security_context_t * con);
+extern int security_get_initial_context_raw(const char *name,
+ security_context_t * con);
+
+/*
+ * Make a policy image and load it.
+ * This function provides a higher level interface for loading policy
+ * than security_load_policy, internally determining the right policy
+ * version, locating and opening the policy file, mapping it into memory,
+ * manipulating it as needed for current boolean settings and/or local
+ * definitions, and then calling security_load_policy to load it.
+ *
+ * 'preservebools' is a boolean flag indicating whether current
+ * policy boolean values should be preserved into the new policy (if 1)
+ * or reset to the saved policy settings (if 0). The former case is the
+ * default for policy reloads, while the latter case is an option for policy
+ * reloads but is primarily for the initial policy load.
+ */
+extern int selinux_mkload_policy(int preservebools);
+
+/*
+ * Perform the initial policy load.
+ * This function determines the desired enforcing mode, sets the
+ * the *enforce argument accordingly for the caller to use, sets the
+ * SELinux kernel enforcing status to match it, and loads the policy.
+ * It also internally handles the initial selinuxfs mount required to
+ * perform these actions.
+ *
+ * The function returns 0 if everything including the policy load succeeds.
+ * In this case, init is expected to re-exec itself in order to transition
+ * to the proper security context.
+ * Otherwise, the function returns -1, and init must check *enforce to
+ * determine how to proceed. If enforcing (*enforce > 0), then init should
+ * halt the system. Otherwise, init may proceed normally without a re-exec.
+ */
+extern int selinux_init_load_policy(int *enforce);
+
+/* Translate boolean strict to name value pair. */
+typedef struct {
+ char *name;
+ int value;
+} SELboolean;
+/* save a list of booleans in a single transaction. */
+extern int security_set_boolean_list(size_t boolcnt,
+ SELboolean * boollist, int permanent);
+
+/* Load policy boolean settings.
+ Path may be NULL, in which case the booleans are loaded from
+ the active policy boolean configuration file. */
+extern int security_load_booleans(char *path);
+
+/* Check the validity of a security context. */
+extern int security_check_context(security_context_t con);
+extern int security_check_context_raw(security_context_t con);
+
+/* Canonicalize a security context. */
+extern int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon);
+extern int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon);
+
+/* Get the enforce flag value. */
+extern int security_getenforce(void);
+
+/* Set the enforce flag value. */
+extern int security_setenforce(int value);
+
+/* Disable SELinux at runtime (must be done prior to initial policy load). */
+extern int security_disable(void);
+
+/* Get the policy version number. */
+extern int security_policyvers(void);
+
+/* Get the boolean names */
+extern int security_get_boolean_names(char ***names, int *len);
+
+/* Get the pending value for the boolean */
+extern int security_get_boolean_pending(const char *name);
+
+/* Get the active value for the boolean */
+extern int security_get_boolean_active(const char *name);
+
+/* Set the pending value for the boolean */
+extern int security_set_boolean(const char *name, int value);
+
+/* Commit the pending values for the booleans */
+extern int security_commit_booleans(void);
+
+/* Userspace class mapping support */
+struct security_class_mapping {
+ const char *name;
+ const char *perms[sizeof(access_vector_t) * 8 + 1];
+};
+
+int selinux_set_mapping(struct security_class_mapping *map);
+
+/* Common helpers */
+
+/* Convert between security class values and string names */
+extern security_class_t string_to_security_class(const char *name);
+extern const char *security_class_to_string(security_class_t cls);
+
+/* Convert between individual access vector permissions and string names */
+extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
+extern access_vector_t string_to_av_perm(security_class_t tclass,
+ const char *name);
+
+/* Returns an access vector in a string representation. User must free the
+ * returned string via free(). */
+extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
+
+/* Display an access vector in a string representation. */
+extern void print_access_vector(security_class_t tclass, access_vector_t av);
+
+/* Set the function used by matchpathcon_init when displaying
+ errors about the file_contexts configuration. If not set,
+ then this defaults to fprintf(stderr, fmt, ...). */
+extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
+
+/* Set the function used by matchpathcon_init when checking the
+ validity of a context in the file contexts configuration. If not set,
+ then this defaults to a test based on security_check_context().
+ The function is also responsible for reporting any such error, and
+ may include the 'path' and 'lineno' in such error messages. */
+extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
+ unsigned lineno,
+ char *context));
+
+/* Same as above, but also allows canonicalization of the context,
+ by changing *context to refer to the canonical form. If not set,
+ and invalidcon is also not set, then this defaults to calling
+ security_canonicalize_context(). */
+extern void set_matchpathcon_canoncon(int (*f) (const char *path,
+ unsigned lineno,
+ char **context));
+
+/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
+#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
+#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
+#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
+extern void set_matchpathcon_flags(unsigned int flags);
+
+/* Load the file contexts configuration specified by 'path'
+ into memory for use by subsequent matchpathcon calls.
+ If 'path' is NULL, then load the active file contexts configuration,
+ i.e. the path returned by selinux_file_context_path().
+ Unless the MATCHPATHCON_BASEONLY flag has been set, this
+ function also checks for a 'path'.homedirs file and
+ a 'path'.local file and loads additional specifications
+ from them if present. */
+extern int matchpathcon_init(const char *path);
+
+/* Same as matchpathcon_init, but only load entries with
+ regexes that have stems that are prefixes of 'prefix'. */
+extern int matchpathcon_init_prefix(const char *path, const char *prefix);
+
+/* Free the memory allocated by matchpathcon_init. */
+extern void matchpathcon_fini(void);
+
+/* Match the specified pathname and mode against the file contexts
+ configuration and set *con to refer to the resulting context.
+ 'mode' can be 0 to disable mode matching.
+ Caller must free via freecon.
+ If matchpathcon_init has not already been called, then this function
+ will call it upon its first invocation with a NULL path. */
+extern int matchpathcon(const char *path,
+ mode_t mode, security_context_t * con);
+
+/* Same as above, but return a specification index for
+ later use in a matchpathcon_filespec_add() call - see below. */
+extern int matchpathcon_index(const char *path,
+ mode_t mode, security_context_t * con);
+
+/* Maintain an association between an inode and a specification index,
+ and check whether a conflicting specification is already associated
+ with the same inode (e.g. due to multiple hard links). If so, then
+ use the latter of the two specifications based on their order in the
+ file contexts configuration. Return the used specification index. */
+extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
+
+/* Destroy any inode associations that have been added, e.g. to restart
+ for a new filesystem. */
+extern void matchpathcon_filespec_destroy(void);
+
+/* Display statistics on the hash table usage for the associations. */
+extern void matchpathcon_filespec_eval(void);
+
+/* Check to see whether any specifications had no matches and report them.
+ The 'str' is used as a prefix for any warning messages. */
+extern void matchpathcon_checkmatches(char *str);
+
+/* Match the specified media and against the media contexts
+ configuration and set *con to refer to the resulting context.
+ Caller must free con via freecon. */
+extern int matchmediacon(const char *media, security_context_t * con);
+
+/*
+ selinux_getenforcemode reads the /etc/selinux/config file and determines
+ whether the machine should be started in enforcing (1), permissive (0) or
+ disabled (-1) mode.
+ */
+extern int selinux_getenforcemode(int *enforce);
+
+/*
+ selinux_getpolicytype reads the /etc/selinux/config file and determines
+ what the default policy for the machine is. Calling application must
+ free policytype.
+ */
+extern int selinux_getpolicytype(char **policytype);
+
+/*
+ selinux_policy_root reads the /etc/selinux/config file and returns
+ the directory path under which the compiled policy file and context
+ configuration files exist.
+ */
+extern const char *selinux_policy_root(void);
+
+/* These functions return the paths to specific files under the
+ policy root directory. */
+extern const char *selinux_binary_policy_path(void);
+extern const char *selinux_failsafe_context_path(void);
+extern const char *selinux_removable_context_path(void);
+extern const char *selinux_default_context_path(void);
+extern const char *selinux_user_contexts_path(void);
+extern const char *selinux_file_context_path(void);
+extern const char *selinux_file_context_homedir_path(void);
+extern const char *selinux_file_context_local_path(void);
+extern const char *selinux_homedir_context_path(void);
+extern const char *selinux_media_context_path(void);
+extern const char *selinux_x_context_path(void);
+extern const char *selinux_contexts_path(void);
+extern const char *selinux_securetty_types_path(void);
+extern const char *selinux_booleans_path(void);
+extern const char *selinux_customizable_types_path(void);
+extern const char *selinux_users_path(void);
+extern const char *selinux_usersconf_path(void);
+extern const char *selinux_translations_path(void);
+extern const char *selinux_netfilter_context_path(void);
+extern const char *selinux_path(void);
+
+/* Check a permission in the passwd class.
+ Return 0 if granted or -1 otherwise. */
+extern int selinux_check_passwd_access(access_vector_t requested);
+extern int checkPasswdAccess(access_vector_t requested);
+
+/* Check if the tty_context is defined as a securetty
+ Return 0 if secure, < 0 otherwise. */
+extern int selinux_check_securetty_context(security_context_t tty_context);
+
+/* Set the path to the selinuxfs mount point explicitly.
+ Normally, this is determined automatically during libselinux
+ initialization, but this is not always possible, e.g. for /sbin/init
+ which performs the initial mount of selinuxfs. */
+void set_selinuxmnt(char *mnt);
+
+/* Execute a helper for rpm in an appropriate security context. */
+extern int rpm_execcon(unsigned int verified,
+ const char *filename,
+ char *const argv[], char *const envp[]);
+
+/* Returns whether a file context is customizable, and should not
+ be relabeled . */
+extern int is_context_customizable(security_context_t scontext);
+
+/* Perform context translation between the human-readable format
+ ("translated") and the internal system format ("raw").
+ Caller must free the resulting context via freecon.
+ Returns -1 upon an error or 0 otherwise.
+ If passed NULL, sets the returned context to NULL and returns 0. */
+extern int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp);
+extern int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp);
+
+/* Get the SELinux username and level to use for a given Linux username.
+ These values may then be passed into the get_ordered_context_list*
+ and get_default_context* functions to obtain a context for the user.
+ Returns 0 on success or -1 otherwise.
+ Caller must free the returned strings via free. */
+extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
+/* Compare two file contexts, return 0 if equivalent. */
+int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b);
+
+/*
+ * Verify the context of the file 'path' against policy.
+ * Return 0 if correct.
+ */
+int selinux_file_context_verify(const char *path, mode_t mode);
+
+/* This function sets the file context on to the system defaults returns 0 on success */
+int selinux_lsetfilecon_default(const char *path);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/man/Makefile b/libselinux/man/Makefile
new file mode 100644
index 0000000..984b6af
--- /dev/null
+++ b/libselinux/man/Makefile
@@ -0,0 +1,13 @@
+# Installation directories.
+MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+
+install:
+ mkdir -p $(MAN3DIR)
+ mkdir -p $(MAN5DIR)
+ mkdir -p $(MAN8DIR)
+ install -m 644 man3/*.3 $(MAN3DIR)
+ install -m 644 man5/*.5 $(MAN5DIR)
+ install -m 644 man8/*.8 $(MAN8DIR)
+
diff --git a/libselinux/man/man3/avc_add_callback.3 b/libselinux/man/man3/avc_add_callback.3
new file mode 100644
index 0000000..9c83cac
--- /dev/null
+++ b/libselinux/man/man3/avc_add_callback.3
@@ -0,0 +1,184 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_add_callback" "3" "9 June 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_add_callback \- additional event notification for SELinux userspace object managers.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
+.in +\w'int avc_add_callback(int (*callback)('u
+.BI "security_id_t " ssid ,
+
+.BI "security_id_t " tsid ,
+
+.BI "security_class_t " tclass ,
+
+.BI "access_vector_t " perms ,
+
+.BI "access_vector_t *" out_retained "),"
+.in
+.in +\w'int avc_add_callback('u
+.BI "uint32_t " events ", security_id_t " ssid ,
+
+.BI "security_id_t " tsid ", security_class_t " tclass ,
+
+.BI "access_vector_t " perms ");"
+.in
+.SH "DESCRIPTION"
+.B avc_add_callback
+is used to register callback functions on security events. The purpose of this functionality is to allow userspace object managers to take additional action when a policy change, usually a policy reload, causes permissions to be granted or revoked.
+
+.I events
+is the
+.RI bitwise- or
+of security events on which to register the callback; see
+.B SECURITY EVENTS
+below.
+
+.IR ssid ,
+.IR tsid ,
+.IR tclass ,
+and
+.I perms
+specify the source and target SID's, target class, and specific permissions that the callback wishes to monitor. The special symbol
+.B SECSID_WILD
+may be passed as the
+.I source
+or
+.I target
+and will cause any SID to match.
+
+.I callback
+is the callback function provided by the userspace object manager. The
+.I event
+argument indicates the security event which occured; the remaining arguments are interpreted according to the event as described below. The return value of the callback should be zero on success, \-1 on error with errno set appropriately (but see
+.B RETURN VALUE
+below).
+
+.SH "SECURITY EVENTS"
+In all cases below,
+.I ssid
+and/or
+.I tsid
+may be set to
+.BR SECSID_WILD ,
+indicating that the change applies to all source and/or target SID's. Unless otherwise indicated, the
+.I out_retained
+parameter is unused.
+
+.TP
+.B AVC_CALLBACK_GRANT
+Previously denied permissions are now granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to grant.
+.TP
+.B AVC_CALLBACK_TRY_REVOKE
+Previously granted permissions are now conditionally revoked for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to revoke. The callback should set
+.I out_retained
+to the subset of
+.I perms
+which are retained as migrated permissions. Note that
+.I out_retained
+is ignored if the callback returns \-1.
+.TP
+.B AVC_CALLBACK_REVOKE
+Previously granted permissions are now unconditionally revoked for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to revoke.
+.TP
+.B AVC_CALLBACK_RESET
+Indicates that the cache was flushed. The SID, class, and permission arguments are unused and are set to NULL.
+.TP
+.B AVC_CALLBACK_AUDITALLOW_ENABLE
+The permissions given by
+.I perms
+should now be audited when granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITALLOW_DISABLE
+The permissions given by
+.I perms
+should no longer be audited when granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITDENY_ENABLE
+The permissions given by
+.I perms
+should now be audited when denied for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITDENY_DISABLE
+The permissions given by
+.I perms
+should no longer be audited when denied for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+
+.SH "RETURN VALUE"
+On success,
+.B avc_add_callback
+returns zero. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+A return value of \-1 from a callback is interpreted as a failed policy operation. If such a return value is encountered, all remaining callbacks registered on the event are called. In threaded mode, the netlink handler thread may then terminate and cause the userspace AVC to return
+.B EINVAL
+on all further permission checks until
+.BR avc_destroy (3)
+is called. In non-threaded mode, the permission check on which the error occurred will return \-1 and the value of
+.I errno
+encountered to the caller. In both cases, a log message is produced and the kernel may be notified of the error.
+
+.SH "ERRORS"
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+If the userspace AVC is running in threaded mode, callbacks registered via
+.B avc_add_callback
+may be executed in the context of the netlink handler thread. This will likely introduce synchronization issues requiring the use of locks. See
+.BR avc_init (3).
+
+Support for dynamic revocation and retained permissions is mostly unimplemented in the SELinux kernel module. The only security event that currently gets excercised is
+.BR AVC_CALLBACK_RESET .
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR security_compute_av (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_audit.3 b/libselinux/man/man3/avc_audit.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_audit.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_av_stats.3 b/libselinux/man/man3/avc_av_stats.3
new file mode 100644
index 0000000..6732dc1
--- /dev/null
+++ b/libselinux/man/man3/avc_av_stats.3
@@ -0,0 +1 @@
+.so man3/avc_cache_stats.3
diff --git a/libselinux/man/man3/avc_cache_stats.3 b/libselinux/man/man3/avc_cache_stats.3
new file mode 100644
index 0000000..96f2b21
--- /dev/null
+++ b/libselinux/man/man3/avc_cache_stats.3
@@ -0,0 +1,99 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_cache_stats" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "void avc_av_stats(void);"
+.sp
+.BI "void avc_sid_stats(void);"
+.sp
+.BI "void avc_cache_stats(struct avc_cache_stats *" stats ");"
+.SH "DESCRIPTION"
+The userspace AVC maintains two internal hash tables, one to store security ID's and one to cache access decisions.
+
+.B avc_av_stats
+and
+.B avc_sid_stats
+produce log messages indicating the status of the access decision and SID tables, respectively. The messages contain the number of entries in the table, number of hash buckets and number of buckets used, and maximum number of entries in a single bucket.
+
+.B avc_cache_stats
+populates a structure whose fields reflect cache activity:
+
+.RS
+.ta 4n 14n
+.nf
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
+.fi
+.ta
+.RE
+
+.TP
+.I entry_lookups
+Number of queries made.
+.TP
+.I entry_hits
+Number of times a decision was found in the
+.I aeref
+argument.
+.TP
+.I entry_misses
+Number of times a decision was not found in the
+.I aeref
+argument.
+.TP
+.I entry_discards
+Number of times a decision was not found in the
+.I aeref
+argument and the
+.I aeref
+argument was non-NULL.
+.TP
+.I cav_lookups
+Number of cache lookups.
+.TP
+.I cav_hits
+Number of cache hits.
+.TP
+.I cav_misses
+Number of cache misses.
+.TP
+.I cav_probes
+Number of entries examined while searching the cache.
+
+.SH "NOTES"
+When the cache is flushed as a result of a call to
+.B avc_reset
+or a policy change notification,
+the statistics returned by
+.B avc_cache_stats
+are reset to zero. The SID table, however, is left
+unchanged.
+
+When a policy change notification is received, a call to
+.B avc_av_stats
+is made before the cache is flushed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_add_callback (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_cleanup.3 b/libselinux/man/man3/avc_cleanup.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_cleanup.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_compute_create.3 b/libselinux/man/man3/avc_compute_create.3
new file mode 100644
index 0000000..f102cc9
--- /dev/null
+++ b/libselinux/man/man3/avc_compute_create.3
@@ -0,0 +1,68 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "avc_compute_create" "3" "30 Mar 2007" "" "SELinux API documentation"
+.SH "NAME"
+avc_compute_create, avc_compute_member \- obtain SELinux label for new object.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_compute_create('u
+.BI "security_class_t " tclass ", security_id_t *" newsid ");"
+.sp
+.in
+.BI "int avc_compute_member(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_compute_member('u
+.BI "security_class_t " tclass ", security_id_t *" newsid ");"
+.in
+.SH "DESCRIPTION"
+.B avc_compute_create
+is used to compute a SID to use for labeling a new object in a particular class based on a SID pair. This call is identical to
+.BR security_compute_create ,
+but does not require converting from userspace SID's to contexts and back again.
+
+.B avc_compute_member
+is used to compute a SID to use for labeling a polyinstantiated object instance of a particular class based on a SID pair. This call is identical to
+.BR security_compute_member ,
+but does not require converting from userspace SID's to contexts and back again.
+
+These functions
+return a SID for the computed context in the memory referenced by
+.IR sid ,
+incrementing its reference count by 1.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+The
+.I tclass
+and/or the security contexts referenced by
+.I ssid
+and
+.I tsid
+are not recognized by the currently loaded policy, or
+.I tsid
+or
+.I ssid
+has a zero reference count and is invalid.
+
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_context_to_sid (3),
+.BR security_compute_create (3),
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_compute_member.3 b/libselinux/man/man3/avc_compute_member.3
new file mode 100644
index 0000000..28307ce
--- /dev/null
+++ b/libselinux/man/man3/avc_compute_member.3
@@ -0,0 +1 @@
+.so man3/avc_compute_create.3
diff --git a/libselinux/man/man3/avc_context_to_sid.3 b/libselinux/man/man3/avc_context_to_sid.3
new file mode 100644
index 0000000..41a486d
--- /dev/null
+++ b/libselinux/man/man3/avc_context_to_sid.3
@@ -0,0 +1,98 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_context_to_sid" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
+.sp
+.BI "int avc_sid_to_context(security_id_t " sid ", security_context_t *" ctx ");"
+.sp
+.BI "int sidget(security_id_t " sid ");"
+.sp
+.BI "int sidput(security_id_t " sid ");"
+.sp
+.BI "int avc_get_initial_sid(const char *" name ", security_id_t *" sid ");"
+.sp
+.SH "DESCRIPTION"
+Security ID's (SID's) are reference-counted, opaque representations of security contexts.
+
+.B avc_context_to_sid
+returns a SID for the given
+.I context
+in the memory referenced by
+.IR sid ,
+incrementing its reference count by 1.
+
+.B avc_sid_to_context
+returns a copy of the context represented by
+.I sid
+in the memory referenced by
+.IR ctx .
+The user must free the copy with
+.BR freecon (3).
+
+.B sidget
+increments the reference count of
+.I sid
+by 1.
+
+.B sidput
+decrements the reference count of
+.I sid
+by 1. If the count ever reaches zero, the SID becomes
+invalid and must not be used any further.
+
+.B avc_get_initial_sid
+returns a SID for the kernel initial security identifier specified by
+.I name
+
+.SH "RETURN VALUE"
+.B sidget
+and
+.B sidput
+return the new reference count. A return value of zero indicates
+an invalid SID.
+
+.B avc_context_to_sid
+and
+.B avc_sid_to_context
+return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+The provided
+.I sid
+has a zero reference count and is invalid.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+The expected usage pattern for these functions is that
+.B avc_context_to_sid
+will be called once to obtain a SID for a newly created object,
+.B sidget
+will be called on a SID when its object is duplicated, and
+.B sidput
+will be called on a SID when its object is destroyed. Proper reference counting is necessary to ensure that SID's and associated cache entries are reclaimed from memory when no longer needed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR getcon (3),
+.BR freecon (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_destroy.3 b/libselinux/man/man3/avc_destroy.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_destroy.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_entry_ref_init.3 b/libselinux/man/man3/avc_entry_ref_init.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_entry_ref_init.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_get_initial_context.3 b/libselinux/man/man3/avc_get_initial_context.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/avc_get_initial_context.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/avc_has_perm.3 b/libselinux/man/man3/avc_has_perm.3
new file mode 100644
index 0000000..50f4d44
--- /dev/null
+++ b/libselinux/man/man3/avc_has_perm.3
@@ -0,0 +1,155 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_has_perm" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
+.sp
+.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_has_perm('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
+.in
+.sp
+.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_has_perm('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
+.in
+.sp
+.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'void avc_audit('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
+.in
+.SH "DESCRIPTION"
+.B avc_entry_ref_init
+initializes an
+.B avc_entry_ref
+structure; see
+.B ENTRY REFERENCES
+below. This function may be implemented as a macro.
+
+.B avc_has_perm
+checks whether the
+.I requested
+permissions are granted
+for subject SID
+.IR ssid
+and target SID
+.IR tsid ,
+interpreting the permissions
+based on
+.I tclass
+and updating
+.IR aeref ,
+if non-NULL, to refer to a cache entry with the resulting decision. The granting or denial of permissions is audited in accordance with the policy. The
+.I auditdata
+parameter is for supplemental auditing; see
+.B avc_audit
+below.
+
+.B avc_has_perm_noaudit
+behaves as
+.B avc_has_perm
+without producing an audit message. The access decision is returned in
+.I avd
+and can be passed to
+.B avc_audit
+explicitly.
+
+.B avc_audit
+produces an audit message for the access query represented by
+.IR ssid ,
+.IR tsid ,
+.IR tclass ,
+and
+.IR requested ,
+with a decision represented by
+.IR avd .
+Pass the value returned by
+.B avc_has_perm_noaudit
+as
+.IR result .
+The
+.I auditdata
+parameter is passed to the user-supplied
+.B func_audit
+callback and can be used to add supplemental information to the audit message; see
+.BR avc_init (3).
+
+.SH "ENTRY REFERENCES"
+Entry references can be used to speed cache performance for repeated queries on the same subject and target. The userspace AVC will check the
+.I aeref
+argument, if supplied, before searching the cache on a permission query. After a query is performed,
+.I aeref
+will be updated to reference the cache entry for that query. A subsequent query on the same subject and target will then have the decision at hand without having to walk the cache.
+
+After declaring an
+.B avc_entry_ref
+structure, use
+.B avc_entry_ref_init
+to initialize it before passing it to
+.B avc_has_perm
+or
+.B avc_has_perm_noaudit
+for the first time.
+Using an uninitialized structure will produce undefined behavior.
+
+.SH "RETURN VALUE"
+If requested permissions are granted, zero is returned. If requested permissions are denied or an error occured, \-1 is returned and
+.I errno
+is set appropriately.
+
+In permissive mode, zero will be returned and
+.I errno
+unchanged even if permissions were denied.
+.B avc_has_perm
+will still produce an audit message in this case.
+
+.SH "ERRORS"
+.TP
+.B EACCES
+A requested permission was denied.
+.TP
+.B EINVAL
+The
+.I tclass
+and/or the security contexts referenced by
+.I ssid
+and
+.I tsid
+are not recognized by the currently loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+Internal errors encountered by the userspace AVC may cause certain values of
+.I errno
+to be returned unexpectedly. For example, netlink socket errors may produce
+.B EACCES
+or
+.BR EINVAL .
+Make sure that userspace object managers are granted appropriate access to
+netlink by the policy.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR security_compute_av (3)
+.BR selinux(8)
diff --git a/libselinux/man/man3/avc_has_perm_noaudit.3 b/libselinux/man/man3/avc_has_perm_noaudit.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_has_perm_noaudit.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_init.3 b/libselinux/man/man3/avc_init.3
new file mode 100644
index 0000000..331a665
--- /dev/null
+++ b/libselinux/man/man3/avc_init.3
@@ -0,0 +1,195 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_init" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_init - legacy userspace SELinux AVC setup.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_init(const char *" msgprefix ,
+.in +\w'int avc_init('u
+.BI "const struct avc_memory_callback *" mem_callbacks ,
+
+.BI "const struct avc_log_callback *" log_callbacks ,
+
+.BI "const struct avc_thread_callback *" thread_callbacks ,
+
+.BI "const struct avc_lock_callback *" lock_callbacks ");"
+.SH "DESCRIPTION"
+.B avc_init
+is deprecated; please use
+.BR avc_open (3)
+in conjunction with
+.BR selinux_set_callback (3)
+in all new code.
+
+.B avc_init
+initializes the userspace AVC and must be called before any other AVC operation can be performed. A non-NULL
+.I msgprefix
+will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC.
+
+.SH "CALLBACKS"
+The userspace AVC can be directed how to perform memory allocation, logging, thread creation, and locking via callback functions passed to
+.BR avc_init .
+The purpose of this functionality is to allow the userspace AVC to be smoothly integrated into existing userspace object managers.
+
+Use an
+.B avc_memory_callback
+structure to specify alternate functions for dynamic memory allocation.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_memory_callback {
+ void *(*func_malloc)(size_t size);
+ void (*func_free)(void *ptr);
+};
+.fi
+.ta
+.RE
+
+The two fields of the structure should be pointers to functions which behave as
+.BR malloc (3)
+and
+.BR free (3),
+which are used by default.
+
+Use an
+.B avc_log_callback
+structure to specify alternate functions for logging.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_log_callback {
+ void (*func_log)(const char *fmt, ...);
+ void (*func_audit)(void *auditdata,
+ security_class_t class,
+ char *msgbuf, size_t msgbufsize);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_log
+callback should accept a
+.BR printf (3)
+style format and arguments and log them as desired. The default behavior prints the message on the standard error. The
+.B func_audit
+callback should interpret the
+.I auditdata
+parameter for the given
+.IR class ,
+printing a human-readable interpretation to
+.I msgbuf
+using no more than
+.I msgbufsize
+characters. The default behavior is to ignore
+.IR auditdata .
+
+Use an
+.B avc_thread_callback
+structure to specify functions for starting and manipulating threads.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_thread_callback {
+ void *(*func_create_thread)(void (*run)(void));
+ void (*func_stop_thread)(void *thread);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_create_thread
+callback should create a new thread and return a pointer which references it. The thread should execute the
+.I run
+argument, which does not return under normal conditions. The
+.B func_stop_thread
+callback should cancel the running thread referenced by
+.IR thread .
+By default, threading is not used; see
+.B NETLINK NOTIFICATION
+below.
+
+Use an
+.B avc_lock_callback
+structure to specify functions to create, obtain, and release locks for use by threads.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_lock_callback {
+ void *(*func_alloc_lock)(void);
+ void (*func_get_lock)(void *lock);
+ void (*func_release_lock)(void *lock);
+ void (*func_free_lock)(void *lock);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_alloc_lock
+callback should create a new lock, returning a pointer which references it. The
+.B func_get_lock
+callback should obtain
+.IR lock ,
+blocking if necessary. The
+.B func_release_lock
+callback should release
+.IR lock .
+The
+.B func_free_lock
+callback should destroy
+.IR lock ,
+freeing any resources associated with it. The default behavior is not to perform any locking. Note that undefined behavior may result if threading is used without appropriate locking.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+In the default single-threaded mode, the userspace AVC checks for new netlink messages at the start of each permission query. If threading and locking callbacks are passed to
+.B avc_init
+however, a dedicated thread will be started to listen on the netlink socket. This may increase performance and will ensure that log messages are generated immediately rather than at the time of the next permission query.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "NOTES"
+The
+.I msgprefix
+argument to
+.B avc_init
+currently has a length limit of 15 characters and will be truncated if necessary.
+
+If a provided
+.B func_malloc
+callback does not set
+.I errno
+appropriately on error, userspace AVC calls may exhibit the
+same behavior.
+
+If a netlink thread has been created and an error occurs on the socket (such as an access error), the thread may terminate and cause the userspace AVC to return
+.B EINVAL
+on all further permission checks until
+.B avc_destroy
+is called.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_open (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/avc_open.3 b/libselinux/man/man3/avc_open.3
new file mode 100644
index 0000000..9019085
--- /dev/null
+++ b/libselinux/man/man3/avc_open.3
@@ -0,0 +1,70 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2008
+.TH "avc_open" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+avc_open, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_open(struct selinux_opt *" options ", unsigned " nopt ");"
+.sp
+.BI "void avc_destroy(void);"
+.sp
+.BI "int avc_reset(void);"
+.sp
+.BI "void avc_cleanup(void);"
+.SH "DESCRIPTION"
+.B avc_open
+initializes the userspace AVC and must be called before any other AVC operation can be performed.
+
+.B avc_destroy
+destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
+.B avc_open
+must be called again before any AVC operations can be performed.
+
+.B avc_reset
+flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
+.B NETLINK NOTIFICATION
+below.
+
+.B avc_cleanup
+forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
+
+.SH "OPTIONS"
+The userspace AVC obeys callbacks set via
+.BR selinux_set_callback (3),
+in particular the logging and audit callbacks.
+
+The options which may be passed to
+.B avc_open
+include the following:
+
+.TP
+.B AVC_OPT_SETENFORCE
+This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive mode otherwise. The system enforcing mode will be ignored.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR selinux_set_callback (3),
+.BR security_compute_av (3)
+
diff --git a/libselinux/man/man3/avc_reset.3 b/libselinux/man/man3/avc_reset.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_reset.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_sid_stats.3 b/libselinux/man/man3/avc_sid_stats.3
new file mode 100644
index 0000000..6732dc1
--- /dev/null
+++ b/libselinux/man/man3/avc_sid_stats.3
@@ -0,0 +1 @@
+.so man3/avc_cache_stats.3
diff --git a/libselinux/man/man3/avc_sid_to_context.3 b/libselinux/man/man3/avc_sid_to_context.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/avc_sid_to_context.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/checkPasswdAccess.3 b/libselinux/man/man3/checkPasswdAccess.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/checkPasswdAccess.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/context_free.3 b/libselinux/man/man3/context_free.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_free.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_new.3 b/libselinux/man/man3/context_new.3
new file mode 100644
index 0000000..f36bd25
--- /dev/null
+++ b/libselinux/man/man3/context_new.3
@@ -0,0 +1,61 @@
+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts
+
+.SH "SYNOPSIS"
+.B #include <selinux/context.h>
+
+.B "context_t context_new(const char *" context_str );
+
+.B "const char * context_str(context_t " con );
+
+.B "void context_free(context_t " con );
+
+.B "const char * context_type_get(context_t " con );
+
+.B "const char * context_range_get(context_t " con );
+
+.B "const char * context_role_get(context_t " con );
+
+.B "const char * context_user_get(context_t " con );
+
+.B "const char * context_type_set(context_t " con ", const char* " type);
+
+.B "const char * context_range_set(context_t " con ", const char* " range);
+
+.B "const char * context_role_set(context_t " con ", const char* " role );
+
+.B "const char * context_user_set(context_t " con ", const char* " user );
+
+.SH "DESCRIPTION"
+These functions allow an application to manipulate the fields of a
+security context string without requiring it to know the format of the
+string.
+
+context_new
+ Return a new context initialized to a context string
+
+context_str
+Return a pointer to the string value of the context_t
+Valid until the next call to context_str or context_free
+for the same context_t*
+
+context_free
+Free the storage used by a context
+
+context_type_get, context_range_get, context_role_get, context_user_get
+Get a pointer to the string value of a context component
+
+NOTE: Values returned by the get functions are only valid until the next call
+to a set function or context_free() for the same context_t structure.
+
+context_type_set, context_range_set, context_role_set, context_user_set
+Set a context component
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/context_range_get.3 b/libselinux/man/man3/context_range_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_range_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_range_set.3 b/libselinux/man/man3/context_range_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_range_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_role_get.3 b/libselinux/man/man3/context_role_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_role_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_role_set.3 b/libselinux/man/man3/context_role_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_role_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_type_get.3 b/libselinux/man/man3/context_type_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_type_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_type_set.3 b/libselinux/man/man3/context_type_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_type_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_user_get.3 b/libselinux/man/man3/context_user_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_user_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_user_set.3 b/libselinux/man/man3/context_user_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_user_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/freecon.3 b/libselinux/man/man3/freecon.3
new file mode 100644
index 0000000..055ccc8
--- /dev/null
+++ b/libselinux/man/man3/freecon.3
@@ -0,0 +1,25 @@
+.TH "freecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+freecon, freeconary \- free memory associated with SELinux security contexts.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "void freecon(security_context_t "con );
+
+.BI "void freeconary(security_context_t *" con );
+
+.SH "DESCRIPTION"
+.B freecon
+frees the memory allocated for a security context.
+
+.B freeconary
+frees the memory allocated for a context array.
+
+If
+.I con
+is NULL, no operation is performed.
+
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/freeconary.3 b/libselinux/man/man3/freeconary.3
new file mode 100644
index 0000000..3420153
--- /dev/null
+++ b/libselinux/man/man3/freeconary.3
@@ -0,0 +1 @@
+.so man3/freecon.3
diff --git a/libselinux/man/man3/fsetfilecon.3 b/libselinux/man/man3/fsetfilecon.3
new file mode 100644
index 0000000..33c321a
--- /dev/null
+++ b/libselinux/man/man3/fsetfilecon.3
@@ -0,0 +1 @@
+.so man3/setfilecon.3
diff --git a/libselinux/man/man3/get_default_context.3 b/libselinux/man/man3/get_default_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_level.3 b/libselinux/man/man3/get_default_context_with_level.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_level.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_role.3 b/libselinux/man/man3/get_default_context_with_role.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_role.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_rolelevel.3 b/libselinux/man/man3/get_default_context_with_rolelevel.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_rolelevel.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_ordered_context_list.3 b/libselinux/man/man3/get_ordered_context_list.3
new file mode 100644
index 0000000..c3fa956
--- /dev/null
+++ b/libselinux/man/man3/get_ordered_context_list.3
@@ -0,0 +1,80 @@
+.TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SELinux"
+.SH "NAME"
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/get_context_list.h>
+.sp
+.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
+.sp
+.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t **" list );
+.sp
+.BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
+.sp
+.BI "int get_default_context_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t *" newcon );
+.sp
+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
+.BI "int get_default_context_with_rolelevel(const char* " user ", const char* " level ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
+.BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
+.sp
+.BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
+.sp
+.BI "int get_default_type(const char *" role ", char **" type );
+
+.SH "DESCRIPTION"
+.B get_ordered_context_list
+invokes the
+.B security_compute_user
+function to obtain the list of contexts for the specified
+.I user
+that are reachable from the specified
+.I fromcon
+context. The function then orders the resulting list based on the global
+.B /etc/selinux/<SELINUXTYPE>/contexts/default_contexts
+file and the per-user
+.B /etc/selinux/<SELINUXTYPE>/contexts/users/<username>
+file if it exists. The
+.I fromcon
+parameter may be NULL to indicate that the current context should
+be used. The function returns the number of contexts in the
+list, or -1 upon errors. The list must be freed using the
+.B freeconary
+function.
+
+.B get_ordered_context_list_with_level
+invokes the get_ordered_context_list function and applies the specified level.
+
+.B get_default_context
+is the same as get_ordered_context_list but only returns a single context
+which has to be freed with freecon.
+
+.B get_default_context_with_level
+invokes the get_default_context function and applies the specified level.
+
+.B get_default_context_with_role
+is the same as get_default_context but only returns a context with the specified role, returning -1 if no such context is reachable for the user.
+
+.B get_default_context_with_rolelevel
+invokes the get_default_context_with_role function and applies the specified level.
+
+.B query_user_context
+takes a list of contexts, queries the user via stdin/stdout as to which context
+they want, and returns a new context as selected by the user (which has to be
+freed with freecon).
+
+.B manual_user_enter_context
+allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.
+
+.B get_default_type
+Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
+
+.SH "RETURN VALUE"
+get_ordered_context_list and get_ordered_context_list_with_level return the number of contexts in the list upon success or -1 upon errors.
+The other functions return 0 for success or -1 for errors.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
diff --git a/libselinux/man/man3/get_ordered_context_list_with_level.3 b/libselinux/man/man3/get_ordered_context_list_with_level.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_ordered_context_list_with_level.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3
new file mode 100644
index 0000000..2170795
--- /dev/null
+++ b/libselinux/man/man3/getcon.3
@@ -0,0 +1,62 @@
+.TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getcon, getprevcon, getpidcon \- get SELinux security context of a process.
+
+getpeercon - get security context of a peer socket.
+
+setcon - set current security context of a process.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getcon(security_context_t *" context );
+
+.BI "int getprevcon(security_context_t *" context );
+
+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+
+.BI "int getpeercon(int " fd ", security_context_t *" context);
+
+.BI "int setcon(security_context_t " context);
+
+.SH "DESCRIPTION"
+.B getcon
+retrieves the context of the current process, which must be free'd with
+freecon.
+
+.B getprevcon
+same as getcon but gets the context before the last exec.
+
+.B getpidcon
+returns the process context for the specified PID.
+
+.B getpeercon
+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
+
+.B setcon
+sets the current security context of the process to a new value. Note
+that use of this function requires that the entire application be
+trusted to maintain any desired separation between the old and new
+security contexts, unlike exec-based transitions performed via
+setexeccon(3). When possible, decompose your applicaiton and use
+setexeccon() and execve() instead.
+
+Since access to file descriptors is revalidated upon use by SELinux,
+the new context must be explicitly authorized in the policy to use the
+descriptors opened by the old context if that is desired. Otherwise,
+attempts by the process to use any existing descriptors (including
+stdin, stdout, and stderr) after performing the setcon() will fail.
+
+A multi-threaded application can perform a setcon() prior to creating
+any child threads, in which case all of the child threads will inherit
+the new context. However, setcon() will fail if there are any other
+threads running in the same process.
+
+If the process was being ptraced at the time of the setcon()
+operation, ptrace permission will be revalidated against the new
+context and the setcon() will fail if it is not allowed by policy.
+
+.SH "RETURN VALUE"
+On error -1 is returned. On success 0 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setexeccon "(3)"
diff --git a/libselinux/man/man3/getexeccon.3 b/libselinux/man/man3/getexeccon.3
new file mode 100644
index 0000000..4b832a2
--- /dev/null
+++ b/libselinux/man/man3/getexeccon.3
@@ -0,0 +1,60 @@
+.TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
+
+rpm_execcon \- run a helper for rpm in an appropriate security context
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getexeccon(security_context_t *" context );
+
+.BI "int setexeccon(security_context_t "context );
+
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
+
+.SH "DESCRIPTION"
+.B getexeccon
+retrieves the context used for executing a new process.
+This returned context should be freed with freecon if non-NULL.
+getexeccon sets *con to NULL if no exec context has been explicitly
+set by the program (i.e. using the default policy behavior).
+
+.B setexeccon
+sets the context used for the next execve call.
+NULL can be passed to
+setexeccon to reset to the default policy behavior.
+The exec context is automatically reset after the next execve, so a
+program doesn't need to explicitly sanitize it upon startup.
+
+
+setexeccon can be applied prior to library
+functions that internally perform an execve, e.g. execl*, execv*, popen,
+in order to set an exec context for that operation.
+
+
+Note: Signal handlers that perform an execve must take care to
+save, reset, and restore the exec context to avoid unexpected behavior.
+
+
+.B rpm_execcon
+runs a helper for rpm in an appropriate security context. The
+verified parameter should contain the return code from the signature
+verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
+nottrusted, 4 == nokey), although this information is not yet used by
+the function. The function determines the proper security context for
+the helper based on policy, sets the exec context accordingly, and
+then executes the specified filename with the provided argument and
+environment arrays.
+
+
+.SH "RETURN VALUE"
+On error -1 is returned.
+
+On success getexeccon and setexeccon returns 0.
+rpm_execcon only returns upon errors, as it calls execve(2).
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " getcon "(3)"
+
+
diff --git a/libselinux/man/man3/getfilecon.3 b/libselinux/man/man3/getfilecon.3
new file mode 100644
index 0000000..61b216f
--- /dev/null
+++ b/libselinux/man/man3/getfilecon.3
@@ -0,0 +1,42 @@
+.TH "getfilecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getfilecon(const char *" path ", security_context_t *" con );
+
+.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
+
+.BI "int fgetfilecon(int "fd ", security_context_t *" con );
+.SH "DESCRIPTION"
+.B getfilecon
+retrieves the context associated with the given path in the file system, the
+length of the context is returned.
+
+.B lgetfilecon
+is identical to getfilecon, except in the case of a symbolic link, where the
+link itself is interrogated, not the file that it refers to.
+
+.B fgetfilecon
+is identical to getfilecon, only the open file pointed to by filedes (as
+returned by open(2)) is interrogated in place of path.
+
+
+The returned context should be freed with freecon if non-NULL.
+.SH "RETURN VALUE"
+On success, a positive number is returned indicating the size of the
+extended attribute value. On failure, \-1 is returned and errno is set
+appropriately.
+
+If the context does not exist, or the process has no access to
+this attribute, errno is set to ENODATA.
+
+If extended attributes are not supported by the filesystem, or are dis\-
+abled, errno is set to ENOTSUP.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/getfscreatecon.3 b/libselinux/man/man3/getfscreatecon.3
new file mode 100644
index 0000000..474aa28
--- /dev/null
+++ b/libselinux/man/man3/getfscreatecon.3
@@ -0,0 +1,38 @@
+.TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getfscreatecon(security_context_t *" con );
+
+.BI "int setfscreatecon(security_context_t "context );
+
+.SH "DESCRIPTION"
+.B getfscreatecon
+retrieves the context used for creating a new file system object.
+This returned context should be freed with freecon if non-NULL.
+getfscreatecon sets *con to NULL if no fscreate context has been explicitly
+set by the program (i.e. using the default policy behavior).
+
+.B setfscreatecon
+sets the context used for creating a new file system object.
+NULL can be passed to
+setfscreatecon to reset to the default policy behavior.
+The fscreate context is automatically reset after the next execve, so a
+program doesn't need to explicitly sanitize it upon startup.
+
+setfscreatecon can be applied prior to library
+functions that internally perform an file creation,
+in order to set an file context on the objects.
+
+
+Note: Signal handlers that perform an setfscreate must take care to
+save, reset, and restore the fscreate context to avoid unexpected behavior.
+.SH "RETURN VALUE"
+On error -1 is returned.
+On success 0 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
diff --git a/libselinux/man/man3/getpeercon.3 b/libselinux/man/man3/getpeercon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getpeercon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getpidcon.3 b/libselinux/man/man3/getpidcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getpidcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getprevcon.3 b/libselinux/man/man3/getprevcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getprevcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getseuserbyname.3 b/libselinux/man/man3/getseuserbyname.3
new file mode 100644
index 0000000..1630356
--- /dev/null
+++ b/libselinux/man/man3/getseuserbyname.3
@@ -0,0 +1,28 @@
+.TH "getseuserbyname" "3" "29 September 2005" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+getseuserbyname \- get SELinux username and level for a given Linux username
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getseuserbyname(const char *" linuxuser ", char **" selinuxuser ", char **" level ");
+.SH "DESCRIPTION"
+.B getseuserbyname
+retrieves the SELinux username and security level associated with
+a given Linux username. The SELinux username and security level can
+then be passed to other libselinux functions such as
+get_ordered_context_list_with_level and get_default_context_with_level.
+
+
+
+The returned SELinux username and level should be freed by the caller
+using free.
+.SH "RETURN VALUE"
+On success, 0 is returned.
+On failure, \-1 is returned and errno is set appropriately.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/is_context_customizable.3 b/libselinux/man/man3/is_context_customizable.3
new file mode 100644
index 0000000..d230ace
--- /dev/null
+++ b/libselinux/man/man3/is_context_customizable.3
@@ -0,0 +1,25 @@
+.TH "is_context_customizable" "3" "10 January 2005" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+is_context_customizable \- check whether SELinux context type is customizable by the administrator.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int is_context_customizable(security_context_t scon);
+
+.SH "DESCRIPTION"
+.B is_context_customizable
+
+This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
+administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
+
+
+.SH "RETURN VALUE"
+returns 1 if security context is customizable or 0 if it is not.
+returns -1 on error
+
+.SH "FILE"
+/etc/selinux/SELINUXTYPE/context/customizable_types
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
new file mode 100644
index 0000000..025aad6
--- /dev/null
+++ b/libselinux/man/man3/is_selinux_enabled.3
@@ -0,0 +1,15 @@
+.TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+is_selinux_enabled \- check whether SELinux is enabled
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int is_selinux_enabled();
+
+.SH "DESCRIPTION"
+.B is_selinux_enabled
+returns 1 if SELinux is running or 0 if it is not. May change soon.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/lsetfilecon.3 b/libselinux/man/man3/lsetfilecon.3
new file mode 100644
index 0000000..33c321a
--- /dev/null
+++ b/libselinux/man/man3/lsetfilecon.3
@@ -0,0 +1 @@
+.so man3/setfilecon.3
diff --git a/libselinux/man/man3/manual_user_enter_context.3 b/libselinux/man/man3/manual_user_enter_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/manual_user_enter_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/matchmediacon.3 b/libselinux/man/man3/matchmediacon.3
new file mode 100644
index 0000000..1a3a561
--- /dev/null
+++ b/libselinux/man/man3/matchmediacon.3
@@ -0,0 +1,26 @@
+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+matchmediacon \- get the default SELinux security context for the specified mediatype from the policy.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
+
+
+.SH "DESCRIPTION"
+
+.B matchmediacon
+matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
+.sp
+
+.B Note:
+ Caller must free returned security context "con" using freecon.
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH Files
+/etc/selinux/POLICYTYPE/contexts/files/media
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3)
diff --git a/libselinux/man/man3/matchpathcon.3 b/libselinux/man/man3/matchpathcon.3
new file mode 100644
index 0000000..2b1471c
--- /dev/null
+++ b/libselinux/man/man3/matchpathcon.3
@@ -0,0 +1,120 @@
+.TH "matchpathcon" "3" "16 March 2005" "sds@tycho.nsa.gov" "SELinux API documentation"
+.SH "NAME"
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchpathcon_init(const char *" path ");"
+
+.BI "int matchpathcon_fini(void);"
+
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
+.sp
+
+.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
+
+.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
+
+.BI "void set_matchpathcon_flags(unsigned int " flags ");"
+
+.SH "DESCRIPTION"
+.B matchpathcon_init
+loads the file contexts configuration specified by
+.I path
+into memory for use by subsequent
+.B matchpathcon
+calls. If
+.I path
+is NULL, then the active file contexts configuration is loaded by default,
+i.e. the path returned by
+.B selinux_file_context_path(3).
+Unless the
+.B MATCHPATHCON_BASEONLY
+flag has been set via
+.B set_matchpathcon_flags,
+files with the same path prefix but a
+.B .homedirs
+and
+.B .local
+suffix are also looked up and loaded if present. These files provide
+dynamically generated entries for user home directories and for local
+customizations.
+
+.sp
+.B matchpathcon_fini
+frees the memory allocated by a prior call to
+.B matchpathcon_init.
+This function can be used to free and reset the internal state between multiple
+.B matchpathcon_init
+calls, or to free memory when finished using
+.B matchpathcon.
+
+.sp
+.B matchpathcon
+matches the specified pathname and mode against the file contexts
+configuration and sets the security context
+.I con
+to refer to the
+resulting context. The caller must free the returned security context
+.I con
+using freecon when finished using it.
+.I mode
+can be 0 to disable mode matching, but
+should be provided whenever possible, as it may affect the matching.
+Only the file format bits (i.e. the file type) of the
+.I mode
+are used.
+If
+.B matchpathcon_init
+has not already been called, then this function will call it upon
+its first invocation with a NULL
+.I path,
+defaulting to the active file contexts configuration.
+.sp
+
+.B set_matchpathcon_printf
+sets the function used by
+.B matchpathcon_init
+when displaying errors about the file contexts configuration. If not set,
+then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
+error reporting to a different destination.
+
+.sp
+.B set_matchpathcon_invalidcon
+sets the function used by
+.B matchpathcon_init
+when checking the validity of a context in the file contexts
+configuration. If not set, then this defaults to a test based
+on
+.B security_check_context(3),
+which checks validity against the active policy on a SELinux system.
+This can be set to instead perform checking based on a binary policy file,
+e.g. using
+.B sepol_check_context(3),
+as is done by
+.B setfiles -c.
+The function is also responsible for reporting any such error, and
+may include the
+.I path
+and
+.I lineno
+in such error messages.
+
+.sp
+.B set_matchpathcon_flags
+sets flags controlling the operation of
+.B matchpathcon_init
+or
+.B matchpathcon.
+If the
+.B MATCHPATHCON_BASEONLY
+flag is set, then only the base file contexts configuration file
+will be processed, not any dynamically generated entries or local customizations.
+
+.sp
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/query_user_context.3 b/libselinux/man/man3/query_user_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/query_user_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/rpm_execcon.3 b/libselinux/man/man3/rpm_execcon.3
new file mode 100644
index 0000000..b2e6ab8
--- /dev/null
+++ b/libselinux/man/man3/rpm_execcon.3
@@ -0,0 +1 @@
+.so man3/getexeccon.3
diff --git a/libselinux/man/man3/security_av_perm_to_string.3 b/libselinux/man/man3/security_av_perm_to_string.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/security_av_perm_to_string.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/security_av_string.3 b/libselinux/man/man3/security_av_string.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/security_av_string.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/security_check_context.3 b/libselinux/man/man3/security_check_context.3
new file mode 100644
index 0000000..af55f06
--- /dev/null
+++ b/libselinux/man/man3/security_check_context.3
@@ -0,0 +1,16 @@
+.TH "security_check_context" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_check_context \- check the validity of a SELinux context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int security_check_context(security_context_t "con );
+
+.SH "DESCRIPTION"
+.B security_check_context
+returns 0 if SELinux is running and the context is valid, otherwise it
+returns -1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
new file mode 100644
index 0000000..41788e9
--- /dev/null
+++ b/libselinux/man/man3/security_class_to_string.3
@@ -0,0 +1,80 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
+.SH "NAME"
+security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert
+between SELinux class and permission values and string names.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/flask.h>
+.sp
+.BI "const char * security_class_to_string(security_class_t " tclass ");"
+.sp
+.BI "const char * security_av_perm_to_string(security_class_t " tclass ", access_vector_t " av ");"
+.sp
+.BI "int security_av_string(security_class_t " tclass ", access_vector_t " av ", char **" result ");"
+.sp
+.BI "security_class_t string_to_security_class(const char *" name ");"
+.sp
+.BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");"
+
+.SH "DESCRIPTION"
+.B security_class_to_string
+returns a string name for class
+.IR tclass ,
+or NULL if the class is invalid. The returned string must not be modified or freed.
+
+.B security_av_perm_to_string
+returns a string name for the access vector bit
+.I av
+of class
+.IR tclass ,
+or NULL if either argument is invalid. The returned string must not be modified or freed.
+
+.B security_av_string
+computes a full access vector string representation using
+.I tclass
+and
+.IR av ,
+which may have multiple bits set. The string is returned in the memory pointed to by
+.IR result ,
+and should be freed by the caller using
+.BR free (3).
+
+.B string_to_security_class
+returns the class value corresponding to the string name
+.IR name ,
+or zero if no such class exists.
+
+.B string_to_av_perm
+returns the access vector bit corresponding to the string name
+.I name
+and security class
+.IR tclass ,
+or zero if no such value exists.
+
+.SH "RETURN VALUE"
+.B security_av_string
+returns returns zero on success or \-1 on error with
+.I errno
+set appropriately. All other functions return zero or NULL on error.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+A class or access vector argument is not recognized by the currently loaded policy.
+
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR getcon (3),
+.BR getfilecon (3)
diff --git a/libselinux/man/man3/security_commit_booleans.3 b/libselinux/man/man3/security_commit_booleans.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_commit_booleans.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
new file mode 100644
index 0000000..885719f
--- /dev/null
+++ b/libselinux/man/man3/security_compute_av.3
@@ -0,0 +1,68 @@
+.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_compute_av, security_compute_create, security_compute_relabel,
+security_compute_member, security_compute_user, security_get_initial_context \- query
+the SELinux policy database in the kernel.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/flask.h>
+.sp
+.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
+.sp
+.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_member(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
+.sp
+.BI "int security_get_initial_context(const char *" name ", security_context_t
+"con );
+.sp
+.BI "int checkPasswdAccess(access_vector_t " requested );
+
+.SH "DESCRIPTION"
+.B security_compute_av
+queries whether the policy permits the source context
+.B scon
+to access the target context
+.B tcon
+via class
+.B tclass
+with the
+.B requested
+access vector. See the cron source for a usage example.
+
+.B security_compute_create
+is used to compute a context to use for labeling a new object in a particular
+class based on a SID pair.
+
+.B security_compute_relabel
+is used to compute the new context to use when relabeling an object, it is used
+in the pam_selinux.so source and the newrole source to determine the correct
+label for the tty at login time, but can be used for other things.
+
+.B security_compute_member
+is used to compute the context to use when labeling a polyinstantiated object
+instance.
+
+.B security_compute_user
+is used to determine the set of user contexts that can be reached from a
+source context. Is mainly used by
+.B get_ordered_context_list.
+
+.B security_get_initial_context
+is used to get the context of a kernel initial security identifier specified by
+.I name
+
+.B checkPasswdAccess
+This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
+
+.SH "RETURN VALUE"
+0 for success and on error -1 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
diff --git a/libselinux/man/man3/security_compute_create.3 b/libselinux/man/man3/security_compute_create.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_create.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_member.3 b/libselinux/man/man3/security_compute_member.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_member.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_relabel.3 b/libselinux/man/man3/security_compute_relabel.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_relabel.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_user.3 b/libselinux/man/man3/security_compute_user.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_user.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_get_boolean_active.3 b/libselinux/man/man3/security_get_boolean_active.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_active.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_boolean_names.3 b/libselinux/man/man3/security_get_boolean_names.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_names.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_boolean_pending.3 b/libselinux/man/man3/security_get_boolean_pending.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_pending.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_initial_context.3 b/libselinux/man/man3/security_get_initial_context.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_get_initial_context.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_getenforce.3 b/libselinux/man/man3/security_getenforce.3
new file mode 100644
index 0000000..5d65574
--- /dev/null
+++ b/libselinux/man/man3/security_getenforce.3
@@ -0,0 +1,23 @@
+.TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int security_getenforce();
+
+.BI "int security_setenforce(int "value );
+
+.SH "DESCRIPTION"
+.B security_getenforce
+returns 0 if SELinux is running in permissive mode, 1 if it is running in
+enforcing mode, and -1 on error.
+
+.B security_setenforce
+sets SELinux to enforcing mode if the value 1 is passed in, and sets it to
+permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
+returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_load_booleans.3 b/libselinux/man/man3/security_load_booleans.3
new file mode 100644
index 0000000..c7057a1
--- /dev/null
+++ b/libselinux/man/man3/security_load_booleans.3
@@ -0,0 +1,59 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+security_load_booleans, security_set_boolean, security_commit_booleans,
+security_get_boolean_names, security_get_boolean_active,
+security_get_boolean_pending \- routines for manipulating SELinux boolean values
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+extern int security_load_booleans(char *path);
+
+extern int security_get_boolean_names(char ***names, int *len);
+
+extern int security_get_boolean_pending(const char *name);
+
+extern int security_get_boolean_active(const char *name);
+
+extern int security_set_boolean(const char *name, int value);
+
+extern int security_commit_booleans(void);
+
+
+.SH "DESCRIPTION"
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
+
+security_load_booleans
+
+Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
+
+security_get_boolean_names
+
+Returns a list of boolean names, currently supported by the loaded policy.
+
+security_set_boolean
+
+Sets the pending value for boolean
+
+security_get_boolean_pending
+
+Return pending value for boolean
+
+security_get_boolean_active
+
+Return active value for boolean
+
+security_commit_booleans
+
+Commit all pending values for the booleans.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+selinux(8), getsebool(8), booleans(8), togglesebool(8)
diff --git a/libselinux/man/man3/security_load_policy.3 b/libselinux/man/man3/security_load_policy.3
new file mode 100644
index 0000000..77c3eec
--- /dev/null
+++ b/libselinux/man/man3/security_load_policy.3
@@ -0,0 +1,15 @@
+.TH "security_load_policy" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_load_policy \- load a new SELinux policy
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int security_load_policy(void *" data ", size_t "len );
+
+.SH "DESCRIPTION"
+.B security_load_policy
+loads a new policy, returns 0 for success and -1 for error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_policyvers.3 b/libselinux/man/man3/security_policyvers.3
new file mode 100644
index 0000000..9e5dfd2
--- /dev/null
+++ b/libselinux/man/man3/security_policyvers.3
@@ -0,0 +1,16 @@
+.TH "security_policyvers" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_policyvers \- get the version of the SELinux policy
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int security_policyvers();
+
+.SH "DESCRIPTION"
+.B security_policyvers
+returns the version of the policy (a positive integer) on success, or -1 on
+error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_set_boolean.3 b/libselinux/man/man3/security_set_boolean.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_set_boolean.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_setenforce.3 b/libselinux/man/man3/security_setenforce.3
new file mode 100644
index 0000000..24bca10
--- /dev/null
+++ b/libselinux/man/man3/security_setenforce.3
@@ -0,0 +1 @@
+.so security_getenforce.3
diff --git a/libselinux/man/man3/selabel_close.3 b/libselinux/man/man3/selabel_close.3
new file mode 100644
index 0000000..468fdaf
--- /dev/null
+++ b/libselinux/man/man3/selabel_close.3
@@ -0,0 +1 @@
+.so man3/selabel_open.3
diff --git a/libselinux/man/man3/selabel_lookup.3 b/libselinux/man/man3/selabel_lookup.3
new file mode 100644
index 0000000..ab792bb
--- /dev/null
+++ b/libselinux/man/man3/selabel_lookup.3
@@ -0,0 +1,78 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_lookup" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_lookup \- obtain SELinux security context from a string label.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" key ", int " type ");"
+.in
+.sp
+.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup_raw('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" key ", int " type ");"
+
+.SH "DESCRIPTION"
+.B selabel_lookup
+performs a lookup operation on the handle
+.IR hnd ,
+returning the result in the memory pointed to by
+.IR context ,
+which must be freed by the caller using
+.BR freecon (3).
+The
+.I key
+and
+.I type
+parameters are the inputs to the lookup operation and are interpreted according to the specific backend that
+.I handle
+is open on.
+
+.B selabel_lookup_raw
+behaves identically to
+.B selabel_lookup
+but does not perform context translation.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B ENOENT
+No context corresponding to the input
+.I key
+and
+.I type
+was found.
+.TP
+.B EINVAL
+The
+.I key
+and/or
+.I type
+inputs are invalid, or the context being returned failed validation.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
new file mode 100644
index 0000000..1af2ec0
--- /dev/null
+++ b/libselinux/man/man3/selabel_open.3
@@ -0,0 +1,98 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_open" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_open, selabel_close \- userspace SELinux labeling interface.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "struct selabel_handle *selabel_open(int " backend ,
+.in +\w'struct selabel_handle *selabel_open('u
+.BI "struct selinux_opt *" options ,
+
+.BI "unsigned " nopt ");"
+.in
+.sp
+.BI "void selabel_close(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_open
+is used to initialize a labeling handle to be used for lookup operations. The
+.I backend
+argument specifies which backend is to be opened; the list of current backends appears in
+.B BACKENDS
+below.
+
+The
+.I options
+argument should be NULL or a pointer to an array of
+.B selinux_opt
+structures of length
+.IR nopt :
+
+.RS
+.ta 4n 16n 24n
+.nf
+struct selinux_opt {
+ int type;
+ const char *value;
+};
+.fi
+.ta
+.RE
+
+The available option types are described in
+.B GLOBAL OPTIONS
+below as well as in the documentation for each individual backend. The return value on success is a non-NULL value for use in subsequent label operations.
+
+.B selabel_close
+terminates use of a handle, freeing any internal resources associated with it. After this call has been made, the handle must not be used again.
+
+.SH "GLOBAL OPTIONS"
+Global options which may be passed to
+.B selabel_open
+include the following:
+
+.TP
+.B SELABEL_OPT_UNUSED
+The option with a type code of zero is a no-op. Thus an array of options may be initizalized to zero and any untouched elements will not cause an error.
+.TP
+.B SELABEL_OPT_VALIDATE
+A non-null value for this option enables context validation. By default,
+.BR security_check_context (3)
+is used; a custom validation function can be provided via
+.BR selinux_set_callback (3).
+Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation.
+
+.SH "BACKENDS"
+
+.TP
+.B SELABEL_CTX_FILE
+File contexts backend, described in
+.BR selabel_file (3).
+.TP
+.B SELABEL_CTX_MEDIA
+Media contexts backend, described in
+.BR selabel_media (3).
+.TP
+.B SELABEL_CTX_X
+X Windows contexts backend, described in
+.BR selabel_x (3).
+
+.SH "RETURN VALUE"
+A non-NULL handle value is returned on success. On error, NULL is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selabel_stats.3 b/libselinux/man/man3/selabel_stats.3
new file mode 100644
index 0000000..441f422
--- /dev/null
+++ b/libselinux/man/man3/selabel_stats.3
@@ -0,0 +1,35 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_stats" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_stats \- obtain SELinux labeling statistics.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_stats
+causes zero or more messages to be printed containing backend-specific information about number of queries performed, number of unused entries, or other operational information.
+
+The messages are printed to standard error by default; a custom logging function can be provided via
+.BR selinux_set_callback (3).
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
new file mode 100644
index 0000000..f6ceff9
--- /dev/null
+++ b/libselinux/man/man3/selinux_binary_policy_path.3
@@ -0,0 +1,70 @@
+.TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+selinux_policy_root, selinux_binary_policy_path,
+selinux_failsafe_context_path, selinux_removable_context_path,
+selinux_default_context_path, selinux_user_contexts_path,
+selinux_file_context_path, selinux_media_context_path,
+selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
+directories and files.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+
+extern const char *selinux_policy_root(void);
+
+extern const char *selinux_binary_policy_path(void);
+
+extern const char *selinux_failsafe_context_path(void);
+
+extern const char *selinux_removable_context_path(void);
+
+extern const char *selinux_default_context_path(void);
+
+extern const char *selinux_user_contexts_path(void);
+
+extern const char *selinux_file_context_path(void);
+
+extern const char *selinux_media_context_path(void);
+
+extern const char *selinux_securetty_types_path(void);
+
+extern const char *selinux_contexts_path(void);
+
+extern const char *selinux_booleans_path(void);
+
+
+.SH "DESCRIPTION"
+
+These functions return the paths to the active policy configuration
+directories and files based on the settings in /etc/selinux/config.
+
+.sp
+selinux_policy_root() - top-level policy directory
+.sp
+selinux_binary_policy_path() - binary policy file loaded into kernel
+.sp
+selinux_failsafe_context_path() - failsafe context for emergency logins
+.sp
+selinux_removable_context_path() - filesystem context for removable media
+.sp
+selinux_default_context_path() - system-wide default contexts for user sessions
+.sp
+selinux_user_contexts_path() - directory containing per-user default contexts
+.sp
+selinux_file_context_path() - file contexts configuration
+.sp
+selinux_media_context_path() - file contexts for media device nodes
+.sp
+selinux_contexts_path() - directory containing all of the context configuration files
+.sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
+selinux_booleans_path() - initial policy boolean settings
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/selinux_booleans_path.3 b/libselinux/man/man3/selinux_booleans_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_booleans_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_check_securetty_context.3 b/libselinux/man/man3/selinux_check_securetty_context.3
new file mode 100644
index 0000000..65a10d3
--- /dev/null
+++ b/libselinux/man/man3/selinux_check_securetty_context.3
@@ -0,0 +1,16 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int selinux_check_securetty_context(security_context_t "tty_context );
+
+.SH "DESCRIPTION"
+.B selinux_check_securetty_context
+returns 0 if tty_context is a securetty context
+returns < 0 otherwise.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/selinux_contexts_path.3 b/libselinux/man/man3/selinux_contexts_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_contexts_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_default_context_path.3 b/libselinux/man/man3/selinux_default_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_default_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_failsafe_context_path.3 b/libselinux/man/man3/selinux_failsafe_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_failsafe_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_file_context_path.3 b/libselinux/man/man3/selinux_file_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_file_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_getenforcemode.3 b/libselinux/man/man3/selinux_getenforcemode.3
new file mode 100644
index 0000000..a6a753e
--- /dev/null
+++ b/libselinux/man/man3/selinux_getenforcemode.3
@@ -0,0 +1,25 @@
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_getenforcemode \- get the enforcing state of SELinux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int selinux_getenforcemode(int *enforce);
+
+
+.SH "DESCRIPTION"
+.B selinux_getenforcemode
+Reads the contents of the /etc/selinux/config file to determine how the
+system was setup to run SELinux.
+
+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
+Sets the value of enforce to 0 if SELinux should be run in permissive mode.
+Sets the value of enforce to -1 if SELinux should be disabled.
+.SH "RETURN VALUE"
+On success, zero is returned.
+On failure, -1 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
+
diff --git a/libselinux/man/man3/selinux_media_context_path.3 b/libselinux/man/man3/selinux_media_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_media_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_policy_root.3 b/libselinux/man/man3/selinux_policy_root.3
new file mode 100644
index 0000000..7499c75
--- /dev/null
+++ b/libselinux/man/man3/selinux_policy_root.3
@@ -0,0 +1,20 @@
+.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_policy_root \- return the path of the SELinux policy files for this machine.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B char *selinux_policy_root();
+
+
+.SH "DESCRIPTION"
+.B selinux_policy_root
+Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
+.SH "RETURN VALUE"
+On success, returns a directory path containing the SELinux policy files.
+On failure, NULL is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
+
diff --git a/libselinux/man/man3/selinux_removable_context_path.3 b/libselinux/man/man3/selinux_removable_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_removable_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_securetty_types_path.3 b/libselinux/man/man3/selinux_securetty_types_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_securetty_types_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_set_callback.3 b/libselinux/man/man3/selinux_set_callback.3
new file mode 100644
index 0000000..6d6a723
--- /dev/null
+++ b/libselinux/man/man3/selinux_set_callback.3
@@ -0,0 +1,95 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selinux_set_callback" "3" "20 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_callback \- userspace SELinux callback facilities.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "void selinux_set_callback(int " type ", union selinux_callback " callback ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_callback
+sets the callback indicated by
+.I type
+to the value of
+.IR callback ,
+which should be passed as a function pointer cast to type
+.B union
+.BR selinux_callback .
+
+All callback functions should return a negative value with
+.I errno
+set appropriately on error.
+
+The available values for
+.I type
+are:
+.TP
+.B SELINUX_CB_LOG
+.BI "int (*" func_log ") (int " type ", const char *" fmt ", ...);"
+
+This callback is used for logging and should process the
+.BR printf (3)
+style
+.I fmt
+string and arguments as appropriate. The
+.I type
+argument indicates the type of message and will be set to one of the following:
+
+.B SELINUX_ERROR
+
+.B SELINUX_WARNING
+
+.B SELINUX_INFO
+
+.B SELINUX_AVC
+
+.TP
+.B SELINUX_CB_AUDIT
+.BI "int (*" func_audit ") (void *" auditdata ", security_class_t " cls ,
+.in +\w'int (*func_audit) ('u
+.BI "char *" msgbuf ", size_t " msgbufsize ");"
+.in
+
+This callback is used for supplemental auditing in AVC messages. The
+.I auditdata
+and
+.I cls
+arguments are the values passed to
+.BR avc_has_perm (3).
+A human-readable interpretation should be printed to
+.I msgbuf
+using no more than
+.I msgbufsize
+characters.
+
+.TP
+.B SELINUX_CB_VALIDATE
+.BI "int (*" func_validate ") (security_context_t *" ctx ");"
+
+This callback is used for context validation. The callback may optionally modify the input context by setting the target of the
+.I ctx
+pointer to a new context. In this case, the old value should be freed with
+.BR freecon (3).
+The value of
+.I errno
+should be set to
+.B EINVAL
+to indicate an invalid context.
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR avc_init (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selinux_set_mapping.3 b/libselinux/man/man3/selinux_set_mapping.3
new file mode 100644
index 0000000..7ac069a
--- /dev/null
+++ b/libselinux/man/man3/selinux_set_mapping.3
@@ -0,0 +1,87 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2008
+.TH "selinux_set_mapping" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_mapping \- establish dynamic object class and permission mapping.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.nf
+struct security_class_mapping {
+ const char *name;
+ const char *perms[];
+};
+.fi
+.sp
+.BI "int selinux_set_mapping(struct security_class_mapping *" map ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_mapping
+establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. Use of this function is highly preferred over the generated constants in the libselinux header files, as this method allows the policy's class and permission values to change over time.
+
+After the mapping is established, all libselinux functions that operate on class and permission values take the user-provided numbers, which are determined as follows:
+
+The
+.I map
+argument consists of an array of
+.B security_class_mapping
+structures, which must be terminated by a structure having a NULL name field. Except for this last structure, the
+.I name
+field should refer to the string name of an object class, and the corresponding
+.I perms
+field should refer to an array of permission bit names terminated by a NULL string.
+
+The object classes named in the mapping and the bit indexes of each set of permission bits named in the mapping are numbered in order starting from 1. These numbers are the values that should be passed to subsequent libselinux calls.
+
+.SH "RETURN VALUE"
+Zero is returned on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+One of the class or permission names requested in the mapping is not present in the loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "EXAMPLE"
+.RS
+.ta 4n 10n
+.nf
+struct security_class_mapping map[] = {
+ { "file", { "create", "unlink", "read", "write", NULL } },
+ { "socket", { "bind", NULL } },
+ { "process", { "signal", NULL } },
+ { NULL }
+};
+
+if (selinux_set_mapping(map) < 0)
+ exit(1);
+.fi
+.ta
+.RE
+
+In this example, after the call has succeeded, classes
+.BR file ,
+.BR socket ,
+and
+.B process
+will be identified by 1, 2 and 3, respectively. Permissions
+.IR create ,
+.IR unlink ,
+.IR read ,
+and
+.I write
+(for the
+.B file
+class) will be identified by 1, 2, 4, and 8 respectively. Classes and permissions not listed in the mapping cannot be used.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_open (8),
+.BR selinux (8)
diff --git a/libselinux/man/man3/selinux_user_contexts_path.3 b/libselinux/man/man3/selinux_user_contexts_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_user_contexts_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/set_matchpathcon_printf.3 b/libselinux/man/man3/set_matchpathcon_printf.3
new file mode 100644
index 0000000..cd5df2e
--- /dev/null
+++ b/libselinux/man/man3/set_matchpathcon_printf.3
@@ -0,0 +1 @@
+.so man3/matchpathcon.3
diff --git a/libselinux/man/man3/setcon.3 b/libselinux/man/man3/setcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/setcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/setexeccon.3 b/libselinux/man/man3/setexeccon.3
new file mode 100644
index 0000000..b2e6ab8
--- /dev/null
+++ b/libselinux/man/man3/setexeccon.3
@@ -0,0 +1 @@
+.so man3/getexeccon.3
diff --git a/libselinux/man/man3/setfilecon.3 b/libselinux/man/man3/setfilecon.3
new file mode 100644
index 0000000..18030cd
--- /dev/null
+++ b/libselinux/man/man3/setfilecon.3
@@ -0,0 +1,41 @@
+.TH "setfilecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int setfilecon(const char *" path ", security_context_t "con );
+
+.BI "int lsetfilecon(const char *" path ", security_context_t "con );
+
+.BI "int fsetfilecon(int "fd ", security_context_t "con );
+
+.SH "DESCRIPTION"
+.B setfilecon
+sets the security context of the file system object.
+
+.B lsetfilecon
+is identical to setfilecon, except in the case of a symbolic link, where the
+link itself has it's context set, not the file that it refers to.
+
+.B fsetfilecon
+is identical to setfilecon, only the open file pointed to by filedes (as
+returned by open(2)) has it's context set in place of path.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
+If there is insufficient space remaining to store the extended
+attribute, errno is set to either ENOSPC, or EDQUOT if quota enforce-
+ment was the cause.
+
+If extended attributes are not supported by the filesystem, or are dis-
+abled, errno is set to ENOTSUP.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/setfscreatecon.3 b/libselinux/man/man3/setfscreatecon.3
new file mode 100644
index 0000000..21aeebd
--- /dev/null
+++ b/libselinux/man/man3/setfscreatecon.3
@@ -0,0 +1 @@
+.so man3/getfscreatecon.3
diff --git a/libselinux/man/man3/sidget.3 b/libselinux/man/man3/sidget.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/sidget.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/sidput.3 b/libselinux/man/man3/sidput.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/sidput.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/string_to_av_perm.3 b/libselinux/man/man3/string_to_av_perm.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/string_to_av_perm.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/string_to_security_class.3 b/libselinux/man/man3/string_to_security_class.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/string_to_security_class.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man5/selabel_file.5 b/libselinux/man/man5/selabel_file.5
new file mode 100644
index 0000000..6cce99e
--- /dev/null
+++ b/libselinux/man/man5/selabel_file.5
@@ -0,0 +1,48 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_file" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_file \- userspace SELinux labeling interface: file contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" path ", int " mode ");"
+
+.SH "DESCRIPTION"
+The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system.
+
+The
+.I path
+argument should be set to the full pathname of the file whose assigned context is being checked. The
+.I mode
+argument should be set to the mode bits of the file, as determined by
+.BR lstat (2).
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
+.TP
+.B SELABEL_OPT_BASEONLY
+A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
+.TP
+.B SELABEL_OPT_SUBSET
+A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man5/selabel_media.5 b/libselinux/man/man5/selabel_media.5
new file mode 100644
index 0000000..796260f
--- /dev/null
+++ b/libselinux/man/man5/selabel_media.5
@@ -0,0 +1,37 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_media" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_media \- userspace SELinux labeling interface: media contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" device_name ", int " unused ");"
+
+.SH "DESCRIPTION"
+The media contexts backend maps from media device names such as "cdrom" or "floppy" into security contexts. It is used to find the appropriate context for establishing context mounts on these devices.
+
+The integer lookup argument is currently unused and should be set to zero.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard media contexts file.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man5/selabel_x.5 b/libselinux/man/man5/selabel_x.5
new file mode 100644
index 0000000..1591c09
--- /dev/null
+++ b/libselinux/man/man5/selabel_x.5
@@ -0,0 +1,81 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_x" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" object_name ", int " object_type ");"
+
+.SH "DESCRIPTION"
+The X contexts backend maps from X Window System object names into security contexts. It is used to find the appropriate context for X Window System objects whose significance and/or usage semantics are determined primarily by name. This backend is also used to determine the default context for labeling remotely connected X clients.
+
+The
+.I object_type
+argument should be set to one of the following values:
+.TP
+.B SELABEL_X_PROP
+The
+.I object_name
+argument specifies the name of a window property, such as "WM_NAME".
+.TP
+.B SELABEL_X_SELN
+The
+.I object_name
+argument specifies the name of a selection, such as "PRIMARY".
+.TP
+.B SELABEL_X_EXT
+The
+.I object_name
+argument specifies the name of a protocol extension, such as "RENDER".
+.TP
+.B SELABEL_X_EVENT
+The
+.I object_name
+argument specifies the name of an event type, such as "X11:ButtonPress".
+.TP
+.B SELABEL_X_CLIENT
+The
+.I object_name
+argument is ignored and should be set to NULL. The default context for labeling remote X clients is returned.
+.TP
+.B SELABEL_X_POLYPROP
+Like
+.BR SELABEL_X_PROP ,
+but checks if the property was marked as being polyinstantiated. See
+.B NOTES
+below.
+.TP
+.B SELABEL_X_POLYSELN
+Like
+.BR SELABEL_X_SELN ,
+but checks if the selection was marked as being polyinstantiated. See
+.B NOTES
+below.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard X contexts file.
+
+.SH "NOTES"
+Properties and selections are marked as either polyinstantiated or not. For these name types, the "POLY" option searches only the names marked as being polyinstantiated, while the other option searches only the names marked as not being polyinstantiated. Users of the interface should check both mappings, optionally taking action based on the result (e.g. polyinstantiating the object).
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man8/avcstat.8 b/libselinux/man/man8/avcstat.8
new file mode 100644
index 0000000..1035331
--- /dev/null
+++ b/libselinux/man/man8/avcstat.8
@@ -0,0 +1,31 @@
+.TH "avcstat" "8" "18 Nov 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+avcstat \- Display SELinux AVC statistics
+
+.SH "SYNOPSIS"
+.B avcstat
+.I [-c] [-f status_file] [interval]
+
+.SH "DESCRIPTION"
+.B avcstat
+
+Display SELinux AVC statistics. If the interval parameter is specified, the
+program will loop, displaying updated statistics every 'interval' seconds.
+Relative values are displayed by default.
+
+.SH OPTIONS
+.TP
+.B \-c
+Display the cumulative values.
+
+.TP
+.B \-f
+Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+
+.SH "SEE ALSO"
+selinux(8)
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by James Morris <jmorris@redhat.com>.
+
diff --git a/libselinux/man/man8/booleans.8 b/libselinux/man/man8/booleans.8
new file mode 100644
index 0000000..89c7654
--- /dev/null
+++ b/libselinux/man/man8/booleans.8
@@ -0,0 +1,49 @@
+.TH "booleans" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+booleans \- Policy booleans enable runtime customization of SELinux policy.
+
+.SH "DESCRIPTION"
+This manual page describes SELinux policy booleans.
+.BR
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+For example, the boolean httpd_enable_cgi allows the httpd daemon to
+run cgi scripts if it is enabled. If the administrator does not want
+to allow execution of cgi scripts, he can simply disable this boolean
+value.
+
+The policy defines a default value for each boolean, typically false.
+These default values can be overridden via local settings created via the
+.B setsebool(8)
+utility, using -P to make the setting persistent across reboots.
+The
+.B system-config-securitylevel
+tool provides a graphical interface for altering
+the settings. The
+.B load_policy(8)
+program will preserve
+current boolean settings upon a policy reload by default, or can
+optionally reset booleans to the boot-time defaults via the -b option.
+
+Boolean values can be listed by using the
+.B getsebool(8)
+utility and passing it the -a option.
+
+Boolean values can also be changed at runtime via the
+.B setsebool(8)
+utility or the
+.B togglesebool
+utility. By default, these utilities only change the
+current boolean value and do not affect the persistent settings,
+unless the -P option is used to setsebool.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The SELinux conditional policy support was developed by Tresys Technology.
+
+.SH "SEE ALSO"
+getsebool(8), setsebool(8), selinux(8), togglesebool(8)
diff --git a/libselinux/man/man8/getenforce.8 b/libselinux/man/man8/getenforce.8
new file mode 100644
index 0000000..8dc63c8
--- /dev/null
+++ b/libselinux/man/man8/getenforce.8
@@ -0,0 +1,15 @@
+.TH "getenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+getenforce \- get the current mode of SELinux
+.SH "SYNOPSIS"
+.B getenforce
+
+.SH "DESCRIPTION"
+.B getenforce
+reports whether SELinux is enforcing, permissive, or disabled.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), setenforce(8), selinuxenabled(8)
diff --git a/libselinux/man/man8/getsebool.8 b/libselinux/man/man8/getsebool.8
new file mode 100644
index 0000000..a4200ee
--- /dev/null
+++ b/libselinux/man/man8/getsebool.8
@@ -0,0 +1,35 @@
+.TH "getsebool" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+getsebool \- get SELinux boolean value(s)
+
+.SH "SYNOPSIS"
+.B getsebool
+.I "[-a] [boolean]"
+
+.SH "DESCRIPTION"
+.B getsebool
+reports where a particular SELinux boolean or
+all SELinux booleans are on or off
+In certain situations a boolean can be in one state with a pending
+change to the other state. getsebool will report this as a pending change.
+The pending value indicates
+the value that will be applied upon the next boolean commit.
+
+The setting of boolean values occurs in two stages; first the pending
+value is changed, then the booleans are committed, causing their
+active values to become their pending values. This allows a group of
+booleans to be changed in a single transaction, by setting all of
+their pending values as desired and then committing once.
+
+.SH OPTIONS
+.TP
+.B \-a
+Show all SELinux booleans.
+
+.SH "SEE ALSO"
+selinux(8), setsebool(8), booleans(8)
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Tresys Technology.
+
diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8
new file mode 100644
index 0000000..c1b00c0
--- /dev/null
+++ b/libselinux/man/man8/matchpathcon.8
@@ -0,0 +1,37 @@
+.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+.SH "SYNOPSIS"
+.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
+.SH "DESCRIPTION"
+.B matchpathcon
+queries the system policy and outputs the default security context associated with the filepath.
+
+Note: Identical paths can have different security contexts, depending on the file type. (regular file, directory, link file, char file ...)
+
+.B matchpathcon
+will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur.
+
+.SH OPTIONS
+.B \-n
+Do not display path.
+
+.B \-N
+Do not use translations.
+
+.B \-f file_context_file
+Use alternate file_context file
+
+.B \-p prefix
+Use prefix to speed translations
+
+.B \-V
+Verify file context on disk matches defaults
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+.BR selinux "(8), "
+.BR matchpathcon "(3), "
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
new file mode 100644
index 0000000..5caa592
--- /dev/null
+++ b/libselinux/man/man8/selinux.8
@@ -0,0 +1,82 @@
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
+
+.SH "NAME"
+selinux \- NSA Security-Enhanced Linux (SELinux)
+
+.SH "DESCRIPTION"
+
+NSA Security-Enhanced Linux (SELinux) is an implementation of a
+flexible mandatory access control architecture in the Linux operating
+system. The SELinux architecture provides general support for the
+enforcement of many kinds of mandatory access control policies,
+including those based on the concepts of Type Enforcement®, Role-
+Based Access Control, and Multi-Level Security. Background
+information and technical documentation about SELinux can be found at
+http://www.nsa.gov/selinux.
+
+The
+.I /etc/selinux/config
+configuration file controls whether SELinux is
+enabled or disabled, and if enabled, whether SELinux operates in
+permissive mode or enforcing mode. The
+.B SELINUX
+variable may be set to
+any one of disabled, permissive, or enforcing to select one of these
+options. The disabled option completely disables the SELinux kernel
+and application code, leaving the system running without any SELinux
+protection. The permissive option enables the SELinux code, but
+causes it to operate in a mode where accesses that would be denied by
+policy are permitted but audited. The enforcing option enables the
+SELinux code and causes it to enforce access denials as well as
+auditing them. Permissive mode may yield a different set of denials
+than enforcing mode, both because enforcing mode will prevent an
+operation from proceeding past the first denial and because some
+application code will fall back to a less privileged mode of operation
+if denied access.
+
+The
+.I /etc/selinux/config
+configuration file also controls what policy
+is active on the system. SELinux allows for multiple policies to be
+installed on the system, but only one policy may be active at any
+given time. At present, two kinds of SELinux policy exist: targeted
+and strict. The targeted policy is designed as a policy where most
+processes operate without restrictions, and only specific services are
+placed into distinct security domains that are confined by the policy.
+For example, the user would run in a completely unconfined domain
+while the named daemon or apache daemon would run in a specific domain
+tailored to its operation. The strict policy is designed as a policy
+where all processes are partitioned into fine-grained security domains
+and confined by policy. It is anticipated in the future that other
+policies will be created (Multi-Level Security for example). You can
+define which policy you will run by setting the
+.B SELINUXTYPE
+environment variable within
+.I /etc/selinux/config.
+The corresponding
+policy configuration for each such policy must be installed in the
+/etc/selinux/SELINUXTYPE/ directories.
+
+A given SELinux policy can be customized further based on a set of
+compile-time tunable options and a set of runtime policy booleans.
+.B system-config-securitylevel
+allows customization of these booleans and tunables.
+
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
+
+.SH FILE LABELING
+
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
+
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
+
+
+.SH FILES
+/etc/selinux/config
diff --git a/libselinux/man/man8/selinuxenabled.8 b/libselinux/man/man8/selinuxenabled.8
new file mode 100644
index 0000000..b25431f
--- /dev/null
+++ b/libselinux/man/man8/selinuxenabled.8
@@ -0,0 +1,16 @@
+.TH "selinuxenabled" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled
+.SH "SYNOPSIS"
+.B selinuxenabled
+
+.SH "DESCRIPTION"
+.B selinuxenabled
+Indicates whether SELinux is enabled or disabled. It exits with status 0
+if SELinux is enabled and 1 if it is not enabled.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), setenforce(8), getenforce(8)
diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8
new file mode 100644
index 0000000..8a010d6
--- /dev/null
+++ b/libselinux/man/man8/setenforce.8
@@ -0,0 +1,23 @@
+.TH "setenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+setenforce \- modify the mode SELinux is running in.
+.SH "SYNOPSIS"
+.B setenforce [ Enforcing | Permissive | 1 | 0 ]
+
+.SH "DESCRIPTION"
+Use Enforcing or 1 to put SELinux in enforcing mode.
+Use Permissive or 0 to put SELinux in permissive mode.
+You need to modify
+.I /etc/grub.conf
+or
+.I /etc/selinux/config
+to disable SELinux.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), getenforce(8), selinuxenabled(8)
+
+.SH FILES
+/etc/grub.conf, /etc/selinux/config
diff --git a/libselinux/man/man8/togglesebool.8 b/libselinux/man/man8/togglesebool.8
new file mode 100644
index 0000000..ae21175
--- /dev/null
+++ b/libselinux/man/man8/togglesebool.8
@@ -0,0 +1,17 @@
+.TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+togglesebool \- flip the current value of a SELinux boolean
+.SH "SYNOPSIS"
+.B togglesebool boolean...
+
+.SH "DESCRIPTION"
+.B togglesebool
+flips the current value of a list of booleans. If the value is currently a 1,
+then it will be changed to a 0 and vice versa. Only the "in memory" values are
+changed; the boot-time settings are unaffected.
+
+.SH AUTHOR
+This man page was written by Steve Grubb <sgrubb@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), booleans(8), getsebool(8), setsebool(8)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
new file mode 100644
index 0000000..f5fd630
--- /dev/null
+++ b/libselinux/src/Makefile
@@ -0,0 +1,134 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+SHLIBDIR ?= $(DESTDIR)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYINC ?= /usr/include/$(PYLIBVER)
+PYLIB ?= /usr/lib/$(PYLIBVER)
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+
+LIBVERSION = 1
+
+LIBA=libselinux.a
+TARGET=libselinux.so
+SWIGIF= selinuxswig_python.i
+SWIGRUBYIF= selinuxswig_ruby.i
+SWIGCOUT= selinuxswig_wrap.c
+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
+SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
+SWIGSO=_selinux.so
+SWIGFILES=$(SWIGSO) selinux.py
+SWIGRUBYSO=_rubyselinux.so
+LIBSO=$(TARGET).$(LIBVERSION)
+AUDIT2WHYSO=audit2why.so
+
+ifeq ($(DISABLE_AVC),y)
+ UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
+endif
+ifeq ($(DISABLE_BOOL),y)
+ UNUSED_SRCS+=booleans.c
+endif
+ifeq ($(DISABLE_RPM),y)
+ UNUSED_SRCS+=rpm.c
+endif
+
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT)
+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c)))
+
+OBJS= $(patsubst %.c,%.o,$(SRCS))
+LOBJS= $(patsubst %.c,%.lo,$(SRCS))
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
+override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+RANLIB=ranlib
+
+ARCH := $(patsubst i%86,i386,$(shell uname -m))
+ifneq (,$(filter i386,$(ARCH)))
+TLSFLAGS += -mno-tls-direct-seg-refs
+endif
+
+SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
+
+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
+
+all: $(LIBA) $(LIBSO)
+
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
+
+rubywrap: all $(SWIGRUBYSO)
+
+$(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ $(RANLIB) $@
+
+$(SWIGLOBJ): $(SWIGCOUT)
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGSO): $(SWIGLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
+$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
+$(LIBSO): $(LOBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ ln -sf $@ $(TARGET)
+
+audit2why.lo: audit2why.c
+ $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(AUDIT2WHYSO): audit2why.lo
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+
+%.o: %.c policy.h
+ $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+
+%.lo: %.c policy.h
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGCOUT): $(SWIGIF)
+ $(SWIG) $^
+
+$(SWIGRUBYCOUT): $(SWIGRUBYIF)
+ $(SWIGRUBY) $^
+
+swigify: $(SWIGIF)
+ $(SWIG) $^
+
+install: all
+ test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
+ install -m 644 $(LIBA) $(LIBDIR)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+
+install-pywrap: pywrap
+ test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
+
+install-rubywrap: rubywrap
+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+
+relabel:
+ /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+
+clean:
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
+
+distclean: clean
+ rm -f $(GENERATED) $(SWIGFILES)
+
+indent:
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
new file mode 100644
index 0000000..691bc67
--- /dev/null
+++ b/libselinux/src/audit2why.c
@@ -0,0 +1,443 @@
+#include <Python.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <sepol/sepol.h>
+#include <sepol/policydb.h>
+#include <sepol/policydb/services.h>
+#include <selinux/selinux.h>
+
+#define UNKNOWN -1
+#define BADSCON -2
+#define BADTCON -3
+#define BADTCLASS -4
+#define BADPERM -5
+#define BADCOMPUTE -6
+#define NOPOLICY -7
+#define ALLOW 0
+#define DONTAUDIT 1
+#define TERULE 2
+#define BOOLEAN 3
+#define CONSTRAINT 4
+#define RBAC 5
+
+struct boolean_t {
+ char *name;
+ int active;
+};
+
+static struct boolean_t **boollist = NULL;
+static int boolcnt = 0;
+
+struct avc_t {
+ sepol_handle_t *handle;
+ sepol_policydb_t *policydb;
+ sepol_security_id_t ssid;
+ sepol_security_id_t tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t av;
+};
+
+static struct avc_t *avc = NULL;
+
+static sidtab_t sidtab;
+
+static int load_booleans(const sepol_bool_t * boolean,
+ void *arg __attribute__ ((__unused__)))
+{
+ boollist[boolcnt] = malloc(sizeof(struct boolean_t));
+ boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
+ boollist[boolcnt]->active = sepol_bool_get_value(boolean);
+ boolcnt++;
+ return 0;
+}
+
+static int check_booleans(struct boolean_t **bools)
+{
+ char errormsg[PATH_MAX];
+ struct sepol_av_decision avd;
+ unsigned int reason;
+ int rc;
+ int i;
+ sepol_bool_key_t *key = NULL;
+ sepol_bool_t *boolean = NULL;
+ int fcnt = 0;
+ int *foundlist = calloc(boolcnt, sizeof(int));
+ if (!foundlist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return fcnt;
+ }
+ for (i = 0; i < boolcnt; i++) {
+ char *name = boollist[i]->name;
+ int active = boollist[i]->active;
+ rc = sepol_bool_key_create(avc->handle, name, &key);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError,
+ "Could not create boolean key.\n");
+ break;
+ }
+ rc = sepol_bool_query(avc->handle,
+ avc->policydb,
+ key, &boolean);
+
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not find boolean %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ sepol_bool_set_value(boolean, !active);
+
+ rc = sepol_bool_set(avc->handle,
+ avc->policydb,
+ key, boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass,
+ avc->av, &avd, &reason);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Error during access vector computation, skipping...");
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+
+ sepol_bool_free(boolean);
+ break;
+ } else {
+ if (!reason) {
+ foundlist[fcnt] = i;
+ fcnt++;
+ }
+ sepol_bool_set_value(boolean, active);
+ rc = sepol_bool_set(avc->handle,
+ avc->policydb, key,
+ boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n",
+ name);
+
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+ }
+ sepol_bool_free(boolean);
+ sepol_bool_key_free(key);
+ key = NULL;
+ boolean = NULL;
+ }
+ if (key)
+ sepol_bool_key_free(key);
+
+ if (boolean)
+ sepol_bool_free(boolean);
+
+ if (fcnt > 0) {
+ *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = *bools;
+ for (i = 0; i < fcnt; i++) {
+ int ctr = foundlist[i];
+ b[i].name = strdup(boollist[ctr]->name);
+ b[i].active = !boollist[ctr]->active;
+ }
+ }
+ free(foundlist);
+ return fcnt;
+}
+
+static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) {
+ PyObject *result = 0;
+
+ if (PyArg_ParseTuple(args,(char *)":finish")) {
+ int i = 0;
+ for (i = 0; i < boolcnt; i++) {
+ free(boollist[i]->name);
+ free(boollist[i]);
+ }
+ free(boollist);
+ sepol_sidtab_shutdown(&sidtab);
+ sepol_sidtab_destroy(&sidtab);
+ sepol_policydb_free(avc->policydb);
+ sepol_handle_destroy(avc->handle);
+ free(avc);
+ avc = NULL;
+ boollist = NULL;
+ boolcnt = 0;
+
+ /* Boilerplate to return "None" */
+ Py_RETURN_NONE;
+ }
+ return result;
+}
+
+
+static int __policy_init(const char *init_path)
+{
+ FILE *fp;
+ int vers = 0;
+ char path[PATH_MAX];
+ char errormsg[PATH_MAX];
+ struct sepol_policy_file *pf = NULL;
+ int rc;
+ unsigned int cnt;
+
+ if (init_path) {
+ strncpy(path, init_path, PATH_MAX);
+ fp = fopen(path, "r");
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s: %s\n",
+ path, strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ } else {
+ vers = sepol_policy_kern_vers_max();
+ if (vers < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not get policy version: %s\n",
+ strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ while (!fp && errno == ENOENT && --vers) {
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ }
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s.%d: %s\n",
+ selinux_binary_policy_path(),
+ security_policyvers(), strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ }
+
+ avc = calloc(sizeof(struct avc_t), 1);
+ if (!avc) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ /* Set up a policydb directly so that we can mutate it later
+ for testing what booleans might have allowed the access.
+ Otherwise, we'd just use sepol_set_policydb_from_file() here. */
+ if (sepol_policy_file_create(&pf) ||
+ sepol_policydb_create(&avc->policydb)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "policydb_init failed: %s\n", strerror(errno));
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ sepol_policy_file_set_fp(pf, fp);
+ if (sepol_policydb_read(avc->policydb, pf)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "invalid binary policy %s\n", path);
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ fclose(fp);
+ sepol_set_policydb(&avc->policydb->p);
+ avc->handle = sepol_handle_create();
+
+ rc = sepol_bool_count(avc->handle,
+ avc->policydb, &cnt);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
+ return 1;
+ }
+
+ boollist = calloc(cnt, sizeof(struct boolean_t));
+ if (!boollist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ sepol_bool_iterate(avc->handle, avc->policydb,
+ load_booleans, (void *)NULL);
+
+ /* Initialize the sidtab for subsequent use by sepol_context_to_sid
+ and sepol_compute_av_reason. */
+ rc = sepol_sidtab_init(&sidtab);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
+ free(boollist);
+ return 1;
+ }
+ sepol_set_sidtab(&sidtab);
+ return 0;
+}
+
+static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
+ int result;
+ char *init_path=NULL;
+ if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
+ result = __policy_init(init_path);
+ return Py_BuildValue("i", result);
+}
+
+#define RETURN(X) \
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \
+ return result;
+
+static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
+ security_context_t scon;
+ security_context_t tcon;
+ char *tclassstr;
+ PyObject *listObj;
+ PyObject *strObj;
+ int numlines;
+ struct boolean_t *bools;
+ unsigned int reason;
+ sepol_security_id_t ssid, tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t perm, av;
+ struct sepol_av_decision avd;
+ int rc;
+ int i=0;
+ PyObject *result = PyTuple_New(2);
+ if (!result) return NULL;
+ Py_INCREF(Py_None);
+ PyTuple_SetItem(result, 1, Py_None);
+
+ if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
+ return NULL;
+
+ /* get the number of lines passed to us */
+ numlines = PyList_Size(listObj);
+
+ /* should raise an error here. */
+ if (numlines < 0) return NULL; /* Not a list */
+
+ if (!avc) {
+ RETURN(NOPOLICY)
+ }
+
+ rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
+ if (rc < 0) {
+ RETURN(BADSCON)
+ }
+ rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
+ if (rc < 0) {
+ RETURN(BADTCON)
+ }
+ tclass = string_to_security_class(tclassstr);
+ if (!tclass) {
+ RETURN(BADTCLASS)
+ }
+ /* Convert the permission list to an AV. */
+ av = 0;
+
+ /* iterate over items of the list, grabbing strings, and parsing
+ for numbers */
+ for (i=0; i<numlines; i++){
+ char *permstr;
+
+ /* grab the string object from the next element of the list */
+ strObj = PyList_GetItem(listObj, i); /* Can't fail */
+
+ /* make it a string */
+ permstr = PyString_AsString( strObj );
+
+ perm = string_to_av_perm(tclass, permstr);
+ if (!perm) {
+ RETURN(BADPERM)
+ }
+ av |= perm;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
+ if (rc < 0) {
+ RETURN(BADCOMPUTE)
+ }
+
+ if (!reason) {
+ RETURN(ALLOW)
+ }
+ if (reason & SEPOL_COMPUTEAV_TE) {
+ avc->ssid = ssid;
+ avc->tsid = tsid;
+ avc->tclass = tclass;
+ avc->av = av;
+ if (check_booleans(&bools) == 0) {
+ if (av & ~avd.auditdeny) {
+ RETURN(DONTAUDIT)
+ } else {
+ RETURN(TERULE)
+ }
+ } else {
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
+ struct boolean_t *b = bools;
+ int len=0;
+ while (b->name) {
+ len++; b++;
+ }
+ b = bools;
+ PyObject *outboollist = PyTuple_New(len);
+ len=0;
+ while(b->name) {
+ PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
+ PyTuple_SetItem(outboollist, len++, bool);
+ b++;
+ }
+ free(bools);
+ PyTuple_SetItem(result, 1, outboollist);
+ return result;
+ }
+ }
+
+ if (reason & SEPOL_COMPUTEAV_CONS) {
+ RETURN(CONSTRAINT);
+ }
+
+ if (reason & SEPOL_COMPUTEAV_RBAC) {
+ RETURN(RBAC)
+ }
+ RETURN(BADCOMPUTE)
+}
+
+static PyMethodDef audit2whyMethods[] = {
+ {"init", init, METH_VARARGS,
+ "Initialize policy database."},
+ {"analyze", analyze, METH_VARARGS,
+ "Analyze AVC."},
+ {"finish", finish, METH_VARARGS,
+ "Finish using policy, free memory."},
+ {NULL, NULL, 0, NULL} /* Sentinel */
+};
+
+PyMODINIT_FUNC
+initaudit2why(void)
+{
+ PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+ PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
+ PyModule_AddIntConstant(m,"BADSCON", BADSCON);
+ PyModule_AddIntConstant(m,"BADTCON", BADTCON);
+ PyModule_AddIntConstant(m,"BADTCLASS", BADTCLASS);
+ PyModule_AddIntConstant(m,"BADPERM", BADPERM);
+ PyModule_AddIntConstant(m,"BADCOMPUTE", BADCOMPUTE);
+ PyModule_AddIntConstant(m,"NOPOLICY", NOPOLICY);
+ PyModule_AddIntConstant(m,"ALLOW", ALLOW);
+ PyModule_AddIntConstant(m,"DONTAUDIT", DONTAUDIT);
+ PyModule_AddIntConstant(m,"TERULE", TERULE);
+ PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
+ PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
+ PyModule_AddIntConstant(m,"RBAC", RBAC);
+}
diff --git a/libselinux/src/av_inherit.h b/libselinux/src/av_inherit.h
new file mode 100644
index 0000000..21effa7
--- /dev/null
+++ b/libselinux/src/av_inherit.h
@@ -0,0 +1,38 @@
+/* This file is automatically generated. Do not edit. */
+ S_(SECCLASS_DIR, file, 0x00020000UL)
+ S_(SECCLASS_FILE, file, 0x00020000UL)
+ S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
+ S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_IPC, ipc, 0x00000200UL)
+ S_(SECCLASS_SEM, ipc, 0x00000200UL)
+ S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
+ S_(SECCLASS_SHM, ipc, 0x00000200UL)
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DB_DATABASE, database, 0x00000040UL)
+ S_(SECCLASS_DB_TABLE, database, 0x00000040UL)
+ S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL)
+ S_(SECCLASS_DB_COLUMN, database, 0x00000040UL)
+ S_(SECCLASS_DB_BLOB, database, 0x00000040UL)
diff --git a/libselinux/src/av_perm_to_string.h b/libselinux/src/av_perm_to_string.h
new file mode 100644
index 0000000..85028b3
--- /dev/null
+++ b/libselinux/src/av_perm_to_string.h
@@ -0,0 +1,305 @@
+/* This file is automatically generated. Do not edit. */
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
+ S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
+ S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
+ S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
+ S_(SECCLASS_DIR, DIR__SEARCH, "search")
+ S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
+ S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
+ S_(SECCLASS_FD, FD__USE, "use")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
+ S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
+ S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
+ S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom")
+ S_(SECCLASS_NODE, NODE__SENDTO, "sendto")
+ S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress")
+ S_(SECCLASS_NETIF, NETIF__EGRESS, "egress")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
+ S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
+ S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
+ S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
+ S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
+ S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
+ S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
+ S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
+ S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
+ S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
+ S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
+ S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
+ S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
+ S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
+ S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
+ S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
+ S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
+ S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
+ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
+ S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
+ S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
+ S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
+ S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
+ S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
+ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
+ S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
+ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
+ S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
+ S_(SECCLASS_MSG, MSG__SEND, "send")
+ S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
+ S_(SECCLASS_SHM, SHM__LOCK, "lock")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
+ S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
+ S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
+ S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
+ S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
+ S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
+ S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
+ S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
+ S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
+ S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
+ S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
+ S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
+ S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__CREATE, "create")
+ S_(SECCLASS_GC, GC__FREE, "free")
+ S_(SECCLASS_GC, GC__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
+ S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
+ S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
+ S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
+ S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
+ S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
+ S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
+ S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
+ S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
+ S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
+ S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
+ S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
+ S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
+ S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
+ S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
+ S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
+ S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
+ S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
+ S_(SECCLASS_FONT, FONT__LOAD, "load")
+ S_(SECCLASS_FONT, FONT__FREE, "free")
+ S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
+ S_(SECCLASS_FONT, FONT__USE, "use")
+ S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
+ S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
+ S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
+ S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
+ S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
+ S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
+ S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
+ S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
+ S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
+ S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
+ S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
+ S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
+ S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
+ S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
+ S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
+ S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
+ S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
+ S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
+ S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
+ S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
+ S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
+ S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
+ S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
+ S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
+ S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
+ S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
+ S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
+ S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
+ S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
+ S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
+ S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
+ S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
+ S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
+ S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
+ S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
+ S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
+ S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
+ S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
+ S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
+ S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
+ S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
+ S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
+ S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
+ S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
+ S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
+ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
+ S_(SECCLASS_NSCD, NSCD__GETSERV, "getserv")
+ S_(SECCLASS_NSCD, NSCD__SHMEMSERV, "shmemserv")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch")
+ S_(SECCLASS_PACKET, PACKET__SEND, "send")
+ S_(SECCLASS_PACKET, PACKET__RECV, "recv")
+ S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
+ S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in")
+ S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out")
+ S_(SECCLASS_KEY, KEY__VIEW, "view")
+ S_(SECCLASS_KEY, KEY__READ, "read")
+ S_(SECCLASS_KEY, KEY__WRITE, "write")
+ S_(SECCLASS_KEY, KEY__SEARCH, "search")
+ S_(SECCLASS_KEY, KEY__LINK, "link")
+ S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
+ S_(SECCLASS_KEY, KEY__CREATE, "create")
+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
+ S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__ACCESS, "access")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__INSTALL_MODULE, "install_module")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__LOAD_MODULE, "load_module")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__GET_PARAM, "get_param")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__SET_PARAM, "set_param")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__USE, "use")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__SELECT, "select")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__UPDATE, "update")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__INSERT, "insert")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__DELETE, "delete")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__LOCK, "lock")
+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__EXECUTE, "execute")
+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__USE, "use")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__SELECT, "select")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__UPDATE, "update")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__INSERT, "insert")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELFROM, "relabelfrom")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELTO, "relabelto")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__USE, "use")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__SELECT, "select")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__UPDATE, "update")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__INSERT, "insert")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__DELETE, "delete")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__READ, "read")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export")
+ S_(SECCLASS_PEER, PEER__RECV, "recv")
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
new file mode 100644
index 0000000..ddc367c
--- /dev/null
+++ b/libselinux/src/avc.c
@@ -0,0 +1,1202 @@
+/*
+ * Implementation of the userspace access vector cache (AVC).
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ *
+ * Derived from the kernel AVC implementation by
+ * Stephen Smalley <sds@epoch.ncsc.mil> and
+ * James Morris <jmorris@redhat.com>.
+ */
+#include <selinux/avc.h>
+#include "selinux_internal.h"
+#include "avc_sidtab.h"
+#include "avc_internal.h"
+
+#define AVC_CACHE_SLOTS 512
+#define AVC_CACHE_MAXNODES 410
+
+struct avc_entry {
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ struct av_decision avd;
+ int used; /* used recently */
+};
+
+struct avc_node {
+ struct avc_entry ae;
+ struct avc_node *next;
+};
+
+struct avc_cache {
+ struct avc_node *slots[AVC_CACHE_SLOTS];
+ uint32_t lru_hint; /* LRU hint for reclaim scan */
+ uint32_t active_nodes;
+ uint32_t latest_notif; /* latest revocation notification */
+};
+
+struct avc_callback_node {
+ int (*callback) (uint32_t event, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ access_vector_t * out_retained);
+ uint32_t events;
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ access_vector_t perms;
+ struct avc_callback_node *next;
+};
+
+static void *avc_netlink_thread = NULL;
+static void *avc_lock = NULL;
+static void *avc_log_lock = NULL;
+static struct avc_node *avc_node_freelist = NULL;
+static struct avc_cache avc_cache;
+static char *avc_audit_buf = NULL;
+static struct avc_cache_stats cache_stats;
+static struct avc_callback_node *avc_callbacks = NULL;
+static struct sidtab avc_sidtab;
+
+static inline int avc_hash(security_id_t ssid,
+ security_id_t tsid, security_class_t tclass)
+{
+ return ((uintptr_t) ssid ^ ((uintptr_t) tsid << 2) ^ tclass)
+ & (AVC_CACHE_SLOTS - 1);
+}
+
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
+{
+ int rc;
+ avc_get_lock(avc_lock);
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
+ if (!rc)
+ (*sid)->refcnt++;
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+{
+ int ret;
+ security_context_t rctx;
+
+ if (selinux_trans_to_raw_context(ctx, &rctx))
+ return -1;
+
+ ret = avc_context_to_sid_raw(rctx, sid);
+
+ freecon(rctx);
+
+ return ret;
+}
+
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx)
+{
+ int rc;
+ *ctx = NULL;
+ avc_get_lock(avc_lock);
+ if (sid->refcnt > 0) {
+ *ctx = strdup(sid->ctx); /* caller must free via freecon */
+ rc = *ctx ? 0 : -1;
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+{
+ int ret;
+ security_context_t rctx;
+
+ ret = avc_sid_to_context_raw(sid, &rctx);
+
+ if (ret == 0) {
+ ret = selinux_raw_to_trans_context(rctx, ctx);
+ freecon(rctx);
+ }
+
+ return ret;
+}
+
+int sidget(security_id_t sid)
+{
+ int rc;
+ avc_get_lock(avc_lock);
+ rc = sid_inc_refcnt(sid);
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int sidput(security_id_t sid)
+{
+ int rc;
+ if (!sid)
+ return 0;
+ avc_get_lock(avc_lock);
+ rc = sid_dec_refcnt(sid);
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_get_initial_sid(const char * name, security_id_t * sid)
+{
+ int rc;
+ security_context_t con;
+
+ rc = security_get_initial_context_raw(name, &con);
+ if (rc < 0)
+ return rc;
+ rc = avc_context_to_sid_raw(con, sid);
+
+ freecon(con);
+
+ return rc;
+}
+
+int avc_open(struct selinux_opt *opts, unsigned nopts)
+{
+ avc_setenforce = 0;
+
+ while (nopts--)
+ switch(opts[nopts].type) {
+ case AVC_OPT_SETENFORCE:
+ avc_setenforce = 1;
+ avc_enforcing = !!opts[nopts].value;
+ break;
+ }
+
+ return avc_init("avc", NULL, NULL, NULL, NULL);
+}
+
+int avc_init(const char *prefix,
+ const struct avc_memory_callback *mem_cb,
+ const struct avc_log_callback *log_cb,
+ const struct avc_thread_callback *thread_cb,
+ const struct avc_lock_callback *lock_cb)
+{
+ struct avc_node *new;
+ int i, rc = 0;
+
+ if (prefix)
+ strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1);
+
+ set_callbacks(mem_cb, log_cb, thread_cb, lock_cb);
+
+ avc_lock = avc_alloc_lock();
+ avc_log_lock = avc_alloc_lock();
+
+ memset(&cache_stats, 0, sizeof(cache_stats));
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++)
+ avc_cache.slots[i] = 0;
+ avc_cache.lru_hint = 0;
+ avc_cache.active_nodes = 0;
+ avc_cache.latest_notif = 0;
+
+ rc = sidtab_init(&avc_sidtab);
+ if (rc) {
+ avc_log("%s: unable to initialize SID table\n", avc_prefix);
+ goto out;
+ }
+
+ avc_audit_buf = (char *)avc_malloc(AVC_AUDIT_BUFSIZE);
+ if (!avc_audit_buf) {
+ avc_log("%s: unable to allocate audit buffer\n", avc_prefix);
+ rc = -1;
+ goto out;
+ }
+
+ for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
+ new = avc_malloc(sizeof(*new));
+ if (!new) {
+ avc_log("%s: warning: only got %d av entries\n",
+ avc_prefix, i);
+ break;
+ }
+ memset(new, 0, sizeof(*new));
+ new->next = avc_node_freelist;
+ avc_node_freelist = new;
+ }
+
+ if (!avc_setenforce) {
+ rc = security_getenforce();
+ if (rc < 0) {
+ avc_log("%s: could not determine enforcing mode\n",
+ avc_prefix);
+ goto out;
+ }
+ avc_enforcing = rc;
+ }
+
+ rc = avc_netlink_open(avc_using_threads);
+ if (rc < 0) {
+ avc_log("%s: can't open netlink socket: %d (%s)\n", avc_prefix,
+ errno, strerror(errno));
+ goto out;
+ }
+ if (avc_using_threads) {
+ avc_netlink_thread = avc_create_thread(&avc_netlink_loop);
+ avc_netlink_trouble = 0;
+ }
+ avc_running = 1;
+ out:
+ return rc;
+}
+
+void avc_cache_stats(struct avc_cache_stats *p)
+{
+ memcpy(p, &cache_stats, sizeof(cache_stats));
+}
+
+void avc_sid_stats(void)
+{
+ avc_get_lock(avc_log_lock);
+ avc_get_lock(avc_lock);
+ sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
+ avc_release_lock(avc_lock);
+ avc_log("%s", avc_audit_buf);
+ avc_release_lock(avc_log_lock);
+}
+
+void avc_av_stats(void)
+{
+ int i, chain_len, max_chain_len, slots_used;
+ struct avc_node *node;
+
+ avc_get_lock(avc_lock);
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ if (node) {
+ slots_used++;
+ chain_len = 0;
+ while (node) {
+ chain_len++;
+ node = node->next;
+ }
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ avc_release_lock(avc_lock);
+
+ avc_log("%s: %d AV entries and %d/%d buckets used, "
+ "longest chain length %d\n", avc_prefix,
+ avc_cache.active_nodes,
+ slots_used, AVC_CACHE_SLOTS, max_chain_len);
+}
+
+hidden_def(avc_av_stats)
+
+static inline struct avc_node *avc_reclaim_node(void)
+{
+ struct avc_node *prev, *cur;
+ int try;
+ uint32_t hvalue;
+
+ hvalue = avc_cache.lru_hint;
+ for (try = 0; try < 2; try++) {
+ do {
+ prev = NULL;
+ cur = avc_cache.slots[hvalue];
+ while (cur) {
+ if (!cur->ae.used)
+ goto found;
+
+ cur->ae.used = 0;
+
+ prev = cur;
+ cur = cur->next;
+ }
+ hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
+ } while (hvalue != avc_cache.lru_hint);
+ }
+
+ errno = ENOMEM; /* this was a panic in the kernel... */
+ return NULL;
+
+ found:
+ avc_cache.lru_hint = hvalue;
+
+ if (prev == NULL)
+ avc_cache.slots[hvalue] = cur->next;
+ else
+ prev->next = cur->next;
+
+ return cur;
+}
+
+static inline struct avc_node *avc_claim_node(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass)
+{
+ struct avc_node *new;
+ int hvalue;
+
+ if (!avc_node_freelist)
+ avc_cleanup();
+
+ if (avc_node_freelist) {
+ new = avc_node_freelist;
+ avc_node_freelist = avc_node_freelist->next;
+ avc_cache.active_nodes++;
+ } else {
+ new = avc_reclaim_node();
+ if (!new)
+ goto out;
+ }
+
+ hvalue = avc_hash(ssid, tsid, tclass);
+ new->ae.used = 1;
+ new->ae.ssid = ssid;
+ new->ae.tsid = tsid;
+ new->ae.tclass = tclass;
+ new->next = avc_cache.slots[hvalue];
+ avc_cache.slots[hvalue] = new;
+
+ out:
+ return new;
+}
+
+static inline struct avc_node *avc_search_node(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ int *probes)
+{
+ struct avc_node *cur;
+ int hvalue;
+ int tprobes = 1;
+
+ hvalue = avc_hash(ssid, tsid, tclass);
+ cur = avc_cache.slots[hvalue];
+ while (cur != NULL &&
+ (ssid != cur->ae.ssid ||
+ tclass != cur->ae.tclass || tsid != cur->ae.tsid)) {
+ tprobes++;
+ cur = cur->next;
+ }
+
+ if (cur == NULL) {
+ /* cache miss */
+ goto out;
+ }
+
+ /* cache hit */
+ if (probes)
+ *probes = tprobes;
+
+ cur->ae.used = 1;
+
+ out:
+ return cur;
+}
+
+/**
+ * avc_lookup - Look up an AVC entry.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ *
+ * Look up an AVC entry that is valid for the
+ * @requested permissions between the SID pair
+ * (@ssid, @tsid), interpreting the permissions
+ * based on @tclass. If a valid AVC entry exists,
+ * then this function updates @aeref to refer to the
+ * entry and returns %0. Otherwise, -1 is returned.
+ */
+static int avc_lookup(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested, struct avc_entry_ref *aeref)
+{
+ struct avc_node *node;
+ int probes, rc = 0;
+
+ avc_cache_stats_incr(cav_lookups);
+ node = avc_search_node(ssid, tsid, tclass, &probes);
+
+ if (node && ((node->ae.avd.decided & requested) == requested)) {
+ avc_cache_stats_incr(cav_hits);
+ avc_cache_stats_add(cav_probes, probes);
+ aeref->ae = &node->ae;
+ goto out;
+ }
+
+ avc_cache_stats_incr(cav_misses);
+ rc = -1;
+ out:
+ return rc;
+}
+
+/**
+ * avc_insert - Insert an AVC entry.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @ae: AVC entry
+ * @aeref: AVC entry reference
+ *
+ * Insert an AVC entry for the SID pair
+ * (@ssid, @tsid) and class @tclass.
+ * The access vectors and the sequence number are
+ * normally provided by the security server in
+ * response to a security_compute_av() call. If the
+ * sequence number @ae->avd.seqno is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates
+ * @aeref to refer to the entry, and returns %0.
+ * Otherwise, this function returns -%1 with @errno set to %EAGAIN.
+ */
+static int avc_insert(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ struct avc_entry *ae, struct avc_entry_ref *aeref)
+{
+ struct avc_node *node;
+ int rc = 0;
+
+ if (ae->avd.seqno < avc_cache.latest_notif) {
+ avc_log("%s: seqno %d < latest_notif %d\n", avc_prefix,
+ ae->avd.seqno, avc_cache.latest_notif);
+ errno = EAGAIN;
+ rc = -1;
+ goto out;
+ }
+
+ node = avc_claim_node(ssid, tsid, tclass);
+ if (!node) {
+ rc = -1;
+ goto out;
+ }
+
+ node->ae.avd.allowed = ae->avd.allowed;
+ node->ae.avd.decided = ae->avd.decided;
+ node->ae.avd.auditallow = ae->avd.auditallow;
+ node->ae.avd.auditdeny = ae->avd.auditdeny;
+ node->ae.avd.seqno = ae->avd.seqno;
+ aeref->ae = &node->ae;
+ out:
+ return rc;
+}
+
+/**
+ * avc_remove - Remove AVC and sidtab entries for SID.
+ * @sid: security identifier to be removed
+ *
+ * Remove all AVC entries containing @sid as source
+ * or target, and remove @sid from the SID table.
+ * Free the memory allocated for the structure corresponding
+ * to @sid. After this function has been called, @sid must
+ * not be used until another call to avc_context_to_sid() has
+ * been made for this SID.
+ */
+static void avc_remove(security_id_t sid)
+{
+ struct avc_node *prev, *cur, *tmp;
+ int i;
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ cur = avc_cache.slots[i];
+ prev = NULL;
+ while (cur) {
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
+ if (prev)
+ prev->next = cur->next;
+ else
+ avc_cache.slots[i] = cur->next;
+ tmp = cur;
+ cur = cur->next;
+ tmp->ae.ssid = tmp->ae.tsid = NULL;
+ tmp->ae.tclass = 0;
+ tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
+ tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
+ 0;
+ tmp->ae.used = 0;
+ tmp->next = avc_node_freelist;
+ avc_node_freelist = tmp;
+ avc_cache.active_nodes--;
+ } else {
+ prev = cur;
+ cur = cur->next;
+ }
+ }
+ }
+ sidtab_remove(&avc_sidtab, sid);
+}
+
+void avc_cleanup(void)
+{
+ security_id_t sid;
+
+ avc_get_lock(avc_lock);
+
+ while (NULL != (sid = sidtab_claim_sid(&avc_sidtab)))
+ avc_remove(sid);
+
+ avc_release_lock(avc_lock);
+}
+
+hidden_def(avc_cleanup)
+
+int avc_reset(void)
+{
+ struct avc_callback_node *c;
+ int i, ret, rc = 0, errsave = 0;
+ struct avc_node *node, *tmp;
+ errno = 0;
+
+ if (!avc_running)
+ return 0;
+
+ avc_get_lock(avc_lock);
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ while (node) {
+ tmp = node;
+ node = node->next;
+ tmp->ae.ssid = tmp->ae.tsid = NULL;
+ tmp->ae.tclass = 0;
+ tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
+ tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
+ tmp->ae.used = 0;
+ tmp->next = avc_node_freelist;
+ avc_node_freelist = tmp;
+ avc_cache.active_nodes--;
+ }
+ avc_cache.slots[i] = 0;
+ }
+ avc_cache.lru_hint = 0;
+
+ avc_release_lock(avc_lock);
+
+ memset(&cache_stats, 0, sizeof(cache_stats));
+
+ for (c = avc_callbacks; c; c = c->next) {
+ if (c->events & AVC_CALLBACK_RESET) {
+ ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0);
+ if (ret && !rc) {
+ rc = ret;
+ errsave = errno;
+ }
+ }
+ }
+ errno = errsave;
+ return rc;
+}
+
+hidden_def(avc_reset)
+
+void avc_destroy(void)
+{
+ struct avc_callback_node *c;
+ struct avc_node *node, *tmp;
+ int i;
+
+ avc_get_lock(avc_lock);
+
+ if (avc_using_threads)
+ avc_stop_thread(avc_netlink_thread);
+ avc_netlink_close();
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ while (node) {
+ tmp = node;
+ node = node->next;
+ avc_free(tmp);
+ }
+ }
+ while (avc_node_freelist) {
+ tmp = avc_node_freelist;
+ avc_node_freelist = tmp->next;
+ avc_free(tmp);
+ }
+ avc_release_lock(avc_lock);
+
+ while (avc_callbacks) {
+ c = avc_callbacks;
+ avc_callbacks = c->next;
+ avc_free(c);
+ }
+ sidtab_destroy(&avc_sidtab);
+ avc_free_lock(avc_lock);
+ avc_free_lock(avc_log_lock);
+ avc_free(avc_audit_buf);
+ avc_running = 0;
+}
+
+/* ratelimit stuff put aside for now --EFW */
+#if 0
+/*
+ * Copied from net/core/utils.c:net_ratelimit and modified for
+ * use by the AVC audit facility.
+ */
+#define AVC_MSG_COST 5*HZ
+#define AVC_MSG_BURST 10*5*HZ
+
+/*
+ * This enforces a rate limit: not more than one kernel message
+ * every 5secs to make a denial-of-service attack impossible.
+ */
+static int avc_ratelimit(void)
+{
+ static unsigned long toks = 10 * 5 * HZ;
+ static unsigned long last_msg;
+ static int missed, rc = 0;
+ unsigned long now = jiffies;
+ void *ratelimit_lock = avc_alloc_lock();
+
+ avc_get_lock(ratelimit_lock);
+ toks += now - last_msg;
+ last_msg = now;
+ if (toks > AVC_MSG_BURST)
+ toks = AVC_MSG_BURST;
+ if (toks >= AVC_MSG_COST) {
+ int lost = missed;
+ missed = 0;
+ toks -= AVC_MSG_COST;
+ avc_release_lock(ratelimit_lock);
+ if (lost) {
+ avc_log("%s: %d messages suppressed.\n", avc_prefix,
+ lost);
+ }
+ rc = 1;
+ goto out;
+ }
+ missed++;
+ avc_release_lock(ratelimit_lock);
+ out:
+ avc_free_lock(ratelimit_lock);
+ return rc;
+}
+
+static inline int check_avc_ratelimit(void)
+{
+ if (avc_enforcing)
+ return avc_ratelimit();
+ else {
+ /* If permissive, then never suppress messages. */
+ return 1;
+ }
+}
+#endif /* ratelimit stuff */
+
+/**
+ * avc_dump_av - Display an access vector in human-readable form.
+ * @tclass: target security class
+ * @av: access vector
+ */
+static void avc_dump_av(security_class_t tclass, access_vector_t av)
+{
+ const char *permstr;
+ access_vector_t bit = 1;
+
+ if (av == 0) {
+ log_append(avc_audit_buf, " null");
+ return;
+ }
+
+ log_append(avc_audit_buf, " {");
+
+ while (av) {
+ if (av & bit) {
+ permstr = security_av_perm_to_string(tclass, bit);
+ if (!permstr)
+ break;
+ log_append(avc_audit_buf, " %s", permstr);
+ av &= ~bit;
+ }
+ bit <<= 1;
+ }
+
+ if (av)
+ log_append(avc_audit_buf, " 0x%x", av);
+ log_append(avc_audit_buf, " }");
+}
+
+/**
+ * avc_dump_query - Display a SID pair and a class in human-readable form.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ */
+static void avc_dump_query(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass)
+{
+ avc_get_lock(avc_lock);
+
+ if (ssid->refcnt > 0)
+ log_append(avc_audit_buf, "scontext=%s", ssid->ctx);
+ else
+ log_append(avc_audit_buf, "ssid=%p", ssid);
+
+ if (tsid->refcnt > 0)
+ log_append(avc_audit_buf, " tcontext=%s", tsid->ctx);
+ else
+ log_append(avc_audit_buf, " tsid=%p", tsid);
+
+ avc_release_lock(avc_lock);
+ log_append(avc_audit_buf, " tclass=%s",
+ security_class_to_string(tclass));
+}
+
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *a)
+{
+ access_vector_t denied, audited;
+
+ denied = requested & ~avd->allowed;
+ if (denied) {
+ audited = denied;
+ if (!(audited & avd->auditdeny))
+ return;
+ } else if (!requested || result) {
+ audited = denied = requested;
+ } else {
+ audited = requested;
+ if (!(audited & avd->auditallow))
+ return;
+ }
+#if 0
+ if (!check_avc_ratelimit())
+ return;
+#endif
+ /* prevent overlapping buffer writes */
+ avc_get_lock(avc_log_lock);
+ snprintf(avc_audit_buf, AVC_AUDIT_BUFSIZE,
+ "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted");
+ avc_dump_av(tclass, audited);
+ log_append(avc_audit_buf, " for ");
+
+ /* get any extra information printed by the callback */
+ avc_suppl_audit(a, tclass, avc_audit_buf + strlen(avc_audit_buf),
+ AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf));
+
+ log_append(avc_audit_buf, " ");
+ avc_dump_query(ssid, tsid, tclass);
+ log_append(avc_audit_buf, "\n");
+ avc_log("%s", avc_audit_buf);
+
+ avc_release_lock(avc_log_lock);
+}
+
+hidden_def(avc_audit)
+
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd)
+{
+ struct avc_entry *ae;
+ int rc = 0;
+ struct avc_entry entry;
+ access_vector_t denied;
+ struct avc_entry_ref ref;
+
+ if (!avc_using_threads) {
+ (void)avc_netlink_check_nb();
+ }
+
+ if (!aeref) {
+ avc_entry_ref_init(&ref);
+ aeref = &ref;
+ }
+
+ avc_get_lock(avc_lock);
+ avc_cache_stats_incr(entry_lookups);
+ ae = aeref->ae;
+ if (ae) {
+ if (ae->ssid == ssid &&
+ ae->tsid == tsid &&
+ ae->tclass == tclass &&
+ ((ae->avd.decided & requested) == requested)) {
+ avc_cache_stats_incr(entry_hits);
+ ae->used = 1;
+ } else {
+ avc_cache_stats_incr(entry_discards);
+ ae = 0;
+ }
+ }
+
+ if (!ae) {
+ avc_cache_stats_incr(entry_misses);
+ rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
+ if (rc) {
+ if ((ssid->refcnt <= 0) || (tsid->refcnt <= 0)) {
+ errno = EINVAL;
+ rc = -1;
+ goto out;
+ }
+ rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
+ if (rc)
+ goto out;
+ rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
+ if (rc)
+ goto out;
+ }
+ ae = aeref->ae;
+ }
+
+ if (avd)
+ memcpy(avd, &ae->avd, sizeof(*avd));
+
+ denied = requested & ~(ae->avd.allowed);
+
+ if (!requested || denied) {
+ if (avc_enforcing) {
+ errno = EACCES;
+ rc = -1;
+ } else
+ ae->avd.allowed |= requested;
+ }
+
+ out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+hidden_def(avc_has_perm_noaudit)
+
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata)
+{
+ struct av_decision avd = { 0, 0, 0, 0, 0 };
+ int errsave, rc;
+
+ rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
+ errsave = errno;
+ avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+ errno = errsave;
+ return rc;
+}
+
+int avc_compute_create(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, security_id_t *newsid)
+{
+ int rc;
+ *newsid = NULL;
+ avc_get_lock(avc_lock);
+ if (ssid->refcnt > 0 && tsid->refcnt > 0) {
+ security_context_t ctx = NULL;
+ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (!rc)
+ (*newsid)->refcnt++;
+ freecon(ctx);
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_compute_member(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, security_id_t *newsid)
+{
+ int rc;
+ *newsid = NULL;
+ avc_get_lock(avc_lock);
+ if (ssid->refcnt > 0 && tsid->refcnt > 0) {
+ security_context_t ctx = NULL;
+ rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (!rc)
+ (*newsid)->refcnt++;
+ freecon(ctx);
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, access_vector_t perms)
+{
+ struct avc_callback_node *c;
+ int rc = 0;
+
+ c = avc_malloc(sizeof(*c));
+ if (!c) {
+ rc = -1;
+ goto out;
+ }
+
+ c->callback = callback;
+ c->events = events;
+ c->ssid = ssid;
+ c->tsid = tsid;
+ c->tclass = tclass;
+ c->perms = perms;
+ c->next = avc_callbacks;
+ avc_callbacks = c;
+ out:
+ return rc;
+}
+
+static inline int avc_sidcmp(security_id_t x, security_id_t y)
+{
+ return (x == y || x == SECSID_WILD || y == SECSID_WILD);
+}
+
+static inline void avc_update_node(uint32_t event, struct avc_node *node,
+ access_vector_t perms)
+{
+ switch (event) {
+ case AVC_CALLBACK_GRANT:
+ node->ae.avd.allowed |= perms;
+ break;
+ case AVC_CALLBACK_TRY_REVOKE:
+ case AVC_CALLBACK_REVOKE:
+ node->ae.avd.allowed &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_ENABLE:
+ node->ae.avd.auditallow |= perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_DISABLE:
+ node->ae.avd.auditallow &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_ENABLE:
+ node->ae.avd.auditdeny |= perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_DISABLE:
+ node->ae.avd.auditdeny &= ~perms;
+ break;
+ }
+}
+
+static int avc_update_cache(uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms)
+{
+ struct avc_node *node;
+ int i;
+
+ avc_get_lock(avc_lock);
+
+ if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
+ /* apply to all matching nodes */
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ for (node = avc_cache.slots[i]; node; node = node->next) {
+ if (avc_sidcmp(ssid, node->ae.ssid) &&
+ avc_sidcmp(tsid, node->ae.tsid) &&
+ tclass == node->ae.tclass) {
+ avc_update_node(event, node, perms);
+ }
+ }
+ }
+ } else {
+ /* apply to one node */
+ node = avc_search_node(ssid, tsid, tclass, 0);
+ if (node) {
+ avc_update_node(event, node, perms);
+ }
+ }
+
+ avc_release_lock(avc_lock);
+
+ return 0;
+}
+
+/* avc_control - update cache and call callbacks
+ *
+ * This should not be called directly; use the individual event
+ * functions instead.
+ */
+static int avc_control(uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ uint32_t seqno, access_vector_t * out_retained)
+{
+ struct avc_callback_node *c;
+ access_vector_t tretained = 0, cretained = 0;
+ int ret, rc = 0, errsave = 0;
+ errno = 0;
+
+ /*
+ * try_revoke only removes permissions from the cache
+ * state if they are not retained by the object manager.
+ * Hence, try_revoke must wait until after the callbacks have
+ * been invoked to update the cache state.
+ */
+ if (event != AVC_CALLBACK_TRY_REVOKE)
+ avc_update_cache(event, ssid, tsid, tclass, perms);
+
+ for (c = avc_callbacks; c; c = c->next) {
+ if ((c->events & event) &&
+ avc_sidcmp(c->ssid, ssid) &&
+ avc_sidcmp(c->tsid, tsid) &&
+ c->tclass == tclass && (c->perms & perms)) {
+ cretained = 0;
+ ret = c->callback(event, ssid, tsid, tclass,
+ (c->perms & perms), &cretained);
+ if (ret && !rc) {
+ rc = ret;
+ errsave = errno;
+ }
+ if (!ret)
+ tretained |= cretained;
+ }
+ }
+
+ if (event == AVC_CALLBACK_TRY_REVOKE) {
+ /* revoke any unretained permissions */
+ perms &= ~tretained;
+ avc_update_cache(event, ssid, tsid, tclass, perms);
+ *out_retained = tretained;
+ }
+
+ avc_get_lock(avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ avc_release_lock(avc_lock);
+
+ errno = errsave;
+ return rc;
+}
+
+/**
+ * avc_ss_grant - Grant previously denied permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ */
+int avc_ss_grant(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno)
+{
+ return avc_control(AVC_CALLBACK_GRANT,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_try_revoke - Try to revoke previously granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @out_retained: subset of @perms that are retained
+ *
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained via @out_retained.
+ */
+int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms, uint32_t seqno,
+ access_vector_t * out_retained)
+{
+ return avc_control(AVC_CALLBACK_TRY_REVOKE,
+ ssid, tsid, tclass, perms, seqno, out_retained);
+}
+
+/**
+ * avc_ss_revoke - Revoke previously granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ *
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno)
+{
+ return avc_control(AVC_CALLBACK_REVOKE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_reset - Flush the cache and revalidate migrated permissions.
+ * @seqno: policy sequence number
+ */
+int avc_ss_reset(uint32_t seqno)
+{
+ int rc;
+
+ rc = avc_reset();
+
+ avc_get_lock(avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ avc_release_lock(avc_lock);
+
+ return rc;
+}
+
+/**
+ * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @enable: enable flag.
+ */
+int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @enable: enable flag.
+ */
+int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
new file mode 100644
index 0000000..b9e9db2
--- /dev/null
+++ b/libselinux/src/avc_internal.c
@@ -0,0 +1,239 @@
+/*
+ * Callbacks for user-supplied memory allocation, supplemental
+ * auditing, and locking routines.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ *
+ * Netlink code derived in part from sample code by
+ * James Morris <jmorris@redhat.com>.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include "selinux_netlink.h"
+#include "avc_internal.h"
+
+#ifndef NETLINK_SELINUX
+#define NETLINK_SELINUX 7
+#endif
+
+/* callback pointers */
+void *(*avc_func_malloc) (size_t) = NULL;
+void (*avc_func_free) (void *) = NULL;
+
+void (*avc_func_log) (const char *, ...) = NULL;
+void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
+
+int avc_using_threads = 0;
+void *(*avc_func_create_thread) (void (*)(void)) = NULL;
+void (*avc_func_stop_thread) (void *) = NULL;
+
+void *(*avc_func_alloc_lock) (void) = NULL;
+void (*avc_func_get_lock) (void *) = NULL;
+void (*avc_func_release_lock) (void *) = NULL;
+void (*avc_func_free_lock) (void *) = NULL;
+
+/* message prefix string and avc enforcing mode */
+char avc_prefix[AVC_PREFIX_SIZE] = "uavc";
+int avc_running = 0;
+int avc_enforcing = 1;
+int avc_setenforce = 0;
+int avc_netlink_trouble = 0;
+
+/* netlink socket code */
+static int fd;
+
+int avc_netlink_open(int blocking)
+{
+ int len, rc = 0;
+ struct sockaddr_nl addr;
+
+ fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_SELINUX);
+ if (fd < 0) {
+ rc = fd;
+ goto out;
+ }
+
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+ if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) {
+ close(fd);
+ rc = -1;
+ goto out;
+ }
+
+ len = sizeof(addr);
+
+ memset(&addr, 0, len);
+ addr.nl_family = AF_NETLINK;
+ addr.nl_groups = SELNL_GRP_AVC;
+
+ if (bind(fd, (struct sockaddr *)&addr, len) < 0) {
+ close(fd);
+ rc = -1;
+ goto out;
+ }
+ out:
+ return rc;
+}
+
+void avc_netlink_close(void)
+{
+ close(fd);
+}
+
+static int avc_netlink_receive(char *buf, unsigned buflen)
+{
+ int rc;
+ struct sockaddr_nl nladdr;
+ socklen_t nladdrlen = sizeof nladdr;
+ struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
+
+ rc = recvfrom(fd, buf, buflen, 0, (struct sockaddr *)&nladdr,
+ &nladdrlen);
+ if (rc < 0)
+ return rc;
+
+ if (nladdrlen != sizeof nladdr) {
+ avc_log("%s: warning: netlink address truncated, len %d?\n",
+ avc_prefix, nladdrlen);
+ return -1;
+ }
+
+ if (nladdr.nl_pid) {
+ avc_log("%s: warning: received spoofed netlink packet from: %d\n",
+ avc_prefix, nladdr.nl_pid);
+ return -1;
+ }
+
+ if (rc == 0) {
+ avc_log("%s: warning: received EOF on netlink socket\n",
+ avc_prefix);
+ errno = EBADFD;
+ return -1;
+ }
+
+ if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > (unsigned)rc) {
+ avc_log("%s: warning: incomplete netlink message\n",
+ avc_prefix);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int avc_netlink_process(char *buf)
+{
+ int rc;
+ struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
+
+ switch (nlh->nlmsg_type) {
+ case NLMSG_ERROR:{
+ struct nlmsgerr *err = NLMSG_DATA(nlh);
+
+ /* Netlink ack */
+ if (err->error == 0)
+ break;
+
+ errno = -err->error;
+ avc_log("%s: netlink error: %d\n", avc_prefix, errno);
+ return -1;
+ }
+
+ case SELNL_MSG_SETENFORCE:{
+ struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh);
+ avc_log("%s: received setenforce notice (enforcing=%d)\n",
+ avc_prefix, msg->val);
+ if (avc_setenforce)
+ break;
+ avc_enforcing = msg->val;
+ if (avc_enforcing && (rc = avc_ss_reset(0)) < 0) {
+ avc_log("%s: cache reset returned %d (errno %d)\n",
+ avc_prefix, rc, errno);
+ return rc;
+ }
+ break;
+ }
+
+ case SELNL_MSG_POLICYLOAD:{
+ struct selnl_msg_policyload *msg = NLMSG_DATA(nlh);
+ avc_log("%s: received policyload notice (seqno=%d)\n",
+ avc_prefix, msg->seqno);
+ rc = avc_ss_reset(msg->seqno);
+ if (rc < 0) {
+ avc_log("%s: cache reset returned %d (errno %d)\n",
+ avc_prefix, rc, errno);
+ return rc;
+ }
+ break;
+ }
+
+ default:
+ avc_log("%s: warning: unknown netlink message %d\n",
+ avc_prefix, nlh->nlmsg_type);
+ }
+ return 0;
+}
+
+int avc_netlink_check_nb(void)
+{
+ int rc;
+ char buf[1024] __attribute__ ((aligned));
+
+ while (1) {
+ errno = 0;
+ rc = avc_netlink_receive(buf, sizeof(buf));
+ if (rc < 0) {
+ if (errno == EWOULDBLOCK)
+ return 0;
+ if (errno == 0 || errno == EINTR)
+ continue;
+ else {
+ avc_log("%s: netlink recvfrom: error %d\n",
+ avc_prefix, errno);
+ return rc;
+ }
+ }
+
+ (void)avc_netlink_process(buf);
+ }
+ return 0;
+}
+
+/* run routine for the netlink listening thread */
+void avc_netlink_loop(void)
+{
+ int rc;
+ char buf[1024] __attribute__ ((aligned));
+
+ while (1) {
+ errno = 0;
+ rc = avc_netlink_receive(buf, sizeof(buf));
+ if (rc < 0) {
+ if (errno == 0 || errno == EINTR)
+ continue;
+ else {
+ avc_log("%s: netlink recvfrom: error %d\n",
+ avc_prefix, errno);
+ break;
+ }
+ }
+
+ rc = avc_netlink_process(buf);
+ if (rc < 0)
+ break;
+ }
+
+ close(fd);
+ avc_netlink_trouble = 1;
+ avc_log("%s: netlink thread: errors encountered, terminating\n",
+ avc_prefix);
+}
diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h
new file mode 100644
index 0000000..cd50dc8
--- /dev/null
+++ b/libselinux/src/avc_internal.h
@@ -0,0 +1,196 @@
+/*
+ * This file describes the internal interface used by the AVC
+ * for calling the user-supplied memory allocation, supplemental
+ * auditing, and locking routine, as well as incrementing the
+ * statistics fields.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELINUX_AVC_INTERNAL_H_
+#define _SELINUX_AVC_INTERNAL_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/avc.h>
+#include "callbacks.h"
+#include "dso.h"
+
+/* SID reference counter manipulation */
+static inline int sid_inc_refcnt(security_id_t sid)
+{
+ return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt + 1 : 0;
+}
+
+static inline int sid_dec_refcnt(security_id_t sid)
+{
+ return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt - 1 : 0;
+}
+
+/* callback pointers */
+extern void *(*avc_func_malloc) (size_t) hidden;
+extern void (*avc_func_free) (void *)hidden;
+
+extern void (*avc_func_log) (const char *, ...)hidden;
+extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
+
+extern int avc_using_threads hidden;
+extern void *(*avc_func_create_thread) (void (*)(void))hidden;
+extern void (*avc_func_stop_thread) (void *)hidden;
+
+extern void *(*avc_func_alloc_lock) (void)hidden;
+extern void (*avc_func_get_lock) (void *)hidden;
+extern void (*avc_func_release_lock) (void *)hidden;
+extern void (*avc_func_free_lock) (void *)hidden;
+
+static inline void set_callbacks(const struct avc_memory_callback *mem_cb,
+ const struct avc_log_callback *log_cb,
+ const struct avc_thread_callback *thread_cb,
+ const struct avc_lock_callback *lock_cb)
+{
+ if (mem_cb) {
+ avc_func_malloc = mem_cb->func_malloc;
+ avc_func_free = mem_cb->func_free;
+ }
+ if (log_cb) {
+ avc_func_log = log_cb->func_log;
+ avc_func_audit = log_cb->func_audit;
+ }
+ if (thread_cb) {
+ avc_using_threads = 1;
+ avc_func_create_thread = thread_cb->func_create_thread;
+ avc_func_stop_thread = thread_cb->func_stop_thread;
+ }
+ if (lock_cb) {
+ avc_func_alloc_lock = lock_cb->func_alloc_lock;
+ avc_func_get_lock = lock_cb->func_get_lock;
+ avc_func_release_lock = lock_cb->func_release_lock;
+ avc_func_free_lock = lock_cb->func_free_lock;
+ }
+}
+
+/* message prefix and enforcing mode*/
+#define AVC_PREFIX_SIZE 16
+extern char avc_prefix[AVC_PREFIX_SIZE] hidden;
+extern int avc_running hidden;
+extern int avc_enforcing hidden;
+extern int avc_setenforce hidden;
+
+/* user-supplied callback interface for avc */
+static inline void *avc_malloc(size_t size)
+{
+ return avc_func_malloc ? avc_func_malloc(size) : malloc(size);
+}
+
+static inline void avc_free(void *ptr)
+{
+ if (avc_func_free)
+ avc_func_free(ptr);
+ else
+ free(ptr);
+}
+
+/* this is a macro in order to use the variadic capability. */
+#define avc_log(format...) \
+ if (avc_func_log) \
+ avc_func_log(format); \
+ else \
+ selinux_log(SELINUX_ERROR, format);
+
+static inline void avc_suppl_audit(void *ptr, security_class_t class,
+ char *buf, size_t len)
+{
+ if (avc_func_audit)
+ avc_func_audit(ptr, class, buf, len);
+ else
+ selinux_audit(ptr, class, buf, len);
+}
+
+static inline void *avc_create_thread(void (*run) (void))
+{
+ return avc_func_create_thread ? avc_func_create_thread(run) : NULL;
+}
+
+static inline void avc_stop_thread(void *thread)
+{
+ if (avc_func_stop_thread)
+ avc_func_stop_thread(thread);
+}
+
+static inline void *avc_alloc_lock(void)
+{
+ return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL;
+}
+
+static inline void avc_get_lock(void *lock)
+{
+ if (avc_func_get_lock)
+ avc_func_get_lock(lock);
+}
+
+static inline void avc_release_lock(void *lock)
+{
+ if (avc_func_release_lock)
+ avc_func_release_lock(lock);
+}
+
+static inline void avc_free_lock(void *lock)
+{
+ if (avc_func_free_lock)
+ avc_func_free_lock(lock);
+}
+
+/* statistics helper routines */
+#ifdef AVC_CACHE_STATS
+
+#define avc_cache_stats_incr(field) \
+ cache_stats.field ++;
+#define avc_cache_stats_add(field, num) \
+ cache_stats.field += num;
+
+#else
+
+#define avc_cache_stats_incr(field)
+#define avc_cache_stats_add(field, num)
+
+#endif
+
+/* logging helper routines */
+#define AVC_AUDIT_BUFSIZE 1024
+
+/* again, we need the variadic capability here */
+#define log_append(buf,format...) \
+ snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format)
+
+/* internal callbacks */
+int avc_ss_grant(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno) hidden;
+int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms, uint32_t seqno,
+ access_vector_t * out_retained) hidden;
+int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno) hidden;
+int avc_ss_reset(uint32_t seqno) hidden;
+int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable) hidden;
+int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable) hidden;
+
+/* netlink kernel message code */
+extern int avc_netlink_trouble hidden;
+int avc_netlink_open(int blocking) hidden;
+int avc_netlink_check_nb(void) hidden;
+void avc_netlink_loop(void) hidden;
+void avc_netlink_close(void) hidden;
+
+hidden_proto(avc_av_stats)
+ hidden_proto(avc_cleanup)
+ hidden_proto(avc_reset)
+ hidden_proto(avc_audit)
+ hidden_proto(avc_has_perm_noaudit)
+#endif /* _SELINUX_AVC_INTERNAL_H_ */
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
new file mode 100644
index 0000000..dab5c4e
--- /dev/null
+++ b/libselinux/src/avc_sidtab.c
@@ -0,0 +1,192 @@
+/*
+ * Implementation of the userspace SID hashtable.
+ *
+ * Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil>
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <selinux/avc.h>
+#include "avc_sidtab.h"
+#include "avc_internal.h"
+
+static inline unsigned sidtab_hash(security_context_t key)
+{
+ char *p, *keyp;
+ unsigned int size;
+ unsigned int val;
+
+ val = 0;
+ keyp = (char *)key;
+ size = strlen(keyp);
+ for (p = keyp; (unsigned int)(p - keyp) < size; p++)
+ val =
+ (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
+ return val & (SIDTAB_SIZE - 1);
+}
+
+int sidtab_init(struct sidtab *s)
+{
+ int i, rc = 0;
+
+ s->htable = (struct sidtab_node **)avc_malloc
+ (sizeof(struct sidtab_node *) * SIDTAB_SIZE);
+
+ if (!s->htable) {
+ rc = -1;
+ goto out;
+ }
+ for (i = 0; i < SIDTAB_SIZE; i++)
+ s->htable[i] = NULL;
+ s->nel = 0;
+ out:
+ return rc;
+}
+
+int sidtab_insert(struct sidtab *s, security_context_t ctx)
+{
+ int hvalue, rc = 0;
+ struct sidtab_node *newnode;
+ security_context_t newctx;
+
+ newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode));
+ if (!newnode) {
+ rc = -1;
+ goto out;
+ }
+ newctx = (security_context_t) strdup(ctx);
+ if (!newctx) {
+ rc = -1;
+ avc_free(newnode);
+ goto out;
+ }
+
+ hvalue = sidtab_hash(newctx);
+ newnode->next = s->htable[hvalue];
+ newnode->sid_s.ctx = newctx;
+ newnode->sid_s.refcnt = 0; /* caller should increment */
+ s->htable[hvalue] = newnode;
+ s->nel++;
+ out:
+ return rc;
+}
+
+void sidtab_remove(struct sidtab *s, security_id_t sid)
+{
+ int hvalue;
+ struct sidtab_node *cur, *prev;
+
+ hvalue = sidtab_hash(sid->ctx);
+ cur = s->htable[hvalue];
+ prev = NULL;
+ while (cur) {
+ if (sid == &cur->sid_s) {
+ if (prev)
+ prev->next = cur->next;
+ else
+ s->htable[hvalue] = cur->next;
+ avc_free(cur);
+ s->nel--;
+ return;
+ } else {
+ prev = cur;
+ cur = cur->next;
+ }
+ }
+}
+
+security_id_t sidtab_claim_sid(struct sidtab *s)
+{
+ int i;
+ struct sidtab_node *cur;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur) {
+ if (!cur->sid_s.refcnt)
+ return &cur->sid_s;
+ cur = cur->next;
+ }
+ }
+ return NULL;
+}
+
+int
+sidtab_context_to_sid(struct sidtab *s,
+ security_context_t ctx, security_id_t * sid)
+{
+ int hvalue, rc = 0;
+ struct sidtab_node *cur;
+
+ *sid = NULL;
+ hvalue = sidtab_hash(ctx);
+
+ loop:
+ cur = s->htable[hvalue];
+ while (cur != NULL && strcmp(cur->sid_s.ctx, ctx))
+ cur = cur->next;
+
+ if (cur == NULL) { /* need to make a new entry */
+ rc = sidtab_insert(s, ctx);
+ if (rc)
+ goto out;
+ goto loop; /* find the newly inserted node */
+ }
+
+ *sid = &cur->sid_s;
+ out:
+ return rc;
+}
+
+void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ struct sidtab_node *cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ snprintf(buf, buflen,
+ "%s: %d SID entries and %d/%d buckets used, longest "
+ "chain length %d\n", avc_prefix, h->nel, slots_used,
+ SIDTAB_SIZE, max_chain_len);
+}
+
+void sidtab_destroy(struct sidtab *s)
+{
+ int i;
+ struct sidtab_node *cur, *temp;
+
+ if (!s)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ freecon(temp->sid_s.ctx);
+ avc_free(temp);
+ }
+ s->htable[i] = NULL;
+ }
+ avc_free(s->htable);
+ s->htable = NULL;
+}
diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h
new file mode 100644
index 0000000..620a335
--- /dev/null
+++ b/libselinux/src/avc_sidtab.h
@@ -0,0 +1,38 @@
+/*
+ * A security identifier table (sidtab) is a hash table
+ * of security context structures indexed by SID value.
+ */
+#ifndef _SELINUX_AVC_SIDTAB_H_
+#define _SELINUX_AVC_SIDTAB_H_
+
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#include "dso.h"
+
+struct sidtab_node {
+ struct security_id sid_s;
+ struct sidtab_node *next;
+};
+
+#define SIDTAB_HASH_BITS 7
+#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS)
+#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1)
+#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
+
+struct sidtab {
+ struct sidtab_node **htable;
+ unsigned nel;
+};
+
+int sidtab_init(struct sidtab *s) hidden;
+int sidtab_insert(struct sidtab *s, security_context_t ctx) hidden;
+void sidtab_remove(struct sidtab *s, security_id_t sid) hidden;
+security_id_t sidtab_claim_sid(struct sidtab *s) hidden;
+
+int sidtab_context_to_sid(struct sidtab *s,
+ security_context_t ctx, security_id_t * sid) hidden;
+
+void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) hidden;
+void sidtab_destroy(struct sidtab *s) hidden;
+
+#endif /* _SELINUX_AVC_SIDTAB_H_ */
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
new file mode 100644
index 0000000..bbf8324
--- /dev/null
+++ b/libselinux/src/booleans.c
@@ -0,0 +1,474 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Modified:
+ * Dan Walsh <dwalsh@redhat.com> - Added security_load_booleans().
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <unistd.h>
+#include <fnmatch.h>
+#include <limits.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include "selinux_internal.h"
+#include "policy.h"
+
+#define SELINUX_BOOL_DIR "/booleans/"
+
+static int filename_select(const struct dirent *d)
+{
+ if (d->d_name[0] == '.'
+ && (d->d_name[1] == '\0'
+ || (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+ return 0;
+ return 1;
+}
+
+int security_get_boolean_names(char ***names, int *len)
+{
+ char path[PATH_MAX];
+ int i, rc;
+ struct dirent **namelist;
+ char **n;
+
+ assert(len);
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
+ *len = scandir(path, &namelist, &filename_select, alphasort);
+ if (*len <= 0) {
+ return -1;
+ }
+
+ n = (char **)malloc(sizeof(char *) * *len);
+ if (!n) {
+ rc = -1;
+ goto bad;
+ }
+
+ for (i = 0; i < *len; i++) {
+ n[i] = (char *)malloc(_D_ALLOC_NAMLEN(namelist[i]));
+ if (!n[i]) {
+ rc = -1;
+ goto bad_freen;
+ }
+ strcpy(n[i], namelist[i]->d_name);
+ }
+ rc = 0;
+ *names = n;
+ out:
+ for (i = 0; i < *len; i++) {
+ free(namelist[i]);
+ }
+ free(namelist);
+ return rc;
+ bad_freen:
+ for (--i; i >= 0; --i)
+ free(n[i]);
+ free(n);
+ bad:
+ goto out;
+}
+
+hidden_def(security_get_boolean_names)
+#define STRBUF_SIZE 3
+static int get_bool_value(const char *name, char **buf)
+{
+ int fd, len;
+ char *fname = NULL;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ *buf = (char *)malloc(sizeof(char) * (STRBUF_SIZE + 1));
+ if (!*buf)
+ goto out;
+ (*buf)[STRBUF_SIZE] = 0;
+
+ len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
+ fname = (char *)malloc(sizeof(char) * len);
+ if (!fname)
+ goto out;
+ snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
+
+ fd = open(fname, O_RDONLY);
+ if (fd < 0)
+ goto out;
+
+ len = read(fd, *buf, STRBUF_SIZE);
+ close(fd);
+ if (len != STRBUF_SIZE)
+ goto out;
+
+ free(fname);
+ return 0;
+ out:
+ if (*buf)
+ free(*buf);
+ if (fname)
+ free(fname);
+ return -1;
+}
+
+int security_get_boolean_pending(const char *name)
+{
+ char *buf;
+ int val;
+
+ if (get_bool_value(name, &buf))
+ return -1;
+
+ if (atoi(&buf[1]))
+ val = 1;
+ else
+ val = 0;
+ free(buf);
+ return val;
+}
+
+int security_get_boolean_active(const char *name)
+{
+ char *buf;
+ int val;
+
+ if (get_bool_value(name, &buf))
+ return -1;
+
+ buf[1] = '\0';
+ if (atoi(buf))
+ val = 1;
+ else
+ val = 0;
+ free(buf);
+ return val;
+}
+
+hidden_def(security_get_boolean_active)
+
+int security_set_boolean(const char *name, int value)
+{
+ int fd, ret, len;
+ char buf[2], *fname;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (value < 0 || value > 1) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
+ fname = (char *)malloc(sizeof(char) * len);
+ if (!fname)
+ return -1;
+ snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
+
+ fd = open(fname, O_WRONLY);
+ if (fd < 0) {
+ ret = -1;
+ goto out;
+ }
+
+ if (value)
+ buf[0] = '1';
+ else
+ buf[0] = '0';
+ buf[1] = '\0';
+
+ ret = write(fd, buf, 2);
+ close(fd);
+ out:
+ free(fname);
+ if (ret > 0)
+ return 0;
+ else
+ return -1;
+}
+
+hidden_def(security_set_boolean)
+
+int security_commit_booleans(void)
+{
+ int fd, ret;
+ char buf[2];
+ char path[PATH_MAX];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt);
+ fd = open(path, O_WRONLY);
+ if (fd < 0)
+ return -1;
+
+ buf[0] = '1';
+ buf[1] = '\0';
+
+ ret = write(fd, buf, 2);
+ close(fd);
+
+ if (ret > 0)
+ return 0;
+ else
+ return -1;
+}
+
+hidden_def(security_commit_booleans)
+
+static char *strtrim(char *dest, char *source, int size)
+{
+ int i = 0;
+ char *ptr = source;
+ i = 0;
+ while (isspace(*ptr) && i < size) {
+ ptr++;
+ i++;
+ }
+ strncpy(dest, ptr, size);
+ for (i = strlen(dest) - 1; i > 0; i--) {
+ if (!isspace(dest[i]))
+ break;
+ }
+ dest[i + 1] = '\0';
+ return dest;
+}
+static int process_boolean(char *buffer, char *name, int namesize, int *val)
+{
+ char name1[BUFSIZ];
+ char *ptr;
+ char *tok = strtok_r(buffer, "=", &ptr);
+ if (tok) {
+ strncpy(name1, tok, BUFSIZ - 1);
+ strtrim(name, name1, namesize - 1);
+ if (name[0] == '#')
+ return 0;
+ tok = strtok_r(NULL, "\0", &ptr);
+ if (tok) {
+ while (isspace(*tok))
+ tok++;
+ *val = -1;
+ if (isdigit(tok[0]))
+ *val = atoi(tok);
+ else if (!strncasecmp(tok, "true", sizeof("true") - 1))
+ *val = 1;
+ else if (!strncasecmp
+ (tok, "false", sizeof("false") - 1))
+ *val = 0;
+ if (*val != 0 && *val != 1) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ }
+ }
+ return 1;
+}
+static int save_booleans(size_t boolcnt, SELboolean * boollist)
+{
+ ssize_t len;
+ size_t i;
+ char outbuf[BUFSIZ];
+ char *inbuf = NULL;
+
+ /* Open file */
+ const char *bool_file = selinux_booleans_path();
+ char local_bool_file[PATH_MAX];
+ char tmp_bool_file[PATH_MAX];
+ FILE *boolf;
+ int fd;
+ int *used = (int *)malloc(sizeof(int) * boolcnt);
+ if (!used) {
+ return -1;
+ }
+ /* zero out used field */
+ for (i = 0; i < boolcnt; i++)
+ used[i] = 0;
+
+ snprintf(tmp_bool_file, sizeof(tmp_bool_file), "%s.XXXXXX", bool_file);
+ fd = mkstemp(tmp_bool_file);
+ if (fd < 0) {
+ free(used);
+ return -1;
+ }
+
+ snprintf(local_bool_file, sizeof(local_bool_file), "%s.local",
+ bool_file);
+ boolf = fopen(local_bool_file, "r");
+ if (boolf != NULL) {
+ ssize_t ret;
+ size_t size = 0;
+ int val;
+ char boolname[BUFSIZ];
+ char *buffer;
+ inbuf = NULL;
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while ((len = getline(&inbuf, &size, boolf)) > 0) {
+ buffer = strdup(inbuf);
+ if (!buffer)
+ goto close_remove_fail;
+ ret =
+ process_boolean(inbuf, boolname, sizeof(boolname),
+ &val);
+ if (ret != 1) {
+ ret = write(fd, buffer, len);
+ free(buffer);
+ if (ret != len)
+ goto close_remove_fail;
+ } else {
+ free(buffer);
+ for (i = 0; i < boolcnt; i++) {
+ if (strcmp(boollist[i].name, boolname)
+ == 0) {
+ snprintf(outbuf, sizeof(outbuf),
+ "%s=%d\n", boolname,
+ boollist[i].value);
+ len = strlen(outbuf);
+ used[i] = 1;
+ if (write(fd, outbuf, len) !=
+ len)
+ goto close_remove_fail;
+ else
+ break;
+ }
+ }
+ if (i == boolcnt) {
+ snprintf(outbuf, sizeof(outbuf),
+ "%s=%d\n", boolname, val);
+ len = strlen(outbuf);
+ if (write(fd, outbuf, len) != len)
+ goto close_remove_fail;
+ }
+ }
+ free(inbuf);
+ inbuf = NULL;
+ }
+ fclose(boolf);
+ }
+
+ for (i = 0; i < boolcnt; i++) {
+ if (used[i] == 0) {
+ snprintf(outbuf, sizeof(outbuf), "%s=%d\n",
+ boollist[i].name, boollist[i].value);
+ len = strlen(outbuf);
+ if (write(fd, outbuf, len) != len) {
+ close_remove_fail:
+ free(inbuf);
+ close(fd);
+ remove_fail:
+ unlink(tmp_bool_file);
+ free(used);
+ return -1;
+ }
+ }
+
+ }
+ if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)
+ goto close_remove_fail;
+ close(fd);
+ if (rename(tmp_bool_file, local_bool_file) != 0)
+ goto remove_fail;
+
+ free(used);
+ return 0;
+}
+static void rollback(SELboolean * boollist, int end)
+{
+ int i;
+
+ for (i = 0; i < end; i++)
+ security_set_boolean(boollist[i].name,
+ security_get_boolean_active(boollist[i].
+ name));
+}
+
+int security_set_boolean_list(size_t boolcnt, SELboolean * boollist,
+ int permanent)
+{
+
+ size_t i;
+ for (i = 0; i < boolcnt; i++) {
+ if (security_set_boolean(boollist[i].name, boollist[i].value)) {
+ rollback(boollist, i);
+ return -1;
+ }
+ }
+
+ /* OK, let's do the commit */
+ if (security_commit_booleans()) {
+ return -1;
+ }
+
+ if (permanent)
+ return save_booleans(boolcnt, boollist);
+
+ return 0;
+}
+int security_load_booleans(char *path)
+{
+ FILE *boolf;
+ char *inbuf;
+ char localbools[BUFSIZ];
+ size_t len = 0, errors = 0;
+ int val;
+ char name[BUFSIZ];
+
+ boolf = fopen(path ? path : selinux_booleans_path(), "r");
+ if (boolf == NULL)
+ goto localbool;
+
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while (getline(&inbuf, &len, boolf) > 0) {
+ int ret = process_boolean(inbuf, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1)
+ if (security_set_boolean(name, val) < 0) {
+ errors++;
+ }
+ }
+ fclose(boolf);
+ localbool:
+ snprintf(localbools, sizeof(localbools), "%s.local",
+ (path ? path : selinux_booleans_path()));
+ boolf = fopen(localbools, "r");
+
+ if (boolf != NULL) {
+ int ret;
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while (getline(&inbuf, &len, boolf) > 0) {
+ ret = process_boolean(inbuf, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1)
+ if (security_set_boolean(name, val) < 0) {
+ errors++;
+ }
+ }
+ fclose(boolf);
+ }
+ if (security_commit_booleans() < 0)
+ return -1;
+
+ if (errors)
+ errno = EINVAL;
+ return errors ? -1 : 0;
+}
diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
new file mode 100644
index 0000000..5acfd3d
--- /dev/null
+++ b/libselinux/src/callbacks.c
@@ -0,0 +1,92 @@
+/*
+ * User-supplied callbacks and default implementations.
+ * Class and permission mappings.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include "callbacks.h"
+
+/* default implementations */
+static int __attribute__ ((format(printf, 2, 3)))
+default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
+{
+ int rc;
+ va_list ap;
+ va_start(ap, fmt);
+ rc = vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ return rc;
+}
+
+static int
+default_selinux_audit(void *ptr __attribute__((unused)),
+ security_class_t cls __attribute__((unused)),
+ char *buf __attribute__((unused)),
+ size_t len __attribute__((unused)))
+{
+ return 0;
+}
+
+static int
+default_selinux_validate(security_context_t *ctx)
+{
+ return security_check_context(*ctx);
+}
+
+/* callback pointers */
+int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log)(int, const char *, ...) =
+ default_selinux_log;
+
+int
+(*selinux_audit) (void *, security_class_t, char *, size_t) =
+ default_selinux_audit;
+
+int
+(*selinux_validate)(security_context_t *ctx) =
+ default_selinux_validate;
+
+/* callback setting function */
+void
+selinux_set_callback(int type, union selinux_callback cb)
+{
+ switch (type) {
+ case SELINUX_CB_LOG:
+ selinux_log = cb.func_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ selinux_audit = cb.func_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ selinux_validate = cb.func_validate;
+ break;
+ }
+}
+
+/* callback getting function */
+union selinux_callback
+selinux_get_callback(int type)
+{
+ union selinux_callback cb;
+
+ switch (type) {
+ case SELINUX_CB_LOG:
+ cb.func_log = selinux_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ cb.func_audit = selinux_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ cb.func_validate = selinux_validate;
+ break;
+ default:
+ memset(&cb, 0, sizeof(cb));
+ errno = EINVAL;
+ break;
+ }
+ return cb;
+}
diff --git a/libselinux/src/callbacks.h b/libselinux/src/callbacks.h
new file mode 100644
index 0000000..068fa9d
--- /dev/null
+++ b/libselinux/src/callbacks.h
@@ -0,0 +1,24 @@
+/*
+ * This file describes the callbacks passed to selinux_init() and available
+ * for use from the library code. They all have default implementations.
+ */
+#ifndef _SELINUX_CALLBACKS_H_
+#define _SELINUX_CALLBACKS_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include "dso.h"
+
+/* callback pointers */
+extern int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log) (int type, const char *, ...) hidden;
+
+extern int
+(*selinux_audit) (void *, security_class_t, char *, size_t) hidden;
+
+extern int
+(*selinux_validate)(security_context_t *ctx) hidden;
+
+#endif /* _SELINUX_CALLBACKS_H_ */
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
new file mode 100644
index 0000000..85bbbfa
--- /dev/null
+++ b/libselinux/src/canonicalize_context.c
@@ -0,0 +1,86 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/context", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ strncpy(buf, con, size);
+
+ ret = write(fd, buf, strlen(buf) + 1);
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0 && errno == EINVAL) {
+ /* Fall back to the original context for kernels
+ that do not support the extended interface. */
+ strncpy(buf, con, size);
+ }
+
+ *canoncon = strdup(buf);
+ if (!(*canoncon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_canonicalize_context_raw)
+
+int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon)
+{
+ int ret;
+ security_context_t rcon = con;
+ security_context_t rcanoncon;
+
+ if (selinux_trans_to_raw_context(con, &rcon))
+ return -1;
+
+ ret = security_canonicalize_context_raw(rcon, &rcanoncon);
+
+ freecon(rcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
+ freecon(rcanoncon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_canonicalize_context)
diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
new file mode 100644
index 0000000..c1982c7
--- /dev/null
+++ b/libselinux/src/checkAccess.c
@@ -0,0 +1,47 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+
+int selinux_check_passwd_access(access_vector_t requested)
+{
+ int status = -1;
+ security_context_t user_context;
+ if (is_selinux_enabled() == 0)
+ return 0;
+ if (getprevcon_raw(&user_context) == 0) {
+ security_class_t passwd_class;
+ struct av_decision avd;
+ int retval;
+
+ passwd_class = string_to_security_class("passwd");
+ if (passwd_class == 0)
+ return 0;
+
+ retval = security_compute_av_raw(user_context,
+ user_context,
+ passwd_class,
+ requested,
+ &avd);
+
+ if ((retval == 0) && ((requested & avd.allowed) == requested)) {
+ status = 0;
+ }
+ freecon(user_context);
+ }
+
+ if (status != 0 && security_getenforce() == 0)
+ status = 0;
+
+ return status;
+}
+
+hidden_def(selinux_check_passwd_access)
+
+int checkPasswdAccess(access_vector_t requested)
+{
+ return selinux_check_passwd_access(requested);
+}
diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
new file mode 100644
index 0000000..0e8fb86
--- /dev/null
+++ b/libselinux/src/check_context.c
@@ -0,0 +1,51 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_check_context_raw(security_context_t con)
+{
+ char path[PATH_MAX];
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/context", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ ret = write(fd, con, strlen(con) + 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+ return 0;
+}
+
+hidden_def(security_check_context_raw)
+
+int security_check_context(security_context_t con)
+{
+ int ret;
+ security_context_t rcon = con;
+
+ if (selinux_trans_to_raw_context(con, &rcon))
+ return -1;
+
+ ret = security_check_context_raw(rcon);
+
+ freecon(rcon);
+
+ return ret;
+}
+
+hidden_def(security_check_context)
diff --git a/libselinux/src/class_to_string.h b/libselinux/src/class_to_string.h
new file mode 100644
index 0000000..60327cb
--- /dev/null
+++ b/libselinux/src/class_to_string.h
@@ -0,0 +1,74 @@
+/* This file is automatically generated. Do not edit. */
+/*
+ * Security object class definitions
+ */
+ S_("null")
+ S_("security")
+ S_("process")
+ S_("system")
+ S_("capability")
+ S_("filesystem")
+ S_("file")
+ S_("dir")
+ S_("fd")
+ S_("lnk_file")
+ S_("chr_file")
+ S_("blk_file")
+ S_("sock_file")
+ S_("fifo_file")
+ S_("socket")
+ S_("tcp_socket")
+ S_("udp_socket")
+ S_("rawip_socket")
+ S_("node")
+ S_("netif")
+ S_("netlink_socket")
+ S_("packet_socket")
+ S_("key_socket")
+ S_("unix_stream_socket")
+ S_("unix_dgram_socket")
+ S_("sem")
+ S_("msg")
+ S_("msgq")
+ S_("shm")
+ S_("ipc")
+ S_("passwd")
+ S_("drawable")
+ S_("window")
+ S_("gc")
+ S_("font")
+ S_("colormap")
+ S_("property")
+ S_("cursor")
+ S_("xclient")
+ S_("xinput")
+ S_("xserver")
+ S_("xextension")
+ S_("pax")
+ S_("netlink_route_socket")
+ S_("netlink_firewall_socket")
+ S_("netlink_tcpdiag_socket")
+ S_("netlink_nflog_socket")
+ S_("netlink_xfrm_socket")
+ S_("netlink_selinux_socket")
+ S_("netlink_audit_socket")
+ S_("netlink_ip6fw_socket")
+ S_("netlink_dnrt_socket")
+ S_("dbus")
+ S_("nscd")
+ S_("association")
+ S_("netlink_kobject_uevent_socket")
+ S_("appletalk_socket")
+ S_("packet")
+ S_("key")
+ S_("context")
+ S_("dccp_socket")
+ S_("memprotect")
+ S_("db_database")
+ S_("db_table")
+ S_("db_procedure")
+ S_("db_column")
+ S_("db_tuple")
+ S_("db_blob")
+ S_("peer")
+ S_("capability2")
diff --git a/libselinux/src/common_perm_to_string.h b/libselinux/src/common_perm_to_string.h
new file mode 100644
index 0000000..f52d1f5
--- /dev/null
+++ b/libselinux/src/common_perm_to_string.h
@@ -0,0 +1,67 @@
+/* This file is automatically generated. Do not edit. */
+TB_(common_file_perm_to_string)
+ S_("ioctl")
+ S_("read")
+ S_("write")
+ S_("create")
+ S_("getattr")
+ S_("setattr")
+ S_("lock")
+ S_("relabelfrom")
+ S_("relabelto")
+ S_("append")
+ S_("unlink")
+ S_("link")
+ S_("rename")
+ S_("execute")
+ S_("swapon")
+ S_("quotaon")
+ S_("mounton")
+TE_(common_file_perm_to_string)
+
+TB_(common_socket_perm_to_string)
+ S_("ioctl")
+ S_("read")
+ S_("write")
+ S_("create")
+ S_("getattr")
+ S_("setattr")
+ S_("lock")
+ S_("relabelfrom")
+ S_("relabelto")
+ S_("append")
+ S_("bind")
+ S_("connect")
+ S_("listen")
+ S_("accept")
+ S_("getopt")
+ S_("setopt")
+ S_("shutdown")
+ S_("recvfrom")
+ S_("sendto")
+ S_("recv_msg")
+ S_("send_msg")
+ S_("name_bind")
+TE_(common_socket_perm_to_string)
+
+TB_(common_ipc_perm_to_string)
+ S_("create")
+ S_("destroy")
+ S_("getattr")
+ S_("setattr")
+ S_("read")
+ S_("write")
+ S_("associate")
+ S_("unix_read")
+ S_("unix_write")
+TE_(common_ipc_perm_to_string)
+
+TB_(common_database_perm_to_string)
+ S_("create")
+ S_("drop")
+ S_("getattr")
+ S_("setattr")
+ S_("relabelfrom")
+ S_("relabelto")
+TE_(common_database_perm_to_string)
+
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
new file mode 100644
index 0000000..45cd0db
--- /dev/null
+++ b/libselinux/src/compute_av.c
@@ -0,0 +1,95 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t len;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/access", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ len = selinux_page_size;
+ buf = malloc(len);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+
+ snprintf(buf, len, "%s %s %hu %x", scon, tcon,
+ unmap_class(tclass), unmap_perm(tclass, requested));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, len);
+ ret = read(fd, buf, len - 1);
+ if (ret < 0)
+ goto out2;
+
+ if (sscanf(buf, "%x %x %x %x %u", &avd->allowed,
+ &avd->decided, &avd->auditallow, &avd->auditdeny,
+ &avd->seqno) != 5) {
+ ret = -1;
+ goto out2;
+ }
+
+ map_decision(tclass, avd);
+
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_av_raw)
+
+int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
+
+ freecon(rscon);
+ freecon(rtcon);
+
+ return ret;
+}
+
+hidden_def(security_compute_av)
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
new file mode 100644
index 0000000..1c56f0f
--- /dev/null
+++ b/libselinux/src/compute_create.c
@@ -0,0 +1,94 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/create", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!(*newcon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_create_raw)
+
+int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_compute_create)
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
new file mode 100644
index 0000000..e5495e4
--- /dev/null
+++ b/libselinux/src/compute_member.c
@@ -0,0 +1,95 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/member", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!(*newcon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_member_raw)
+
+int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ if (selinux_raw_to_trans_context(rnewcon, newcon)) {
+ *newcon = NULL;
+ ret = -1;
+ }
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
new file mode 100644
index 0000000..ae9c648
--- /dev/null
+++ b/libselinux/src/compute_relabel.c
@@ -0,0 +1,92 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!*newcon) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_relabel_raw)
+
+int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
new file mode 100644
index 0000000..fa6f650
--- /dev/null
+++ b/libselinux/src/compute_user.c
@@ -0,0 +1,110 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_compute_user_raw(security_context_t scon,
+ const char *user, security_context_t ** con)
+{
+ char path[PATH_MAX];
+ char **ary;
+ char *buf, *ptr;
+ size_t size;
+ int fd, ret;
+ unsigned int i, nel;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/user", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s", scon, user);
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ if (sscanf(buf, "%u", &nel) != 1) {
+ ret = -1;
+ goto out2;
+ }
+
+ ary = malloc((nel + 1) * sizeof(char *));
+ if (!ary) {
+ ret = -1;
+ goto out2;
+ }
+
+ ptr = buf + strlen(buf) + 1;
+ for (i = 0; i < nel; i++) {
+ ary[i] = strdup(ptr);
+ if (!ary[i]) {
+ freeconary(ary);
+ ret = -1;
+ goto out2;
+ }
+ ptr += strlen(ptr) + 1;
+ }
+ ary[nel] = NULL;
+ *con = ary;
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_user_raw)
+
+int security_compute_user(security_context_t scon,
+ const char *user, security_context_t ** con)
+{
+ int ret;
+ security_context_t rscon = scon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+
+ ret = security_compute_user_raw(rscon, user, con);
+
+ freecon(rscon);
+ if (!ret) {
+ security_context_t *ptr, tmpcon;
+ for (ptr = *con; *ptr; ptr++) {
+ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) {
+ freeconary(*con);
+ *con = NULL;
+ return -1;
+ }
+ freecon(*ptr);
+ *ptr = tmpcon;
+ }
+ }
+
+ return ret;
+}
+
+hidden_def(security_compute_user)
diff --git a/libselinux/src/context.c b/libselinux/src/context.c
new file mode 100644
index 0000000..8164104
--- /dev/null
+++ b/libselinux/src/context.c
@@ -0,0 +1,193 @@
+#include "context_internal.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#define COMP_USER 0
+#define COMP_ROLE 1
+#define COMP_TYPE 2
+#define COMP_RANGE 3
+
+typedef struct {
+ char *current_str; /* This is made up-to-date only when needed */
+ char *(component[4]);
+} context_private_t;
+
+/*
+ * Allocate a new context, initialized from str. There must be 3 or
+ * 4 colon-separated components and no whitespace in any component other
+ * than the MLS component.
+ */
+context_t context_new(const char *str)
+{
+ int i, count;
+ context_private_t *n =
+ (context_private_t *) malloc(sizeof(context_private_t));
+ context_t result = (context_t) malloc(sizeof(context_s_t));
+ const char *p, *tok;
+
+ if (result)
+ result->ptr = n;
+ else
+ free(n);
+ if (n == 0 || result == 0) {
+ goto err;
+ }
+ n->current_str = n->component[0] = n->component[1] = n->component[2] =
+ n->component[3] = 0;
+ for (i = count = 0, p = str; *p; p++) {
+ switch (*p) {
+ case ':':
+ count++;
+ break;
+ case '\n':
+ case '\t':
+ case '\r':
+ goto err; /* sanity check */
+ case ' ':
+ if (count < 3)
+ goto err; /* sanity check */
+ }
+ }
+ /*
+ * Could be anywhere from 2 - 5
+ * e.g user:role:type to user:role:type:sens1:cata-sens2:catb
+ */
+ if (count < 2 || count > 5) { /* might not have a range */
+ goto err;
+ }
+
+ n->component[3] = 0;
+ for (i = 0, tok = str; *tok; i++) {
+ if (i < 3)
+ for (p = tok; *p && *p != ':'; p++) { /* empty */
+ } else {
+ /* MLS range is one component */
+ for (p = tok; *p; p++) { /* empty */
+ }
+ }
+ n->component[i] = (char *)malloc(p - tok + 1);
+ if (n->component[i] == 0)
+ goto err;
+ strncpy(n->component[i], tok, p - tok);
+ n->component[i][p - tok] = '\0';
+ tok = *p ? p + 1 : p;
+ }
+ return result;
+ err:
+ context_free(result);
+ return 0;
+}
+
+hidden_def(context_new)
+
+static void conditional_free(char **v)
+{
+ if (*v) {
+ free(*v);
+ }
+ *v = 0;
+}
+
+/*
+ * free all storage used by a context. Safe to call with
+ * null pointer.
+ */
+void context_free(context_t context)
+{
+ context_private_t *n;
+ int i;
+ if (context) {
+ n = context->ptr;
+ if (n) {
+ conditional_free(&n->current_str);
+ for (i = 0; i < 4; i++) {
+ conditional_free(&n->component[i]);
+ }
+ free(n);
+ }
+ free(context);
+ }
+}
+
+hidden_def(context_free)
+
+/*
+ * Return a pointer to the string value of the context.
+ */
+char *context_str(context_t context)
+{
+ context_private_t *n = context->ptr;
+ int i;
+ size_t total = 0;
+ conditional_free(&n->current_str);
+ for (i = 0; i < 4; i++) {
+ if (n->component[i]) {
+ total += strlen(n->component[i]) + 1;
+ }
+ }
+ n->current_str = malloc(total);
+ if (n->current_str != 0) {
+ char *cp = n->current_str;
+
+ cp = stpcpy(cp, n->component[0]);
+ for (i = 1; i < 4; i++) {
+ if (n->component[i]) {
+ *cp++ = ':';
+ cp = stpcpy(cp, n->component[i]);
+ }
+ }
+ }
+ return n->current_str;
+}
+
+hidden_def(context_str)
+
+/* Returns nonzero iff failed */
+static int set_comp(context_private_t * n, int idx, const char *str)
+{
+ char *t = NULL;
+ const char *p;
+ if (str) {
+ t = (char *)malloc(strlen(str) + 1);
+ if (!t) {
+ return 1;
+ }
+ for (p = str; *p; p++) {
+ if (*p == '\t' || *p == '\n' || *p == '\r' ||
+ ((*p == ':' || *p == ' ') && idx != COMP_RANGE)) {
+ free(t);
+ errno = EINVAL;
+ return 1;
+ }
+ }
+ strcpy(t, str);
+ }
+ conditional_free(&n->component[idx]);
+ n->component[idx] = t;
+ return 0;
+}
+
+#define def_get(name,tag) \
+const char * context_ ## name ## _get(context_t context) \
+{ \
+ context_private_t *n = context->ptr; \
+ return n->component[tag]; \
+} \
+hidden_def(context_ ## name ## _get)
+
+def_get(type, COMP_TYPE)
+ def_get(user, COMP_USER)
+ def_get(range, COMP_RANGE)
+ def_get(role, COMP_ROLE)
+#define def_set(name,tag) \
+int context_ ## name ## _set(context_t context, const char* str) \
+{ \
+ return set_comp(context->ptr,tag,str);\
+} \
+hidden_def(context_ ## name ## _set)
+ def_set(type, COMP_TYPE)
+ def_set(role, COMP_ROLE)
+ def_set(user, COMP_USER)
+ def_set(range, COMP_RANGE)
diff --git a/libselinux/src/context_internal.h b/libselinux/src/context_internal.h
new file mode 100644
index 0000000..3c71e80
--- /dev/null
+++ b/libselinux/src/context_internal.h
@@ -0,0 +1,14 @@
+#include <selinux/context.h>
+#include "dso.h"
+
+hidden_proto(context_new)
+ hidden_proto(context_free)
+ hidden_proto(context_str)
+ hidden_proto(context_type_set)
+ hidden_proto(context_type_get)
+ hidden_proto(context_role_set)
+ hidden_proto(context_role_get)
+ hidden_proto(context_user_set)
+ hidden_proto(context_user_get)
+ hidden_proto(context_range_set)
+ hidden_proto(context_range_get)
diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c
new file mode 100644
index 0000000..dac0f5b
--- /dev/null
+++ b/libselinux/src/disable.c
@@ -0,0 +1,38 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_disable(void)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/disable", selinux_mnt);
+ fd = open(path, O_WRONLY);
+ if (fd < 0)
+ return -1;
+
+ buf[0] = '1';
+ buf[1] = '\0';
+ ret = write(fd, buf, strlen(buf));
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ return 0;
+}
+
+hidden_def(security_disable)
diff --git a/libselinux/src/dso.h b/libselinux/src/dso.h
new file mode 100644
index 0000000..12c3d11
--- /dev/null
+++ b/libselinux/src/dso.h
@@ -0,0 +1,23 @@
+#ifndef _SELINUX_DSO_H
+#define _SELINUX_DSO_H 1
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal) \
+ extern __typeof (fct) internal; \
+ extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif
diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c
new file mode 100644
index 0000000..b3c8c47
--- /dev/null
+++ b/libselinux/src/enabled.c
@@ -0,0 +1,104 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include "policy.h"
+
+int is_selinux_enabled(void)
+{
+ char *buf=NULL;
+ FILE *fp;
+ ssize_t num;
+ size_t len;
+ int enabled = 0;
+ security_context_t con;
+
+ /* init_selinuxmnt() gets called before this function. We
+ * will assume that if a selinux file system is mounted, then
+ * selinux is enabled. */
+ if (selinux_mnt) {
+
+ /* Since a file system is mounted, we consider selinux
+ * enabled. If getcon_raw fails, selinux is still enabled.
+ * We only consider it disabled if no policy is loaded. */
+ enabled = 1;
+ if (getcon_raw(&con) == 0) {
+ if (!strcmp(con, "kernel"))
+ enabled = 0;
+ freecon(con);
+ }
+ return enabled;
+ }
+
+ /* Drop back to detecting it the long way. */
+ fp = fopen("/proc/filesystems", "r");
+ if (!fp)
+ return -1;
+
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ if (strstr(buf, "selinuxfs")) {
+ enabled = 1;
+ break;
+ }
+ }
+
+ if (num < 0)
+ goto out;
+
+ /* Since an selinux file system is available, we consider
+ * selinux enabled. If getcon_raw fails, selinux is still
+ * enabled. We only consider it disabled if no policy is loaded. */
+ if (getcon_raw(&con) == 0) {
+ if (!strcmp(con, "kernel"))
+ enabled = 0;
+ freecon(con);
+ }
+
+ out:
+ free(buf);
+ fclose(fp);
+ return enabled;
+}
+
+hidden_def(is_selinux_enabled)
+
+/*
+ * Function: is_selinux_mls_enabled()
+ * Return: 1 on success
+ * 0 on failure
+ */
+int is_selinux_mls_enabled(void)
+{
+ char buf[20], path[PATH_MAX];
+ int fd, ret, enabled = 0;
+
+ if (!selinux_mnt)
+ return enabled;
+
+ snprintf(path, sizeof path, "%s/mls", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return enabled;
+
+ memset(buf, 0, sizeof buf);
+
+ do {
+ ret = read(fd, buf, sizeof buf - 1);
+ } while (ret < 0 && errno == EINTR);
+ close(fd);
+ if (ret < 0)
+ return enabled;
+
+ if (!strcmp(buf, "1"))
+ enabled = 1;
+
+ return enabled;
+}
+
+hidden_def(is_selinux_mls_enabled)
diff --git a/libselinux/src/fgetfilecon.c b/libselinux/src/fgetfilecon.c
new file mode 100644
index 0000000..c88d515
--- /dev/null
+++ b/libselinux/src/fgetfilecon.c
@@ -0,0 +1,72 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int fgetfilecon_raw(int fd, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = fgetxattr(fd, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(fgetfilecon_raw)
+
+int fgetfilecon(int fd, security_context_t * context)
+{
+ security_context_t rcontext;
+ int ret;
+
+ *context = NULL;
+
+ ret = fgetfilecon_raw(fd, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+
+ return ret;
+}
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
new file mode 100644
index 0000000..bea5c40
--- /dev/null
+++ b/libselinux/src/file_path_suffixes.h
@@ -0,0 +1,21 @@
+/* File name suffixes. */
+S_(BINPOLICY, "/policy/policy")
+ S_(CONTEXTS_DIR, "/contexts")
+ S_(FILE_CONTEXTS, "/contexts/files/file_contexts")
+ S_(HOMEDIR_CONTEXTS, "/contexts/files/homedir_template")
+ S_(DEFAULT_CONTEXTS, "/contexts/default_contexts")
+ S_(USER_CONTEXTS, "/contexts/users/")
+ S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
+ S_(DEFAULT_TYPE, "/contexts/default_type")
+ S_(SECURETTY_TYPES, "/contexts/securetty_types")
+ S_(BOOLEANS, "/booleans")
+ S_(MEDIA_CONTEXTS, "/contexts/files/media")
+ S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
+ S_(CUSTOMIZABLE_TYPES, "/contexts/customizable_types")
+ S_(USERS_DIR, "/users/")
+ S_(SEUSERS, "/seusers")
+ S_(TRANSLATIONS, "/setrans.conf")
+ S_(NETFILTER_CONTEXTS, "/contexts/netfilter_contexts")
+ S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedirs")
+ S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
+ S_(X_CONTEXTS, "/contexts/x_contexts")
diff --git a/libselinux/src/freecon.c b/libselinux/src/freecon.c
new file mode 100644
index 0000000..3ec4fe2
--- /dev/null
+++ b/libselinux/src/freecon.c
@@ -0,0 +1,11 @@
+#include <unistd.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+
+void freecon(security_context_t con)
+{
+ free(con);
+}
+
+hidden_def(freecon)
diff --git a/libselinux/src/freeconary.c b/libselinux/src/freeconary.c
new file mode 100644
index 0000000..835f5bc
--- /dev/null
+++ b/libselinux/src/freeconary.c
@@ -0,0 +1,19 @@
+#include <unistd.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+
+void freeconary(security_context_t * con)
+{
+ char **ptr;
+
+ if (!con)
+ return;
+
+ for (ptr = con; *ptr; ptr++) {
+ free(*ptr);
+ }
+ free(con);
+}
+
+hidden_def(freeconary)
diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
new file mode 100644
index 0000000..6cad4d7
--- /dev/null
+++ b/libselinux/src/fsetfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int fsetfilecon_raw(int fd, security_context_t context)
+{
+ return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(fsetfilecon_raw)
+
+int fsetfilecon(int fd, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = fsetfilecon_raw(fd, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
new file mode 100644
index 0000000..a50fca8
--- /dev/null
+++ b/libselinux/src/get_context_list.c
@@ -0,0 +1,541 @@
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <pwd.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+#include "get_context_list_internal.h"
+
+int get_default_context_with_role(const char *user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+ security_context_t *conary;
+ char **ptr;
+ context_t con;
+ const char *role2;
+ int rc;
+
+ rc = get_ordered_context_list(user, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ for (ptr = conary; *ptr; ptr++) {
+ con = context_new(*ptr);
+ if (!con)
+ continue;
+ role2 = context_role_get(con);
+ if (role2 && !strcmp(role, role2)) {
+ context_free(con);
+ break;
+ }
+ context_free(con);
+ }
+
+ rc = -1;
+ if (!(*ptr))
+ goto out;
+ *newcon = strdup(*ptr);
+ if (!(*newcon))
+ goto out;
+ rc = 0;
+ out:
+ freeconary(conary);
+ return rc;
+}
+
+hidden_def(get_default_context_with_role)
+
+int get_default_context_with_rolelevel(const char *user,
+ const char *role,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+
+ int rc = 0;
+ int freefrom = 0;
+ context_t con;
+ char *newfromcon;
+ if (!level)
+ return get_default_context_with_role(user, role, fromcon,
+ newcon);
+
+ if (!fromcon) {
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ rc = -1;
+ con = context_new(fromcon);
+ if (!con)
+ goto out;
+
+ if (context_range_set(con, level))
+ goto out;
+
+ newfromcon = context_str(con);
+ if (!newfromcon)
+ goto out;
+
+ rc = get_default_context_with_role(user, role, newfromcon, newcon);
+
+ out:
+ context_free(con);
+ if (freefrom)
+ freecon(fromcon);
+ return rc;
+
+}
+
+int get_default_context(const char *user,
+ security_context_t fromcon, security_context_t * newcon)
+{
+ security_context_t *conary;
+ int rc;
+
+ rc = get_ordered_context_list(user, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ *newcon = strdup(conary[0]);
+ freeconary(conary);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
+
+static int find_partialcon(security_context_t * list,
+ unsigned int nreach, char *part)
+{
+ const char *conrole, *contype;
+ char *partrole, *parttype, *ptr;
+ context_t con;
+ unsigned int i;
+
+ partrole = part;
+ ptr = part;
+ while (*ptr && !isspace(*ptr) && *ptr != ':')
+ ptr++;
+ if (*ptr != ':')
+ return -1;
+ *ptr++ = 0;
+ parttype = ptr;
+ while (*ptr && !isspace(*ptr) && *ptr != ':')
+ ptr++;
+ *ptr = 0;
+
+ for (i = 0; i < nreach; i++) {
+ con = context_new(list[i]);
+ if (!con)
+ return -1;
+ conrole = context_role_get(con);
+ contype = context_type_get(con);
+ if (!conrole || !contype) {
+ context_free(con);
+ return -1;
+ }
+ if (!strcmp(conrole, partrole) && !strcmp(contype, parttype)) {
+ context_free(con);
+ return i;
+ }
+ context_free(con);
+ }
+
+ return -1;
+}
+
+static int get_context_order(FILE * fp,
+ security_context_t fromcon,
+ security_context_t * reachable,
+ unsigned int nreach,
+ unsigned int *ordering, unsigned int *nordered)
+{
+ char *start, *end = NULL;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t len;
+ int found = 0;
+ const char *fromrole, *fromtype;
+ char *linerole, *linetype;
+ unsigned int i;
+ context_t con;
+ int rc;
+
+ errno = -EINVAL;
+
+ /* Extract the role and type of the fromcon for matching.
+ User identity and MLS range can be variable. */
+ con = context_new(fromcon);
+ if (!con)
+ return -1;
+ fromrole = context_role_get(con);
+ fromtype = context_type_get(con);
+ if (!fromrole || !fromtype) {
+ context_free(con);
+ return -1;
+ }
+
+ while ((len = getline(&line, &line_len, fp)) > 0) {
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ /* Find the end of the (partial) fromcon in the line. */
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (!(*end))
+ continue;
+
+ /* Check for a match. */
+ linerole = start;
+ while (*start && !isspace(*start) && *start != ':')
+ start++;
+ if (*start != ':')
+ continue;
+ *start = 0;
+ linetype = ++start;
+ while (*start && !isspace(*start) && *start != ':')
+ start++;
+ if (!(*start))
+ continue;
+ *start = 0;
+ if (!strcmp(fromrole, linerole) && !strcmp(fromtype, linetype)) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ errno = ENOENT;
+ rc = -1;
+ goto out;
+ }
+
+ start = ++end;
+ while (*start) {
+ /* Skip leading whitespace */
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ break;
+
+ /* Find the end of this partial context. */
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+
+ /* Check for a match in the reachable list. */
+ rc = find_partialcon(reachable, nreach, start);
+ if (rc < 0) {
+ /* No match, skip it. */
+ start = end;
+ continue;
+ }
+
+ /* If a match is found and the entry is not already ordered
+ (e.g. due to prior match in prior config file), then set
+ the ordering for it. */
+ i = rc;
+ if (ordering[i] == nreach)
+ ordering[i] = (*nordered)++;
+ start = end;
+ }
+
+ rc = 0;
+
+ out:
+ context_free(con);
+ free(line);
+ return rc;
+}
+
+static int get_failsafe_context(const char *user, security_context_t * newcon)
+{
+ FILE *fp;
+ char buf[255], *ptr;
+ size_t plen, nlen;
+ int rc;
+
+ fp = fopen(selinux_failsafe_context_path(), "r");
+ if (!fp)
+ return -1;
+
+ ptr = fgets_unlocked(buf, sizeof buf, fp);
+ fclose(fp);
+
+ if (!ptr)
+ return -1;
+ plen = strlen(ptr);
+ if (buf[plen - 1] == '\n')
+ buf[plen - 1] = 0;
+
+ retry:
+ nlen = strlen(user) + 1 + plen + 1;
+ *newcon = malloc(nlen);
+ if (!(*newcon))
+ return -1;
+ rc = snprintf(*newcon, nlen, "%s:%s", user, ptr);
+ if (rc < 0 || (size_t) rc >= nlen) {
+ free(*newcon);
+ *newcon = 0;
+ return -1;
+ }
+
+ /* If possible, check the context to catch
+ errors early rather than waiting until the
+ caller tries to use setexeccon on the context.
+ But this may not always be possible, e.g. if
+ selinuxfs isn't mounted. */
+ if (security_check_context(*newcon) && errno != ENOENT) {
+ free(*newcon);
+ *newcon = 0;
+ if (strcmp(user, SELINUX_DEFAULTUSER)) {
+ user = SELINUX_DEFAULTUSER;
+ goto retry;
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+struct context_order {
+ security_context_t con;
+ unsigned int order;
+};
+
+static int order_compare(const void *A, const void *B)
+{
+ const struct context_order *c1 = A, *c2 = B;
+ if (c1->order < c2->order)
+ return -1;
+ else if (c1->order > c2->order)
+ return 1;
+ return strcmp(c1->con, c2->con);
+}
+
+int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t ** list)
+{
+ int rc;
+ int freefrom = 0;
+ context_t con;
+ char *newfromcon;
+
+ if (!level)
+ return get_ordered_context_list(user, fromcon, list);
+
+ if (!fromcon) {
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ rc = -1;
+ con = context_new(fromcon);
+ if (!con)
+ goto out;
+
+ if (context_range_set(con, level))
+ goto out;
+
+ newfromcon = context_str(con);
+ if (!newfromcon)
+ goto out;
+
+ rc = get_ordered_context_list(user, newfromcon, list);
+
+ out:
+ context_free(con);
+ if (freefrom)
+ freecon(fromcon);
+ return rc;
+}
+
+hidden_def(get_ordered_context_list_with_level)
+
+int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+ security_context_t *conary;
+ int rc;
+
+ rc = get_ordered_context_list_with_level(user, level, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ *newcon = strdup(conary[0]);
+ freeconary(conary);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
+
+int get_ordered_context_list(const char *user,
+ security_context_t fromcon,
+ security_context_t ** list)
+{
+ security_context_t *reachable = NULL;
+ unsigned int *ordering = NULL;
+ struct context_order *co = NULL;
+ char **ptr;
+ int rc = 0;
+ unsigned int nreach = 0, nordered = 0, freefrom = 0, i;
+ FILE *fp;
+ char *fname = NULL;
+ size_t fname_len;
+ const char *user_contexts_path = selinux_user_contexts_path();
+
+ if (!fromcon) {
+ /* Get the current context and use it for the starting context */
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ /* Determine the set of reachable contexts for the user. */
+ rc = security_compute_user(fromcon, user, &reachable);
+ if (rc < 0) {
+ /* Retry with the default SELinux user identity. */
+ user = SELINUX_DEFAULTUSER;
+ rc = security_compute_user(fromcon, user, &reachable);
+ if (rc < 0)
+ goto failsafe;
+ }
+ nreach = 0;
+ for (ptr = reachable; *ptr; ptr++)
+ nreach++;
+ if (!nreach)
+ goto failsafe;
+
+ /* Initialize ordering array. */
+ ordering = malloc(nreach * sizeof(unsigned int));
+ if (!ordering)
+ goto oom_order;
+ for (i = 0; i < nreach; i++)
+ ordering[i] = nreach;
+
+ /* Determine the ordering to apply from the optional per-user config
+ and from the global config. */
+ fname_len = strlen(user_contexts_path) + strlen(user) + 2;
+ fname = malloc(fname_len);
+ if (!fname)
+ goto oom_order;
+ snprintf(fname, fname_len, "%s%s", user_contexts_path, user);
+ fp = fopen(fname, "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
+ &nordered);
+ fclose(fp);
+ if (rc < 0 && errno != ENOENT) {
+ fprintf(stderr,
+ "%s: error in processing configuration file %s\n",
+ __FUNCTION__, fname);
+ /* Fall through, try global config */
+ }
+ }
+ free(fname);
+ fp = fopen(selinux_default_context_path(), "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
+ &nordered);
+ fclose(fp);
+ if (rc < 0 && errno != ENOENT) {
+ fprintf(stderr,
+ "%s: error in processing configuration file %s\n",
+ __FUNCTION__, selinux_default_context_path());
+ /* Fall through */
+ }
+ }
+
+ /* Apply the ordering. */
+ if (nordered) {
+ co = malloc(nreach * sizeof(struct context_order));
+ if (!co)
+ goto oom_order;
+ for (i = 0; i < nreach; i++) {
+ co[i].con = reachable[i];
+ co[i].order = ordering[i];
+ }
+ qsort(co, nreach, sizeof(struct context_order), order_compare);
+ for (i = 0; i < nreach; i++)
+ reachable[i] = co[i].con;
+ free(co);
+ }
+
+ /* Return the ordered list.
+ If we successfully ordered it, then only report the ordered entries
+ to the caller. Otherwise, fall back to the entire reachable list. */
+ if (nordered && nordered < nreach) {
+ for (i = nordered; i < nreach; i++)
+ free(reachable[i]);
+ reachable[nordered] = NULL;
+ rc = nordered;
+ } else {
+ rc = nreach;
+ }
+
+ out:
+ *list = reachable;
+
+ free(ordering);
+ if (freefrom)
+ freecon(fromcon);
+
+ return rc;
+
+ failsafe:
+ /* Unable to determine a reachable context list, try to fall back to
+ the "failsafe" context to at least permit root login
+ for emergency recovery if possible. */
+ freeconary(reachable);
+ reachable = malloc(2 * sizeof(security_context_t));
+ if (!reachable) {
+ rc = -1;
+ goto out;
+ }
+ reachable[0] = reachable[1] = 0;
+ rc = get_failsafe_context(user, &reachable[0]);
+ if (rc < 0) {
+ freeconary(reachable);
+ reachable = NULL;
+ goto out;
+ }
+ rc = 1; /* one context in the list */
+ goto out;
+
+ oom_order:
+ /* Unable to order context list due to OOM condition.
+ Fall back to unordered reachable context list. */
+ fprintf(stderr, "%s: out of memory, unable to order list\n",
+ __FUNCTION__);
+ rc = nreach;
+ goto out;
+}
+
+hidden_def(get_ordered_context_list)
diff --git a/libselinux/src/get_context_list_internal.h b/libselinux/src/get_context_list_internal.h
new file mode 100644
index 0000000..c224834
--- /dev/null
+++ b/libselinux/src/get_context_list_internal.h
@@ -0,0 +1,6 @@
+#include <selinux/get_context_list.h>
+#include "dso.h"
+
+hidden_proto(get_ordered_context_list)
+ hidden_proto(get_ordered_context_list_with_level)
+ hidden_proto(get_default_context_with_role)
diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c
new file mode 100644
index 0000000..6fd1681
--- /dev/null
+++ b/libselinux/src/get_default_type.c
@@ -0,0 +1,65 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include "get_default_type_internal.h"
+
+static int find_default_type(FILE * fp, const char *role, char **type);
+
+int get_default_type(const char *role, char **type)
+{
+ FILE *fp = NULL;
+
+ fp = fopen(selinux_default_type_path(), "r");
+ if (!fp)
+ return -1;
+
+ if (find_default_type(fp, role, type) < 0) {
+ fclose(fp);
+ return -1;
+ }
+
+ fclose(fp);
+ return 0;
+}
+
+static int find_default_type(FILE * fp, const char *role, char **type)
+{
+ char buf[250];
+ char *ptr = "", *end, *t;
+ size_t len;
+ int found = 0;
+
+ len = strlen(role);
+ while (!feof_unlocked(fp)) {
+ if (!fgets_unlocked(buf, sizeof buf, fp))
+ return -1;
+ if (buf[strlen(buf) - 1])
+ buf[strlen(buf) - 1] = 0;
+
+ ptr = buf;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+ if (!(*ptr))
+ continue;
+
+ if (!strncmp(role, ptr, len)) {
+ end = ptr + len;
+ if (*end == ':') {
+ found = 1;
+ ptr = ++end;
+ break;
+ }
+ }
+ }
+
+ if (!found)
+ return -1;
+
+ t = malloc(strlen(buf) - len);
+ if (!t)
+ return -1;
+ strcpy(t, ptr);
+ *type = t;
+ return 0;
+}
diff --git a/libselinux/src/get_default_type_internal.h b/libselinux/src/get_default_type_internal.h
new file mode 100644
index 0000000..0da3c51
--- /dev/null
+++ b/libselinux/src/get_default_type_internal.h
@@ -0,0 +1,4 @@
+#include <selinux/get_default_type.h>
+#include "dso.h"
+
+hidden_proto(selinux_default_type_path)
diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c
new file mode 100644
index 0000000..1676435
--- /dev/null
+++ b/libselinux/src/get_initial_context.c
@@ -0,0 +1,72 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+#define SELINUX_INITCON_DIR "/initial_contexts/"
+
+int security_get_initial_context_raw(const char * name, security_context_t * con)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s%s%s",
+ selinux_mnt, SELINUX_INITCON_DIR, name);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *con = strdup(buf);
+ if (!(*con)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_get_initial_context_raw)
+
+int security_get_initial_context(const char * name, security_context_t * con)
+{
+ int ret;
+ security_context_t rcon;
+
+ ret = security_get_initial_context_raw(name, &rcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcon, con);
+ freecon(rcon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_get_initial_context)
diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c
new file mode 100644
index 0000000..4fb516a
--- /dev/null
+++ b/libselinux/src/getenforce.c
@@ -0,0 +1,40 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_getenforce(void)
+{
+ int fd, ret, enforce = 0;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ memset(buf, 0, sizeof buf);
+ ret = read(fd, buf, sizeof buf - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%d", &enforce) != 1)
+ return -1;
+
+ return enforce;
+}
+
+hidden_def(security_getenforce)
diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c
new file mode 100644
index 0000000..67e4463
--- /dev/null
+++ b/libselinux/src/getfilecon.c
@@ -0,0 +1,73 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "policy.h"
+
+int getfilecon_raw(const char *path, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = getxattr(path, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(getfilecon_raw)
+
+int getfilecon(const char *path, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ *context = NULL;
+
+ ret = getfilecon_raw(path, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+
+ return ret;
+}
+
+hidden_def(getfilecon)
diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c
new file mode 100644
index 0000000..5c01ed5
--- /dev/null
+++ b/libselinux/src/getpeercon.c
@@ -0,0 +1,61 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/socket.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+#ifndef SO_PEERSEC
+#define SO_PEERSEC 31
+#endif
+
+int getpeercon_raw(int fd, security_context_t * context)
+{
+ char *buf;
+ socklen_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size);
+ }
+ out:
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(getpeercon_raw)
+
+int getpeercon(int fd, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ ret = getpeercon_raw(fd, &rcontext);
+
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
new file mode 100644
index 0000000..9cdbb06
--- /dev/null
+++ b/libselinux/src/init.c
@@ -0,0 +1,128 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <dlfcn.h>
+#include <sys/vfs.h>
+#include <stdint.h>
+#include <limits.h>
+
+#include "dso.h"
+#include "policy.h"
+#include "selinux_internal.h"
+#include "setrans_internal.h"
+
+char *selinux_mnt = NULL;
+int selinux_page_size = 0;
+int obj_class_compat = 1;
+
+static void init_selinuxmnt(void)
+{
+ char *buf=NULL, *p;
+ FILE *fp;
+ struct statfs sfbuf;
+ int rc;
+ size_t len;
+ ssize_t num;
+
+ if (selinux_mnt)
+ return;
+
+ /* We check to see if the preferred mount point for selinux file
+ * system has a selinuxfs. */
+ do {
+ rc = statfs(SELINUXMNT, &sfbuf);
+ } while (rc < 0 && errno == EINTR);
+ if (rc == 0) {
+ if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
+ selinux_mnt = strdup(SELINUXMNT);
+ return;
+ }
+ }
+
+ /* At this point, the usual spot doesn't have an selinuxfs so
+ * we look around for it */
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
+
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ char *tmp;
+ p = strchr(buf, ' ');
+ if (!p)
+ goto out;
+ p++;
+ tmp = strchr(p, ' ');
+ if (!tmp)
+ goto out;
+ if (!strncmp(tmp + 1, "selinuxfs ", 10)) {
+ *tmp = '\0';
+ break;
+ }
+ }
+
+ /* If we found something, dup it */
+ if (num > 0)
+ selinux_mnt = strdup(p);
+
+ out:
+ free(buf);
+ fclose(fp);
+ return;
+}
+
+static void fini_selinuxmnt(void)
+{
+ free(selinux_mnt);
+ selinux_mnt = NULL;
+}
+
+void set_selinuxmnt(char *mnt)
+{
+ selinux_mnt = strdup(mnt);
+}
+
+hidden_def(set_selinuxmnt)
+
+static void init_obj_class_compat(void)
+{
+ char path[PATH_MAX];
+ struct stat s;
+
+ if (!selinux_mnt)
+ return;
+
+ snprintf(path,PATH_MAX,"%s/class",selinux_mnt);
+ if (stat(path,&s) < 0)
+ return;
+
+ if (S_ISDIR(s.st_mode))
+ obj_class_compat = 0;
+}
+
+static void fini_obj_class_compat(void)
+{
+ obj_class_compat = 1;
+}
+
+static void init_lib(void) __attribute__ ((constructor));
+static void init_lib(void)
+{
+ selinux_page_size = sysconf(_SC_PAGE_SIZE);
+ init_selinuxmnt();
+ init_obj_class_compat();
+ init_context_translations();
+}
+
+static void fini_lib(void) __attribute__ ((destructor));
+static void fini_lib(void)
+{
+ fini_selinuxmnt();
+ fini_obj_class_compat();
+ fini_context_translations();
+}
diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c
new file mode 100644
index 0000000..6785405
--- /dev/null
+++ b/libselinux/src/is_customizable_type.c
@@ -0,0 +1,93 @@
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <pwd.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+static int get_customizable_type_list(security_context_t ** retlist)
+{
+ FILE *fp;
+ char *buf;
+ unsigned int ctr = 0, i;
+ security_context_t *list = NULL;
+
+ fp = fopen(selinux_customizable_types_path(), "r");
+ if (!fp)
+ return -1;
+
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(fp);
+ return -1;
+ }
+ while (fgets_unlocked(buf, selinux_page_size, fp) && ctr < UINT_MAX) {
+ ctr++;
+ }
+ rewind(fp);
+ if (ctr) {
+ list =
+ (security_context_t *) calloc(sizeof(security_context_t),
+ ctr + 1);
+ if (list) {
+ i = 0;
+ while (fgets_unlocked(buf, selinux_page_size, fp)
+ && i < ctr) {
+ buf[strlen(buf) - 1] = 0;
+ list[i] = (security_context_t) strdup(buf);
+ if (!list[i]) {
+ unsigned int j;
+ for (j = 0; j < i; j++)
+ free(list[j]);
+ free(list);
+ list = NULL;
+ break;
+ }
+ i++;
+ }
+ }
+ }
+ fclose(fp);
+ free(buf);
+ if (!list)
+ return -1;
+ *retlist = list;
+ return 0;
+}
+
+static security_context_t *customizable_list = NULL;
+
+int is_context_customizable(security_context_t scontext)
+{
+ int i;
+ const char *type;
+ context_t c;
+
+ if (!customizable_list) {
+ if (get_customizable_type_list(&customizable_list) != 0)
+ return -1;
+ }
+
+ c = context_new(scontext);
+ if (!c)
+ return -1;
+
+ type = context_type_get(c);
+ if (!type) {
+ context_free(c);
+ return -1;
+ }
+
+ for (i = 0; customizable_list[i]; i++) {
+ if (strcmp(customizable_list[i], type) == 0) {
+ context_free(c);
+ return 1;
+ }
+ }
+ context_free(c);
+ return 0;
+}
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
new file mode 100644
index 0000000..f7418d6
--- /dev/null
+++ b/libselinux/src/label.c
@@ -0,0 +1,140 @@
+/*
+ * Generalized labeling frontend for userspace object managers.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+typedef int (*selabel_initfunc)(struct selabel_handle *rec,
+ struct selinux_opt *opts, unsigned nopts);
+
+static selabel_initfunc initfuncs[] = {
+ &selabel_file_init,
+ &selabel_media_init,
+ &selabel_x_init
+};
+
+/*
+ * Validation functions
+ */
+
+static inline int selabel_is_validate_set(struct selinux_opt *opts, unsigned n)
+{
+ while (n--)
+ if (opts[n].type == SELABEL_OPT_VALIDATE)
+ return !!opts[n].value;
+
+ return 0;
+}
+
+int selabel_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts)
+{
+ int rc = 0;
+
+ if (!rec->validating || contexts->validated)
+ goto out;
+
+ rc = selinux_validate(&contexts->ctx_raw);
+ if (rc < 0)
+ goto out;
+
+ contexts->validated = 1;
+out:
+ return rc;
+}
+
+/*
+ * Public API
+ */
+
+struct selabel_handle *selabel_open(unsigned int backend,
+ struct selinux_opt *opts, unsigned nopts)
+{
+ struct selabel_handle *rec = NULL;
+
+ if (backend >= ARRAY_SIZE(initfuncs)) {
+ errno = EINVAL;
+ goto out;
+ }
+
+ rec = (struct selabel_handle *)malloc(sizeof(*rec));
+ if (!rec)
+ goto out;
+
+ memset(rec, 0, sizeof(*rec));
+ rec->backend = backend;
+ rec->validating = selabel_is_validate_set(opts, nopts);
+
+ if ((*initfuncs[backend])(rec, opts, nopts)) {
+ free(rec);
+ rec = NULL;
+ }
+
+out:
+ return rec;
+}
+
+static struct selabel_lookup_rec *
+selabel_lookup_common(struct selabel_handle *rec, int translating,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr = rec->func_lookup(rec, key, type);
+ if (!lr)
+ return NULL;
+
+ if (compat_validate(rec, lr, "file_contexts", 0))
+ return NULL;
+
+ if (translating && !lr->ctx_trans &&
+ selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
+ return NULL;
+
+ return lr;
+}
+
+int selabel_lookup(struct selabel_handle *rec, security_context_t *con,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr;
+
+ lr = selabel_lookup_common(rec, 1, key, type);
+ if (!lr)
+ return -1;
+
+ *con = strdup(lr->ctx_trans);
+ return *con ? 0 : -1;
+}
+
+int selabel_lookup_raw(struct selabel_handle *rec, security_context_t *con,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr;
+
+ lr = selabel_lookup_common(rec, 0, key, type);
+ if (!lr)
+ return -1;
+
+ *con = strdup(lr->ctx_raw);
+ return *con ? 0 : -1;
+}
+
+void selabel_close(struct selabel_handle *rec)
+{
+ rec->func_close(rec);
+ free(rec);
+}
+
+void selabel_stats(struct selabel_handle *rec)
+{
+ rec->func_stats(rec);
+}
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
new file mode 100644
index 0000000..5043f09
--- /dev/null
+++ b/libselinux/src/label_file.c
@@ -0,0 +1,672 @@
+/*
+ * File contexts backend for labeling system
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ * Author : Stephen Smalley <sds@tycho.nsa.gov>
+ *
+ * This library derived in part from setfiles and the setfiles.pl script
+ * developed by Secure Computing Corporation.
+ */
+
+#include <fcntl.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <regex.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals, mostly moved over from matchpathcon.c
+ */
+
+/* A file security context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *regex_str; /* regular expession string for diagnostics */
+ char *type_str; /* type string for diagnostic messages */
+ regex_t regex; /* compiled regular expression */
+ char regcomp; /* regex_str has been compiled to regex */
+ mode_t mode; /* mode format value */
+ int matches; /* number of matching pathnames */
+ int hasMetaChars; /* regular expression has meta-chars */
+ int stem_id; /* indicates which stem-compression item */
+} spec_t;
+
+/* A regular expression stem */
+typedef struct stem {
+ char *buf;
+ int len;
+} stem_t;
+
+/* Our stored configuration */
+struct saved_data {
+ /*
+ * The array of specifications, initially in the same order as in
+ * the specification file. Sorting occurs based on hasMetaChars.
+ */
+ spec_t *spec_arr;
+ unsigned int nspec;
+ unsigned int ncomp;
+
+ /*
+ * The array of regular expression stems.
+ */
+ stem_t *stem_arr;
+ int num_stems;
+ int alloc_stems;
+};
+
+/* Return the length of the text that can be considered the stem, returns 0
+ * if there is no identifiable stem */
+static int get_stem_from_spec(const char *const buf)
+{
+ const char *tmp = strchr(buf + 1, '/');
+ const char *ind;
+
+ if (!tmp)
+ return 0;
+
+ for (ind = buf; ind < tmp; ind++) {
+ if (strchr(".^$?*+|[({", (int)*ind))
+ return 0;
+ }
+ return tmp - buf;
+}
+
+/* return the length of the text that is the stem of a file name */
+static int get_stem_from_file_name(const char *const buf)
+{
+ const char *tmp = strchr(buf + 1, '/');
+
+ if (!tmp)
+ return 0;
+ return tmp - buf;
+}
+
+/* find the stem of a file spec, returns the index into stem_arr for a new
+ * or existing stem, (or -1 if there is no possible stem - IE for a file in
+ * the root directory or a regex that is too complex for us). */
+static int find_stem_from_spec(struct saved_data *data, const char *buf)
+{
+ int i, num = data->num_stems;
+ int stem_len = get_stem_from_spec(buf);
+
+ if (!stem_len)
+ return -1;
+ for (i = 0; i < num; i++) {
+ if (stem_len == data->stem_arr[i].len
+ && !strncmp(buf, data->stem_arr[i].buf, stem_len))
+ return i;
+ }
+ if (data->alloc_stems == num) {
+ stem_t *tmp_arr;
+ data->alloc_stems = data->alloc_stems * 2 + 16;
+ tmp_arr = realloc(data->stem_arr,
+ sizeof(stem_t) * data->alloc_stems);
+ if (!tmp_arr)
+ return -1;
+ data->stem_arr = tmp_arr;
+ }
+ data->stem_arr[num].len = stem_len;
+ data->stem_arr[num].buf = malloc(stem_len + 1);
+ if (!data->stem_arr[num].buf)
+ return -1;
+ memcpy(data->stem_arr[num].buf, buf, stem_len);
+ data->stem_arr[num].buf[stem_len] = '\0';
+ data->num_stems++;
+ buf += stem_len;
+ return num;
+}
+
+/* find the stem of a file name, returns the index into stem_arr (or -1 if
+ * there is no match - IE for a file in the root directory or a regex that is
+ * too complex for us). Makes buf point to the text AFTER the stem. */
+static int find_stem_from_file(struct saved_data *data, const char **buf)
+{
+ int i;
+ int stem_len = get_stem_from_file_name(*buf);
+
+ if (!stem_len)
+ return -1;
+ for (i = 0; i < data->num_stems; i++) {
+ if (stem_len == data->stem_arr[i].len
+ && !strncmp(*buf, data->stem_arr[i].buf, stem_len)) {
+ *buf += stem_len;
+ return i;
+ }
+ }
+ return -1;
+}
+
+/*
+ * Warn about duplicate specifications.
+ */
+static int nodups_specs(struct saved_data *data, const char *path)
+{
+ int rc = 0;
+ unsigned int ii, jj;
+ struct spec *curr_spec, *spec_arr = data->spec_arr;
+
+ for (ii = 0; ii < data->nspec; ii++) {
+ curr_spec = &spec_arr[ii];
+ for (jj = ii + 1; jj < data->nspec; jj++) {
+ if ((!strcmp
+ (spec_arr[jj].regex_str, curr_spec->regex_str))
+ && (!spec_arr[jj].mode || !curr_spec->mode
+ || spec_arr[jj].mode == curr_spec->mode)) {
+ rc = -1;
+ errno = EINVAL;
+ if (strcmp
+ (spec_arr[jj].lr.ctx_raw,
+ curr_spec->lr.ctx_raw)) {
+ COMPAT_LOG
+ (SELINUX_ERROR,
+ "%s: Multiple different specifications for %s (%s and %s).\n",
+ path, curr_spec->regex_str,
+ spec_arr[jj].lr.ctx_raw,
+ curr_spec->lr.ctx_raw);
+ } else {
+ COMPAT_LOG
+ (SELINUX_ERROR,
+ "%s: Multiple same specifications for %s.\n",
+ path, curr_spec->regex_str);
+ }
+ }
+ }
+ }
+ return rc;
+}
+
+/* Determine if the regular expression specification has any meta characters. */
+static void spec_hasMetaChars(struct spec *spec)
+{
+ char *c;
+ int len;
+ char *end;
+
+ c = spec->regex_str;
+ len = strlen(spec->regex_str);
+ end = c + len;
+
+ spec->hasMetaChars = 0;
+
+ /* Look at each character in the RE specification string for a
+ * meta character. Return when any meta character reached. */
+ while (c != end) {
+ switch (*c) {
+ case '.':
+ case '^':
+ case '$':
+ case '?':
+ case '*':
+ case '+':
+ case '|':
+ case '[':
+ case '(':
+ case '{':
+ spec->hasMetaChars = 1;
+ return;
+ case '\\': /* skip the next character */
+ c++;
+ break;
+ default:
+ break;
+
+ }
+ c++;
+ }
+ return;
+}
+
+static int compile_regex(struct saved_data *data, spec_t *spec, char **errbuf)
+{
+ char *reg_buf, *anchored_regex, *cp;
+ stem_t *stem_arr = data->stem_arr;
+ size_t len;
+ int regerr;
+
+ if (spec->regcomp)
+ return 0; /* already done */
+
+ data->ncomp++; /* how many compiled regexes required */
+
+ /* Skip the fixed stem. */
+ reg_buf = spec->regex_str;
+ if (spec->stem_id >= 0)
+ reg_buf += stem_arr[spec->stem_id].len;
+
+ /* Anchor the regular expression. */
+ len = strlen(reg_buf);
+ cp = anchored_regex = malloc(len + 3);
+ if (!anchored_regex)
+ return -1;
+ /* Create ^...$ regexp. */
+ *cp++ = '^';
+ cp = mempcpy(cp, reg_buf, len);
+ *cp++ = '$';
+ *cp = '\0';
+
+ /* Compile the regular expression. */
+ regerr = regcomp(&spec->regex, anchored_regex,
+ REG_EXTENDED | REG_NOSUB);
+ if (regerr != 0) {
+ size_t errsz = 0;
+ errsz = regerror(regerr, &spec->regex, NULL, 0);
+ if (errsz && errbuf)
+ *errbuf = malloc(errsz);
+ if (errbuf && *errbuf)
+ (void)regerror(regerr, &spec->regex,
+ *errbuf, errsz);
+
+ free(anchored_regex);
+ return -1;
+ }
+ free(anchored_regex);
+
+ /* Done. */
+ spec->regcomp = 1;
+
+ return 0;
+}
+
+
+static int process_line(struct selabel_handle *rec,
+ const char *path, const char *prefix,
+ char *line_buf, int pass, unsigned lineno)
+{
+ int items, len;
+ char *buf_p, *regex, *type, *context;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int nspec = data->nspec;
+
+ len = strlen(line_buf);
+ if (line_buf[len - 1] == '\n')
+ line_buf[len - 1] = 0;
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context);
+ if (items < 2) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ return 0;
+ } else if (items == 2) {
+ /* The type field is optional. */
+ free(context);
+ context = type;
+ type = 0;
+ }
+
+ len = get_stem_from_spec(regex);
+ if (len && prefix && strncmp(prefix, regex, len)) {
+ /* Stem of regex does not match requested prefix, discard. */
+ free(regex);
+ free(type);
+ free(context);
+ return 0;
+ }
+
+ if (pass == 1) {
+ /* On the second pass, process and store the specification in spec. */
+ char *errbuf = NULL;
+ spec_arr[nspec].stem_id = find_stem_from_spec(data, regex);
+ spec_arr[nspec].regex_str = regex;
+ if (rec->validating && compile_regex(data, &spec_arr[nspec], &errbuf)) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid regex %s: %s\n",
+ path, lineno, regex,
+ (errbuf ? errbuf : "out of memory"));
+ }
+
+ /* Convert the type string to a mode format */
+ spec_arr[nspec].type_str = type;
+ spec_arr[nspec].mode = 0;
+ if (!type)
+ goto skip_type;
+ len = strlen(type);
+ if (type[0] != '-' || len != 2) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid file type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+ switch (type[1]) {
+ case 'b':
+ spec_arr[nspec].mode = S_IFBLK;
+ break;
+ case 'c':
+ spec_arr[nspec].mode = S_IFCHR;
+ break;
+ case 'd':
+ spec_arr[nspec].mode = S_IFDIR;
+ break;
+ case 'p':
+ spec_arr[nspec].mode = S_IFIFO;
+ break;
+ case 'l':
+ spec_arr[nspec].mode = S_IFLNK;
+ break;
+ case 's':
+ spec_arr[nspec].mode = S_IFSOCK;
+ break;
+ case '-':
+ spec_arr[nspec].mode = S_IFREG;
+ break;
+ default:
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid file type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+
+ skip_type:
+ spec_arr[nspec].lr.ctx_raw = context;
+
+ /* Determine if specification has
+ * any meta characters in the RE */
+ spec_hasMetaChars(&spec_arr[nspec]);
+
+ if (strcmp(context, "<<none>>") && rec->validating)
+ compat_validate(rec, &spec_arr[nspec].lr, path, lineno);
+ }
+
+ data->nspec = ++nspec;
+ if (pass == 0) {
+ free(regex);
+ if (type)
+ free(type);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ const char *prefix = NULL;
+ FILE *fp;
+ FILE *localfp = NULL;
+ FILE *homedirfp = NULL;
+ char local_path[PATH_MAX + 1];
+ char homedir_path[PATH_MAX + 1];
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ unsigned int lineno, pass, i, j, maxnspec;
+ spec_t *spec_copy = NULL;
+ int status = -1, baseonly = 0;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ case SELABEL_OPT_SUBSET:
+ prefix = opts[n].value;
+ break;
+ case SELABEL_OPT_BASEONLY:
+ baseonly = !!opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_file_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!baseonly) {
+ snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs",
+ path);
+ homedirfp = fopen(homedir_path, "r");
+ if (homedirfp != NULL)
+ __fsetlocking(homedirfp, FSETLOCKING_BYCALLER);
+
+ snprintf(local_path, sizeof(local_path), "%s.local", path);
+ localfp = fopen(local_path, "r");
+ if (localfp != NULL)
+ __fsetlocking(localfp, FSETLOCKING_BYCALLER);
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ data->ncomp = 0;
+ while (getline(&line_buf, &line_len, fp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line(rec, path, prefix, line_buf,
+ pass, ++lineno) != 0)
+ goto finish;
+ }
+ if (pass == 1) {
+ status = nodups_specs(data, path);
+ if (status)
+ goto finish;
+ }
+ lineno = 0;
+ if (homedirfp)
+ while (getline(&line_buf, &line_len, homedirfp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line
+ (rec, homedir_path, prefix,
+ line_buf, pass, ++lineno) != 0)
+ goto finish;
+ }
+
+ lineno = 0;
+ if (localfp)
+ while (getline(&line_buf, &line_len, localfp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line
+ (rec, local_path, prefix, line_buf,
+ pass, ++lineno) != 0)
+ goto finish;
+ }
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ if (NULL == (data->spec_arr =
+ malloc(sizeof(spec_t) * data->nspec)))
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ if (homedirfp)
+ rewind(homedirfp);
+ if (localfp)
+ rewind(localfp);
+ }
+ }
+ free(line_buf);
+
+ /* Move exact pathname specifications to the end. */
+ spec_copy = malloc(sizeof(spec_t) * data->nspec);
+ if (!spec_copy)
+ goto finish;
+ j = 0;
+ for (i = 0; i < data->nspec; i++)
+ if (data->spec_arr[i].hasMetaChars)
+ memcpy(&spec_copy[j++],
+ &data->spec_arr[i], sizeof(spec_t));
+ for (i = 0; i < data->nspec; i++)
+ if (!data->spec_arr[i].hasMetaChars)
+ memcpy(&spec_copy[j++],
+ &data->spec_arr[i], sizeof(spec_t));
+ free(data->spec_arr);
+ data->spec_arr = spec_copy;
+
+ status = 0;
+finish:
+ fclose(fp);
+ if (data->spec_arr != spec_copy)
+ free(data->spec_arr);
+ if (homedirfp)
+ fclose(homedirfp);
+ if (localfp)
+ fclose(localfp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec;
+ struct stem *stem;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &data->spec_arr[i];
+ free(spec->regex_str);
+ free(spec->type_str);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ regfree(&spec->regex);
+ }
+
+ for (i = 0; i < (unsigned int)data->num_stems; i++) {
+ stem = &data->stem_arr[i];
+ free(stem->buf);
+ }
+
+ if (data->spec_arr)
+ free(data->spec_arr);
+ if (data->stem_arr)
+ free(data->stem_arr);
+
+ free(data);
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key, int type)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ int i, rc, file_stem;
+ mode_t mode = (mode_t)type;
+ const char *buf = key;
+
+ if (!data->nspec) {
+ errno = ENOENT;
+ return NULL;
+ }
+
+ file_stem = find_stem_from_file(data, &buf);
+ mode &= S_IFMT;
+
+ /*
+ * Check for matching specifications in reverse order, so that
+ * the last matching specification is used.
+ */
+ for (i = data->nspec - 1; i >= 0; i--) {
+ /* if the spec in question matches no stem or has the same
+ * stem as the file AND if the spec in question has no mode
+ * specified or if the mode matches the file mode then we do
+ * a regex check */
+ if ((spec_arr[i].stem_id == -1
+ || spec_arr[i].stem_id == file_stem)
+ && (!mode || !spec_arr[i].mode
+ || mode == spec_arr[i].mode)) {
+ if (compile_regex(data, &spec_arr[i], NULL) < 0)
+ return NULL;
+ if (spec_arr[i].stem_id == -1)
+ rc = regexec(&spec_arr[i].regex, key, 0, 0, 0);
+ else
+ rc = regexec(&spec_arr[i].regex, buf, 0, 0, 0);
+
+ if (rc == 0) {
+ spec_arr[i].matches++;
+ break;
+ }
+ if (rc == REG_NOMATCH)
+ continue;
+ /* else it's an error */
+ return NULL;
+ }
+ }
+
+ if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, nspec = data->nspec;
+ spec_t *spec_arr = data->spec_arr;
+
+ for (i = 0; i < nspec; i++) {
+ if (spec_arr[i].matches == 0) {
+ if (spec_arr[i].type_str) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "Warning! No matches for (%s, %s, %s)\n",
+ spec_arr[i].regex_str,
+ spec_arr[i].type_str,
+ spec_arr[i].lr.ctx_raw);
+ } else {
+ COMPAT_LOG(SELINUX_WARNING,
+ "Warning! No matches for (%s, %s)\n",
+ spec_arr[i].regex_str,
+ spec_arr[i].lr.ctx_raw);
+ }
+ }
+ }
+}
+
+int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_stats = &stats;
+ rec->func_lookup = &lookup;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
new file mode 100644
index 0000000..27a1f06
--- /dev/null
+++ b/libselinux/src/label_internal.h
@@ -0,0 +1,75 @@
+/*
+ * This file describes the internal interface used by the labeler
+ * for calling the user-supplied memory allocation, validation,
+ * and locking routine.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELABEL_INTERNAL_H_
+#define _SELABEL_INTERNAL_H_
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#include "dso.h"
+
+/*
+ * Installed backends
+ */
+int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+
+/*
+ * Labeling internal structures
+ */
+struct selabel_lookup_rec {
+ security_context_t ctx_raw;
+ security_context_t ctx_trans;
+ int validated;
+};
+
+struct selabel_handle {
+ /* arguments that were passed to selabel_open */
+ unsigned int backend;
+ int validating;
+
+ /* labeling operations */
+ struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
+ const char *key, int type);
+ void (*func_close) (struct selabel_handle *h);
+ void (*func_stats) (struct selabel_handle *h);
+
+ /* supports backend-specific state information */
+ void *data;
+};
+
+/*
+ * Validation function
+ */
+extern int
+selabel_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts) hidden;
+
+/*
+ * Compatibility support
+ */
+extern int myprintf_compat;
+extern void __attribute__ ((format(printf, 1, 2)))
+(*myprintf) (const char *fmt,...);
+
+#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \
+ myprintf(fmt); \
+ else \
+ selinux_log(type, fmt);
+
+extern int
+compat_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts,
+ const char *path, unsigned lineno) hidden;
+
+#endif /* _SELABEL_INTERNAL_H_ */
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
new file mode 100644
index 0000000..f8986e4
--- /dev/null
+++ b/libselinux/src/label_media.c
@@ -0,0 +1,219 @@
+/*
+ * Media contexts backend for labeling system
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+
+#include <sys/stat.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals
+ */
+
+/* A context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *key; /* key string */
+ int matches; /* number of matches made during operation */
+} spec_t;
+
+struct saved_data {
+ unsigned int nspec;
+ spec_t *spec_arr;
+};
+
+static int process_line(const char *path, char *line_buf, int pass,
+ unsigned lineno, struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ int items;
+ char *buf_p;
+ char *key, *context;
+
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as ", &key, &context);
+ if (items < 2) {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ if (items == 1)
+ free(key);
+ return 0;
+ }
+
+ if (pass == 1) {
+ data->spec_arr[data->nspec].key = key;
+ data->spec_arr[data->nspec].lr.ctx_raw = context;
+ }
+
+ data->nspec++;
+ if (pass == 0) {
+ free(key);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ FILE *fp;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ int status = -1;
+ unsigned int lineno, pass, maxnspec;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_media_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ while (getline(&line_buf, &line_len, fp) > 0 &&
+ data->nspec < maxnspec) {
+ if (process_line(path, line_buf, pass, ++lineno, rec))
+ goto finish;
+ }
+ lineno = 0;
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ data->spec_arr = malloc(sizeof(spec_t)*data->nspec);
+ if (data->spec_arr == NULL)
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ }
+ }
+ free(line_buf);
+
+ status = 0;
+finish:
+ fclose(fp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec, *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &spec_arr[i];
+ free(spec->key);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ }
+
+ if (spec_arr)
+ free(spec_arr);
+
+ memset(data, 0, sizeof(*data));
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key,
+ int type __attribute__((unused)))
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ if (!strncmp(spec_arr[i].key, key, strlen(key) + 1))
+ break;
+ if (!strncmp(spec_arr[i].key, "*", 2))
+ break;
+ }
+
+ if (i >= data->nspec) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ spec_arr[i].matches++;
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, total = 0;
+
+ for (i = 0; i < data->nspec; i++)
+ total += data->spec_arr[i].matches;
+
+ selinux_log(SELINUX_INFO, "%u entries, %u matches made\n",
+ data->nspec, total);
+}
+
+int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_lookup = &lookup;
+ rec->func_stats = &stats;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
new file mode 100644
index 0000000..6a190f5
--- /dev/null
+++ b/libselinux/src/label_x.c
@@ -0,0 +1,246 @@
+/*
+ * Media contexts backend for X contexts
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+
+#include <sys/stat.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals
+ */
+
+/* A context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *key; /* key string */
+ int type; /* type of record (prop, ext, client) */
+ int matches; /* number of matches made during operation */
+} spec_t;
+
+struct saved_data {
+ unsigned int nspec;
+ spec_t *spec_arr;
+};
+
+static int process_line(const char *path, char *line_buf, int pass,
+ unsigned lineno, struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ int items;
+ char *buf_p;
+ char *type, *key, *context;
+
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as %as ", &type, &key, &context);
+ if (items < 3) {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ if (items > 0)
+ free(type);
+ if (items > 1)
+ free(key);
+ return 0;
+ }
+
+ if (pass == 1) {
+ /* Convert the type string to a mode format */
+ if (!strcmp(type, "property"))
+ data->spec_arr[data->nspec].type = SELABEL_X_PROP;
+ else if (!strcmp(type, "extension"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EXT;
+ else if (!strcmp(type, "client"))
+ data->spec_arr[data->nspec].type = SELABEL_X_CLIENT;
+ else if (!strcmp(type, "event"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
+ else if (!strcmp(type, "selection"))
+ data->spec_arr[data->nspec].type = SELABEL_X_SELN;
+ else if (!strcmp(type, "poly_property"))
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP;
+ else if (!strcmp(type, "poly_selection"))
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYSELN;
+ else {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d has invalid object type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+ data->spec_arr[data->nspec].key = key;
+ data->spec_arr[data->nspec].lr.ctx_raw = context;
+ free(type);
+ }
+
+ data->nspec++;
+ if (pass == 0) {
+ free(type);
+ free(key);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ FILE *fp;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ int status = -1;
+ unsigned int lineno, pass, maxnspec;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_x_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ while (getline(&line_buf, &line_len, fp) > 0 &&
+ data->nspec < maxnspec) {
+ if (process_line(path, line_buf, pass, ++lineno, rec))
+ goto finish;
+ }
+ lineno = 0;
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ data->spec_arr = malloc(sizeof(spec_t)*data->nspec);
+ if (data->spec_arr == NULL)
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ }
+ }
+ free(line_buf);
+
+ status = 0;
+finish:
+ fclose(fp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec, *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &spec_arr[i];
+ free(spec->key);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ }
+
+ if (spec_arr)
+ free(spec_arr);
+
+ memset(data, 0, sizeof(*data));
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key, int type)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ if (spec_arr[i].type != type)
+ continue;
+ if (!strncmp(spec_arr[i].key, "*", 2))
+ break;
+ if (!strncmp(spec_arr[i].key, key, strlen(key) + 1))
+ break;
+ }
+
+ if (i >= data->nspec) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ spec_arr[i].matches++;
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, total = 0;
+
+ for (i = 0; i < data->nspec; i++)
+ total += data->spec_arr[i].matches;
+
+ selinux_log(SELINUX_INFO, "%u entries, %u matches made\n",
+ data->nspec, total);
+}
+
+int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_lookup = &lookup;
+ rec->func_stats = &stats;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c
new file mode 100644
index 0000000..a53f56e
--- /dev/null
+++ b/libselinux/src/lgetfilecon.c
@@ -0,0 +1,71 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int lgetfilecon_raw(const char *path, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = lgetxattr(path, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(lgetfilecon_raw)
+
+int lgetfilecon(const char *path, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ *context = NULL;
+
+ ret = lgetfilecon_raw(path, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+ return ret;
+}
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
new file mode 100644
index 0000000..63f6609
--- /dev/null
+++ b/libselinux/src/load_policy.c
@@ -0,0 +1,431 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/utsname.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include <sepol/sepol.h>
+#include <sepol/policydb.h>
+#include <dlfcn.h>
+#include "policy.h"
+#include <limits.h>
+
+int security_load_policy(void *data, size_t len)
+{
+ char path[PATH_MAX];
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/load", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ ret = write(fd, data, len);
+ close(fd);
+ if (ret < 0)
+ return -1;
+ return 0;
+}
+
+hidden_def(security_load_policy)
+
+int load_setlocaldefs hidden = 1;
+
+#undef max
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
+int selinux_mkload_policy(int preservebools)
+{
+ int kernvers = security_policyvers();
+ int maxvers = kernvers, minvers = DEFAULT_POLICY_VERSION, vers;
+ int setlocaldefs = load_setlocaldefs;
+ char path[PATH_MAX], **names;
+ struct stat sb;
+ struct utsname uts;
+ size_t size;
+ void *map, *data;
+ int fd, rc = -1, *values, len, i, prot;
+ sepol_policydb_t *policydb;
+ sepol_policy_file_t *pf;
+ int usesepol = 0;
+ int (*vers_max)(void) = NULL;
+ int (*vers_min)(void) = NULL;
+ int (*policy_file_create)(sepol_policy_file_t **) = NULL;
+ void (*policy_file_free)(sepol_policy_file_t *) = NULL;
+ void (*policy_file_set_mem)(sepol_policy_file_t *, char*, size_t) = NULL;
+ int (*policydb_create)(sepol_policydb_t **) = NULL;
+ void (*policydb_free)(sepol_policydb_t *) = NULL;
+ int (*policydb_read)(sepol_policydb_t *, sepol_policy_file_t *) = NULL;
+ int (*policydb_set_vers)(sepol_policydb_t *, unsigned int) = NULL;
+ int (*policydb_to_image)(sepol_handle_t *, sepol_policydb_t *, void **, size_t *) = NULL;
+ int (*genbools_array)(void *data, size_t len, char **names, int *values, int nel) = NULL;
+ int (*genusers)(void *data, size_t len, const char *usersdir, void **newdata, size_t * newlen) = NULL;
+ int (*genbools)(void *data, size_t len, char *boolpath) = NULL;
+
+#ifdef SHARED
+ char *errormsg = NULL;
+ void *libsepolh = NULL;
+ libsepolh = dlopen("libsepol.so.1", RTLD_NOW);
+ if (libsepolh) {
+ usesepol = 1;
+ dlerror();
+#define DLERR() if ((errormsg = dlerror())) goto dlclose;
+ vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max");
+ DLERR();
+ vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min");
+ DLERR();
+
+ policy_file_create = dlsym(libsepolh, "sepol_policy_file_create");
+ DLERR();
+ policy_file_free = dlsym(libsepolh, "sepol_policy_file_free");
+ DLERR();
+ policy_file_set_mem = dlsym(libsepolh, "sepol_policy_file_set_mem");
+ DLERR();
+ policydb_create = dlsym(libsepolh, "sepol_policydb_create");
+ DLERR();
+ policydb_free = dlsym(libsepolh, "sepol_policydb_free");
+ DLERR();
+ policydb_read = dlsym(libsepolh, "sepol_policydb_read");
+ DLERR();
+ policydb_set_vers = dlsym(libsepolh, "sepol_policydb_set_vers");
+ DLERR();
+ policydb_to_image = dlsym(libsepolh, "sepol_policydb_to_image");
+ DLERR();
+ genbools_array = dlsym(libsepolh, "sepol_genbools_array");
+ DLERR();
+ genusers = dlsym(libsepolh, "sepol_genusers");
+ DLERR();
+ genbools = dlsym(libsepolh, "sepol_genbools");
+ DLERR();
+
+#undef DLERR
+ }
+#else
+ usesepol = 1;
+ vers_max = sepol_policy_kern_vers_max;
+ vers_min = sepol_policy_kern_vers_min;
+ policy_file_create = sepol_policy_file_create;
+ policy_file_free = sepol_policy_file_free;
+ policy_file_set_mem = sepol_policy_file_set_mem;
+ policydb_create = sepol_policydb_create;
+ policydb_free = sepol_policydb_free;
+ policydb_read = sepol_policydb_read;
+ policydb_set_vers = sepol_policydb_set_vers;
+ policydb_to_image = sepol_policydb_to_image;
+ genbools_array = sepol_genbools_array;
+ genusers = sepol_genusers;
+ genbools = sepol_genbools;
+
+#endif
+
+ /*
+ * Check whether we need to support local boolean and user definitions.
+ */
+ if (setlocaldefs) {
+ if (access(selinux_booleans_path(), F_OK) == 0)
+ goto checkbool;
+ snprintf(path, sizeof path, "%s.local", selinux_booleans_path());
+ if (access(path, F_OK) == 0)
+ goto checkbool;
+ snprintf(path, sizeof path, "%s/local.users", selinux_users_path());
+ if (access(path, F_OK) == 0)
+ goto checkbool;
+ /* No local definition files, so disable setlocaldefs. */
+ setlocaldefs = 0;
+ }
+
+checkbool:
+ /*
+ * As of Linux 2.6.22, the kernel preserves boolean
+ * values across a reload, so we do not need to
+ * preserve them in userspace.
+ */
+ if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
+ preservebools = 0;
+
+ if (usesepol) {
+ maxvers = vers_max();
+ minvers = vers_min();
+ if (!setlocaldefs && !preservebools)
+ maxvers = max(kernvers, maxvers);
+ }
+
+ vers = maxvers;
+ search:
+ snprintf(path, sizeof(path), "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fd = open(path, O_RDONLY);
+ while (fd < 0 && errno == ENOENT
+ && --vers >= minvers) {
+ /* Check prior versions to see if old policy is available */
+ snprintf(path, sizeof(path), "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fd = open(path, O_RDONLY);
+ }
+ if (fd < 0) {
+ fprintf(stderr,
+ "SELinux: Could not open policy file <= %s.%d: %s\n",
+ selinux_binary_policy_path(), maxvers, strerror(errno));
+ goto dlclose;
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr,
+ "SELinux: Could not stat policy file %s: %s\n",
+ path, strerror(errno));
+ goto close;
+ }
+
+ prot = PROT_READ;
+ if (setlocaldefs || preservebools)
+ prot |= PROT_WRITE;
+
+ size = sb.st_size;
+ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr,
+ "SELinux: Could not map policy file %s: %s\n",
+ path, strerror(errno));
+ goto close;
+ }
+
+ if (vers > kernvers && usesepol) {
+ /* Need to downgrade to kernel-supported version. */
+ if (policy_file_create(&pf))
+ goto unmap;
+ if (policydb_create(&policydb)) {
+ policy_file_free(pf);
+ goto unmap;
+ }
+ policy_file_set_mem(pf, data, size);
+ if (policydb_read(policydb, pf)) {
+ policy_file_free(pf);
+ policydb_free(policydb);
+ goto unmap;
+ }
+ if (policydb_set_vers(policydb, kernvers) ||
+ policydb_to_image(NULL, policydb, &data, &size)) {
+ /* Downgrade failed, keep searching. */
+ fprintf(stderr,
+ "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
+ path);
+ policy_file_free(pf);
+ policydb_free(policydb);
+ munmap(map, sb.st_size);
+ close(fd);
+ vers--;
+ goto search;
+ }
+ policy_file_free(pf);
+ policydb_free(policydb);
+ }
+
+ if (usesepol) {
+ if (setlocaldefs) {
+ void *olddata = data;
+ size_t oldsize = size;
+ rc = genusers(olddata, oldsize, selinux_users_path(),
+ &data, &size);
+ if (rc < 0) {
+ /* Fall back to the prior image if genusers failed. */
+ data = olddata;
+ size = oldsize;
+ rc = 0;
+ } else {
+ if (olddata != map)
+ free(olddata);
+ }
+ }
+
+#ifndef DISABLE_BOOL
+ if (preservebools) {
+ rc = security_get_boolean_names(&names, &len);
+ if (!rc) {
+ values = malloc(sizeof(int) * len);
+ if (!values)
+ goto unmap;
+ for (i = 0; i < len; i++)
+ values[i] =
+ security_get_boolean_active(names[i]);
+ (void)genbools_array(data, size, names, values,
+ len);
+ free(values);
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ }
+ } else if (setlocaldefs) {
+ (void)genbools(data, size,
+ (char *)selinux_booleans_path());
+ }
+#endif
+ }
+
+
+ rc = security_load_policy(data, size);
+
+ if (rc)
+ fprintf(stderr,
+ "SELinux: Could not load policy file %s: %s\n",
+ path, strerror(errno));
+
+ unmap:
+ if (data != map)
+ free(data);
+ munmap(map, sb.st_size);
+ close:
+ close(fd);
+ dlclose:
+#ifdef SHARED
+ if (errormsg)
+ fprintf(stderr, "libselinux: %s\n", errormsg);
+ if (libsepolh)
+ dlclose(libsepolh);
+#endif
+ return rc;
+}
+
+hidden_def(selinux_mkload_policy)
+
+/*
+ * Mount point for selinuxfs.
+ * This definition is private to the function below.
+ * Everything else uses the location determined during
+ * libselinux startup via /proc/mounts (see init_selinuxmnt).
+ * We only need the hardcoded definition for the initial mount
+ * required for the initial policy load.
+ */
+int selinux_init_load_policy(int *enforce)
+{
+ int rc = 0, orig_enforce = 0, seconfig = -2, secmdline = -1;
+ FILE *cfg;
+ char *buf;
+
+ /*
+ * Reread the selinux configuration in case it has changed.
+ * Example: Caller has chroot'd and is now loading policy from
+ * chroot'd environment.
+ */
+ reset_selinux_config();
+
+ /*
+ * Get desired mode (disabled, permissive, enforcing) from
+ * /etc/selinux/config.
+ */
+ selinux_getenforcemode(&seconfig);
+
+ /* Check for an override of the mode via the kernel command line. */
+ rc = mount("none", "/proc", "proc", 0, 0);
+ cfg = fopen("/proc/cmdline", "r");
+ if (cfg) {
+ char *tmp;
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(cfg);
+ return -1;
+ }
+ if (fgets(buf, selinux_page_size, cfg) &&
+ (tmp = strstr(buf, "enforcing="))) {
+ if (tmp == buf || isspace(*(tmp - 1))) {
+ secmdline =
+ atoi(tmp + sizeof("enforcing=") - 1);
+ }
+ }
+ fclose(cfg);
+ free(buf);
+ }
+#define MNT_DETACH 2
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
+
+ /*
+ * Determine the final desired mode.
+ * Command line argument takes precedence, then config file.
+ */
+ if (secmdline >= 0)
+ *enforce = secmdline;
+ else if (seconfig >= 0)
+ *enforce = seconfig;
+ else
+ *enforce = 0; /* unspecified or disabled */
+
+ /*
+ * Check for the existence of SELinux via selinuxfs, and
+ * mount it if present for use in the calls below.
+ */
+ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
+ if (errno == ENODEV) {
+ /*
+ * SELinux was disabled in the kernel, either
+ * omitted entirely or disabled at boot via selinux=0.
+ * This takes precedence over any config or
+ * commandline enforcing setting.
+ */
+ *enforce = 0;
+ } else {
+ /* Only emit this error if selinux was not disabled */
+ fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
+ }
+
+ goto noload;
+ }
+ set_selinuxmnt(SELINUXMNT);
+
+ /*
+ * Note: The following code depends on having selinuxfs
+ * already mounted and selinuxmnt set above.
+ */
+
+ if (seconfig == -1) {
+ /* Runtime disable of SELinux. */
+ rc = security_disable();
+ if (rc == 0) {
+ /* Successfully disabled, so umount selinuxfs too. */
+ umount(SELINUXMNT);
+ }
+ /*
+ * If we failed to disable, SELinux will still be
+ * effectively permissive, because no policy is loaded.
+ * No need to call security_setenforce(0) here.
+ */
+ goto noload;
+ }
+
+ /*
+ * If necessary, change the kernel enforcing status to match
+ * the desired mode.
+ */
+ orig_enforce = rc = security_getenforce();
+ if (rc < 0)
+ goto noload;
+ if (orig_enforce != *enforce) {
+ rc = security_setenforce(*enforce);
+ if (rc < 0)
+ goto noload;
+ }
+
+ /* Load the policy. */
+ return selinux_mkload_policy(0);
+
+ noload:
+ /*
+ * Only return 0 on a successful completion of policy load.
+ * In any other case, we want to return an error so that init
+ * knows not to proceed with the re-exec for the domain transition.
+ * Depending on the *enforce setting, init will halt (> 0) or proceed
+ * normally (otherwise).
+ */
+ return -1;
+}
diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
new file mode 100644
index 0000000..844e5c7
--- /dev/null
+++ b/libselinux/src/lsetfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int lsetfilecon_raw(const char *path, security_context_t context)
+{
+ return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(lsetfilecon_raw)
+
+int lsetfilecon(const char *path, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = lsetfilecon_raw(path, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/mapping.c b/libselinux/src/mapping.c
new file mode 100644
index 0000000..f9858ce
--- /dev/null
+++ b/libselinux/src/mapping.c
@@ -0,0 +1,195 @@
+/*
+ * Class and permission mappings.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#include "mapping.h"
+
+/*
+ * Class and permission mappings
+ */
+
+struct selinux_mapping {
+ security_class_t value; /* real, kernel value */
+ unsigned num_perms;
+ access_vector_t perms[sizeof(access_vector_t) * 8];
+};
+
+static struct selinux_mapping *current_mapping = NULL;
+static security_class_t current_mapping_size = 0;
+
+/*
+ * Mapping setting function
+ */
+
+int
+selinux_set_mapping(struct security_class_mapping *map)
+{
+ size_t size = sizeof(struct selinux_mapping);
+ security_class_t i, j;
+ unsigned k;
+
+ free(current_mapping);
+ current_mapping = NULL;
+ current_mapping_size = 0;
+
+ if (avc_reset() < 0)
+ goto err;
+
+ /* Find number of classes in the input mapping */
+ if (!map) {
+ errno = EINVAL;
+ goto err;
+ }
+ i = 0;
+ while (map[i].name)
+ i++;
+
+ /* Allocate space for the class records, plus one for class zero */
+ current_mapping = (struct selinux_mapping *)calloc(++i, size);
+ if (!current_mapping)
+ goto err;
+
+ /* Store the raw class and permission values */
+ j = 0;
+ while (map[j].name) {
+ struct security_class_mapping *p_in = map + (j++);
+ struct selinux_mapping *p_out = current_mapping + j;
+
+ p_out->value = string_to_security_class(p_in->name);
+ if (!p_out->value)
+ goto err2;
+
+ k = 0;
+ while (p_in->perms && p_in->perms[k]) {
+ /* An empty permission string skips ahead */
+ if (!*p_in->perms[k]) {
+ k++;
+ continue;
+ }
+ p_out->perms[k] = string_to_av_perm(p_out->value,
+ p_in->perms[k]);
+ if (!p_out->perms[k])
+ goto err2;
+ k++;
+ }
+ p_out->num_perms = k;
+ }
+
+ /* Set the mapping size here so the above lookups are "raw" */
+ current_mapping_size = i;
+ return 0;
+err2:
+ free(current_mapping);
+ current_mapping = NULL;
+ current_mapping_size = 0;
+err:
+ return -1;
+}
+
+/*
+ * Get real, kernel values from mapped values
+ */
+
+security_class_t
+unmap_class(security_class_t tclass)
+{
+ if (tclass < current_mapping_size)
+ return current_mapping[tclass].value;
+
+ assert(current_mapping_size == 0);
+ return tclass;
+}
+
+access_vector_t
+unmap_perm(security_class_t tclass, access_vector_t tperm)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t kperm = 0;
+
+ for (i=0; i<current_mapping[tclass].num_perms; i++)
+ if (tperm & (1<<i)) {
+ assert(current_mapping[tclass].perms[i]);
+ kperm |= current_mapping[tclass].perms[i];
+ tperm &= ~(1<<i);
+ }
+ assert(tperm == 0);
+ return kperm;
+ }
+
+ assert(current_mapping_size == 0);
+ return tperm;
+}
+
+/*
+ * Get mapped values from real, kernel values
+ */
+
+security_class_t
+map_class(security_class_t kclass)
+{
+ security_class_t i;
+
+ for (i=0; i<current_mapping_size; i++)
+ if (current_mapping[i].value == kclass)
+ return i;
+
+ assert(current_mapping_size == 0);
+ return kclass;
+}
+
+access_vector_t
+map_perm(security_class_t tclass, access_vector_t kperm)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t tperm = 0;
+
+ for (i=0; i<current_mapping[tclass].num_perms; i++)
+ if (kperm & current_mapping[tclass].perms[i]) {
+ tperm |= 1<<i;
+ kperm &= ~current_mapping[tclass].perms[i];
+ }
+ assert(kperm == 0);
+ return tperm;
+ }
+
+ assert(current_mapping_size == 0);
+ return kperm;
+}
+
+void
+map_decision(security_class_t tclass, struct av_decision *avd)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->allowed & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->allowed = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->decided & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->decided = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->auditallow & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->auditallow = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->auditdeny & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->auditdeny = result;
+ }
+}
diff --git a/libselinux/src/mapping.h b/libselinux/src/mapping.h
new file mode 100644
index 0000000..b96756b
--- /dev/null
+++ b/libselinux/src/mapping.h
@@ -0,0 +1,41 @@
+/*
+ * This file describes the class and permission mappings used to
+ * hide the kernel numbers from userspace by allowing userspace object
+ * managers to specify a list of classes and permissions.
+ */
+#ifndef _SELINUX_MAPPING_H_
+#define _SELINUX_MAPPING_H_
+
+#include <selinux/selinux.h>
+
+/*
+ * Get real, kernel values from mapped values
+ */
+
+extern security_class_t
+unmap_class(security_class_t tclass);
+
+extern access_vector_t
+unmap_perm(security_class_t tclass, access_vector_t tperm);
+
+/*
+ * Get mapped values from real, kernel values
+ */
+
+extern security_class_t
+map_class(security_class_t kclass);
+
+extern access_vector_t
+map_perm(security_class_t tclass, access_vector_t kperm);
+
+extern void
+map_decision(security_class_t tclass, struct av_decision *avd);
+
+/*mapping is not used for embedded build*/
+#ifdef DISABLE_AVC
+#define unmap_perm(x,y) y
+#define unmap_class(x) x
+#define map_decision(x,y)
+#endif
+
+#endif /* _SELINUX_MAPPING_H_ */
diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c
new file mode 100644
index 0000000..4b40942
--- /dev/null
+++ b/libselinux/src/matchmediacon.c
@@ -0,0 +1,66 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <regex.h>
+#include <stdarg.h>
+
+int matchmediacon(const char *media, security_context_t * con)
+{
+ const char *path = selinux_media_context_path();
+ FILE *infile;
+ char *ptr, *ptr2 = NULL;
+ int found = 0;
+ char current_line[PATH_MAX];
+ if ((infile = fopen(path, "r")) == NULL)
+ return -1;
+ while (!feof_unlocked(infile)) {
+ if (!fgets_unlocked(current_line, sizeof(current_line), infile)) {
+ return -1;
+ }
+ if (current_line[strlen(current_line) - 1])
+ current_line[strlen(current_line) - 1] = 0;
+ /* Skip leading whitespace before the partial context. */
+ ptr = current_line;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+
+ if (!(*ptr))
+ continue;
+
+ /* Find the end of the media context. */
+ ptr2 = ptr;
+ while (*ptr2 && !isspace(*ptr2))
+ ptr2++;
+ if (!(*ptr2))
+ continue;
+
+ *ptr2++ = 0;
+ if (strcmp(media, ptr) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found)
+ return -1;
+
+ /* Skip whitespace. */
+ while (*ptr2 && isspace(*ptr2))
+ ptr2++;
+ if (!(*ptr2)) {
+ return -1;
+ }
+
+ if (selinux_raw_to_trans_context(ptr2, con)) {
+ *con = NULL;
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
new file mode 100644
index 0000000..381aedd
--- /dev/null
+++ b/libselinux/src/matchpathcon.c
@@ -0,0 +1,436 @@
+#include <sys/stat.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include "selinux_internal.h"
+#include "label_internal.h"
+#include "callbacks.h"
+
+static __thread struct selabel_handle *hnd;
+
+/*
+ * An array for mapping integers to contexts
+ */
+static __thread char **con_array;
+static __thread int con_array_size;
+static __thread int con_array_used;
+
+static int add_array_elt(char *con)
+{
+ if (con_array_size) {
+ while (con_array_used >= con_array_size) {
+ con_array_size *= 2;
+ con_array = (char **)realloc(con_array, sizeof(char*) *
+ con_array_size);
+ if (!con_array) {
+ con_array_size = con_array_used = 0;
+ return -1;
+ }
+ }
+ } else {
+ con_array_size = 1000;
+ con_array = (char **)malloc(sizeof(char*) * con_array_size);
+ if (!con_array) {
+ con_array_size = con_array_used = 0;
+ return -1;
+ }
+ }
+
+ con_array[con_array_used] = strdup(con);
+ if (!con_array[con_array_used])
+ return -1;
+ return con_array_used++;
+}
+
+static void free_array_elts(void)
+{
+ con_array_size = con_array_used = 0;
+ free(con_array);
+ con_array = NULL;
+}
+
+static void
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 1, 2)))
+#endif
+ default_printf(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+}
+
+void
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 1, 2)))
+#endif
+ (*myprintf) (const char *fmt,...) = &default_printf;
+int myprintf_compat = 0;
+
+void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
+{
+ myprintf = f ? f : &default_printf;
+ myprintf_compat = 1;
+}
+
+static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
+
+void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c))
+{
+ myinvalidcon = f;
+}
+
+static int default_canoncon(const char *path, unsigned lineno, char **context)
+{
+ char *tmpcon;
+ if (security_canonicalize_context_raw(*context, &tmpcon) < 0) {
+ if (errno == ENOENT)
+ return 0;
+ if (lineno)
+ myprintf("%s: line %u has invalid context %s\n", path,
+ lineno, *context);
+ else
+ myprintf("%s: invalid context %s\n", path, *context);
+ return 1;
+ }
+ free(*context);
+ *context = tmpcon;
+ return 0;
+}
+
+static int (*mycanoncon) (const char *p, unsigned l, char **c) =
+ NULL;
+
+void set_matchpathcon_canoncon(int (*f) (const char *p, unsigned l, char **c))
+{
+ if (f)
+ mycanoncon = f;
+ else
+ mycanoncon = &default_canoncon;
+}
+
+static __thread struct selinux_opt options[SELABEL_NOPT];
+static __thread int notrans;
+
+void set_matchpathcon_flags(unsigned int flags)
+{
+ int i;
+ memset(options, 0, sizeof(options));
+ i = SELABEL_OPT_BASEONLY;
+ options[i].type = i;
+ options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL;
+ i = SELABEL_OPT_VALIDATE;
+ options[i].type = i;
+ options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL;
+ notrans = flags & MATCHPATHCON_NOTRANS;
+}
+
+/*
+ * An association between an inode and a
+ * specification.
+ */
+typedef struct file_spec {
+ ino_t ino; /* inode number */
+ int specind; /* index of specification in spec */
+ char *file; /* full pathname for diagnostic messages about conflicts */
+ struct file_spec *next; /* next association in hash bucket chain */
+} file_spec_t;
+
+/*
+ * The hash table of associations, hashed by inode number.
+ * Chaining is used for collisions, with elements ordered
+ * by inode number in each bucket. Each hash bucket has a dummy
+ * header.
+ */
+#define HASH_BITS 16
+#define HASH_BUCKETS (1 << HASH_BITS)
+#define HASH_MASK (HASH_BUCKETS-1)
+static file_spec_t *fl_head;
+
+/*
+ * Try to add an association between an inode and
+ * a specification. If there is already an association
+ * for the inode and it conflicts with this specification,
+ * then use the specification that occurs later in the
+ * specification array.
+ */
+int matchpathcon_filespec_add(ino_t ino, int specind, const char *file)
+{
+ file_spec_t *prevfl, *fl;
+ int h, ret;
+ struct stat sb;
+
+ if (!fl_head) {
+ fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
+ if (!fl_head)
+ goto oom;
+ memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS);
+ }
+
+ h = (ino + (ino >> HASH_BITS)) & HASH_MASK;
+ for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ prevfl = fl, fl = fl->next) {
+ if (ino == fl->ino) {
+ ret = lstat(fl->file, &sb);
+ if (ret < 0 || sb.st_ino != ino) {
+ fl->specind = specind;
+ free(fl->file);
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom;
+ strcpy(fl->file, file);
+ return fl->specind;
+
+ }
+
+ if (!strcmp(con_array[fl->specind],
+ con_array[specind]))
+ return fl->specind;
+
+ myprintf
+ ("%s: conflicting specifications for %s and %s, using %s.\n",
+ __FUNCTION__, file, fl->file,
+ con_array[fl->specind]);
+ free(fl->file);
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom;
+ strcpy(fl->file, file);
+ return fl->specind;
+ }
+
+ if (ino > fl->ino)
+ break;
+ }
+
+ fl = malloc(sizeof(file_spec_t));
+ if (!fl)
+ goto oom;
+ fl->ino = ino;
+ fl->specind = specind;
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom_freefl;
+ strcpy(fl->file, file);
+ fl->next = prevfl->next;
+ prevfl->next = fl;
+ return fl->specind;
+ oom_freefl:
+ free(fl);
+ oom:
+ myprintf("%s: insufficient memory for file label entry for %s\n",
+ __FUNCTION__, file);
+ return -1;
+}
+
+/*
+ * Evaluate the association hash table distribution.
+ */
+void matchpathcon_filespec_eval(void)
+{
+ file_spec_t *fl;
+ int h, used, nel, len, longest;
+
+ if (!fl_head)
+ return;
+
+ used = 0;
+ longest = 0;
+ nel = 0;
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ len = 0;
+ for (fl = fl_head[h].next; fl; fl = fl->next) {
+ len++;
+ }
+ if (len)
+ used++;
+ if (len > longest)
+ longest = len;
+ nel += len;
+ }
+
+ myprintf
+ ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n",
+ __FUNCTION__, nel, used, HASH_BUCKETS, longest);
+}
+
+/*
+ * Destroy the association hash table.
+ */
+void matchpathcon_filespec_destroy(void)
+{
+ file_spec_t *fl, *tmp;
+ int h;
+
+ free_array_elts();
+
+ if (!fl_head)
+ return;
+
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ fl = fl_head[h].next;
+ while (fl) {
+ tmp = fl;
+ fl = fl->next;
+ free(tmp->file);
+ free(tmp);
+ }
+ fl_head[h].next = NULL;
+ }
+ free(fl_head);
+ fl_head = NULL;
+}
+
+int matchpathcon_init_prefix(const char *path, const char *subset)
+{
+ if (!mycanoncon)
+ mycanoncon = default_canoncon;
+
+ options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
+ options[SELABEL_OPT_SUBSET].value = subset;
+ options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
+ options[SELABEL_OPT_PATH].value = path;
+
+ hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
+ return hnd ? 0 : -1;
+}
+
+hidden_def(matchpathcon_init_prefix)
+
+int matchpathcon_init(const char *path)
+{
+ return matchpathcon_init_prefix(path, NULL);
+}
+
+void matchpathcon_fini(void)
+{
+ if (hnd) {
+ selabel_close(hnd);
+ hnd = NULL;
+ }
+}
+
+int matchpathcon(const char *name, mode_t mode, security_context_t * con)
+{
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ return notrans ?
+ selabel_lookup_raw(hnd, con, name, mode) :
+ selabel_lookup(hnd, con, name, mode);
+}
+
+int matchpathcon_index(const char *name, mode_t mode, security_context_t * con)
+{
+ int i = matchpathcon(name, mode, con);
+
+ if (i < 0)
+ return -1;
+
+ return add_array_elt(*con);
+}
+
+void matchpathcon_checkmatches(char *str __attribute__((unused)))
+{
+ selabel_stats(hnd);
+}
+
+/* Compare two contexts to see if their differences are "significant",
+ * or whether the only difference is in the user. */
+int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b)
+{
+ char *rest_a, *rest_b; /* Rest of the context after the user */
+ if (!a && !b)
+ return 0;
+ if (!a)
+ return -1;
+ if (!b)
+ return 1;
+ rest_a = strchr((char *)a, ':');
+ rest_b = strchr((char *)b, ':');
+ if (!rest_a && !rest_b)
+ return 0;
+ if (!rest_a)
+ return -1;
+ if (!rest_b)
+ return 1;
+ return strcmp(rest_a, rest_b);
+}
+
+int selinux_file_context_verify(const char *path, mode_t mode)
+{
+ security_context_t con = NULL;
+ security_context_t fcontext = NULL;
+ int rc = 0;
+
+ rc = lgetfilecon_raw(path, &con);
+ if (rc == -1) {
+ if (errno != ENOTSUP)
+ return 1;
+ else
+ return 0;
+ }
+
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
+ if (errno != ENOENT)
+ rc = 1;
+ else
+ rc = 0;
+ } else
+ rc = (selinux_file_context_cmp(fcontext, con) == 0);
+
+ freecon(con);
+ freecon(fcontext);
+ return rc;
+}
+
+int selinux_lsetfilecon_default(const char *path)
+{
+ struct stat st;
+ int rc = -1;
+ security_context_t scontext = NULL;
+ if (lstat(path, &st) != 0)
+ return rc;
+
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ /* If there's an error determining the context, or it has none,
+ return to allow default context */
+ if (selabel_lookup_raw(hnd, &scontext, path, st.st_mode)) {
+ if (errno == ENOENT)
+ rc = 0;
+ } else {
+ rc = lsetfilecon_raw(path, scontext);
+ freecon(scontext);
+ }
+ return rc;
+}
+
+int compat_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts,
+ const char *path, unsigned lineno)
+{
+ int rc;
+ char **ctx = &contexts->ctx_raw;
+
+ if (myinvalidcon)
+ rc = myinvalidcon(path, lineno, *ctx);
+ else if (mycanoncon)
+ rc = mycanoncon(path, lineno, ctx);
+ else {
+ rc = selabel_validate(rec, contexts);
+ if (rc < 0) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid context %s\n",
+ path, lineno, *ctx);
+ }
+ }
+
+ return rc ? -1 : 0;
+}
diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h
new file mode 100644
index 0000000..10e8712
--- /dev/null
+++ b/libselinux/src/policy.h
@@ -0,0 +1,25 @@
+#ifndef _POLICY_H_
+#define _POLICY_H_
+
+/* Private definitions used internally by libselinux. */
+
+/* xattr name for SELinux attributes. */
+#define XATTR_NAME_SELINUX "security.selinux"
+
+/* Initial length guess for getting contexts. */
+#define INITCONTEXTLEN 255
+
+/* selinuxfs magic number */
+#define SELINUX_MAGIC 0xf97cff8c
+
+/* Preferred selinux mount location */
+#define SELINUXMNT "/selinux"
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+#define FILECONTEXTS "/etc/security/selinux/file_contexts"
+
+#define DEFAULT_POLICY_VERSION 15
+
+#endif
diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c
new file mode 100644
index 0000000..284a7f7
--- /dev/null
+++ b/libselinux/src/policyvers.c
@@ -0,0 +1,45 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdio.h>
+#include "policy.h"
+#include "dso.h"
+#include <limits.h>
+
+int security_policyvers(void)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+ unsigned vers = DEFAULT_POLICY_VERSION;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/policyvers", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0) {
+ if (errno == ENOENT)
+ return vers;
+ else
+ return -1;
+ }
+ memset(buf, 0, sizeof buf);
+ ret = read(fd, buf, sizeof buf - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%u", &vers) != 1)
+ return -1;
+
+ return vers;
+}
+
+hidden_def(security_policyvers)
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
new file mode 100644
index 0000000..8f3f401
--- /dev/null
+++ b/libselinux/src/procattr.c
@@ -0,0 +1,205 @@
+#include <sys/syscall.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+static pid_t gettid(void)
+{
+ return syscall(__NR_gettid);
+}
+
+static int getprocattrcon_raw(security_context_t * context,
+ pid_t pid, const char *attr)
+{
+ char *path, *buf;
+ size_t size;
+ int fd, rc;
+ ssize_t ret;
+ pid_t tid;
+ int errno_hold;
+
+ if (pid > 0)
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ else {
+ tid = gettid();
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
+
+ fd = open(path, O_RDONLY);
+ free(path);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ memset(buf, 0, size);
+
+ do {
+ ret = read(fd, buf, size - 1);
+ } while (ret < 0 && errno == EINTR);
+ if (ret < 0)
+ goto out2;
+
+ if (ret == 0) {
+ *context = NULL;
+ goto out2;
+ }
+
+ *context = strdup(buf);
+ if (!(*context)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ errno_hold = errno;
+ close(fd);
+ errno = errno_hold;
+ return ret;
+}
+
+static int getprocattrcon(security_context_t * context,
+ pid_t pid, const char *attr)
+{
+ int ret;
+ security_context_t rcontext;
+
+ ret = getprocattrcon_raw(&rcontext, pid, attr);
+
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ return ret;
+}
+
+static int setprocattrcon_raw(security_context_t context,
+ pid_t pid, const char *attr)
+{
+ char *path;
+ int fd, rc;
+ pid_t tid;
+ ssize_t ret;
+ int errno_hold;
+
+ if (pid > 0)
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ else {
+ tid = gettid();
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
+
+ fd = open(path, O_RDWR);
+ free(path);
+ if (fd < 0)
+ return -1;
+ if (context)
+ do {
+ ret = write(fd, context, strlen(context) + 1);
+ } while (ret < 0 && errno == EINTR);
+ else
+ do {
+ ret = write(fd, NULL, 0); /* clear */
+ } while (ret < 0 && errno == EINTR);
+ errno_hold = errno;
+ close(fd);
+ errno = errno_hold;
+ if (ret < 0)
+ return -1;
+ else
+ return 0;
+}
+
+static int setprocattrcon(security_context_t context,
+ pid_t pid, const char *attr)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = setprocattrcon_raw(rcontext, pid, attr);
+
+ freecon(rcontext);
+
+ return ret;
+}
+
+#define getselfattr_def(fn, attr) \
+ int get##fn##_raw(security_context_t *c) \
+ { \
+ return getprocattrcon_raw(c, 0, #attr); \
+ } \
+ int get##fn(security_context_t *c) \
+ { \
+ return getprocattrcon(c, 0, #attr); \
+ }
+
+#define setselfattr_def(fn, attr) \
+ int set##fn##_raw(security_context_t c) \
+ { \
+ return setprocattrcon_raw(c, 0, #attr); \
+ } \
+ int set##fn(security_context_t c) \
+ { \
+ return setprocattrcon(c, 0, #attr); \
+ }
+
+#define all_selfattr_def(fn, attr) \
+ getselfattr_def(fn, attr) \
+ setselfattr_def(fn, attr)
+
+#define getpidattr_def(fn, attr) \
+ int get##fn##_raw(pid_t pid, security_context_t *c) \
+ { \
+ return getprocattrcon_raw(c, pid, #attr); \
+ } \
+ int get##fn(pid_t pid, security_context_t *c) \
+ { \
+ return getprocattrcon(c, pid, #attr); \
+ }
+
+all_selfattr_def(con, current)
+ getpidattr_def(pidcon, current)
+ getselfattr_def(prevcon, prev)
+ all_selfattr_def(execcon, exec)
+ all_selfattr_def(fscreatecon, fscreate)
+ all_selfattr_def(sockcreatecon, sockcreate)
+ all_selfattr_def(keycreatecon, keycreate)
+
+ hidden_def(getcon_raw)
+ hidden_def(getcon)
+ hidden_def(getexeccon_raw)
+ hidden_def(getfilecon_raw)
+ hidden_def(getfilecon)
+ hidden_def(getfscreatecon_raw)
+ hidden_def(getkeycreatecon_raw)
+ hidden_def(getpeercon_raw)
+ hidden_def(getpidcon_raw)
+ hidden_def(getprevcon_raw)
+ hidden_def(getprevcon)
+ hidden_def(getsockcreatecon_raw)
+ hidden_def(setcon_raw)
+ hidden_def(setexeccon_raw)
+ hidden_def(setexeccon)
+ hidden_def(setfilecon_raw)
+ hidden_def(setfscreatecon_raw)
+ hidden_def(setkeycreatecon_raw)
+ hidden_def(setsockcreatecon_raw)
diff --git a/libselinux/src/query_user_context.c b/libselinux/src/query_user_context.c
new file mode 100644
index 0000000..dcfc1b0
--- /dev/null
+++ b/libselinux/src/query_user_context.c
@@ -0,0 +1,180 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+#include <selinux/get_context_list.h>
+
+/* context_menu - given a list of contexts, presents a menu of security contexts
+ * to the user. Returns the number (position in the list) of
+ * the user selected context.
+ */
+static int context_menu(security_context_t * list)
+{
+ int i; /* array index */
+ int choice = 0; /* index of the user's choice */
+ char response[10]; /* string to hold the user's response */
+
+ printf("\n\n");
+ for (i = 0; list[i]; i++)
+ printf("[%d] %s\n", i + 1, list[i]);
+
+ while ((choice < 1) || (choice > i)) {
+ printf("Enter number of choice: ");
+ fflush(stdin);
+ if (fgets(response, sizeof(response), stdin) == NULL)
+ continue;
+ fflush(stdin);
+ choice = strtol(response, NULL, 10);
+ }
+
+ return (choice - 1);
+}
+
+/* query_user_context - given a list of context, allow the user to choose one. The
+ * default is the first context in the list. Returns 0 on
+ * success, -1 on failure
+ */
+int query_user_context(security_context_t * list, security_context_t * usercon)
+{
+ char response[10]; /* The user's response */
+ int choice; /* The index in the list of the sid chosen by
+ the user */
+
+ if (!list[0])
+ return -1;
+
+ printf("\nYour default context is %s.\n", list[0]);
+ if (list[1]) {
+ printf("Do you want to choose a different one? [n]");
+ fflush(stdin);
+ if (fgets(response, sizeof(response), stdin) == NULL)
+ return -1;
+ fflush(stdin);
+
+ if ((response[0] == 'y') || (response[0] == 'Y')) {
+ choice = context_menu(list);
+ *usercon = strdup(list[choice]);
+ if (!(*usercon))
+ return -1;
+ return 0;
+ }
+
+ *usercon = strdup(list[0]);
+ if (!(*usercon))
+ return -1;
+ } else {
+ *usercon = strdup(list[0]);
+ if (!(*usercon))
+ return -1;
+ }
+
+ return 0;
+}
+
+/* get_field - given fieldstr - the "name" of a field, query the user
+ * and set the new value of the field
+ */
+static void get_field(const char *fieldstr, char *newfield, int newfieldlen)
+{
+ int done = 0; /* true if a non-empty field has been obtained */
+
+ while (!done) { /* Keep going until we get a value for the field */
+ printf("\tEnter %s ", fieldstr);
+ fflush(stdin);
+ if (fgets(newfield, newfieldlen, stdin) == NULL)
+ continue;
+ fflush(stdin);
+ if (newfield[strlen(newfield) - 1] == '\n')
+ newfield[strlen(newfield) - 1] = '\0';
+
+ if (strlen(newfield) == 0) {
+ printf("You must enter a %s\n", fieldstr);
+ } else {
+ done = 1;
+ }
+ }
+}
+
+/* manual_user_enter_context - provides a way for a user to manually enter a
+ * context in case the policy doesn't allow a list
+ * to be obtained.
+ * given the userid, queries the user and places the
+ * context chosen by the user into usercon. Returns 0
+ * on success.
+ */
+int manual_user_enter_context(const char *user, security_context_t * newcon)
+{
+ char response[10]; /* Used to get yes or no answers from user */
+ char role[100]; /* The role requested by the user */
+ int rolelen = 100;
+ char type[100]; /* The type requested by the user */
+ int typelen = 100;
+ char level[100]; /* The level requested by the user */
+ int levellen = 100;
+ int mls_enabled = is_selinux_mls_enabled();
+
+ context_t new_context; /* The new context chosen by the user */
+ char *user_context = NULL; /* String value of the user's context */
+ int done = 0; /* true if a valid sid has been obtained */
+
+ /* Initialize the context. How this is done depends on whether
+ or not MLS is enabled */
+ if (mls_enabled)
+ new_context = context_new("user:role:type:level");
+ else
+ new_context = context_new("user:role:type");
+
+ if (!new_context)
+ return -1;
+
+ while (!done) {
+ printf("Would you like to enter a security context? [y]");
+ if (fgets(response, sizeof(response), stdin) == NULL
+ || (response[0] == 'n') || (response[0] == 'N')) {
+ context_free(new_context);
+ return -1;
+ }
+
+ /* Allow the user to enter each field of the context individually */
+ if (context_user_set(new_context, user)) {
+ context_free(new_context);
+ return -1;
+ }
+ get_field("role", role, rolelen);
+ if (context_role_set(new_context, role)) {
+ context_free(new_context);
+ return -1;
+ }
+ get_field("type", type, typelen);
+ if (context_type_set(new_context, type)) {
+ context_free(new_context);
+ return -1;
+ }
+
+ if (mls_enabled) {
+ get_field("level", level, levellen);
+ if (context_range_set(new_context, level)) {
+ context_free(new_context);
+ return -1;
+ }
+ }
+
+ /* Get the string value of the context and see if it is valid. */
+ user_context = context_str(new_context);
+ if (!user_context) {
+ context_free(new_context);
+ return -1;
+ }
+ if (!security_check_context(user_context))
+ done = 1;
+ else
+ printf("Not a valid security context\n");
+ }
+
+ *newcon = strdup(user_context);
+ context_free(new_context);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
diff --git a/libselinux/src/rpm.c b/libselinux/src/rpm.c
new file mode 100644
index 0000000..b89f1bb
--- /dev/null
+++ b/libselinux/src/rpm.c
@@ -0,0 +1,58 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <selinux/flask.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int rpm_execcon(unsigned int verified __attribute__ ((unused)),
+ const char *filename, char *const argv[], char *const envp[])
+{
+ security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
+ context_t con = NULL;
+ int rc = 0;
+
+ if (is_selinux_enabled() < 1)
+ return execve(filename, argv, envp);
+
+ rc = getcon(&mycon);
+ if (rc < 0)
+ goto out;
+
+ rc = getfilecon(filename, &fcon);
+ if (rc < 0)
+ goto out;
+
+ rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon);
+ if (rc < 0)
+ goto out;
+
+ if (!strcmp(mycon, newcon)) {
+ /* No default transition, use rpm_script_t for now. */
+ rc = -1;
+ con = context_new(mycon);
+ if (!con)
+ goto out;
+ if (context_type_set(con, "rpm_script_t"))
+ goto out;
+ freecon(newcon);
+ newcon = strdup(context_str(con));
+ if (!newcon)
+ goto out;
+ rc = 0;
+ }
+
+ rc = setexeccon(newcon);
+ if (rc < 0)
+ goto out;
+ out:
+
+ if (rc >= 0 || security_getenforce() < 1)
+ rc = execve(filename, argv, envp);
+
+ context_free(con);
+ freecon(newcon);
+ freecon(fcon);
+ freecon(mycon);
+ return rc < 0 ? rc : 0;
+}
diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py
new file mode 100644
index 0000000..3989922
--- /dev/null
+++ b/libselinux/src/selinux.py
@@ -0,0 +1,513 @@
+# This file was automatically generated by SWIG (http://www.swig.org).
+# Version 1.3.33
+#
+# Don't modify this file, modify the SWIG interface instead.
+# This file is compatible with both classic and new-style classes.
+
+import _selinux
+import new
+new_instancemethod = new.instancemethod
+try:
+ _swig_property = property
+except NameError:
+ pass # Python < 2.2 doesn't have 'property'.
+def _swig_setattr_nondynamic(self,class_type,name,value,static=1):
+ if (name == "thisown"): return self.this.own(value)
+ if (name == "this"):
+ if type(value).__name__ == 'PySwigObject':
+ self.__dict__[name] = value
+ return
+ method = class_type.__swig_setmethods__.get(name,None)
+ if method: return method(self,value)
+ if (not static) or hasattr(self,name):
+ self.__dict__[name] = value
+ else:
+ raise AttributeError("You cannot add attributes to %s" % self)
+
+def _swig_setattr(self,class_type,name,value):
+ return _swig_setattr_nondynamic(self,class_type,name,value,0)
+
+def _swig_getattr(self,class_type,name):
+ if (name == "thisown"): return self.this.own()
+ method = class_type.__swig_getmethods__.get(name,None)
+ if method: return method(self)
+ raise AttributeError,name
+
+def _swig_repr(self):
+ try: strthis = "proxy of " + self.this.__repr__()
+ except: strthis = ""
+ return "<%s.%s; %s >" % (self.__class__.__module__, self.__class__.__name__, strthis,)
+
+import types
+try:
+ _object = types.ObjectType
+ _newclass = 1
+except AttributeError:
+ class _object : pass
+ _newclass = 0
+del types
+
+
+is_selinux_enabled = _selinux.is_selinux_enabled
+is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
+getcon = _selinux.getcon
+getcon_raw = _selinux.getcon_raw
+setcon = _selinux.setcon
+setcon_raw = _selinux.setcon_raw
+getpidcon = _selinux.getpidcon
+getpidcon_raw = _selinux.getpidcon_raw
+getprevcon = _selinux.getprevcon
+getprevcon_raw = _selinux.getprevcon_raw
+getexeccon = _selinux.getexeccon
+getexeccon_raw = _selinux.getexeccon_raw
+setexeccon = _selinux.setexeccon
+setexeccon_raw = _selinux.setexeccon_raw
+getfscreatecon = _selinux.getfscreatecon
+getfscreatecon_raw = _selinux.getfscreatecon_raw
+setfscreatecon = _selinux.setfscreatecon
+setfscreatecon_raw = _selinux.setfscreatecon_raw
+getkeycreatecon = _selinux.getkeycreatecon
+getkeycreatecon_raw = _selinux.getkeycreatecon_raw
+setkeycreatecon = _selinux.setkeycreatecon
+setkeycreatecon_raw = _selinux.setkeycreatecon_raw
+getsockcreatecon = _selinux.getsockcreatecon
+getsockcreatecon_raw = _selinux.getsockcreatecon_raw
+setsockcreatecon = _selinux.setsockcreatecon
+setsockcreatecon_raw = _selinux.setsockcreatecon_raw
+getfilecon = _selinux.getfilecon
+getfilecon_raw = _selinux.getfilecon_raw
+lgetfilecon = _selinux.lgetfilecon
+lgetfilecon_raw = _selinux.lgetfilecon_raw
+fgetfilecon = _selinux.fgetfilecon
+fgetfilecon_raw = _selinux.fgetfilecon_raw
+setfilecon = _selinux.setfilecon
+setfilecon_raw = _selinux.setfilecon_raw
+lsetfilecon = _selinux.lsetfilecon
+lsetfilecon_raw = _selinux.lsetfilecon_raw
+fsetfilecon = _selinux.fsetfilecon
+fsetfilecon_raw = _selinux.fsetfilecon_raw
+getpeercon = _selinux.getpeercon
+getpeercon_raw = _selinux.getpeercon_raw
+class av_decision(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, av_decision, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, av_decision, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["allowed"] = _selinux.av_decision_allowed_set
+ __swig_getmethods__["allowed"] = _selinux.av_decision_allowed_get
+ if _newclass:allowed = _swig_property(_selinux.av_decision_allowed_get, _selinux.av_decision_allowed_set)
+ __swig_setmethods__["decided"] = _selinux.av_decision_decided_set
+ __swig_getmethods__["decided"] = _selinux.av_decision_decided_get
+ if _newclass:decided = _swig_property(_selinux.av_decision_decided_get, _selinux.av_decision_decided_set)
+ __swig_setmethods__["auditallow"] = _selinux.av_decision_auditallow_set
+ __swig_getmethods__["auditallow"] = _selinux.av_decision_auditallow_get
+ if _newclass:auditallow = _swig_property(_selinux.av_decision_auditallow_get, _selinux.av_decision_auditallow_set)
+ __swig_setmethods__["auditdeny"] = _selinux.av_decision_auditdeny_set
+ __swig_getmethods__["auditdeny"] = _selinux.av_decision_auditdeny_get
+ if _newclass:auditdeny = _swig_property(_selinux.av_decision_auditdeny_get, _selinux.av_decision_auditdeny_set)
+ __swig_setmethods__["seqno"] = _selinux.av_decision_seqno_set
+ __swig_getmethods__["seqno"] = _selinux.av_decision_seqno_get
+ if _newclass:seqno = _swig_property(_selinux.av_decision_seqno_get, _selinux.av_decision_seqno_set)
+ def __init__(self, *args):
+ this = _selinux.new_av_decision(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_av_decision
+ __del__ = lambda self : None;
+av_decision_swigregister = _selinux.av_decision_swigregister
+av_decision_swigregister(av_decision)
+
+class selinux_opt(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_opt, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, selinux_opt, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["type"] = _selinux.selinux_opt_type_set
+ __swig_getmethods__["type"] = _selinux.selinux_opt_type_get
+ if _newclass:type = _swig_property(_selinux.selinux_opt_type_get, _selinux.selinux_opt_type_set)
+ __swig_setmethods__["value"] = _selinux.selinux_opt_value_set
+ __swig_getmethods__["value"] = _selinux.selinux_opt_value_get
+ if _newclass:value = _swig_property(_selinux.selinux_opt_value_get, _selinux.selinux_opt_value_set)
+ def __init__(self, *args):
+ this = _selinux.new_selinux_opt(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_selinux_opt
+ __del__ = lambda self : None;
+selinux_opt_swigregister = _selinux.selinux_opt_swigregister
+selinux_opt_swigregister(selinux_opt)
+
+class selinux_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, selinux_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_log"] = _selinux.selinux_callback_func_log_set
+ __swig_getmethods__["func_log"] = _selinux.selinux_callback_func_log_get
+ if _newclass:func_log = _swig_property(_selinux.selinux_callback_func_log_get, _selinux.selinux_callback_func_log_set)
+ __swig_setmethods__["func_audit"] = _selinux.selinux_callback_func_audit_set
+ __swig_getmethods__["func_audit"] = _selinux.selinux_callback_func_audit_get
+ if _newclass:func_audit = _swig_property(_selinux.selinux_callback_func_audit_get, _selinux.selinux_callback_func_audit_set)
+ __swig_setmethods__["func_validate"] = _selinux.selinux_callback_func_validate_set
+ __swig_getmethods__["func_validate"] = _selinux.selinux_callback_func_validate_get
+ if _newclass:func_validate = _swig_property(_selinux.selinux_callback_func_validate_get, _selinux.selinux_callback_func_validate_set)
+ def __init__(self, *args):
+ this = _selinux.new_selinux_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_selinux_callback
+ __del__ = lambda self : None;
+selinux_callback_swigregister = _selinux.selinux_callback_swigregister
+selinux_callback_swigregister(selinux_callback)
+
+SELINUX_CB_LOG = _selinux.SELINUX_CB_LOG
+SELINUX_CB_AUDIT = _selinux.SELINUX_CB_AUDIT
+SELINUX_CB_VALIDATE = _selinux.SELINUX_CB_VALIDATE
+selinux_get_callback = _selinux.selinux_get_callback
+selinux_set_callback = _selinux.selinux_set_callback
+SELINUX_ERROR = _selinux.SELINUX_ERROR
+SELINUX_WARNING = _selinux.SELINUX_WARNING
+SELINUX_INFO = _selinux.SELINUX_INFO
+SELINUX_AVC = _selinux.SELINUX_AVC
+security_compute_av = _selinux.security_compute_av
+security_compute_av_raw = _selinux.security_compute_av_raw
+security_compute_create = _selinux.security_compute_create
+security_compute_create_raw = _selinux.security_compute_create_raw
+security_compute_relabel = _selinux.security_compute_relabel
+security_compute_relabel_raw = _selinux.security_compute_relabel_raw
+security_compute_member = _selinux.security_compute_member
+security_compute_member_raw = _selinux.security_compute_member_raw
+security_compute_user = _selinux.security_compute_user
+security_compute_user_raw = _selinux.security_compute_user_raw
+security_load_policy = _selinux.security_load_policy
+security_get_initial_context = _selinux.security_get_initial_context
+security_get_initial_context_raw = _selinux.security_get_initial_context_raw
+selinux_mkload_policy = _selinux.selinux_mkload_policy
+selinux_init_load_policy = _selinux.selinux_init_load_policy
+class SELboolean(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, SELboolean, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, SELboolean, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["name"] = _selinux.SELboolean_name_set
+ __swig_getmethods__["name"] = _selinux.SELboolean_name_get
+ if _newclass:name = _swig_property(_selinux.SELboolean_name_get, _selinux.SELboolean_name_set)
+ __swig_setmethods__["value"] = _selinux.SELboolean_value_set
+ __swig_getmethods__["value"] = _selinux.SELboolean_value_get
+ if _newclass:value = _swig_property(_selinux.SELboolean_value_get, _selinux.SELboolean_value_set)
+ def __init__(self, *args):
+ this = _selinux.new_SELboolean(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_SELboolean
+ __del__ = lambda self : None;
+SELboolean_swigregister = _selinux.SELboolean_swigregister
+SELboolean_swigregister(SELboolean)
+
+security_set_boolean_list = _selinux.security_set_boolean_list
+security_load_booleans = _selinux.security_load_booleans
+security_check_context = _selinux.security_check_context
+security_check_context_raw = _selinux.security_check_context_raw
+security_canonicalize_context = _selinux.security_canonicalize_context
+security_canonicalize_context_raw = _selinux.security_canonicalize_context_raw
+security_getenforce = _selinux.security_getenforce
+security_setenforce = _selinux.security_setenforce
+security_disable = _selinux.security_disable
+security_policyvers = _selinux.security_policyvers
+security_get_boolean_names = _selinux.security_get_boolean_names
+security_get_boolean_pending = _selinux.security_get_boolean_pending
+security_get_boolean_active = _selinux.security_get_boolean_active
+security_set_boolean = _selinux.security_set_boolean
+security_commit_booleans = _selinux.security_commit_booleans
+class security_class_mapping(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, security_class_mapping, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, security_class_mapping, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["name"] = _selinux.security_class_mapping_name_set
+ __swig_getmethods__["name"] = _selinux.security_class_mapping_name_get
+ if _newclass:name = _swig_property(_selinux.security_class_mapping_name_get, _selinux.security_class_mapping_name_set)
+ __swig_setmethods__["perms"] = _selinux.security_class_mapping_perms_set
+ __swig_getmethods__["perms"] = _selinux.security_class_mapping_perms_get
+ if _newclass:perms = _swig_property(_selinux.security_class_mapping_perms_get, _selinux.security_class_mapping_perms_set)
+ def __init__(self, *args):
+ this = _selinux.new_security_class_mapping(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_security_class_mapping
+ __del__ = lambda self : None;
+security_class_mapping_swigregister = _selinux.security_class_mapping_swigregister
+security_class_mapping_swigregister(security_class_mapping)
+
+selinux_set_mapping = _selinux.selinux_set_mapping
+string_to_security_class = _selinux.string_to_security_class
+security_class_to_string = _selinux.security_class_to_string
+security_av_perm_to_string = _selinux.security_av_perm_to_string
+string_to_av_perm = _selinux.string_to_av_perm
+security_av_string = _selinux.security_av_string
+print_access_vector = _selinux.print_access_vector
+MATCHPATHCON_BASEONLY = _selinux.MATCHPATHCON_BASEONLY
+MATCHPATHCON_NOTRANS = _selinux.MATCHPATHCON_NOTRANS
+MATCHPATHCON_VALIDATE = _selinux.MATCHPATHCON_VALIDATE
+set_matchpathcon_flags = _selinux.set_matchpathcon_flags
+matchpathcon_init = _selinux.matchpathcon_init
+matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix
+matchpathcon_fini = _selinux.matchpathcon_fini
+matchpathcon = _selinux.matchpathcon
+matchpathcon_index = _selinux.matchpathcon_index
+matchpathcon_filespec_add = _selinux.matchpathcon_filespec_add
+matchpathcon_filespec_destroy = _selinux.matchpathcon_filespec_destroy
+matchpathcon_filespec_eval = _selinux.matchpathcon_filespec_eval
+matchpathcon_checkmatches = _selinux.matchpathcon_checkmatches
+matchmediacon = _selinux.matchmediacon
+selinux_getenforcemode = _selinux.selinux_getenforcemode
+selinux_getpolicytype = _selinux.selinux_getpolicytype
+selinux_policy_root = _selinux.selinux_policy_root
+selinux_binary_policy_path = _selinux.selinux_binary_policy_path
+selinux_failsafe_context_path = _selinux.selinux_failsafe_context_path
+selinux_removable_context_path = _selinux.selinux_removable_context_path
+selinux_default_context_path = _selinux.selinux_default_context_path
+selinux_user_contexts_path = _selinux.selinux_user_contexts_path
+selinux_file_context_path = _selinux.selinux_file_context_path
+selinux_file_context_homedir_path = _selinux.selinux_file_context_homedir_path
+selinux_file_context_local_path = _selinux.selinux_file_context_local_path
+selinux_homedir_context_path = _selinux.selinux_homedir_context_path
+selinux_media_context_path = _selinux.selinux_media_context_path
+selinux_x_context_path = _selinux.selinux_x_context_path
+selinux_contexts_path = _selinux.selinux_contexts_path
+selinux_securetty_types_path = _selinux.selinux_securetty_types_path
+selinux_booleans_path = _selinux.selinux_booleans_path
+selinux_customizable_types_path = _selinux.selinux_customizable_types_path
+selinux_users_path = _selinux.selinux_users_path
+selinux_usersconf_path = _selinux.selinux_usersconf_path
+selinux_translations_path = _selinux.selinux_translations_path
+selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
+selinux_path = _selinux.selinux_path
+selinux_check_passwd_access = _selinux.selinux_check_passwd_access
+checkPasswdAccess = _selinux.checkPasswdAccess
+selinux_check_securetty_context = _selinux.selinux_check_securetty_context
+set_selinuxmnt = _selinux.set_selinuxmnt
+rpm_execcon = _selinux.rpm_execcon
+is_context_customizable = _selinux.is_context_customizable
+selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
+selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+getseuserbyname = _selinux.getseuserbyname
+selinux_file_context_cmp = _selinux.selinux_file_context_cmp
+selinux_file_context_verify = _selinux.selinux_file_context_verify
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
+class security_id(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, security_id, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, security_id, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ctx"] = _selinux.security_id_ctx_set
+ __swig_getmethods__["ctx"] = _selinux.security_id_ctx_get
+ if _newclass:ctx = _swig_property(_selinux.security_id_ctx_get, _selinux.security_id_ctx_set)
+ __swig_setmethods__["refcnt"] = _selinux.security_id_refcnt_set
+ __swig_getmethods__["refcnt"] = _selinux.security_id_refcnt_get
+ if _newclass:refcnt = _swig_property(_selinux.security_id_refcnt_get, _selinux.security_id_refcnt_set)
+ def __init__(self, *args):
+ this = _selinux.new_security_id(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_security_id
+ __del__ = lambda self : None;
+security_id_swigregister = _selinux.security_id_swigregister
+security_id_swigregister(security_id)
+
+avc_sid_to_context = _selinux.avc_sid_to_context
+avc_sid_to_context_raw = _selinux.avc_sid_to_context_raw
+avc_context_to_sid = _selinux.avc_context_to_sid
+avc_context_to_sid_raw = _selinux.avc_context_to_sid_raw
+sidget = _selinux.sidget
+sidput = _selinux.sidput
+avc_get_initial_sid = _selinux.avc_get_initial_sid
+class avc_entry_ref(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_entry_ref, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_entry_ref, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ae"] = _selinux.avc_entry_ref_ae_set
+ __swig_getmethods__["ae"] = _selinux.avc_entry_ref_ae_get
+ if _newclass:ae = _swig_property(_selinux.avc_entry_ref_ae_get, _selinux.avc_entry_ref_ae_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_entry_ref(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_entry_ref
+ __del__ = lambda self : None;
+avc_entry_ref_swigregister = _selinux.avc_entry_ref_swigregister
+avc_entry_ref_swigregister(avc_entry_ref)
+
+class avc_memory_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_memory_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_memory_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_set
+ __swig_getmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_get
+ if _newclass:func_malloc = _swig_property(_selinux.avc_memory_callback_func_malloc_get, _selinux.avc_memory_callback_func_malloc_set)
+ __swig_setmethods__["func_free"] = _selinux.avc_memory_callback_func_free_set
+ __swig_getmethods__["func_free"] = _selinux.avc_memory_callback_func_free_get
+ if _newclass:func_free = _swig_property(_selinux.avc_memory_callback_func_free_get, _selinux.avc_memory_callback_func_free_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_memory_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_memory_callback
+ __del__ = lambda self : None;
+avc_memory_callback_swigregister = _selinux.avc_memory_callback_swigregister
+avc_memory_callback_swigregister(avc_memory_callback)
+
+class avc_log_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_log_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_log_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_log"] = _selinux.avc_log_callback_func_log_set
+ __swig_getmethods__["func_log"] = _selinux.avc_log_callback_func_log_get
+ if _newclass:func_log = _swig_property(_selinux.avc_log_callback_func_log_get, _selinux.avc_log_callback_func_log_set)
+ __swig_setmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_set
+ __swig_getmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_get
+ if _newclass:func_audit = _swig_property(_selinux.avc_log_callback_func_audit_get, _selinux.avc_log_callback_func_audit_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_log_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_log_callback
+ __del__ = lambda self : None;
+avc_log_callback_swigregister = _selinux.avc_log_callback_swigregister
+avc_log_callback_swigregister(avc_log_callback)
+
+class avc_thread_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_thread_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_thread_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_set
+ __swig_getmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_get
+ if _newclass:func_create_thread = _swig_property(_selinux.avc_thread_callback_func_create_thread_get, _selinux.avc_thread_callback_func_create_thread_set)
+ __swig_setmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_set
+ __swig_getmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_get
+ if _newclass:func_stop_thread = _swig_property(_selinux.avc_thread_callback_func_stop_thread_get, _selinux.avc_thread_callback_func_stop_thread_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_thread_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_thread_callback
+ __del__ = lambda self : None;
+avc_thread_callback_swigregister = _selinux.avc_thread_callback_swigregister
+avc_thread_callback_swigregister(avc_thread_callback)
+
+class avc_lock_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_lock_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_lock_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_set
+ __swig_getmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_get
+ if _newclass:func_alloc_lock = _swig_property(_selinux.avc_lock_callback_func_alloc_lock_get, _selinux.avc_lock_callback_func_alloc_lock_set)
+ __swig_setmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_set
+ __swig_getmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_get
+ if _newclass:func_get_lock = _swig_property(_selinux.avc_lock_callback_func_get_lock_get, _selinux.avc_lock_callback_func_get_lock_set)
+ __swig_setmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_set
+ __swig_getmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_get
+ if _newclass:func_release_lock = _swig_property(_selinux.avc_lock_callback_func_release_lock_get, _selinux.avc_lock_callback_func_release_lock_set)
+ __swig_setmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_set
+ __swig_getmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_get
+ if _newclass:func_free_lock = _swig_property(_selinux.avc_lock_callback_func_free_lock_get, _selinux.avc_lock_callback_func_free_lock_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_lock_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_lock_callback
+ __del__ = lambda self : None;
+avc_lock_callback_swigregister = _selinux.avc_lock_callback_swigregister
+avc_lock_callback_swigregister(avc_lock_callback)
+
+AVC_OPT_UNUSED = _selinux.AVC_OPT_UNUSED
+AVC_OPT_SETENFORCE = _selinux.AVC_OPT_SETENFORCE
+avc_init = _selinux.avc_init
+avc_open = _selinux.avc_open
+avc_cleanup = _selinux.avc_cleanup
+avc_reset = _selinux.avc_reset
+avc_destroy = _selinux.avc_destroy
+avc_has_perm_noaudit = _selinux.avc_has_perm_noaudit
+avc_has_perm = _selinux.avc_has_perm
+avc_audit = _selinux.avc_audit
+avc_compute_create = _selinux.avc_compute_create
+avc_compute_member = _selinux.avc_compute_member
+AVC_CALLBACK_GRANT = _selinux.AVC_CALLBACK_GRANT
+AVC_CALLBACK_TRY_REVOKE = _selinux.AVC_CALLBACK_TRY_REVOKE
+AVC_CALLBACK_REVOKE = _selinux.AVC_CALLBACK_REVOKE
+AVC_CALLBACK_RESET = _selinux.AVC_CALLBACK_RESET
+AVC_CALLBACK_AUDITALLOW_ENABLE = _selinux.AVC_CALLBACK_AUDITALLOW_ENABLE
+AVC_CALLBACK_AUDITALLOW_DISABLE = _selinux.AVC_CALLBACK_AUDITALLOW_DISABLE
+AVC_CALLBACK_AUDITDENY_ENABLE = _selinux.AVC_CALLBACK_AUDITDENY_ENABLE
+AVC_CALLBACK_AUDITDENY_DISABLE = _selinux.AVC_CALLBACK_AUDITDENY_DISABLE
+AVC_CACHE_STATS = _selinux.AVC_CACHE_STATS
+class avc_cache_stats(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_cache_stats, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_cache_stats, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_set
+ __swig_getmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_get
+ if _newclass:entry_lookups = _swig_property(_selinux.avc_cache_stats_entry_lookups_get, _selinux.avc_cache_stats_entry_lookups_set)
+ __swig_setmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_set
+ __swig_getmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_get
+ if _newclass:entry_hits = _swig_property(_selinux.avc_cache_stats_entry_hits_get, _selinux.avc_cache_stats_entry_hits_set)
+ __swig_setmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_set
+ __swig_getmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_get
+ if _newclass:entry_misses = _swig_property(_selinux.avc_cache_stats_entry_misses_get, _selinux.avc_cache_stats_entry_misses_set)
+ __swig_setmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_set
+ __swig_getmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_get
+ if _newclass:entry_discards = _swig_property(_selinux.avc_cache_stats_entry_discards_get, _selinux.avc_cache_stats_entry_discards_set)
+ __swig_setmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_set
+ __swig_getmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_get
+ if _newclass:cav_lookups = _swig_property(_selinux.avc_cache_stats_cav_lookups_get, _selinux.avc_cache_stats_cav_lookups_set)
+ __swig_setmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_set
+ __swig_getmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_get
+ if _newclass:cav_hits = _swig_property(_selinux.avc_cache_stats_cav_hits_get, _selinux.avc_cache_stats_cav_hits_set)
+ __swig_setmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_set
+ __swig_getmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_get
+ if _newclass:cav_probes = _swig_property(_selinux.avc_cache_stats_cav_probes_get, _selinux.avc_cache_stats_cav_probes_set)
+ __swig_setmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_set
+ __swig_getmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_get
+ if _newclass:cav_misses = _swig_property(_selinux.avc_cache_stats_cav_misses_get, _selinux.avc_cache_stats_cav_misses_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_cache_stats(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_cache_stats
+ __del__ = lambda self : None;
+avc_cache_stats_swigregister = _selinux.avc_cache_stats_swigregister
+avc_cache_stats_swigregister(avc_cache_stats)
+
+avc_av_stats = _selinux.avc_av_stats
+avc_sid_stats = _selinux.avc_sid_stats
+selinux_default_type_path = _selinux.selinux_default_type_path
+get_default_type = _selinux.get_default_type
+SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
+get_ordered_context_list = _selinux.get_ordered_context_list
+get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level
+get_default_context = _selinux.get_default_context
+get_default_context_with_level = _selinux.get_default_context_with_level
+get_default_context_with_role = _selinux.get_default_context_with_role
+get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel
+query_user_context = _selinux.query_user_context
+manual_user_enter_context = _selinux.manual_user_enter_context
+
+
diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c
new file mode 100644
index 0000000..fdb5a59
--- /dev/null
+++ b/libselinux/src/selinux_check_securetty_context.c
@@ -0,0 +1,53 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int selinux_check_securetty_context(security_context_t tty_context)
+{
+ char *line = NULL;
+ char *start, *end = NULL;
+ size_t line_len = 0;
+ ssize_t len;
+ int found = -1;
+ FILE *fp;
+ fp = fopen(selinux_securetty_types_path(), "r");
+ if (fp) {
+ context_t con = context_new(tty_context);
+ if (con) {
+ const char *type = context_type_get(con);
+ while ((len = getline(&line, &line_len, fp)) != -1) {
+
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+ if (!strcmp(type, start)) {
+ found = 0;
+ break;
+ }
+ }
+ free(line);
+ context_free(con);
+ }
+ fclose(fp);
+ }
+
+ return found;
+}
+
+hidden_def(selinux_check_securetty_context)
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
new file mode 100644
index 0000000..7dbbb47
--- /dev/null
+++ b/libselinux/src/selinux_config.c
@@ -0,0 +1,385 @@
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <unistd.h>
+#include "selinux_internal.h"
+#include "get_default_type_internal.h"
+
+#define SELINUXDIR "/etc/selinux/"
+#define SELINUXCONFIG SELINUXDIR "config"
+#define SELINUXDEFAULT "targeted"
+#define SELINUXTYPETAG "SELINUXTYPE="
+#define SELINUXTAG "SELINUX="
+#define SETLOCALDEFS "SETLOCALDEFS="
+#define REQUIRESEUSERS "REQUIRESEUSERS="
+
+/* Indices for file paths arrays. */
+#define BINPOLICY 0
+#define CONTEXTS_DIR 1
+#define FILE_CONTEXTS 2
+#define HOMEDIR_CONTEXTS 3
+#define DEFAULT_CONTEXTS 4
+#define USER_CONTEXTS 5
+#define FAILSAFE_CONTEXT 6
+#define DEFAULT_TYPE 7
+#define BOOLEANS 8
+#define MEDIA_CONTEXTS 9
+#define REMOVABLE_CONTEXT 10
+#define CUSTOMIZABLE_TYPES 11
+#define USERS_DIR 12
+#define SEUSERS 13
+#define TRANSLATIONS 14
+#define NETFILTER_CONTEXTS 15
+#define FILE_CONTEXTS_HOMEDIR 16
+#define FILE_CONTEXTS_LOCAL 17
+#define SECURETTY_TYPES 18
+#define X_CONTEXTS 19
+#define NEL 20
+
+/* New layout is relative to SELINUXDIR/policytype. */
+static char *file_paths[NEL];
+#define L1(l) L2(l)
+#define L2(l)str##l
+static const union file_path_suffixes_data {
+ struct {
+#define S_(n, s) char L1(__LINE__)[sizeof(s)];
+#include "file_path_suffixes.h"
+#undef S_
+ };
+ char str[0];
+} file_path_suffixes_data = {
+ {
+#define S_(n, s) s,
+#include "file_path_suffixes.h"
+#undef S_
+ }
+};
+static const uint16_t file_path_suffixes_idx[NEL] = {
+#define S_(n, s) [n] = offsetof(union file_path_suffixes_data, L1(__LINE__)),
+#include "file_path_suffixes.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+int selinux_getenforcemode(int *enforce)
+{
+ int ret = -1;
+ FILE *cfg = fopen(SELINUXCONFIG, "r");
+ if (cfg) {
+ char *buf;
+ int len = sizeof(SELINUXTAG) - 1;
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(cfg);
+ return -1;
+ }
+ while (fgets_unlocked(buf, selinux_page_size, cfg)) {
+ if (strncmp(buf, SELINUXTAG, len))
+ continue;
+ if (!strncasecmp
+ (buf + len, "enforcing", sizeof("enforcing") - 1)) {
+ *enforce = 1;
+ ret = 0;
+ break;
+ } else
+ if (!strncasecmp
+ (buf + len, "permissive",
+ sizeof("permissive") - 1)) {
+ *enforce = 0;
+ ret = 0;
+ break;
+ } else
+ if (!strncasecmp
+ (buf + len, "disabled",
+ sizeof("disabled") - 1)) {
+ *enforce = -1;
+ ret = 0;
+ break;
+ }
+ }
+ fclose(cfg);
+ free(buf);
+ }
+ return ret;
+}
+
+hidden_def(selinux_getenforcemode)
+
+static char *selinux_policytype;
+
+int selinux_getpolicytype(char **type)
+{
+ if (!selinux_policytype)
+ return -1;
+ *type = strdup(selinux_policytype);
+ return *type ? 0 : -1;
+}
+
+hidden_def(selinux_getpolicytype)
+
+static char *selinux_policyroot = NULL;
+static char *selinux_rootpath = NULL;
+
+static void init_selinux_config(void) __attribute__ ((constructor));
+
+static void init_selinux_config(void)
+{
+ int i, *intptr;
+ size_t line_len;
+ ssize_t len;
+ char *line_buf = NULL, *buf_p, *value, *type = NULL, *end;
+ FILE *fp;
+
+ if (selinux_policyroot)
+ return;
+
+ selinux_rootpath = SELINUXDIR;
+ fp = fopen(SELINUXCONFIG, "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((len = getline(&line_buf, &line_len, fp)) > 0) {
+ if (line_buf[len - 1] == '\n')
+ line_buf[len - 1] = 0;
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ if (*buf_p == '#' || *buf_p == 0)
+ continue;
+
+ if (!strncasecmp(buf_p, SELINUXTYPETAG,
+ sizeof(SELINUXTYPETAG) - 1)) {
+ selinux_policytype = type =
+ strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
+ if (!type)
+ return;
+ end = type + strlen(type) - 1;
+ while ((end > type) &&
+ (isspace(*end) || iscntrl(*end))) {
+ *end = 0;
+ end--;
+ }
+ continue;
+ } else if (!strncmp(buf_p, SETLOCALDEFS,
+ sizeof(SETLOCALDEFS) - 1)) {
+ value = buf_p + sizeof(SETLOCALDEFS) - 1;
+ intptr = &load_setlocaldefs;
+ } else if (!strncmp(buf_p, REQUIRESEUSERS,
+ sizeof(REQUIRESEUSERS) - 1)) {
+ value = buf_p + sizeof(REQUIRESEUSERS) - 1;
+ intptr = &require_seusers;
+ } else {
+ continue;
+ }
+
+ if (isdigit(*value))
+ *intptr = atoi(value);
+ else if (strncasecmp(value, "true", sizeof("true") - 1))
+ *intptr = 1;
+ else if (strncasecmp
+ (value, "false", sizeof("false") - 1))
+ *intptr = 0;
+ }
+ free(line_buf);
+ fclose(fp);
+ }
+
+ if (!type) {
+ selinux_policytype = type = strdup(SELINUXDEFAULT);
+ if (!type)
+ return;
+ }
+
+ if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1)
+ return;
+
+ for (i = 0; i < NEL; i++)
+ if (asprintf(&file_paths[i], "%s%s",
+ selinux_policyroot,
+ file_path_suffixes_data.str +
+ file_path_suffixes_idx[i])
+ == -1)
+ return;
+}
+
+static void fini_selinux_policyroot(void) __attribute__ ((destructor));
+
+static void fini_selinux_policyroot(void)
+{
+ int i;
+ free(selinux_policyroot);
+ selinux_policyroot = NULL;
+ for (i = 0; i < NEL; i++) {
+ free(file_paths[i]);
+ file_paths[i] = NULL;
+ }
+ free(selinux_policytype);
+ selinux_policytype = NULL;
+}
+
+void reset_selinux_config(void)
+{
+ fini_selinux_policyroot();
+ init_selinux_config();
+}
+
+static const char *get_path(int idx)
+{
+ return file_paths[idx];
+}
+
+const char *selinux_default_type_path()
+{
+ return get_path(DEFAULT_TYPE);
+}
+
+hidden_def(selinux_default_type_path)
+
+const char *selinux_policy_root()
+{
+ return selinux_policyroot;
+}
+
+const char *selinux_path()
+{
+ return selinux_rootpath;
+}
+
+hidden_def(selinux_path)
+
+const char *selinux_default_context_path()
+{
+ return get_path(DEFAULT_CONTEXTS);
+}
+
+hidden_def(selinux_default_context_path)
+
+const char *selinux_securetty_types_path()
+{
+ return get_path(SECURETTY_TYPES);
+}
+
+hidden_def(selinux_securetty_types_path)
+
+const char *selinux_failsafe_context_path()
+{
+ return get_path(FAILSAFE_CONTEXT);
+}
+
+hidden_def(selinux_failsafe_context_path)
+
+const char *selinux_removable_context_path()
+{
+ return get_path(REMOVABLE_CONTEXT);
+}
+
+hidden_def(selinux_removable_context_path)
+
+const char *selinux_binary_policy_path()
+{
+ return get_path(BINPOLICY);
+}
+
+hidden_def(selinux_binary_policy_path)
+
+const char *selinux_file_context_path()
+{
+ return get_path(FILE_CONTEXTS);
+}
+
+hidden_def(selinux_file_context_path)
+
+const char *selinux_homedir_context_path()
+{
+ return get_path(HOMEDIR_CONTEXTS);
+}
+
+hidden_def(selinux_homedir_context_path)
+
+const char *selinux_media_context_path()
+{
+ return get_path(MEDIA_CONTEXTS);
+}
+
+hidden_def(selinux_media_context_path)
+
+const char *selinux_customizable_types_path()
+{
+ return get_path(CUSTOMIZABLE_TYPES);
+}
+
+hidden_def(selinux_customizable_types_path)
+
+const char *selinux_contexts_path()
+{
+ return get_path(CONTEXTS_DIR);
+}
+
+const char *selinux_user_contexts_path()
+{
+ return get_path(USER_CONTEXTS);
+}
+
+hidden_def(selinux_user_contexts_path)
+
+const char *selinux_booleans_path()
+{
+ return get_path(BOOLEANS);
+}
+
+hidden_def(selinux_booleans_path)
+
+const char *selinux_users_path()
+{
+ return get_path(USERS_DIR);
+}
+
+hidden_def(selinux_users_path)
+
+const char *selinux_usersconf_path()
+{
+ return get_path(SEUSERS);
+}
+
+hidden_def(selinux_usersconf_path)
+
+const char *selinux_translations_path()
+{
+ return get_path(TRANSLATIONS);
+}
+
+hidden_def(selinux_translations_path)
+
+const char *selinux_netfilter_context_path()
+{
+ return get_path(NETFILTER_CONTEXTS);
+}
+
+hidden_def(selinux_netfilter_context_path)
+
+const char *selinux_file_context_homedir_path()
+{
+ return get_path(FILE_CONTEXTS_HOMEDIR);
+}
+
+hidden_def(selinux_file_context_homedir_path)
+
+const char *selinux_file_context_local_path()
+{
+ return get_path(FILE_CONTEXTS_LOCAL);
+}
+
+hidden_def(selinux_file_context_local_path)
+
+const char *selinux_x_context_path()
+{
+ return get_path(X_CONTEXTS);
+}
+
+hidden_def(selinux_x_context_path)
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
new file mode 100644
index 0000000..eaf1767
--- /dev/null
+++ b/libselinux/src/selinux_internal.h
@@ -0,0 +1,86 @@
+#include <selinux/selinux.h>
+#include "dso.h"
+
+hidden_proto(selinux_mkload_policy)
+ hidden_proto(set_selinuxmnt)
+ hidden_proto(security_disable)
+ hidden_proto(security_policyvers)
+ hidden_proto(security_load_policy)
+ hidden_proto(security_get_boolean_active)
+ hidden_proto(security_get_boolean_names)
+ hidden_proto(security_set_boolean)
+ hidden_proto(security_commit_booleans)
+ hidden_proto(security_check_context)
+ hidden_proto(security_check_context_raw)
+ hidden_proto(security_canonicalize_context)
+ hidden_proto(security_canonicalize_context_raw)
+ hidden_proto(security_compute_av)
+ hidden_proto(security_compute_av_raw)
+ hidden_proto(security_compute_user)
+ hidden_proto(security_compute_user_raw)
+ hidden_proto(security_compute_create)
+ hidden_proto(security_compute_create_raw)
+ hidden_proto(security_compute_member_raw)
+ hidden_proto(security_compute_relabel_raw)
+ hidden_proto(is_selinux_enabled)
+ hidden_proto(is_selinux_mls_enabled)
+ hidden_proto(freecon)
+ hidden_proto(freeconary)
+ hidden_proto(getprevcon)
+ hidden_proto(getprevcon_raw)
+ hidden_proto(getcon)
+ hidden_proto(getcon_raw)
+ hidden_proto(setcon_raw)
+ hidden_proto(getpeercon_raw)
+ hidden_proto(getpidcon_raw)
+ hidden_proto(getexeccon_raw)
+ hidden_proto(getfilecon)
+ hidden_proto(getfilecon_raw)
+ hidden_proto(lgetfilecon_raw)
+ hidden_proto(fgetfilecon_raw)
+ hidden_proto(setfilecon_raw)
+ hidden_proto(lsetfilecon_raw)
+ hidden_proto(fsetfilecon_raw)
+ hidden_proto(setexeccon)
+ hidden_proto(setexeccon_raw)
+ hidden_proto(getfscreatecon_raw)
+ hidden_proto(getkeycreatecon_raw)
+ hidden_proto(getsockcreatecon_raw)
+ hidden_proto(setfscreatecon_raw)
+ hidden_proto(setkeycreatecon_raw)
+ hidden_proto(setsockcreatecon_raw)
+ hidden_proto(security_getenforce)
+ hidden_proto(security_setenforce)
+ hidden_proto(selinux_binary_policy_path)
+ hidden_proto(selinux_default_context_path)
+ hidden_proto(selinux_securetty_types_path)
+ hidden_proto(selinux_failsafe_context_path)
+ hidden_proto(selinux_removable_context_path)
+ hidden_proto(selinux_file_context_path)
+ hidden_proto(selinux_file_context_homedir_path)
+ hidden_proto(selinux_file_context_local_path)
+ hidden_proto(selinux_netfilter_context_path)
+ hidden_proto(selinux_homedir_context_path)
+ hidden_proto(selinux_user_contexts_path)
+ hidden_proto(selinux_booleans_path)
+ hidden_proto(selinux_customizable_types_path)
+ hidden_proto(selinux_media_context_path)
+ hidden_proto(selinux_x_context_path)
+ hidden_proto(selinux_path)
+ hidden_proto(selinux_check_passwd_access)
+ hidden_proto(selinux_check_securetty_context)
+ hidden_proto(matchpathcon_init_prefix)
+ hidden_proto(selinux_users_path)
+ hidden_proto(selinux_usersconf_path);
+hidden_proto(selinux_translations_path);
+hidden_proto(selinux_getenforcemode);
+hidden_proto(selinux_getpolicytype);
+hidden_proto(selinux_raw_to_trans_context);
+hidden_proto(selinux_trans_to_raw_context);
+hidden_proto(security_get_initial_context);
+hidden_proto(security_get_initial_context_raw);
+
+extern void reset_selinux_config(void) hidden;
+extern int load_setlocaldefs hidden;
+extern int require_seusers hidden;
+extern int selinux_page_size hidden;
diff --git a/libselinux/src/selinux_netlink.h b/libselinux/src/selinux_netlink.h
new file mode 100644
index 0000000..88ef551
--- /dev/null
+++ b/libselinux/src/selinux_netlink.h
@@ -0,0 +1,31 @@
+/*
+ * Netlink event notifications for SELinux.
+ *
+ * Author: James Morris <jmorris@redhat.com>
+ */
+#ifndef _LINUX_SELINUX_NETLINK_H
+#define _LINUX_SELINUX_NETLINK_H
+
+/* Message types. */
+#define SELNL_MSG_BASE 0x10
+enum {
+ SELNL_MSG_SETENFORCE = SELNL_MSG_BASE,
+ SELNL_MSG_POLICYLOAD,
+ SELNL_MSG_MAX
+};
+
+/* Multicast groups */
+#define SELNL_GRP_NONE 0x00000000
+#define SELNL_GRP_AVC 0x00000001 /* AVC notifications */
+#define SELNL_GRP_ALL 0xffffffff
+
+/* Message structures */
+struct selnl_msg_setenforce {
+ int32_t val;
+};
+
+struct selnl_msg_policyload {
+ uint32_t seqno;
+};
+
+#endif /* _LINUX_SELINUX_NETLINK_H */
diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i
new file mode 100644
index 0000000..a74bf04
--- /dev/null
+++ b/libselinux/src/selinuxswig.i
@@ -0,0 +1,57 @@
+/* Authors: Dan Walsh
+ * James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
+%}
+%apply int *OUTPUT { int *enforce };
+%apply int *OUTPUT { size_t * };
+
+%typedef unsigned mode_t;
+%typedef unsigned pid_t;
+
+%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
+ $1 = &temp1;
+ $2 = &temp2;
+}
+
+%typemap(freearg) (char ***names, int *len) {
+ int i;
+ if (*$1) {
+ for (i = 0; i < *$2; i++) {
+ free((*$1)[i]);
+ }
+ free(*$1);
+ }
+}
+
+%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) {
+ $1 = &temp;
+}
+
+%typemap(freearg) (security_context_t **) {
+ if (*$1) freeconary(*$1);
+}
+
+/* Ignore functions that don't make sense when wrapped */
+%ignore freecon;
+%ignore freeconary;
+
+/* Ignore functions that take a function pointer as an argument */
+%ignore set_matchpathcon_printf;
+%ignore set_matchpathcon_invalidcon;
+%ignore set_matchpathcon_canoncon;
+
+%ignore avc_add_callback;
+
+%include "../include/selinux/selinux.h"
+%include "../include/selinux/avc.h"
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/get_context_list.h"
+
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
new file mode 100644
index 0000000..3f43abf
--- /dev/null
+++ b/libselinux/src/selinuxswig_python.i
@@ -0,0 +1,136 @@
+/* Author: James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* security_get_boolean_names() typemap */
+%typemap(argout) (char ***names, int *len) {
+ PyObject* list = PyList_New(*$2);
+ int i;
+ for (i = 0; i < *$2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ }
+ $result = SWIG_Python_AppendOutput($result, list);
+}
+
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ } else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
+/* Makes security_compute_user() return a Python list of contexts */
+%typemap(argout) (security_context_t **con) {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*$1) {
+ while((*$1)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ $result = SWIG_Python_AppendOutput($result, plist);
+}
+
+/* Makes functions in get_context_list.h return a Python list of contexts */
+%typemap(argout) (security_context_t **list) {
+ PyObject* plist;
+ int i;
+
+ if (*$1) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ $result = plist;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in) char * const [] {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check($input)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size($input);
+
+ $1 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem($input, i);
+ $1[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy($1[i], PyString_AsString(s));
+ }
+ $1[size] = NULL;
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
+%include "selinuxswig.i"
diff --git a/libselinux/src/selinuxswig_ruby.i b/libselinux/src/selinuxswig_ruby.i
new file mode 100644
index 0000000..e46826b
--- /dev/null
+++ b/libselinux/src/selinuxswig_ruby.i
@@ -0,0 +1,52 @@
+/* Author: Dan Walsh
+ Based on selinuxswig_python.i by James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
+%include "selinuxswig.i"
diff --git a/libselinux/src/selinuxswig_wrap.c b/libselinux/src/selinuxswig_wrap.c
new file mode 100644
index 0000000..b4cd028
--- /dev/null
+++ b/libselinux/src/selinuxswig_wrap.c
@@ -0,0 +1,10991 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 1.3.33
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+#define SWIGPYTHON
+#define SWIG_PYTHON_DIRECTOR_NO_VTABLE
+/* -----------------------------------------------------------------------------
+ * This section contains generic SWIG labels for method/variable
+ * declarations/attributes, and other compiler dependent labels.
+ * ----------------------------------------------------------------------------- */
+
+/* template workaround for compilers that cannot correctly implement the C++ standard */
+#ifndef SWIGTEMPLATEDISAMBIGUATOR
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# else
+# define SWIGTEMPLATEDISAMBIGUATOR
+# endif
+#endif
+
+/* inline attribute */
+#ifndef SWIGINLINE
+# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__))
+# define SWIGINLINE inline
+# else
+# define SWIGINLINE
+# endif
+#endif
+
+/* attribute recognised by some compilers to avoid 'unused' warnings */
+#ifndef SWIGUNUSED
+# if defined(__GNUC__)
+# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+# elif defined(__ICC)
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+#endif
+
+#ifndef SWIGUNUSEDPARM
+# ifdef __cplusplus
+# define SWIGUNUSEDPARM(p)
+# else
+# define SWIGUNUSEDPARM(p) p SWIGUNUSED
+# endif
+#endif
+
+/* internal SWIG method */
+#ifndef SWIGINTERN
+# define SWIGINTERN static SWIGUNUSED
+#endif
+
+/* internal inline SWIG method */
+#ifndef SWIGINTERNINLINE
+# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE
+#endif
+
+/* exporting methods */
+#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# ifndef GCC_HASCLASSVISIBILITY
+# define GCC_HASCLASSVISIBILITY
+# endif
+#endif
+
+#ifndef SWIGEXPORT
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# if defined(STATIC_LINKED)
+# define SWIGEXPORT
+# else
+# define SWIGEXPORT __declspec(dllexport)
+# endif
+# else
+# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY)
+# define SWIGEXPORT __attribute__ ((visibility("default")))
+# else
+# define SWIGEXPORT
+# endif
+# endif
+#endif
+
+/* calling conventions for Windows */
+#ifndef SWIGSTDCALL
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# define SWIGSTDCALL __stdcall
+# else
+# define SWIGSTDCALL
+# endif
+#endif
+
+/* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+# define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
+
+/* Python.h has to appear first */
+#include <Python.h>
+
+/* -----------------------------------------------------------------------------
+ * swigrun.swg
+ *
+ * This file contains generic CAPI SWIG runtime support for pointer
+ * type checking.
+ * ----------------------------------------------------------------------------- */
+
+/* This should only be incremented when either the layout of swig_type_info changes,
+ or for whatever reason, the runtime changes incompatibly */
+#define SWIG_RUNTIME_VERSION "3"
+
+/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
+#ifdef SWIG_TYPE_TABLE
+# define SWIG_QUOTE_STRING(x) #x
+# define SWIG_EXPAND_AND_QUOTE_STRING(x) SWIG_QUOTE_STRING(x)
+# define SWIG_TYPE_TABLE_NAME SWIG_EXPAND_AND_QUOTE_STRING(SWIG_TYPE_TABLE)
+#else
+# define SWIG_TYPE_TABLE_NAME
+#endif
+
+/*
+ You can use the SWIGRUNTIME and SWIGRUNTIMEINLINE macros for
+ creating a static or dynamic library from the swig runtime code.
+ In 99.9% of the cases, swig just needs to declare them as 'static'.
+
+ But only do this if is strictly necessary, ie, if you have problems
+ with your compiler or so.
+*/
+
+#ifndef SWIGRUNTIME
+# define SWIGRUNTIME SWIGINTERN
+#endif
+
+#ifndef SWIGRUNTIMEINLINE
+# define SWIGRUNTIMEINLINE SWIGRUNTIME SWIGINLINE
+#endif
+
+/* Generic buffer size */
+#ifndef SWIG_BUFFER_SIZE
+# define SWIG_BUFFER_SIZE 1024
+#endif
+
+/* Flags for pointer conversions */
+#define SWIG_POINTER_DISOWN 0x1
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_OWN 0x1
+
+
+/*
+ Flags/methods for returning states.
+
+ The swig conversion methods, as ConvertPtr, return and integer
+ that tells if the conversion was successful or not. And if not,
+ an error code can be returned (see swigerrors.swg for the codes).
+
+ Use the following macros/flags to set or process the returning
+ states.
+
+ In old swig versions, you usually write code as:
+
+ if (SWIG_ConvertPtr(obj,vptr,ty.flags) != -1) {
+ // success code
+ } else {
+ //fail code
+ }
+
+ Now you can be more explicit as:
+
+ int res = SWIG_ConvertPtr(obj,vptr,ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ } else {
+ // fail code
+ }
+
+ that seems to be the same, but now you can also do
+
+ Type *ptr;
+ int res = SWIG_ConvertPtr(obj,(void **)(&ptr),ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ if (SWIG_IsNewObj(res) {
+ ...
+ delete *ptr;
+ } else {
+ ...
+ }
+ } else {
+ // fail code
+ }
+
+ I.e., now SWIG_ConvertPtr can return new objects and you can
+ identify the case and take care of the deallocation. Of course that
+ requires also to SWIG_ConvertPtr to return new result values, as
+
+ int SWIG_ConvertPtr(obj, ptr,...) {
+ if (<obj is ok>) {
+ if (<need new object>) {
+ *ptr = <ptr to new allocated object>;
+ return SWIG_NEWOBJ;
+ } else {
+ *ptr = <ptr to old object>;
+ return SWIG_OLDOBJ;
+ }
+ } else {
+ return SWIG_BADOBJ;
+ }
+ }
+
+ Of course, returning the plain '0(success)/-1(fail)' still works, but you can be
+ more explicit by returning SWIG_BADOBJ, SWIG_ERROR or any of the
+ swig errors code.
+
+ Finally, if the SWIG_CASTRANK_MODE is enabled, the result code
+ allows to return the 'cast rank', for example, if you have this
+
+ int food(double)
+ int fooi(int);
+
+ and you call
+
+ food(1) // cast rank '1' (1 -> 1.0)
+ fooi(1) // cast rank '0'
+
+ just use the SWIG_AddCast()/SWIG_CheckState()
+
+
+ */
+#define SWIG_OK (0)
+#define SWIG_ERROR (-1)
+#define SWIG_IsOK(r) (r >= 0)
+#define SWIG_ArgError(r) ((r != SWIG_ERROR) ? r : SWIG_TypeError)
+
+/* The CastRankLimit says how many bits are used for the cast rank */
+#define SWIG_CASTRANKLIMIT (1 << 8)
+/* The NewMask denotes the object was created (using new/malloc) */
+#define SWIG_NEWOBJMASK (SWIG_CASTRANKLIMIT << 1)
+/* The TmpMask is for in/out typemaps that use temporal objects */
+#define SWIG_TMPOBJMASK (SWIG_NEWOBJMASK << 1)
+/* Simple returning values */
+#define SWIG_BADOBJ (SWIG_ERROR)
+#define SWIG_OLDOBJ (SWIG_OK)
+#define SWIG_NEWOBJ (SWIG_OK | SWIG_NEWOBJMASK)
+#define SWIG_TMPOBJ (SWIG_OK | SWIG_TMPOBJMASK)
+/* Check, add and del mask methods */
+#define SWIG_AddNewMask(r) (SWIG_IsOK(r) ? (r | SWIG_NEWOBJMASK) : r)
+#define SWIG_DelNewMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_NEWOBJMASK) : r)
+#define SWIG_IsNewObj(r) (SWIG_IsOK(r) && (r & SWIG_NEWOBJMASK))
+#define SWIG_AddTmpMask(r) (SWIG_IsOK(r) ? (r | SWIG_TMPOBJMASK) : r)
+#define SWIG_DelTmpMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_TMPOBJMASK) : r)
+#define SWIG_IsTmpObj(r) (SWIG_IsOK(r) && (r & SWIG_TMPOBJMASK))
+
+
+/* Cast-Rank Mode */
+#if defined(SWIG_CASTRANK_MODE)
+# ifndef SWIG_TypeRank
+# define SWIG_TypeRank unsigned long
+# endif
+# ifndef SWIG_MAXCASTRANK /* Default cast allowed */
+# define SWIG_MAXCASTRANK (2)
+# endif
+# define SWIG_CASTRANKMASK ((SWIG_CASTRANKLIMIT) -1)
+# define SWIG_CastRank(r) (r & SWIG_CASTRANKMASK)
+SWIGINTERNINLINE int SWIG_AddCast(int r) {
+ return SWIG_IsOK(r) ? ((SWIG_CastRank(r) < SWIG_MAXCASTRANK) ? (r + 1) : SWIG_ERROR) : r;
+}
+SWIGINTERNINLINE int SWIG_CheckState(int r) {
+ return SWIG_IsOK(r) ? SWIG_CastRank(r) + 1 : 0;
+}
+#else /* no cast-rank mode */
+# define SWIG_AddCast
+# define SWIG_CheckState(r) (SWIG_IsOK(r) ? 1 : 0)
+#endif
+
+
+
+
+#include <string.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void *(*swig_converter_func)(void *);
+typedef struct swig_type_info *(*swig_dycast_func)(void **);
+
+/* Structure to store inforomation on one type */
+typedef struct swig_type_info {
+ const char *name; /* mangled name of this type */
+ const char *str; /* human readable name of this type */
+ swig_dycast_func dcast; /* dynamic cast function down a hierarchy */
+ struct swig_cast_info *cast; /* linked list of types that can cast into this type */
+ void *clientdata; /* language specific type data */
+ int owndata; /* flag if the structure owns the clientdata */
+} swig_type_info;
+
+/* Structure to store a type and conversion function used for casting */
+typedef struct swig_cast_info {
+ swig_type_info *type; /* pointer to type that is equivalent to this type */
+ swig_converter_func converter; /* function to cast the void pointers */
+ struct swig_cast_info *next; /* pointer to next cast in linked list */
+ struct swig_cast_info *prev; /* pointer to the previous cast */
+} swig_cast_info;
+
+/* Structure used to store module information
+ * Each module generates one structure like this, and the runtime collects
+ * all of these structures and stores them in a circularly linked list.*/
+typedef struct swig_module_info {
+ swig_type_info **types; /* Array of pointers to swig_type_info structures that are in this module */
+ size_t size; /* Number of types in this module */
+ struct swig_module_info *next; /* Pointer to next element in circularly linked list */
+ swig_type_info **type_initial; /* Array of initially generated type structures */
+ swig_cast_info **cast_initial; /* Array of initially generated casting structures */
+ void *clientdata; /* Language specific module data */
+} swig_module_info;
+
+/*
+ Compare two type names skipping the space characters, therefore
+ "char*" == "char *" and "Class<int>" == "Class<int >", etc.
+
+ Return 0 when the two name types are equivalent, as in
+ strncmp, but skipping ' '.
+*/
+SWIGRUNTIME int
+SWIG_TypeNameComp(const char *f1, const char *l1,
+ const char *f2, const char *l2) {
+ for (;(f1 != l1) && (f2 != l2); ++f1, ++f2) {
+ while ((*f1 == ' ') && (f1 != l1)) ++f1;
+ while ((*f2 == ' ') && (f2 != l2)) ++f2;
+ if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
+ }
+ return (int)((l1 - f1) - (l2 - f2));
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if not equal, 1 if equal
+*/
+SWIGRUNTIME int
+SWIG_TypeEquiv(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if equal, -1 if nb < tb, 1 if nb > tb
+*/
+SWIGRUNTIME int
+SWIG_TypeCompare(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+
+/* think of this as a c++ template<> or a scheme macro */
+#define SWIG_TypeCheck_Template(comparison, ty) \
+ if (ty) { \
+ swig_cast_info *iter = ty->cast; \
+ while (iter) { \
+ if (comparison) { \
+ if (iter == ty->cast) return iter; \
+ /* Move iter to the top of the linked list */ \
+ iter->prev->next = iter->next; \
+ if (iter->next) \
+ iter->next->prev = iter->prev; \
+ iter->next = ty->cast; \
+ iter->prev = 0; \
+ if (ty->cast) ty->cast->prev = iter; \
+ ty->cast = iter; \
+ return iter; \
+ } \
+ iter = iter->next; \
+ } \
+ } \
+ return 0
+
+/*
+ Check the typename
+*/
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheck(const char *c, swig_type_info *ty) {
+ SWIG_TypeCheck_Template(strcmp(iter->type->name, c) == 0, ty);
+}
+
+/* Same as previous function, except strcmp is replaced with a pointer comparison */
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheckStruct(swig_type_info *from, swig_type_info *into) {
+ SWIG_TypeCheck_Template(iter->type == from, into);
+}
+
+/*
+ Cast a pointer up an inheritance hierarchy
+*/
+SWIGRUNTIMEINLINE void *
+SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+}
+
+/*
+ Dynamic pointer casting. Down an inheritance hierarchy
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeDynamicCast(swig_type_info *ty, void **ptr) {
+ swig_type_info *lastty = ty;
+ if (!ty || !ty->dcast) return ty;
+ while (ty && (ty->dcast)) {
+ ty = (*ty->dcast)(ptr);
+ if (ty) lastty = ty;
+ }
+ return lastty;
+}
+
+/*
+ Return the name associated with this type
+*/
+SWIGRUNTIMEINLINE const char *
+SWIG_TypeName(const swig_type_info *ty) {
+ return ty->name;
+}
+
+/*
+ Return the pretty name associated with this type,
+ that is an unmangled type name in a form presentable to the user.
+*/
+SWIGRUNTIME const char *
+SWIG_TypePrettyName(const swig_type_info *type) {
+ /* The "str" field contains the equivalent pretty names of the
+ type, separated by vertical-bar characters. We choose
+ to print the last name, as it is often (?) the most
+ specific. */
+ if (!type) return NULL;
+ if (type->str != NULL) {
+ const char *last_name = type->str;
+ const char *s;
+ for (s = type->str; *s; s++)
+ if (*s == '|') last_name = s+1;
+ return last_name;
+ }
+ else
+ return type->name;
+}
+
+/*
+ Set the clientdata field for a type
+*/
+SWIGRUNTIME void
+SWIG_TypeClientData(swig_type_info *ti, void *clientdata) {
+ swig_cast_info *cast = ti->cast;
+ /* if (ti->clientdata == clientdata) return; */
+ ti->clientdata = clientdata;
+
+ while (cast) {
+ if (!cast->converter) {
+ swig_type_info *tc = cast->type;
+ if (!tc->clientdata) {
+ SWIG_TypeClientData(tc, clientdata);
+ }
+ }
+ cast = cast->next;
+ }
+}
+SWIGRUNTIME void
+SWIG_TypeNewClientData(swig_type_info *ti, void *clientdata) {
+ SWIG_TypeClientData(ti, clientdata);
+ ti->owndata = 1;
+}
+
+/*
+ Search for a swig_type_info structure only by mangled name
+ Search is a O(log #types)
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_MangledTypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ swig_module_info *iter = start;
+ do {
+ if (iter->size) {
+ register size_t l = 0;
+ register size_t r = iter->size - 1;
+ do {
+ /* since l+r >= 0, we can (>> 1) instead (/ 2) */
+ register size_t i = (l + r) >> 1;
+ const char *iname = iter->types[i]->name;
+ if (iname) {
+ register int compare = strcmp(name, iname);
+ if (compare == 0) {
+ return iter->types[i];
+ } else if (compare < 0) {
+ if (i) {
+ r = i - 1;
+ } else {
+ break;
+ }
+ } else if (compare > 0) {
+ l = i + 1;
+ }
+ } else {
+ break; /* should never happen */
+ }
+ } while (l <= r);
+ }
+ iter = iter->next;
+ } while (iter != end);
+ return 0;
+}
+
+/*
+ Search for a swig_type_info structure for either a mangled name or a human readable name.
+ It first searches the mangled names of the types, which is a O(log #types)
+ If a type is not found it then searches the human readable names, which is O(#types).
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ /* STEP 1: Search the name field using binary search */
+ swig_type_info *ret = SWIG_MangledTypeQueryModule(start, end, name);
+ if (ret) {
+ return ret;
+ } else {
+ /* STEP 2: If the type hasn't been found, do a complete search
+ of the str field (the human readable name) */
+ swig_module_info *iter = start;
+ do {
+ register size_t i = 0;
+ for (; i < iter->size; ++i) {
+ if (iter->types[i]->str && (SWIG_TypeEquiv(iter->types[i]->str, name)))
+ return iter->types[i];
+ }
+ iter = iter->next;
+ } while (iter != end);
+ }
+
+ /* neither found a match */
+ return 0;
+}
+
+/*
+ Pack binary data into a string
+*/
+SWIGRUNTIME char *
+SWIG_PackData(char *c, void *ptr, size_t sz) {
+ static const char hex[17] = "0123456789abcdef";
+ register const unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register unsigned char uu = *u;
+ *(c++) = hex[(uu & 0xf0) >> 4];
+ *(c++) = hex[uu & 0xf];
+ }
+ return c;
+}
+
+/*
+ Unpack binary data from a string
+*/
+SWIGRUNTIME const char *
+SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
+ register unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register char d = *(c++);
+ register unsigned char uu;
+ if ((d >= '0') && (d <= '9'))
+ uu = ((d - '0') << 4);
+ else if ((d >= 'a') && (d <= 'f'))
+ uu = ((d - ('a'-10)) << 4);
+ else
+ return (char *) 0;
+ d = *(c++);
+ if ((d >= '0') && (d <= '9'))
+ uu |= (d - '0');
+ else if ((d >= 'a') && (d <= 'f'))
+ uu |= (d - ('a'-10));
+ else
+ return (char *) 0;
+ *u = uu;
+ }
+ return c;
+}
+
+/*
+ Pack 'void *' into a string buffer.
+*/
+SWIGRUNTIME char *
+SWIG_PackVoidPtr(char *buff, void *ptr, const char *name, size_t bsz) {
+ char *r = buff;
+ if ((2*sizeof(void *) + 2) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,&ptr,sizeof(void *));
+ if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
+ strcpy(r,name);
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackVoidPtr(const char *c, void **ptr, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ *ptr = (void *) 0;
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sizeof(void *));
+}
+
+SWIGRUNTIME char *
+SWIG_PackDataName(char *buff, void *ptr, size_t sz, const char *name, size_t bsz) {
+ char *r = buff;
+ size_t lname = (name ? strlen(name) : 0);
+ if ((2*sz + 2 + lname) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,ptr,sz);
+ if (lname) {
+ strncpy(r,name,lname+1);
+ } else {
+ *r = 0;
+ }
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ memset(ptr,0,sz);
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sz);
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Errors in SWIG */
+#define SWIG_UnknownError -1
+#define SWIG_IOError -2
+#define SWIG_RuntimeError -3
+#define SWIG_IndexError -4
+#define SWIG_TypeError -5
+#define SWIG_DivisionByZero -6
+#define SWIG_OverflowError -7
+#define SWIG_SyntaxError -8
+#define SWIG_ValueError -9
+#define SWIG_SystemError -10
+#define SWIG_AttributeError -11
+#define SWIG_MemoryError -12
+#define SWIG_NullReferenceError -13
+
+
+
+
+/* Add PyOS_snprintf for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# if defined(_MSC_VER) || defined(__BORLANDC__) || defined(_WATCOM)
+# define PyOS_snprintf _snprintf
+# else
+# define PyOS_snprintf snprintf
+# endif
+#endif
+
+/* A crude PyString_FromFormat implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+
+#ifndef SWIG_PYBUFFER_SIZE
+# define SWIG_PYBUFFER_SIZE 1024
+#endif
+
+static PyObject *
+PyString_FromFormat(const char *fmt, ...) {
+ va_list ap;
+ char buf[SWIG_PYBUFFER_SIZE * 2];
+ int res;
+ va_start(ap, fmt);
+ res = vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ return (res < 0 || res >= (int)sizeof(buf)) ? 0 : PyString_FromString(buf);
+}
+#endif
+
+/* Add PyObject_Del for old Pythons */
+#if PY_VERSION_HEX < 0x01060000
+# define PyObject_Del(op) PyMem_DEL((op))
+#endif
+#ifndef PyObject_DEL
+# define PyObject_DEL PyObject_Del
+#endif
+
+/* A crude PyExc_StopIteration exception for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# ifndef PyExc_StopIteration
+# define PyExc_StopIteration PyExc_RuntimeError
+# endif
+# ifndef PyObject_GenericGetAttr
+# define PyObject_GenericGetAttr 0
+# endif
+#endif
+/* Py_NotImplemented is defined in 2.1 and up. */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef Py_NotImplemented
+# define Py_NotImplemented PyExc_RuntimeError
+# endif
+#endif
+
+
+/* A crude PyString_AsStringAndSize implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef PyString_AsStringAndSize
+# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
+# endif
+#endif
+
+/* PySequence_Size for old Pythons */
+#if PY_VERSION_HEX < 0x02000000
+# ifndef PySequence_Size
+# define PySequence_Size PySequence_Length
+# endif
+#endif
+
+
+/* PyBool_FromLong for old Pythons */
+#if PY_VERSION_HEX < 0x02030000
+static
+PyObject *PyBool_FromLong(long ok)
+{
+ PyObject *result = ok ? Py_True : Py_False;
+ Py_INCREF(result);
+ return result;
+}
+#endif
+
+/* Py_ssize_t for old Pythons */
+/* This code is as recommended by: */
+/* http://www.python.org/dev/peps/pep-0353/#conversion-guidelines */
+#if PY_VERSION_HEX < 0x02050000 && !defined(PY_SSIZE_T_MIN)
+typedef int Py_ssize_t;
+# define PY_SSIZE_T_MAX INT_MAX
+# define PY_SSIZE_T_MIN INT_MIN
+#endif
+
+/* -----------------------------------------------------------------------------
+ * error manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIME PyObject*
+SWIG_Python_ErrorType(int code) {
+ PyObject* type = 0;
+ switch(code) {
+ case SWIG_MemoryError:
+ type = PyExc_MemoryError;
+ break;
+ case SWIG_IOError:
+ type = PyExc_IOError;
+ break;
+ case SWIG_RuntimeError:
+ type = PyExc_RuntimeError;
+ break;
+ case SWIG_IndexError:
+ type = PyExc_IndexError;
+ break;
+ case SWIG_TypeError:
+ type = PyExc_TypeError;
+ break;
+ case SWIG_DivisionByZero:
+ type = PyExc_ZeroDivisionError;
+ break;
+ case SWIG_OverflowError:
+ type = PyExc_OverflowError;
+ break;
+ case SWIG_SyntaxError:
+ type = PyExc_SyntaxError;
+ break;
+ case SWIG_ValueError:
+ type = PyExc_ValueError;
+ break;
+ case SWIG_SystemError:
+ type = PyExc_SystemError;
+ break;
+ case SWIG_AttributeError:
+ type = PyExc_AttributeError;
+ break;
+ default:
+ type = PyExc_RuntimeError;
+ }
+ return type;
+}
+
+
+SWIGRUNTIME void
+SWIG_Python_AddErrorMsg(const char* mesg)
+{
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+
+ if (PyErr_Occurred()) PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ PyErr_Clear();
+ Py_XINCREF(type);
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ Py_DECREF(old_str);
+ Py_DECREF(value);
+ } else {
+ PyErr_Format(PyExc_RuntimeError, mesg);
+ }
+}
+
+
+
+#if defined(SWIG_PYTHON_NO_THREADS)
+# if defined(SWIG_PYTHON_THREADS)
+# undef SWIG_PYTHON_THREADS
+# endif
+#endif
+#if defined(SWIG_PYTHON_THREADS) /* Threading support is enabled */
+# if !defined(SWIG_PYTHON_USE_GIL) && !defined(SWIG_PYTHON_NO_USE_GIL)
+# if (PY_VERSION_HEX >= 0x02030000) /* For 2.3 or later, use the PyGILState calls */
+# define SWIG_PYTHON_USE_GIL
+# endif
+# endif
+# if defined(SWIG_PYTHON_USE_GIL) /* Use PyGILState threads calls */
+# ifndef SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_INITIALIZE_THREADS PyEval_InitThreads()
+# endif
+# ifdef __cplusplus /* C++ code */
+ class SWIG_Python_Thread_Block {
+ bool status;
+ PyGILState_STATE state;
+ public:
+ void end() { if (status) { PyGILState_Release(state); status = false;} }
+ SWIG_Python_Thread_Block() : status(true), state(PyGILState_Ensure()) {}
+ ~SWIG_Python_Thread_Block() { end(); }
+ };
+ class SWIG_Python_Thread_Allow {
+ bool status;
+ PyThreadState *save;
+ public:
+ void end() { if (status) { PyEval_RestoreThread(save); status = false; }}
+ SWIG_Python_Thread_Allow() : status(true), save(PyEval_SaveThread()) {}
+ ~SWIG_Python_Thread_Allow() { end(); }
+ };
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK SWIG_Python_Thread_Block _swig_thread_block
+# define SWIG_PYTHON_THREAD_END_BLOCK _swig_thread_block.end()
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW SWIG_Python_Thread_Allow _swig_thread_allow
+# define SWIG_PYTHON_THREAD_END_ALLOW _swig_thread_allow.end()
+# else /* C code */
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK PyGILState_STATE _swig_thread_block = PyGILState_Ensure()
+# define SWIG_PYTHON_THREAD_END_BLOCK PyGILState_Release(_swig_thread_block)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW PyThreadState *_swig_thread_allow = PyEval_SaveThread()
+# define SWIG_PYTHON_THREAD_END_ALLOW PyEval_RestoreThread(_swig_thread_allow)
+# endif
+# else /* Old thread way, not implemented, user must provide it */
+# if !defined(SWIG_PYTHON_INITIALIZE_THREADS)
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_BLOCK)
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_BLOCK)
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_ALLOW)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_ALLOW)
+# define SWIG_PYTHON_THREAD_END_ALLOW
+# endif
+# endif
+#else /* No thread support */
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# define SWIG_PYTHON_THREAD_END_ALLOW
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Python API portion that goes into the runtime
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Constant declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Constant Types */
+#define SWIG_PY_POINTER 4
+#define SWIG_PY_BINARY 5
+
+/* Constant information structure */
+typedef struct swig_const_info {
+ int type;
+ char *name;
+ long lvalue;
+ double dvalue;
+ void *pvalue;
+ swig_type_info **ptype;
+} swig_const_info;
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+/* -----------------------------------------------------------------------------
+ * See the LICENSE file for information on copyright, usage and redistribution
+ * of SWIG, and the README file for authors - http://www.swig.org/release.html.
+ *
+ * pyrun.swg
+ *
+ * This file contains the runtime support for Python modules
+ * and includes code for managing global variables and pointer
+ * type checking.
+ *
+ * ----------------------------------------------------------------------------- */
+
+/* Common SWIG API */
+
+/* for raw pointers */
+#define SWIG_Python_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, 0)
+#define SWIG_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_ConvertPtrAndOwn(obj,pptr,type,flags,own) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, own)
+#define SWIG_NewPointerObj(ptr, type, flags) SWIG_Python_NewPointerObj(ptr, type, flags)
+#define SWIG_CheckImplicit(ty) SWIG_Python_CheckImplicit(ty)
+#define SWIG_AcquirePtr(ptr, src) SWIG_Python_AcquirePtr(ptr, src)
+#define swig_owntype int
+
+/* for raw packed data */
+#define SWIG_ConvertPacked(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewPackedObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+/* for class or struct pointers */
+#define SWIG_ConvertInstance(obj, pptr, type, flags) SWIG_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_NewInstanceObj(ptr, type, flags) SWIG_NewPointerObj(ptr, type, flags)
+
+/* for C or C++ function pointers */
+#define SWIG_ConvertFunctionPtr(obj, pptr, type) SWIG_Python_ConvertFunctionPtr(obj, pptr, type)
+#define SWIG_NewFunctionPtrObj(ptr, type) SWIG_Python_NewPointerObj(ptr, type, 0)
+
+/* for C++ member pointers, ie, member methods */
+#define SWIG_ConvertMember(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewMemberObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+
+/* Runtime API */
+
+#define SWIG_GetModule(clientdata) SWIG_Python_GetModule()
+#define SWIG_SetModule(clientdata, pointer) SWIG_Python_SetModule(pointer)
+#define SWIG_NewClientData(obj) PySwigClientData_New(obj)
+
+#define SWIG_SetErrorObj SWIG_Python_SetErrorObj
+#define SWIG_SetErrorMsg SWIG_Python_SetErrorMsg
+#define SWIG_ErrorType(code) SWIG_Python_ErrorType(code)
+#define SWIG_Error(code, msg) SWIG_Python_SetErrorMsg(SWIG_ErrorType(code), msg)
+#define SWIG_fail goto fail
+
+
+/* Runtime API implementation */
+
+/* Error manipulation */
+
+SWIGINTERN void
+SWIG_Python_SetErrorObj(PyObject *errtype, PyObject *obj) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetObject(errtype, obj);
+ Py_DECREF(obj);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+SWIGINTERN void
+SWIG_Python_SetErrorMsg(PyObject *errtype, const char *msg) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetString(errtype, (char *) msg);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+#define SWIG_Python_Raise(obj, type, desc) SWIG_Python_SetErrorObj(SWIG_Python_ExceptionType(desc), obj)
+
+/* Set a constant value */
+
+SWIGINTERN void
+SWIG_Python_SetConstant(PyObject *d, const char *name, PyObject *obj) {
+ PyDict_SetItemString(d, (char*) name, obj);
+ Py_DECREF(obj);
+}
+
+/* Append a value to the result obj */
+
+SWIGINTERN PyObject*
+SWIG_Python_AppendOutput(PyObject* result, PyObject* obj) {
+#if !defined(SWIG_PYTHON_OUTPUT_TUPLE)
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyList_Check(result)) {
+ PyObject *o2 = result;
+ result = PyList_New(1);
+ PyList_SetItem(result, 0, o2);
+ }
+ PyList_Append(result,obj);
+ Py_DECREF(obj);
+ }
+ return result;
+#else
+ PyObject* o2;
+ PyObject* o3;
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyTuple_Check(result)) {
+ o2 = result;
+ result = PyTuple_New(1);
+ PyTuple_SET_ITEM(result, 0, o2);
+ }
+ o3 = PyTuple_New(1);
+ PyTuple_SET_ITEM(o3, 0, obj);
+ o2 = result;
+ result = PySequence_Concat(o2, o3);
+ Py_DECREF(o2);
+ Py_DECREF(o3);
+ }
+ return result;
+#endif
+}
+
+/* Unpack the argument tuple */
+
+SWIGINTERN int
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
+{
+ if (!args) {
+ if (!min && !max) {
+ return 1;
+ } else {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
+ name, (min == max ? "" : "at least "), (int)min);
+ return 0;
+ }
+ }
+ if (!PyTuple_Check(args)) {
+ PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
+ return 0;
+ } else {
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
+ if (l < min) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
+ return 0;
+ } else if (l > max) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
+ return 0;
+ } else {
+ register int i;
+ for (i = 0; i < l; ++i) {
+ objs[i] = PyTuple_GET_ITEM(args, i);
+ }
+ for (; l < max; ++l) {
+ objs[l] = 0;
+ }
+ return i + 1;
+ }
+ }
+}
+
+/* A functor is a function object with one single object argument */
+#if PY_VERSION_HEX >= 0x02020000
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunctionObjArgs(functor, obj, NULL);
+#else
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunction(functor, "O", obj);
+#endif
+
+/*
+ Helper for static pointer initialization for both C and C++ code, for example
+ static PyObject *SWIG_STATIC_POINTER(MyVar) = NewSomething(...);
+*/
+#ifdef __cplusplus
+#define SWIG_STATIC_POINTER(var) var
+#else
+#define SWIG_STATIC_POINTER(var) var = 0; if (!var) var
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Pointer declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_NOSHADOW (SWIG_POINTER_OWN << 1)
+#define SWIG_POINTER_NEW (SWIG_POINTER_NOSHADOW | SWIG_POINTER_OWN)
+
+#define SWIG_POINTER_IMPLICIT_CONV (SWIG_POINTER_DISOWN << 1)
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* How to access Py_None */
+#if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# ifndef SWIG_PYTHON_NO_BUILD_NONE
+# ifndef SWIG_PYTHON_BUILD_NONE
+# define SWIG_PYTHON_BUILD_NONE
+# endif
+# endif
+#endif
+
+#ifdef SWIG_PYTHON_BUILD_NONE
+# ifdef Py_None
+# undef Py_None
+# define Py_None SWIG_Py_None()
+# endif
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_Py_None(void)
+{
+ PyObject *none = Py_BuildValue((char*)"");
+ Py_DECREF(none);
+ return none;
+}
+SWIGRUNTIME PyObject *
+SWIG_Py_None(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(none) = _SWIG_Py_None();
+ return none;
+}
+#endif
+
+/* The python void return value */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Py_Void(void)
+{
+ PyObject *none = Py_None;
+ Py_INCREF(none);
+ return none;
+}
+
+/* PySwigClientData */
+
+typedef struct {
+ PyObject *klass;
+ PyObject *newraw;
+ PyObject *newargs;
+ PyObject *destroy;
+ int delargs;
+ int implicitconv;
+} PySwigClientData;
+
+SWIGRUNTIMEINLINE int
+SWIG_Python_CheckImplicit(swig_type_info *ty)
+{
+ PySwigClientData *data = (PySwigClientData *)ty->clientdata;
+ return data ? data->implicitconv : 0;
+}
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_ExceptionType(swig_type_info *desc) {
+ PySwigClientData *data = desc ? (PySwigClientData *) desc->clientdata : 0;
+ PyObject *klass = data ? data->klass : 0;
+ return (klass ? klass : PyExc_RuntimeError);
+}
+
+
+SWIGRUNTIME PySwigClientData *
+PySwigClientData_New(PyObject* obj)
+{
+ if (!obj) {
+ return 0;
+ } else {
+ PySwigClientData *data = (PySwigClientData *)malloc(sizeof(PySwigClientData));
+ /* the klass element */
+ data->klass = obj;
+ Py_INCREF(data->klass);
+ /* the newraw method and newargs arguments used to create a new raw instance */
+ if (PyClass_Check(obj)) {
+ data->newraw = 0;
+ data->newargs = obj;
+ Py_INCREF(obj);
+ } else {
+#if (PY_VERSION_HEX < 0x02020000)
+ data->newraw = 0;
+#else
+ data->newraw = PyObject_GetAttrString(data->klass, (char *)"__new__");
+#endif
+ if (data->newraw) {
+ Py_INCREF(data->newraw);
+ data->newargs = PyTuple_New(1);
+ PyTuple_SetItem(data->newargs, 0, obj);
+ } else {
+ data->newargs = obj;
+ }
+ Py_INCREF(data->newargs);
+ }
+ /* the destroy method, aka as the C++ delete method */
+ data->destroy = PyObject_GetAttrString(data->klass, (char *)"__swig_destroy__");
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ data->destroy = 0;
+ }
+ if (data->destroy) {
+ int flags;
+ Py_INCREF(data->destroy);
+ flags = PyCFunction_GET_FLAGS(data->destroy);
+#ifdef METH_O
+ data->delargs = !(flags & (METH_O));
+#else
+ data->delargs = 0;
+#endif
+ } else {
+ data->delargs = 0;
+ }
+ data->implicitconv = 0;
+ return data;
+ }
+}
+
+SWIGRUNTIME void
+PySwigClientData_Del(PySwigClientData* data)
+{
+ Py_XDECREF(data->newraw);
+ Py_XDECREF(data->newargs);
+ Py_XDECREF(data->destroy);
+}
+
+/* =============== PySwigObject =====================*/
+
+typedef struct {
+ PyObject_HEAD
+ void *ptr;
+ swig_type_info *ty;
+ int own;
+ PyObject *next;
+} PySwigObject;
+
+SWIGRUNTIME PyObject *
+PySwigObject_long(PySwigObject *v)
+{
+ return PyLong_FromVoidPtr(v->ptr);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_format(const char* fmt, PySwigObject *v)
+{
+ PyObject *res = NULL;
+ PyObject *args = PyTuple_New(1);
+ if (args) {
+ if (PyTuple_SetItem(args, 0, PySwigObject_long(v)) == 0) {
+ PyObject *ofmt = PyString_FromString(fmt);
+ if (ofmt) {
+ res = PyString_Format(ofmt,args);
+ Py_DECREF(ofmt);
+ }
+ Py_DECREF(args);
+ }
+ }
+ return res;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_oct(PySwigObject *v)
+{
+ return PySwigObject_format("%o",v);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_hex(PySwigObject *v)
+{
+ return PySwigObject_format("%x",v);
+}
+
+SWIGRUNTIME PyObject *
+#ifdef METH_NOARGS
+PySwigObject_repr(PySwigObject *v)
+#else
+PySwigObject_repr(PySwigObject *v, PyObject *args)
+#endif
+{
+ const char *name = SWIG_TypePrettyName(v->ty);
+ PyObject *hex = PySwigObject_hex(v);
+ PyObject *repr = PyString_FromFormat("<Swig Object of type '%s' at 0x%s>", name, PyString_AsString(hex));
+ Py_DECREF(hex);
+ if (v->next) {
+#ifdef METH_NOARGS
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next);
+#else
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next, args);
+#endif
+ PyString_ConcatAndDel(&repr,nrep);
+ }
+ return repr;
+}
+
+SWIGRUNTIME int
+PySwigObject_print(PySwigObject *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+#ifdef METH_NOARGS
+ PyObject *repr = PySwigObject_repr(v);
+#else
+ PyObject *repr = PySwigObject_repr(v, NULL);
+#endif
+ if (repr) {
+ fputs(PyString_AsString(repr), fp);
+ Py_DECREF(repr);
+ return 0;
+ } else {
+ return 1;
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_str(PySwigObject *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ return SWIG_PackVoidPtr(result, v->ptr, v->ty->name, sizeof(result)) ?
+ PyString_FromString(result) : 0;
+}
+
+SWIGRUNTIME int
+PySwigObject_compare(PySwigObject *v, PySwigObject *w)
+{
+ void *i = v->ptr;
+ void *j = w->ptr;
+ return (i < j) ? -1 : ((i > j) ? 1 : 0);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigObject_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigObject_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigObject_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigObject_Check(PyObject *op) {
+ return ((op)->ob_type == PySwigObject_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigObject") == 0);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own);
+
+SWIGRUNTIME void
+PySwigObject_dealloc(PyObject *v)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ PyObject *next = sobj->next;
+ if (sobj->own) {
+ swig_type_info *ty = sobj->ty;
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ PyObject *destroy = data ? data->destroy : 0;
+ if (destroy) {
+ /* destroy is always a VARARGS method */
+ PyObject *res;
+ if (data->delargs) {
+ /* we need to create a temporal object to carry the destroy operation */
+ PyObject *tmp = PySwigObject_New(sobj->ptr, ty, 0);
+ res = SWIG_Python_CallFunctor(destroy, tmp);
+ Py_DECREF(tmp);
+ } else {
+ PyCFunction meth = PyCFunction_GET_FUNCTION(destroy);
+ PyObject *mself = PyCFunction_GET_SELF(destroy);
+ res = ((*meth)(mself, v));
+ }
+ Py_XDECREF(res);
+ } else {
+ const char *name = SWIG_TypePrettyName(ty);
+#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
+#endif
+ }
+ }
+ Py_XDECREF(next);
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyObject*
+PySwigObject_append(PyObject* v, PyObject* next)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+#ifndef METH_O
+ PyObject *tmp = 0;
+ if (!PyArg_ParseTuple(next,(char *)"O:append", &tmp)) return NULL;
+ next = tmp;
+#endif
+ if (!PySwigObject_Check(next)) {
+ return NULL;
+ }
+ sobj->next = next;
+ Py_INCREF(next);
+ return SWIG_Py_Void();
+}
+
+SWIGRUNTIME PyObject*
+#ifdef METH_NOARGS
+PySwigObject_next(PyObject* v)
+#else
+PySwigObject_next(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ if (sobj->next) {
+ Py_INCREF(sobj->next);
+ return sobj->next;
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_disown(PyObject *v)
+#else
+PySwigObject_disown(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = 0;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_acquire(PyObject *v)
+#else
+PySwigObject_acquire(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = SWIG_POINTER_OWN;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+PySwigObject_own(PyObject *v, PyObject *args)
+{
+ PyObject *val = 0;
+#if (PY_VERSION_HEX < 0x02020000)
+ if (!PyArg_ParseTuple(args,(char *)"|O:own",&val))
+#else
+ if (!PyArg_UnpackTuple(args, (char *)"own", 0, 1, &val))
+#endif
+ {
+ return NULL;
+ }
+ else
+ {
+ PySwigObject *sobj = (PySwigObject *)v;
+ PyObject *obj = PyBool_FromLong(sobj->own);
+ if (val) {
+#ifdef METH_NOARGS
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v);
+ } else {
+ PySwigObject_disown(v);
+ }
+#else
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v,args);
+ } else {
+ PySwigObject_disown(v,args);
+ }
+#endif
+ }
+ return obj;
+ }
+}
+
+#ifdef METH_O
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_NOARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_NOARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_O, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_NOARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_NOARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#else
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_VARARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_VARARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_VARARGS, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_VARARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_VARARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#endif
+
+#if PY_VERSION_HEX < 0x02020000
+SWIGINTERN PyObject *
+PySwigObject_getattr(PySwigObject *sobj,char *name)
+{
+ return Py_FindMethod(swigobject_methods, (PyObject *)sobj, name);
+}
+#endif
+
+SWIGRUNTIME PyTypeObject*
+_PySwigObject_type(void) {
+ static char swigobject_doc[] = "Swig object carries a C/C++ instance pointer";
+
+ static PyNumberMethods PySwigObject_as_number = {
+ (binaryfunc)0, /*nb_add*/
+ (binaryfunc)0, /*nb_subtract*/
+ (binaryfunc)0, /*nb_multiply*/
+ (binaryfunc)0, /*nb_divide*/
+ (binaryfunc)0, /*nb_remainder*/
+ (binaryfunc)0, /*nb_divmod*/
+ (ternaryfunc)0,/*nb_power*/
+ (unaryfunc)0, /*nb_negative*/
+ (unaryfunc)0, /*nb_positive*/
+ (unaryfunc)0, /*nb_absolute*/
+ (inquiry)0, /*nb_nonzero*/
+ 0, /*nb_invert*/
+ 0, /*nb_lshift*/
+ 0, /*nb_rshift*/
+ 0, /*nb_and*/
+ 0, /*nb_xor*/
+ 0, /*nb_or*/
+ (coercion)0, /*nb_coerce*/
+ (unaryfunc)PySwigObject_long, /*nb_int*/
+ (unaryfunc)PySwigObject_long, /*nb_long*/
+ (unaryfunc)0, /*nb_float*/
+ (unaryfunc)PySwigObject_oct, /*nb_oct*/
+ (unaryfunc)PySwigObject_hex, /*nb_hex*/
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
+ 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
+#endif
+ };
+
+ static PyTypeObject pyswigobject_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigObject", /* tp_name */
+ sizeof(PySwigObject), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigObject_dealloc, /* tp_dealloc */
+ (printfunc)PySwigObject_print, /* tp_print */
+#if PY_VERSION_HEX < 0x02020000
+ (getattrfunc)PySwigObject_getattr, /* tp_getattr */
+#else
+ (getattrfunc)0, /* tp_getattr */
+#endif
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigObject_compare, /* tp_compare */
+ (reprfunc)PySwigObject_repr, /* tp_repr */
+ &PySwigObject_as_number, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigObject_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigobject_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ swigobject_methods, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigobject_type = tmp;
+ pyswigobject_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigobject_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own)
+{
+ PySwigObject *sobj = PyObject_NEW(PySwigObject, PySwigObject_type());
+ if (sobj) {
+ sobj->ptr = ptr;
+ sobj->ty = ty;
+ sobj->own = own;
+ sobj->next = 0;
+ }
+ return (PyObject *)sobj;
+}
+
+/* -----------------------------------------------------------------------------
+ * Implements a simple Swig Packed type, and use it instead of string
+ * ----------------------------------------------------------------------------- */
+
+typedef struct {
+ PyObject_HEAD
+ void *pack;
+ swig_type_info *ty;
+ size_t size;
+} PySwigPacked;
+
+SWIGRUNTIME int
+PySwigPacked_print(PySwigPacked *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+ char result[SWIG_BUFFER_SIZE];
+ fputs("<Swig Packed ", fp);
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ fputs("at ", fp);
+ fputs(result, fp);
+ }
+ fputs(v->ty->name,fp);
+ fputs(">", fp);
+ return 0;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_repr(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ return PyString_FromFormat("<Swig Packed at %s%s>", result, v->ty->name);
+ } else {
+ return PyString_FromFormat("<Swig Packed %s>", v->ty->name);
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_str(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))){
+ return PyString_FromFormat("%s%s", result, v->ty->name);
+ } else {
+ return PyString_FromString(v->ty->name);
+ }
+}
+
+SWIGRUNTIME int
+PySwigPacked_compare(PySwigPacked *v, PySwigPacked *w)
+{
+ size_t i = v->size;
+ size_t j = w->size;
+ int s = (i < j) ? -1 : ((i > j) ? 1 : 0);
+ return s ? s : strncmp((char *)v->pack, (char *)w->pack, 2*v->size);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigPacked_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigPacked_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigPacked_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigPacked_Check(PyObject *op) {
+ return ((op)->ob_type == _PySwigPacked_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigPacked") == 0);
+}
+
+SWIGRUNTIME void
+PySwigPacked_dealloc(PyObject *v)
+{
+ if (PySwigPacked_Check(v)) {
+ PySwigPacked *sobj = (PySwigPacked *) v;
+ free(sobj->pack);
+ }
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyTypeObject*
+_PySwigPacked_type(void) {
+ static char swigpacked_doc[] = "Swig object carries a C/C++ instance pointer";
+ static PyTypeObject pyswigpacked_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigPacked", /* tp_name */
+ sizeof(PySwigPacked), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigPacked_dealloc, /* tp_dealloc */
+ (printfunc)PySwigPacked_print, /* tp_print */
+ (getattrfunc)0, /* tp_getattr */
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigPacked_compare, /* tp_compare */
+ (reprfunc)PySwigPacked_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigPacked_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigpacked_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ 0, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigpacked_type = tmp;
+ pyswigpacked_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigpacked_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_New(void *ptr, size_t size, swig_type_info *ty)
+{
+ PySwigPacked *sobj = PyObject_NEW(PySwigPacked, PySwigPacked_type());
+ if (sobj) {
+ void *pack = malloc(size);
+ if (pack) {
+ memcpy(pack, ptr, size);
+ sobj->pack = pack;
+ sobj->ty = ty;
+ sobj->size = size;
+ } else {
+ PyObject_DEL((PyObject *) sobj);
+ sobj = 0;
+ }
+ }
+ return (PyObject *) sobj;
+}
+
+SWIGRUNTIME swig_type_info *
+PySwigPacked_UnpackData(PyObject *obj, void *ptr, size_t size)
+{
+ if (PySwigPacked_Check(obj)) {
+ PySwigPacked *sobj = (PySwigPacked *)obj;
+ if (sobj->size != size) return 0;
+ memcpy(ptr, sobj->pack, size);
+ return sobj->ty;
+ } else {
+ return 0;
+ }
+}
+
+/* -----------------------------------------------------------------------------
+ * pointers/data manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_This(void)
+{
+ return PyString_FromString("this");
+}
+
+SWIGRUNTIME PyObject *
+SWIG_This(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(swig_this) = _SWIG_This();
+ return swig_this;
+}
+
+/* #define SWIG_PYTHON_SLOW_GETSET_THIS */
+
+SWIGRUNTIME PySwigObject *
+SWIG_Python_GetSwigThis(PyObject *pyobj)
+{
+ if (PySwigObject_Check(pyobj)) {
+ return (PySwigObject *) pyobj;
+ } else {
+ PyObject *obj = 0;
+#if (!defined(SWIG_PYTHON_SLOW_GETSET_THIS) && (PY_VERSION_HEX >= 0x02030000))
+ if (PyInstance_Check(pyobj)) {
+ obj = _PyInstance_Lookup(pyobj, SWIG_This());
+ } else {
+ PyObject **dictptr = _PyObject_GetDictPtr(pyobj);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ obj = dict ? PyDict_GetItem(dict, SWIG_This()) : 0;
+ } else {
+#ifdef PyWeakref_CheckProxy
+ if (PyWeakref_CheckProxy(pyobj)) {
+ PyObject *wobj = PyWeakref_GET_OBJECT(pyobj);
+ return wobj ? SWIG_Python_GetSwigThis(wobj) : 0;
+ }
+#endif
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+ }
+ }
+#else
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+#endif
+ if (obj && !PySwigObject_Check(obj)) {
+ /* a PyObject is called 'this', try to get the 'real this'
+ PySwigObject from it */
+ return SWIG_Python_GetSwigThis(obj);
+ }
+ return (PySwigObject *)obj;
+ }
+}
+
+/* Acquire a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_AcquirePtr(PyObject *obj, int own) {
+ if (own) {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (sobj) {
+ int oldown = sobj->own;
+ sobj->own = own;
+ return oldown;
+ }
+ }
+ return 0;
+}
+
+/* Convert a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int flags, int *own) {
+ if (!obj) return SWIG_ERROR;
+ if (obj == Py_None) {
+ if (ptr) *ptr = 0;
+ return SWIG_OK;
+ } else {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ while (sobj) {
+ void *vptr = sobj->ptr;
+ if (ty) {
+ swig_type_info *to = sobj->ty;
+ if (to == ty) {
+ /* no type cast needed */
+ if (ptr) *ptr = vptr;
+ break;
+ } else {
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) {
+ sobj = (PySwigObject *)sobj->next;
+ } else {
+ if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ break;
+ }
+ }
+ } else {
+ if (ptr) *ptr = vptr;
+ break;
+ }
+ }
+ if (sobj) {
+ if (own) *own = sobj->own;
+ if (flags & SWIG_POINTER_DISOWN) {
+ sobj->own = 0;
+ }
+ return SWIG_OK;
+ } else {
+ int res = SWIG_ERROR;
+ if (flags & SWIG_POINTER_IMPLICIT_CONV) {
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ if (data && !data->implicitconv) {
+ PyObject *klass = data->klass;
+ if (klass) {
+ PyObject *impconv;
+ data->implicitconv = 1; /* avoid recursion and call 'explicit' constructors*/
+ impconv = SWIG_Python_CallFunctor(klass, obj);
+ data->implicitconv = 0;
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ impconv = 0;
+ }
+ if (impconv) {
+ PySwigObject *iobj = SWIG_Python_GetSwigThis(impconv);
+ if (iobj) {
+ void *vptr;
+ res = SWIG_Python_ConvertPtrAndOwn((PyObject*)iobj, &vptr, ty, 0, 0);
+ if (SWIG_IsOK(res)) {
+ if (ptr) {
+ *ptr = vptr;
+ /* transfer the ownership to 'ptr' */
+ iobj->own = 0;
+ res = SWIG_AddCast(res);
+ res = SWIG_AddNewMask(res);
+ } else {
+ res = SWIG_AddCast(res);
+ }
+ }
+ }
+ Py_DECREF(impconv);
+ }
+ }
+ }
+ }
+ return res;
+ }
+ }
+}
+
+/* Convert a function ptr value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) {
+ if (!PyCFunction_Check(obj)) {
+ return SWIG_ConvertPtr(obj, ptr, ty, 0);
+ } else {
+ void *vptr = 0;
+
+ /* here we get the method pointer for callbacks */
+ const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
+ const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0;
+ if (desc) {
+ desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0;
+ if (!desc) return SWIG_ERROR;
+ }
+ if (ty) {
+ swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
+ if (!tc) return SWIG_ERROR;
+ *ptr = SWIG_TypeCast(tc,vptr);
+ } else {
+ *ptr = vptr;
+ }
+ return SWIG_OK;
+ }
+}
+
+/* Convert a packed value value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPacked(PyObject *obj, void *ptr, size_t sz, swig_type_info *ty) {
+ swig_type_info *to = PySwigPacked_UnpackData(obj, ptr, sz);
+ if (!to) return SWIG_ERROR;
+ if (ty) {
+ if (to != ty) {
+ /* check type cast? */
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) return SWIG_ERROR;
+ }
+ }
+ return SWIG_OK;
+}
+
+/* -----------------------------------------------------------------------------
+ * Create a new pointer object
+ * ----------------------------------------------------------------------------- */
+
+/*
+ Create a new instance object, whitout calling __init__, and set the
+ 'this' attribute.
+*/
+
+SWIGRUNTIME PyObject*
+SWIG_Python_NewShadowInstance(PySwigClientData *data, PyObject *swig_this)
+{
+#if (PY_VERSION_HEX >= 0x02020000)
+ PyObject *inst = 0;
+ PyObject *newraw = data->newraw;
+ if (newraw) {
+ inst = PyObject_Call(newraw, data->newargs, NULL);
+ if (inst) {
+#if !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ }
+ }
+#else
+ PyObject *key = SWIG_This();
+ PyObject_SetAttr(inst, key, swig_this);
+#endif
+ }
+ } else {
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ }
+ return inst;
+#else
+#if (PY_VERSION_HEX >= 0x02010000)
+ PyObject *inst;
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ return (PyObject *) inst;
+#else
+ PyInstanceObject *inst = PyObject_NEW(PyInstanceObject, &PyInstance_Type);
+ if (inst == NULL) {
+ return NULL;
+ }
+ inst->in_class = (PyClassObject *)data->newargs;
+ Py_INCREF(inst->in_class);
+ inst->in_dict = PyDict_New();
+ if (inst->in_dict == NULL) {
+ Py_DECREF(inst);
+ return NULL;
+ }
+#ifdef Py_TPFLAGS_HAVE_WEAKREFS
+ inst->in_weakreflist = NULL;
+#endif
+#ifdef Py_TPFLAGS_GC
+ PyObject_GC_Init(inst);
+#endif
+ PyDict_SetItem(inst->in_dict, SWIG_This(), swig_this);
+ return (PyObject *) inst;
+#endif
+#endif
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetSwigThis(PyObject *inst, PyObject *swig_this)
+{
+ PyObject *dict;
+#if (PY_VERSION_HEX >= 0x02020000) && !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ }
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ return;
+ }
+#endif
+ dict = PyObject_GetAttrString(inst, (char*)"__dict__");
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ Py_DECREF(dict);
+}
+
+
+SWIGINTERN PyObject *
+SWIG_Python_InitShadowInstance(PyObject *args) {
+ PyObject *obj[2];
+ if (!SWIG_Python_UnpackTuple(args,(char*)"swiginit", 2, 2, obj)) {
+ return NULL;
+ } else {
+ PySwigObject *sthis = SWIG_Python_GetSwigThis(obj[0]);
+ if (sthis) {
+ PySwigObject_append((PyObject*) sthis, obj[1]);
+ } else {
+ SWIG_Python_SetSwigThis(obj[0], obj[1]);
+ }
+ return SWIG_Py_Void();
+ }
+}
+
+/* Create a new pointer object */
+
+SWIGRUNTIME PyObject *
+SWIG_Python_NewPointerObj(void *ptr, swig_type_info *type, int flags) {
+ if (!ptr) {
+ return SWIG_Py_Void();
+ } else {
+ int own = (flags & SWIG_POINTER_OWN) ? SWIG_POINTER_OWN : 0;
+ PyObject *robj = PySwigObject_New(ptr, type, own);
+ PySwigClientData *clientdata = type ? (PySwigClientData *)(type->clientdata) : 0;
+ if (clientdata && !(flags & SWIG_POINTER_NOSHADOW)) {
+ PyObject *inst = SWIG_Python_NewShadowInstance(clientdata, robj);
+ if (inst) {
+ Py_DECREF(robj);
+ robj = inst;
+ }
+ }
+ return robj;
+ }
+}
+
+/* Create a new packed object */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_NewPackedObj(void *ptr, size_t sz, swig_type_info *type) {
+ return ptr ? PySwigPacked_New((void *) ptr, sz, type) : SWIG_Py_Void();
+}
+
+/* -----------------------------------------------------------------------------*
+ * Get type list
+ * -----------------------------------------------------------------------------*/
+
+#ifdef SWIG_LINK_RUNTIME
+void *SWIG_ReturnGlobalTypeList(void *);
+#endif
+
+SWIGRUNTIME swig_module_info *
+SWIG_Python_GetModule(void) {
+ static void *type_pointer = (void *)0;
+ /* first check if module already created */
+ if (!type_pointer) {
+#ifdef SWIG_LINK_RUNTIME
+ type_pointer = SWIG_ReturnGlobalTypeList((void *)0);
+#else
+ type_pointer = PyCObject_Import((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ (char*)"type_pointer" SWIG_TYPE_TABLE_NAME);
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ type_pointer = (void *)0;
+ }
+#endif
+ }
+ return (swig_module_info *) type_pointer;
+}
+
+#if PY_MAJOR_VERSION < 2
+/* PyModule_AddObject function was introduced in Python 2.0. The following function
+ is copied out of Python/modsupport.c in python version 2.3.4 */
+SWIGINTERN int
+PyModule_AddObject(PyObject *m, char *name, PyObject *o)
+{
+ PyObject *dict;
+ if (!PyModule_Check(m)) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs module as first arg");
+ return SWIG_ERROR;
+ }
+ if (!o) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs non-NULL value");
+ return SWIG_ERROR;
+ }
+
+ dict = PyModule_GetDict(m);
+ if (dict == NULL) {
+ /* Internal error -- modules must have a dict! */
+ PyErr_Format(PyExc_SystemError, "module '%s' has no __dict__",
+ PyModule_GetName(m));
+ return SWIG_ERROR;
+ }
+ if (PyDict_SetItemString(dict, name, o))
+ return SWIG_ERROR;
+ Py_DECREF(o);
+ return SWIG_OK;
+}
+#endif
+
+SWIGRUNTIME void
+SWIG_Python_DestroyModule(void *vptr)
+{
+ swig_module_info *swig_module = (swig_module_info *) vptr;
+ swig_type_info **types = swig_module->types;
+ size_t i;
+ for (i =0; i < swig_module->size; ++i) {
+ swig_type_info *ty = types[i];
+ if (ty->owndata) {
+ PySwigClientData *data = (PySwigClientData *) ty->clientdata;
+ if (data) PySwigClientData_Del(data);
+ }
+ }
+ Py_DECREF(SWIG_This());
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetModule(swig_module_info *swig_module) {
+ static PyMethodDef swig_empty_runtime_method_table[] = { {NULL, NULL, 0, NULL} };/* Sentinel */
+
+ PyObject *module = Py_InitModule((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ swig_empty_runtime_method_table);
+ PyObject *pointer = PyCObject_FromVoidPtr((void *) swig_module, SWIG_Python_DestroyModule);
+ if (pointer && module) {
+ PyModule_AddObject(module, (char*)"type_pointer" SWIG_TYPE_TABLE_NAME, pointer);
+ } else {
+ Py_XDECREF(pointer);
+ }
+}
+
+/* The python cached type query */
+SWIGRUNTIME PyObject *
+SWIG_Python_TypeCache(void) {
+ static PyObject *SWIG_STATIC_POINTER(cache) = PyDict_New();
+ return cache;
+}
+
+SWIGRUNTIME swig_type_info *
+SWIG_Python_TypeQuery(const char *type)
+{
+ PyObject *cache = SWIG_Python_TypeCache();
+ PyObject *key = PyString_FromString(type);
+ PyObject *obj = PyDict_GetItem(cache, key);
+ swig_type_info *descriptor;
+ if (obj) {
+ descriptor = (swig_type_info *) PyCObject_AsVoidPtr(obj);
+ } else {
+ swig_module_info *swig_module = SWIG_Python_GetModule();
+ descriptor = SWIG_TypeQueryModule(swig_module, swig_module, type);
+ if (descriptor) {
+ obj = PyCObject_FromVoidPtr(descriptor, NULL);
+ PyDict_SetItem(cache, key, obj);
+ Py_DECREF(obj);
+ }
+ }
+ Py_DECREF(key);
+ return descriptor;
+}
+
+/*
+ For backward compatibility only
+*/
+#define SWIG_POINTER_EXCEPTION 0
+#define SWIG_arg_fail(arg) SWIG_Python_ArgFail(arg)
+#define SWIG_MustGetPtr(p, type, argnum, flags) SWIG_Python_MustGetPtr(p, type, argnum, flags)
+
+SWIGRUNTIME int
+SWIG_Python_AddErrMesg(const char* mesg, int infront)
+{
+ if (PyErr_Occurred()) {
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+ PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ Py_XINCREF(type);
+ PyErr_Clear();
+ if (infront) {
+ PyErr_Format(type, "%s %s", mesg, PyString_AsString(old_str));
+ } else {
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ }
+ Py_DECREF(old_str);
+ }
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIME int
+SWIG_Python_ArgFail(int argnum)
+{
+ if (PyErr_Occurred()) {
+ /* add information about failing argument */
+ char mesg[256];
+ PyOS_snprintf(mesg, sizeof(mesg), "argument number %d:", argnum);
+ return SWIG_Python_AddErrMesg(mesg, 1);
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIMEINLINE const char *
+PySwigObject_GetDesc(PyObject *self)
+{
+ PySwigObject *v = (PySwigObject *)self;
+ swig_type_info *ty = v ? v->ty : 0;
+ return ty ? ty->str : (char*)"";
+}
+
+SWIGRUNTIME void
+SWIG_Python_TypeError(const char *type, PyObject *obj)
+{
+ if (type) {
+#if defined(SWIG_COBJECT_TYPES)
+ if (obj && PySwigObject_Check(obj)) {
+ const char *otype = (const char *) PySwigObject_GetDesc(obj);
+ if (otype) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, 'PySwigObject(%s)' is received",
+ type, otype);
+ return;
+ }
+ } else
+#endif
+ {
+ const char *otype = (obj ? obj->ob_type->tp_name : 0);
+ if (otype) {
+ PyObject *str = PyObject_Str(obj);
+ const char *cstr = str ? PyString_AsString(str) : 0;
+ if (cstr) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s(%s)' is received",
+ type, otype, cstr);
+ } else {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s' is received",
+ type, otype);
+ }
+ Py_XDECREF(str);
+ return;
+ }
+ }
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected", type);
+ } else {
+ PyErr_Format(PyExc_TypeError, "unexpected type is received");
+ }
+}
+
+
+/* Convert a pointer value, signal an exception on a type mismatch */
+SWIGRUNTIME void *
+SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) {
+ void *result;
+ if (SWIG_Python_ConvertPtr(obj, &result, ty, flags) == -1) {
+ PyErr_Clear();
+ if (flags & SWIG_POINTER_EXCEPTION) {
+ SWIG_Python_TypeError(SWIG_TypePrettyName(ty), obj);
+ SWIG_Python_ArgFail(argnum);
+ }
+ }
+ return result;
+}
+
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+
+#define SWIG_exception_fail(code, msg) do { SWIG_Error(code, msg); SWIG_fail; } while(0)
+
+#define SWIG_contract_assert(expr, msg) if (!(expr)) { SWIG_Error(SWIG_RuntimeError, msg); SWIG_fail; } else
+
+
+
+/* -------- TYPES TABLE (BEGIN) -------- */
+
+#define SWIGTYPE_p_SELboolean swig_types[0]
+#define SWIGTYPE_p_av_decision swig_types[1]
+#define SWIGTYPE_p_avc_cache_stats swig_types[2]
+#define SWIGTYPE_p_avc_entry swig_types[3]
+#define SWIGTYPE_p_avc_entry_ref swig_types[4]
+#define SWIGTYPE_p_avc_lock_callback swig_types[5]
+#define SWIGTYPE_p_avc_log_callback swig_types[6]
+#define SWIGTYPE_p_avc_memory_callback swig_types[7]
+#define SWIGTYPE_p_avc_thread_callback swig_types[8]
+#define SWIGTYPE_p_char swig_types[9]
+#define SWIGTYPE_p_f_int_p_q_const__char_v_______int swig_types[10]
+#define SWIGTYPE_p_f_p_f_void__void__p_void swig_types[11]
+#define SWIGTYPE_p_f_p_p_char__int swig_types[12]
+#define SWIGTYPE_p_f_p_q_const__char_v_______void swig_types[13]
+#define SWIGTYPE_p_f_p_void__void swig_types[14]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int swig_types[15]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void swig_types[16]
+#define SWIGTYPE_p_f_size_t__p_void swig_types[17]
+#define SWIGTYPE_p_f_void__p_void swig_types[18]
+#define SWIGTYPE_p_ino_t swig_types[19]
+#define SWIGTYPE_p_int swig_types[20]
+#define SWIGTYPE_p_p_char swig_types[21]
+#define SWIGTYPE_p_p_p_char swig_types[22]
+#define SWIGTYPE_p_p_security_id swig_types[23]
+#define SWIGTYPE_p_security_class_mapping swig_types[24]
+#define SWIGTYPE_p_security_id swig_types[25]
+#define SWIGTYPE_p_selinux_callback swig_types[26]
+#define SWIGTYPE_p_selinux_opt swig_types[27]
+#define SWIGTYPE_p_unsigned_int swig_types[28]
+#define SWIGTYPE_p_unsigned_short swig_types[29]
+static swig_type_info *swig_types[31];
+static swig_module_info swig_module = {swig_types, 30, 0, 0, 0, 0};
+#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
+#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
+
+/* -------- TYPES TABLE (END) -------- */
+
+#if (PY_VERSION_HEX <= 0x02000000)
+# if !defined(SWIG_PYTHON_CLASSIC)
+# error "This python version requires swig to be run with the '-classic' option"
+# endif
+#endif
+
+/*-----------------------------------------------
+ @(target):= _selinux.so
+ ------------------------------------------------*/
+#define SWIG_init init_selinux
+
+#define SWIG_name "_selinux"
+
+#define SWIGVERSION 0x010333
+#define SWIG_VERSION SWIGVERSION
+
+
+#define SWIG_as_voidptr(a) (void *)((const void *)(a))
+#define SWIG_as_voidptrptr(a) ((void)SWIG_as_voidptr(*a),(void**)(a))
+
+
+ #include "selinux/selinux.h"
+
+
+ #include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
+
+
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
+SWIGINTERN swig_type_info*
+SWIG_pchar_descriptor(void)
+{
+ static int init = 0;
+ static swig_type_info* info = 0;
+ if (!init) {
+ info = SWIG_TypeQuery("_p_char");
+ init = 1;
+ }
+ return info;
+}
+
+
+SWIGINTERN int
+SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
+{
+ if (PyString_Check(obj)) {
+ char *cstr; Py_ssize_t len;
+ PyString_AsStringAndSize(obj, &cstr, &len);
+ if (cptr) {
+ if (alloc) {
+ /*
+ In python the user should not be able to modify the inner
+ string representation. To warranty that, if you define
+ SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string
+ buffer is always returned.
+
+ The default behavior is just to return the pointer value,
+ so, be careful.
+ */
+#if defined(SWIG_PYTHON_SAFE_CSTRINGS)
+ if (*alloc != SWIG_OLDOBJ)
+#else
+ if (*alloc == SWIG_NEWOBJ)
+#endif
+ {
+ *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
+ *alloc = SWIG_NEWOBJ;
+ }
+ else {
+ *cptr = cstr;
+ *alloc = SWIG_OLDOBJ;
+ }
+ } else {
+ *cptr = PyString_AsString(obj);
+ }
+ }
+ if (psize) *psize = len + 1;
+ return SWIG_OK;
+ } else {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ if (pchar_descriptor) {
+ void* vptr = 0;
+ if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) {
+ if (cptr) *cptr = (char *) vptr;
+ if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
+ if (alloc) *alloc = SWIG_OLDOBJ;
+ return SWIG_OK;
+ }
+ }
+ }
+ return SWIG_TypeError;
+}
+
+
+
+
+
+#include <limits.h>
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
+#endif
+
+
+SWIGINTERN int
+SWIG_AsVal_double (PyObject *obj, double *val)
+{
+ int res = SWIG_TypeError;
+ if (PyFloat_Check(obj)) {
+ if (val) *val = PyFloat_AsDouble(obj);
+ return SWIG_OK;
+ } else if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ double v = PyLong_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ double d = PyFloat_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = d;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_AddCast(SWIG_OK));
+ } else {
+ PyErr_Clear();
+ }
+ }
+ }
+#endif
+ return res;
+}
+
+
+#include <float.h>
+
+
+#include <math.h>
+
+
+SWIGINTERNINLINE int
+SWIG_CanCastAsInteger(double *d, double min, double max) {
+ double x = *d;
+ if ((min <= x && x <= max)) {
+ double fx = floor(x);
+ double cx = ceil(x);
+ double rd = ((x - fx) < 0.5) ? fx : cx; /* simple rint */
+ if ((errno == EDOM) || (errno == ERANGE)) {
+ errno = 0;
+ } else {
+ double summ, reps, diff;
+ if (rd < x) {
+ diff = x - rd;
+ } else if (rd > x) {
+ diff = rd - x;
+ } else {
+ return 1;
+ }
+ summ = rd + x;
+ reps = diff/summ;
+ if (reps < 8*DBL_EPSILON) {
+ *d = rd;
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
+{
+ if (PyInt_Check(obj)) {
+ long v = PyInt_AsLong(obj);
+ if (v >= 0) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ return SWIG_OverflowError;
+ }
+ } else if (PyLong_Check(obj)) {
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) {
+ if (val) *val = (unsigned long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v > UINT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (unsigned int)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_long (PyObject *obj, long* val)
+{
+ if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ long v = PyInt_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) {
+ if (val) *val = (long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_int (PyObject * obj, int *val)
+{
+ long v;
+ int res = SWIG_AsVal_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v < INT_MIN || v > INT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (int)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERNINLINE PyObject*
+SWIG_From_unsigned_SS_long (unsigned long value)
+{
+ return (value > LONG_MAX) ?
+ PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value));
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_unsigned_SS_int (unsigned int value)
+{
+ return SWIG_From_unsigned_SS_long (value);
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtrAndSize(const char* carray, size_t size)
+{
+ if (carray) {
+ if (size > INT_MAX) {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ return pchar_descriptor ?
+ SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void();
+ } else {
+ return PyString_FromStringAndSize(carray, (int)(size));
+ }
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtr(const char *cptr)
+{
+ return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_short (PyObject * obj, unsigned short *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v > USHRT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (unsigned short)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERNINLINE int
+SWIG_AsVal_size_t (PyObject * obj, size_t *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, val ? &v : 0);
+ if (SWIG_IsOK(res) && val) *val = (size_t)(v);
+ return res;
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_unsigned_SS_short (unsigned short value)
+{
+ return SWIG_From_unsigned_SS_long (value);
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":is_selinux_enabled")) SWIG_fail;
+ result = (int)is_selinux_enabled();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_is_selinux_mls_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":is_selinux_mls_enabled")) SWIG_fail;
+ result = (int)is_selinux_mls_enabled();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getcon")) SWIG_fail;
+ result = (int)getcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getcon_raw")) SWIG_fail;
+ result = (int)getcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setcon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setcon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpidcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ pid_t arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpidcon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
+ result = (int)getpidcon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpidcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ pid_t arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpidcon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
+ result = (int)getpidcon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getprevcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getprevcon")) SWIG_fail;
+ result = (int)getprevcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getprevcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getprevcon_raw")) SWIG_fail;
+ result = (int)getprevcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getexeccon")) SWIG_fail;
+ result = (int)getexeccon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getexeccon_raw")) SWIG_fail;
+ result = (int)getexeccon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setexeccon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setexeccon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setexeccon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setexeccon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getfscreatecon")) SWIG_fail;
+ result = (int)getfscreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getfscreatecon_raw")) SWIG_fail;
+ result = (int)getfscreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setfscreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setfscreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon")) SWIG_fail;
+ result = (int)getkeycreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon_raw")) SWIG_fail;
+ result = (int)getkeycreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setkeycreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setkeycreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon")) SWIG_fail;
+ result = (int)getsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon_raw")) SWIG_fail;
+ result = (int)getsockcreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setsockcreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getfilecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getfilecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)lgetfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)lgetfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)fgetfilecon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)fgetfilecon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)setfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)setfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)lsetfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)lsetfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)fsetfilecon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)fsetfilecon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpeercon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpeercon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)getpeercon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpeercon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpeercon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)getpeercon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_allowed_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_allowed_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_allowed_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->allowed = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_allowed_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_allowed_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->allowed);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_decided_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_decided_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_decided_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->decided = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_decided_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_decided_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->decided);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditallow_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditallow_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditallow_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->auditallow = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditallow_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditallow_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->auditallow);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditdeny_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditdeny_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditdeny_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->auditdeny = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditdeny_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditdeny_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->auditdeny);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_seqno_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_seqno_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_seqno_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->seqno = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_seqno_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_seqno_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (unsigned int) ((arg1)->seqno);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail;
+ result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_av_decision",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_av_decision" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_opt_type_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_type_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_set" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_opt_type_set" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ if (arg1) (arg1)->type = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_type_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_type_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_get" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ result = (int) ((arg1)->type);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_value_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_set" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_opt_value_set" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg2) {
+ size_t size = strlen((const char *)((const char *)(arg2))) + 1;
+ arg1->value = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size));
+ } else {
+ arg1->value = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_value_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_get" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ result = (char *) ((arg1)->value);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail;
+ result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_opt",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_opt" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(int,char const *,...) = (int (*)(int,char const *,...)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_log_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_int_p_q_const__char_v_______int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_log_set" "', argument " "2"" of type '" "int (*)(int,char const *,...)""'");
+ }
+ }
+ if (arg1) (arg1)->func_log = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(int,char const *,...) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_log_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(int,char const *,...)) ((arg1)->func_log);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_int_p_q_const__char_v_______int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(void *,security_class_t,char *,size_t) = (int (*)(void *,security_class_t,char *,size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_audit_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_audit_set" "', argument " "2"" of type '" "int (*)(void *,security_class_t,char *,size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_audit = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(void *,security_class_t,char *,size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_audit_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(security_context_t *) = (int (*)(security_context_t *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_validate_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_p_char__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_validate_set" "', argument " "2"" of type '" "int (*)(security_context_t *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_validate = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(security_context_t *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_validate_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(security_context_t *)) ((arg1)->func_validate);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_p_char__int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail;
+ result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_callback" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_get_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ union selinux_callback result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_get_callback",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_get_callback" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = selinux_get_callback(arg1);
+ resultobj = SWIG_NewPointerObj((union selinux_callback *)memcpy((union selinux_callback *)malloc(sizeof(union selinux_callback)),&result,sizeof(union selinux_callback)), SWIGTYPE_p_selinux_callback, SWIG_POINTER_OWN | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_set_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ union selinux_callback arg2 ;
+ int val1 ;
+ int ecode1 = 0 ;
+ void *argp2 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_set_callback",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_set_callback" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ {
+ res2 = SWIG_ConvertPtr(obj1, &argp2, SWIGTYPE_p_selinux_callback, 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'");
+ }
+ if (!argp2) {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'");
+ } else {
+ arg2 = *((union selinux_callback *)(argp2));
+ }
+ }
+ selinux_set_callback(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_av(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ result = (int)security_compute_av(arg1,arg2,arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_av_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_raw",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av_raw" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av_raw" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ result = (int)security_compute_av_raw(arg1,arg2,arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_create(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_create_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_create_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_relabel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_relabel(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_relabel_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_relabel_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_member(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_member_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_member_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)security_compute_user(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*arg3) {
+ while((*arg3)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user_raw" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)security_compute_user_raw(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*arg3) {
+ while((*arg3)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ void *arg1 = (void *) 0 ;
+ size_t arg2 ;
+ int result;
+ int res1 ;
+ size_t val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_load_policy",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_policy" "', argument " "1"" of type '" "void *""'");
+ }
+ ecode2 = SWIG_AsVal_size_t(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_load_policy" "', argument " "2"" of type '" "size_t""'");
+ }
+ arg2 = (size_t)(val2);
+ result = (int)security_load_policy(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_initial_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_initial_context((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_initial_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_initial_context_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_mkload_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_mkload_policy",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_mkload_policy" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)selinux_mkload_policy(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_init_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int *arg1 = (int *) 0 ;
+ int result;
+ int temp1 ;
+ int res1 = SWIG_TMPOBJ ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_init_load_policy")) SWIG_fail;
+ result = (int)selinux_init_load_policy(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res1)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_name_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_set" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "SELboolean_name_set" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg1->name) free((char*)arg1->name);
+ if (arg2) {
+ size_t size = strlen((const char *)(arg2)) + 1;
+ arg1->name = (char *)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
+ } else {
+ arg1->name = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_name_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_get" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ result = (char *) ((arg1)->name);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_value_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_set" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "SELboolean_value_set" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ if (arg1) (arg1)->value = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_value_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_get" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ result = (int) ((arg1)->value);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail;
+ result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_SELboolean",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_SELboolean" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_security_set_boolean_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ size_t arg1 ;
+ SELboolean *arg2 = (SELboolean *) 0 ;
+ int arg3 ;
+ int result;
+ size_t val1 ;
+ int ecode1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_set_boolean_list",&obj0,&obj1,&obj2)) SWIG_fail;
+ ecode1 = SWIG_AsVal_size_t(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_set_boolean_list" "', argument " "1"" of type '" "size_t""'");
+ }
+ arg1 = (size_t)(val1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_set_boolean_list" "', argument " "2"" of type '" "SELboolean *""'");
+ }
+ arg2 = (SELboolean *)(argp2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_set_boolean_list" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ result = (int)security_set_boolean_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_load_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_load_booleans",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_booleans" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_load_booleans(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_check_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_check_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_check_context(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_check_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_check_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_check_context_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_canonicalize_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_canonicalize_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_canonicalize_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_canonicalize_context_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_getenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_getenforce")) SWIG_fail;
+ result = (int)security_getenforce();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_setenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_setenforce",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_setenforce" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)security_setenforce(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_disable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_disable")) SWIG_fail;
+ result = (int)security_disable();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_policyvers(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_policyvers")) SWIG_fail;
+ result = (int)security_policyvers();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_names(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char ***arg1 = (char ***) 0 ;
+ int *arg2 = (int *) 0 ;
+ int result;
+ char **temp11 ;
+ int temp21 ;
+
+ {
+ arg1 = &temp11;
+ arg2 = &temp21;
+ }
+ if (!PyArg_ParseTuple(args,(char *)":security_get_boolean_names")) SWIG_fail;
+ result = (int)security_get_boolean_names(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* list = PyList_New(*arg2);
+ int i;
+ for (i = 0; i < *arg2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*arg1)[i]));
+ }
+ resultobj = SWIG_Python_AppendOutput(resultobj, list);
+ }
+ {
+ int i;
+ if (*arg1) {
+ for (i = 0; i < *arg2; i++) {
+ free((*arg1)[i]);
+ }
+ free(*arg1);
+ }
+ }
+ return resultobj;
+fail:
+ {
+ int i;
+ if (*arg1) {
+ for (i = 0; i < *arg2; i++) {
+ free((*arg1)[i]);
+ }
+ free(*arg1);
+ }
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_pending(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_pending",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_pending" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_pending((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_active",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_active" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_active((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_set_boolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int arg2 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_set_boolean",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_set_boolean" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_set_boolean" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ result = (int)security_set_boolean((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_commit_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_commit_booleans")) SWIG_fail;
+ result = (int)security_commit_booleans();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_name_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_set" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_name_set" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg2) {
+ size_t size = strlen((const char *)((const char *)(arg2))) + 1;
+ arg1->name = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size));
+ } else {
+ arg1->name = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_name_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_get" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (char *) ((arg1)->name);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_perms_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char **arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_perms_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_set" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_p_char, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_perms_set" "', argument " "2"" of type '" "char const *[sizeof(access_vector_t)*8+1]""'");
+ }
+ arg2 = (char **)(argp2);
+ {
+ if (arg2) {
+ size_t ii = 0;
+ for (; ii < (size_t)sizeof(access_vector_t)*8+1; ++ii) arg1->perms[ii] = arg2[ii];
+ } else {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in variable '""perms""' of type '""char const *[sizeof(access_vector_t)*8+1]""'");
+ }
+ }
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_perms_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char **result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_perms_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_get" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (char **)(char **) ((arg1)->perms);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_p_char, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail;
+ result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_security_class_mapping",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_class_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_set_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_set_mapping",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_set_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (int)selinux_set_mapping(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_string_to_security_class(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_class_t result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:string_to_security_class",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "string_to_security_class" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (security_class_t)string_to_security_class((char const *)arg1);
+ resultobj = SWIG_From_unsigned_SS_short((unsigned short)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ char *result = 0 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_to_string",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_class_to_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ result = (char *)security_class_to_string(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_av_perm_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ char *result = 0 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_av_perm_to_string",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_perm_to_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_perm_to_string" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ result = (char *)security_av_perm_to_string(arg1,arg2);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_string_to_av_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ char *arg2 = (char *) 0 ;
+ access_vector_t result;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:string_to_av_perm",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "string_to_av_perm" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "string_to_av_perm" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (access_vector_t)string_to_av_perm(arg1,(char const *)arg2);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_av_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ char *temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_av_string",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_string" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ result = (int)security_av_string(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_print_access_vector(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:print_access_vector",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "print_access_vector" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "print_access_vector" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ print_access_vector(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_set_matchpathcon_flags(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ unsigned int arg1 ;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:set_matchpathcon_flags",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "set_matchpathcon_flags" "', argument " "1"" of type '" "unsigned int""'");
+ }
+ arg1 = (unsigned int)(val1);
+ set_matchpathcon_flags(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_init",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)matchpathcon_init((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_init_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_init_prefix",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init_prefix" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "matchpathcon_init_prefix" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)matchpathcon_init_prefix((char const *)arg1,(char const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_fini(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_fini")) SWIG_fail;
+ matchpathcon_fini();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)matchpathcon((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_index(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_index",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_index" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_index" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)matchpathcon_index((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_add(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ ino_t arg1 ;
+ int arg2 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:matchpathcon_filespec_add",&obj0,&obj1,&obj2)) SWIG_fail;
+ {
+ res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_ino_t, 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'");
+ }
+ if (!argp1) {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'");
+ } else {
+ arg1 = *((ino_t *)(argp1));
+ }
+ }
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_filespec_add" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "matchpathcon_filespec_add" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)matchpathcon_filespec_add(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_destroy")) SWIG_fail;
+ matchpathcon_filespec_destroy();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_eval(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_eval")) SWIG_fail;
+ matchpathcon_filespec_eval();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_checkmatches(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_checkmatches",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_checkmatches" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ matchpathcon_checkmatches(arg1);
+ resultobj = SWIG_Py_Void();
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:matchmediacon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchmediacon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)matchmediacon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_getenforcemode(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int *arg1 = (int *) 0 ;
+ int result;
+ int temp1 ;
+ int res1 = SWIG_TMPOBJ ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_getenforcemode")) SWIG_fail;
+ result = (int)selinux_getenforcemode(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res1)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_getpolicytype(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char **arg1 = (char **) 0 ;
+ int result;
+ char *temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_getpolicytype")) SWIG_fail;
+ result = (int)selinux_getpolicytype(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ free(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_policy_root(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_policy_root")) SWIG_fail;
+ result = (char *)selinux_policy_root();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_binary_policy_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_binary_policy_path")) SWIG_fail;
+ result = (char *)selinux_binary_policy_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_failsafe_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_failsafe_context_path")) SWIG_fail;
+ result = (char *)selinux_failsafe_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_removable_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_removable_context_path")) SWIG_fail;
+ result = (char *)selinux_removable_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_default_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_default_context_path")) SWIG_fail;
+ result = (char *)selinux_default_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_user_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_user_contexts_path")) SWIG_fail;
+ result = (char *)selinux_user_contexts_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_path")) SWIG_fail;
+ result = (char *)selinux_file_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_homedir_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_homedir_path")) SWIG_fail;
+ result = (char *)selinux_file_context_homedir_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_local_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_local_path")) SWIG_fail;
+ result = (char *)selinux_file_context_local_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_homedir_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_homedir_context_path")) SWIG_fail;
+ result = (char *)selinux_homedir_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_media_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_media_context_path")) SWIG_fail;
+ result = (char *)selinux_media_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_x_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_x_context_path")) SWIG_fail;
+ result = (char *)selinux_x_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_contexts_path")) SWIG_fail;
+ result = (char *)selinux_contexts_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_securetty_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_securetty_types_path")) SWIG_fail;
+ result = (char *)selinux_securetty_types_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_booleans_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_booleans_path")) SWIG_fail;
+ result = (char *)selinux_booleans_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_customizable_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_customizable_types_path")) SWIG_fail;
+ result = (char *)selinux_customizable_types_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_users_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_users_path")) SWIG_fail;
+ result = (char *)selinux_users_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_usersconf_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_usersconf_path")) SWIG_fail;
+ result = (char *)selinux_usersconf_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_translations_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_translations_path")) SWIG_fail;
+ result = (char *)selinux_translations_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_netfilter_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_netfilter_context_path")) SWIG_fail;
+ result = (char *)selinux_netfilter_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_path")) SWIG_fail;
+ result = (char *)selinux_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_check_passwd_access(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ access_vector_t arg1 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_passwd_access",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_check_passwd_access" "', argument " "1"" of type '" "access_vector_t""'");
+ }
+ arg1 = (access_vector_t)(val1);
+ result = (int)selinux_check_passwd_access(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_checkPasswdAccess(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ access_vector_t arg1 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:checkPasswdAccess",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "checkPasswdAccess" "', argument " "1"" of type '" "access_vector_t""'");
+ }
+ arg1 = (access_vector_t)(val1);
+ result = (int)checkPasswdAccess(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_securetty_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_securetty_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_check_securetty_context(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_set_selinuxmnt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:set_selinuxmnt",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "set_selinuxmnt" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ set_selinuxmnt(arg1);
+ resultobj = SWIG_Py_Void();
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ unsigned int arg1 ;
+ char *arg2 = (char *) 0 ;
+ char **arg3 ;
+ char **arg4 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:rpm_execcon",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "rpm_execcon" "', argument " "1"" of type '" "unsigned int""'");
+ }
+ arg1 = (unsigned int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj2)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj2);
+
+ arg3 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj2, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj2, i);
+ arg3[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg3[i], PyString_AsString(s));
+ }
+ arg3[size] = NULL;
+ }
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj3)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj3);
+
+ arg4 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj3, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj3, i);
+ arg4[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg4[i], PyString_AsString(s));
+ }
+ arg4[size] = NULL;
+ }
+ result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:is_context_customizable",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "is_context_customizable" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)is_context_customizable(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_trans_to_raw_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_trans_to_raw_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_trans_to_raw_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_raw_to_trans_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_to_trans_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_raw_to_trans_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char **arg2 = (char **) 0 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ char *temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:getseuserbyname",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getseuserbyname" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getseuserbyname((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_cmp(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_cmp",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_cmp" "', argument " "1"" of type '" "security_context_t const""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_file_context_cmp" "', argument " "2"" of type '" "security_context_t const""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)selinux_file_context_cmp(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_verify(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_verify",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_verify" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_file_context_verify" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)selinux_file_context_verify((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_lsetfilecon_default(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_lsetfilecon_default",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_lsetfilecon_default" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)selinux_lsetfilecon_default((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_ctx_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_ctx_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_id_ctx_set" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ if (arg1->ctx) free((char*)arg1->ctx);
+ if (arg2) {
+ size_t size = strlen((const char *)(arg2)) + 1;
+ arg1->ctx = (security_context_t)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
+ } else {
+ arg1->ctx = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_ctx_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_ctx_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (security_context_t) ((arg1)->ctx);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_refcnt_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_id_refcnt_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->refcnt = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_refcnt_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (unsigned int) ((arg1)->refcnt);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail;
+ result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_security_id",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_id" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context_raw" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidget(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidget",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidget" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidget(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidput(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidput",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidput" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidput(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_get_initial_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_get_initial_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_get_initial_sid" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)avc_get_initial_sid((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *arg2 = (struct avc_entry *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_entry_ref_ae_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_set" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_entry, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_entry_ref_ae_set" "', argument " "2"" of type '" "struct avc_entry *""'");
+ }
+ arg2 = (struct avc_entry *)(argp2);
+ if (arg1) (arg1)->ae = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_entry_ref_ae_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_get" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ result = (struct avc_entry *) ((arg1)->ae);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail;
+ result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_entry_ref",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_entry_ref" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*arg2)(size_t) = (void *(*)(size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_malloc_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_size_t__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "2"" of type '" "void *(*)(size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_malloc = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*result)(size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_malloc_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void *(*)(size_t)) ((arg1)->func_malloc);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_size_t__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_free_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_free_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_free_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail;
+ result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_memory_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_memory_callback" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(char const *,...) = (void (*)(char const *,...)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_log_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_log_set" "', argument " "2"" of type '" "void (*)(char const *,...)""'");
+ }
+ }
+ if (arg1) (arg1)->func_log = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(char const *,...) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_log_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(char const *,...)) ((arg1)->func_log);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(void *,security_class_t,char *,size_t) = (void (*)(void *,security_class_t,char *,size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_audit_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_audit_set" "', argument " "2"" of type '" "void (*)(void *,security_class_t,char *,size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_audit = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(void *,security_class_t,char *,size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_audit_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail;
+ result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_log_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_log_callback" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*arg2)(void (*)(void)) = (void *(*)(void (*)(void))) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_create_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_f_void__void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "2"" of type '" "void *(*)(void (*)(void))""'");
+ }
+ }
+ if (arg1) (arg1)->func_create_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*result)(void (*)(void)) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_create_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void *(*)(void (*)(void))) ((arg1)->func_create_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_f_void__void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_stop_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_stop_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_stop_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_stop_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail;
+ result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_thread_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_thread_callback" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*arg2)(void) = (void *(*)(void)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_alloc_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "2"" of type '" "void *(*)(void)""'");
+ }
+ }
+ if (arg1) (arg1)->func_alloc_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*result)(void) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_alloc_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void *(*)(void)) ((arg1)->func_alloc_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_get_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_get_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_get_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_get_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_release_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_release_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_release_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_release_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_free_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_free_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail;
+ result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_lock_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_lock_callback" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ struct avc_memory_callback *arg2 = (struct avc_memory_callback *) 0 ;
+ struct avc_log_callback *arg3 = (struct avc_log_callback *) 0 ;
+ struct avc_thread_callback *arg4 = (struct avc_thread_callback *) 0 ;
+ struct avc_lock_callback *arg5 = (struct avc_lock_callback *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ void *argp4 = 0 ;
+ int res4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:avc_init",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_init" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_init" "', argument " "2"" of type '" "struct avc_memory_callback const *""'");
+ }
+ arg2 = (struct avc_memory_callback *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "avc_init" "', argument " "3"" of type '" "struct avc_log_callback const *""'");
+ }
+ arg3 = (struct avc_log_callback *)(argp3);
+ res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "avc_init" "', argument " "4"" of type '" "struct avc_thread_callback const *""'");
+ }
+ arg4 = (struct avc_thread_callback *)(argp4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_init" "', argument " "5"" of type '" "struct avc_lock_callback const *""'");
+ }
+ arg5 = (struct avc_lock_callback *)(argp5);
+ result = (int)avc_init((char const *)arg1,(struct avc_memory_callback const *)arg2,(struct avc_log_callback const *)arg3,(struct avc_thread_callback const *)arg4,(struct avc_lock_callback const *)arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_open(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ unsigned int arg2 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_open",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_open" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_open" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ result = (int)avc_open(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cleanup(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_cleanup")) SWIG_fail;
+ avc_cleanup();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_reset(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_reset")) SWIG_fail;
+ result = (int)avc_reset();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_destroy")) SWIG_fail;
+ avc_destroy();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_has_perm_noaudit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ;
+ struct av_decision *arg6 = (struct av_decision *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ void *argp6 = 0 ;
+ int res6 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm_noaudit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm_noaudit" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm_noaudit" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm_noaudit" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm_noaudit" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm_noaudit" "', argument " "5"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg5 = (struct avc_entry_ref *)(argp5);
+ res6 = SWIG_ConvertPtr(obj5, &argp6,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res6)) {
+ SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm_noaudit" "', argument " "6"" of type '" "struct av_decision *""'");
+ }
+ arg6 = (struct av_decision *)(argp6);
+ result = (int)avc_has_perm_noaudit(arg1,arg2,arg3,arg4,arg5,arg6);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_has_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ;
+ void *arg6 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ int res6 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm" "', argument " "5"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg5 = (struct avc_entry_ref *)(argp5);
+ res6 = SWIG_ConvertPtr(obj5,SWIG_as_voidptrptr(&arg6), 0, 0);
+ if (!SWIG_IsOK(res6)) {
+ SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm" "', argument " "6"" of type '" "void *""'");
+ }
+ result = (int)avc_has_perm(arg1,arg2,arg3,arg4,arg5,arg6);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_audit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int arg6 ;
+ void *arg7 = (void *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ int val6 ;
+ int ecode6 = 0 ;
+ int res7 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+ PyObject * obj6 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOOO:avc_audit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5,&obj6)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_audit" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_audit" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_audit" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_audit" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_audit" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ ecode6 = SWIG_AsVal_int(obj5, &val6);
+ if (!SWIG_IsOK(ecode6)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode6), "in method '" "avc_audit" "', argument " "6"" of type '" "int""'");
+ }
+ arg6 = (int)(val6);
+ res7 = SWIG_ConvertPtr(obj6,SWIG_as_voidptrptr(&arg7), 0, 0);
+ if (!SWIG_IsOK(res7)) {
+ SWIG_exception_fail(SWIG_ArgError(res7), "in method '" "avc_audit" "', argument " "7"" of type '" "void *""'");
+ }
+ avc_audit(arg1,arg2,arg3,arg4,arg5,arg6,arg7);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ security_id_t *arg4 = (security_id_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_id_t temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_create",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_create" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_create" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_create" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)avc_compute_create(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ security_id_t *arg4 = (security_id_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_id_t temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_member",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_member" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_member" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_member" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)avc_compute_member(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_lookups_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_lookups = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_lookups_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_lookups);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_hits_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_hits = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_hits_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_hits);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_misses_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_misses = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_misses_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_misses);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_discards_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_discards = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_discards_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_discards);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_lookups_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_lookups = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_lookups_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_lookups);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_hits_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_hits = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_hits_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_hits);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_probes_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_probes = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_probes_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_probes);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_misses_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_misses = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_misses_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_misses);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail;
+ result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_cache_stats",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_cache_stats" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_av_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_av_stats")) SWIG_fail;
+ avc_av_stats();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_sid_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_sid_stats")) SWIG_fail;
+ avc_sid_stats();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_default_type_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_default_type_path")) SWIG_fail;
+ result = (char *)selinux_default_type_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char **arg2 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:get_default_type",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_type" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)get_default_type((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_ordered_context_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:get_ordered_context_list",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)get_ordered_context_list((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i;
+
+ if (*arg3) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ resultobj = plist;
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_ordered_context_list_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t **arg4 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t *temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_ordered_context_list_with_level",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list_with_level" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_ordered_context_list_with_level" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_ordered_context_list_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i;
+
+ if (*arg4) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg4)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ resultobj = plist;
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ {
+ if (*arg4) freeconary(*arg4);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ {
+ if (*arg4) freeconary(*arg4);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:get_default_context",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)get_default_context((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_level",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_level" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_level" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_default_context_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_role" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_role" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_role" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_default_context_with_role((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_rolelevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ char *arg3 = (char *) 0 ;
+ security_context_t arg4 = (security_context_t) 0 ;
+ security_context_t *arg5 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ int res4 ;
+ char *buf4 = 0 ;
+ int alloc4 = 0 ;
+ security_context_t temp5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ arg5 = &temp5;
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_rolelevel" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_rolelevel" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_rolelevel" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ res4 = SWIG_AsCharPtrAndSize(obj3, &buf4, NULL, &alloc4);
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "get_default_context_with_rolelevel" "', argument " "4"" of type '" "security_context_t""'");
+ }
+ arg4 = (security_context_t)(buf4);
+ result = (int)get_default_context_with_rolelevel((char const *)arg1,(char const *)arg2,(char const *)arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg5) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg5));
+ freecon(*arg5);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_query_user_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+ security_context_t temp2 = 0 ;
+
+ arg1 = &temp1;
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)":query_user_context")) SWIG_fail;
+ result = (int)query_user_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_manual_user_enter_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "manual_user_enter_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)manual_user_enter_context((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+static PyMethodDef SwigMethods[] = {
+ { (char *)"is_selinux_enabled", _wrap_is_selinux_enabled, METH_VARARGS, NULL},
+ { (char *)"is_selinux_mls_enabled", _wrap_is_selinux_mls_enabled, METH_VARARGS, NULL},
+ { (char *)"getcon", _wrap_getcon, METH_VARARGS, NULL},
+ { (char *)"getcon_raw", _wrap_getcon_raw, METH_VARARGS, NULL},
+ { (char *)"setcon", _wrap_setcon, METH_VARARGS, NULL},
+ { (char *)"setcon_raw", _wrap_setcon_raw, METH_VARARGS, NULL},
+ { (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL},
+ { (char *)"getpidcon_raw", _wrap_getpidcon_raw, METH_VARARGS, NULL},
+ { (char *)"getprevcon", _wrap_getprevcon, METH_VARARGS, NULL},
+ { (char *)"getprevcon_raw", _wrap_getprevcon_raw, METH_VARARGS, NULL},
+ { (char *)"getexeccon", _wrap_getexeccon, METH_VARARGS, NULL},
+ { (char *)"getexeccon_raw", _wrap_getexeccon_raw, METH_VARARGS, NULL},
+ { (char *)"setexeccon", _wrap_setexeccon, METH_VARARGS, NULL},
+ { (char *)"setexeccon_raw", _wrap_setexeccon_raw, METH_VARARGS, NULL},
+ { (char *)"getfscreatecon", _wrap_getfscreatecon, METH_VARARGS, NULL},
+ { (char *)"getfscreatecon_raw", _wrap_getfscreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setfscreatecon", _wrap_setfscreatecon, METH_VARARGS, NULL},
+ { (char *)"setfscreatecon_raw", _wrap_setfscreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getkeycreatecon", _wrap_getkeycreatecon, METH_VARARGS, NULL},
+ { (char *)"getkeycreatecon_raw", _wrap_getkeycreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setkeycreatecon", _wrap_setkeycreatecon, METH_VARARGS, NULL},
+ { (char *)"setkeycreatecon_raw", _wrap_setkeycreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getsockcreatecon", _wrap_getsockcreatecon, METH_VARARGS, NULL},
+ { (char *)"getsockcreatecon_raw", _wrap_getsockcreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setsockcreatecon", _wrap_setsockcreatecon, METH_VARARGS, NULL},
+ { (char *)"setsockcreatecon_raw", _wrap_setsockcreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getfilecon", _wrap_getfilecon, METH_VARARGS, NULL},
+ { (char *)"getfilecon_raw", _wrap_getfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"lgetfilecon", _wrap_lgetfilecon, METH_VARARGS, NULL},
+ { (char *)"lgetfilecon_raw", _wrap_lgetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"fgetfilecon", _wrap_fgetfilecon, METH_VARARGS, NULL},
+ { (char *)"fgetfilecon_raw", _wrap_fgetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"setfilecon", _wrap_setfilecon, METH_VARARGS, NULL},
+ { (char *)"setfilecon_raw", _wrap_setfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"lsetfilecon", _wrap_lsetfilecon, METH_VARARGS, NULL},
+ { (char *)"lsetfilecon_raw", _wrap_lsetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"fsetfilecon", _wrap_fsetfilecon, METH_VARARGS, NULL},
+ { (char *)"fsetfilecon_raw", _wrap_fsetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"getpeercon", _wrap_getpeercon, METH_VARARGS, NULL},
+ { (char *)"getpeercon_raw", _wrap_getpeercon_raw, METH_VARARGS, NULL},
+ { (char *)"av_decision_allowed_set", _wrap_av_decision_allowed_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_allowed_get", _wrap_av_decision_allowed_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_decided_set", _wrap_av_decision_decided_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_decided_get", _wrap_av_decision_decided_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditallow_set", _wrap_av_decision_auditallow_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditallow_get", _wrap_av_decision_auditallow_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditdeny_set", _wrap_av_decision_auditdeny_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditdeny_get", _wrap_av_decision_auditdeny_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_seqno_set", _wrap_av_decision_seqno_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_seqno_get", _wrap_av_decision_seqno_get, METH_VARARGS, NULL},
+ { (char *)"new_av_decision", _wrap_new_av_decision, METH_VARARGS, NULL},
+ { (char *)"delete_av_decision", _wrap_delete_av_decision, METH_VARARGS, NULL},
+ { (char *)"av_decision_swigregister", av_decision_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_type_set", _wrap_selinux_opt_type_set, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_type_get", _wrap_selinux_opt_type_get, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_value_set", _wrap_selinux_opt_value_set, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_value_get", _wrap_selinux_opt_value_get, METH_VARARGS, NULL},
+ { (char *)"new_selinux_opt", _wrap_new_selinux_opt, METH_VARARGS, NULL},
+ { (char *)"delete_selinux_opt", _wrap_delete_selinux_opt, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_swigregister", selinux_opt_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_log_set", _wrap_selinux_callback_func_log_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_log_get", _wrap_selinux_callback_func_log_get, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_audit_set", _wrap_selinux_callback_func_audit_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_audit_get", _wrap_selinux_callback_func_audit_get, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_validate_set", _wrap_selinux_callback_func_validate_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_validate_get", _wrap_selinux_callback_func_validate_get, METH_VARARGS, NULL},
+ { (char *)"new_selinux_callback", _wrap_new_selinux_callback, METH_VARARGS, NULL},
+ { (char *)"delete_selinux_callback", _wrap_delete_selinux_callback, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_swigregister", selinux_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_get_callback", _wrap_selinux_get_callback, METH_VARARGS, NULL},
+ { (char *)"selinux_set_callback", _wrap_selinux_set_callback, METH_VARARGS, NULL},
+ { (char *)"security_compute_av", _wrap_security_compute_av, METH_VARARGS, NULL},
+ { (char *)"security_compute_av_raw", _wrap_security_compute_av_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_create", _wrap_security_compute_create, METH_VARARGS, NULL},
+ { (char *)"security_compute_create_raw", _wrap_security_compute_create_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_relabel", _wrap_security_compute_relabel, METH_VARARGS, NULL},
+ { (char *)"security_compute_relabel_raw", _wrap_security_compute_relabel_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_member", _wrap_security_compute_member, METH_VARARGS, NULL},
+ { (char *)"security_compute_member_raw", _wrap_security_compute_member_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_user", _wrap_security_compute_user, METH_VARARGS, NULL},
+ { (char *)"security_compute_user_raw", _wrap_security_compute_user_raw, METH_VARARGS, NULL},
+ { (char *)"security_load_policy", _wrap_security_load_policy, METH_VARARGS, NULL},
+ { (char *)"security_get_initial_context", _wrap_security_get_initial_context, METH_VARARGS, NULL},
+ { (char *)"security_get_initial_context_raw", _wrap_security_get_initial_context_raw, METH_VARARGS, NULL},
+ { (char *)"selinux_mkload_policy", _wrap_selinux_mkload_policy, METH_VARARGS, NULL},
+ { (char *)"selinux_init_load_policy", _wrap_selinux_init_load_policy, METH_VARARGS, NULL},
+ { (char *)"SELboolean_name_set", _wrap_SELboolean_name_set, METH_VARARGS, NULL},
+ { (char *)"SELboolean_name_get", _wrap_SELboolean_name_get, METH_VARARGS, NULL},
+ { (char *)"SELboolean_value_set", _wrap_SELboolean_value_set, METH_VARARGS, NULL},
+ { (char *)"SELboolean_value_get", _wrap_SELboolean_value_get, METH_VARARGS, NULL},
+ { (char *)"new_SELboolean", _wrap_new_SELboolean, METH_VARARGS, NULL},
+ { (char *)"delete_SELboolean", _wrap_delete_SELboolean, METH_VARARGS, NULL},
+ { (char *)"SELboolean_swigregister", SELboolean_swigregister, METH_VARARGS, NULL},
+ { (char *)"security_set_boolean_list", _wrap_security_set_boolean_list, METH_VARARGS, NULL},
+ { (char *)"security_load_booleans", _wrap_security_load_booleans, METH_VARARGS, NULL},
+ { (char *)"security_check_context", _wrap_security_check_context, METH_VARARGS, NULL},
+ { (char *)"security_check_context_raw", _wrap_security_check_context_raw, METH_VARARGS, NULL},
+ { (char *)"security_canonicalize_context", _wrap_security_canonicalize_context, METH_VARARGS, NULL},
+ { (char *)"security_canonicalize_context_raw", _wrap_security_canonicalize_context_raw, METH_VARARGS, NULL},
+ { (char *)"security_getenforce", _wrap_security_getenforce, METH_VARARGS, NULL},
+ { (char *)"security_setenforce", _wrap_security_setenforce, METH_VARARGS, NULL},
+ { (char *)"security_disable", _wrap_security_disable, METH_VARARGS, NULL},
+ { (char *)"security_policyvers", _wrap_security_policyvers, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_names", _wrap_security_get_boolean_names, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_pending", _wrap_security_get_boolean_pending, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_active", _wrap_security_get_boolean_active, METH_VARARGS, NULL},
+ { (char *)"security_set_boolean", _wrap_security_set_boolean, METH_VARARGS, NULL},
+ { (char *)"security_commit_booleans", _wrap_security_commit_booleans, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_name_set", _wrap_security_class_mapping_name_set, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_name_get", _wrap_security_class_mapping_name_get, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_perms_set", _wrap_security_class_mapping_perms_set, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_perms_get", _wrap_security_class_mapping_perms_get, METH_VARARGS, NULL},
+ { (char *)"new_security_class_mapping", _wrap_new_security_class_mapping, METH_VARARGS, NULL},
+ { (char *)"delete_security_class_mapping", _wrap_delete_security_class_mapping, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_swigregister", security_class_mapping_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_set_mapping", _wrap_selinux_set_mapping, METH_VARARGS, NULL},
+ { (char *)"string_to_security_class", _wrap_string_to_security_class, METH_VARARGS, NULL},
+ { (char *)"security_class_to_string", _wrap_security_class_to_string, METH_VARARGS, NULL},
+ { (char *)"security_av_perm_to_string", _wrap_security_av_perm_to_string, METH_VARARGS, NULL},
+ { (char *)"string_to_av_perm", _wrap_string_to_av_perm, METH_VARARGS, NULL},
+ { (char *)"security_av_string", _wrap_security_av_string, METH_VARARGS, NULL},
+ { (char *)"print_access_vector", _wrap_print_access_vector, METH_VARARGS, NULL},
+ { (char *)"set_matchpathcon_flags", _wrap_set_matchpathcon_flags, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_init", _wrap_matchpathcon_init, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_init_prefix", _wrap_matchpathcon_init_prefix, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_fini", _wrap_matchpathcon_fini, METH_VARARGS, NULL},
+ { (char *)"matchpathcon", _wrap_matchpathcon, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_index", _wrap_matchpathcon_index, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_add", _wrap_matchpathcon_filespec_add, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_destroy", _wrap_matchpathcon_filespec_destroy, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_eval", _wrap_matchpathcon_filespec_eval, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_checkmatches", _wrap_matchpathcon_checkmatches, METH_VARARGS, NULL},
+ { (char *)"matchmediacon", _wrap_matchmediacon, METH_VARARGS, NULL},
+ { (char *)"selinux_getenforcemode", _wrap_selinux_getenforcemode, METH_VARARGS, NULL},
+ { (char *)"selinux_getpolicytype", _wrap_selinux_getpolicytype, METH_VARARGS, NULL},
+ { (char *)"selinux_policy_root", _wrap_selinux_policy_root, METH_VARARGS, NULL},
+ { (char *)"selinux_binary_policy_path", _wrap_selinux_binary_policy_path, METH_VARARGS, NULL},
+ { (char *)"selinux_failsafe_context_path", _wrap_selinux_failsafe_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_removable_context_path", _wrap_selinux_removable_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_default_context_path", _wrap_selinux_default_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_user_contexts_path", _wrap_selinux_user_contexts_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_path", _wrap_selinux_file_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_homedir_path", _wrap_selinux_file_context_homedir_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_local_path", _wrap_selinux_file_context_local_path, METH_VARARGS, NULL},
+ { (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_x_context_path", _wrap_selinux_x_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
+ { (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL},
+ { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL},
+ { (char *)"selinux_customizable_types_path", _wrap_selinux_customizable_types_path, METH_VARARGS, NULL},
+ { (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL},
+ { (char *)"selinux_usersconf_path", _wrap_selinux_usersconf_path, METH_VARARGS, NULL},
+ { (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL},
+ { (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL},
+ { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL},
+ { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL},
+ { (char *)"selinux_check_securetty_context", _wrap_selinux_check_securetty_context, METH_VARARGS, NULL},
+ { (char *)"set_selinuxmnt", _wrap_set_selinuxmnt, METH_VARARGS, NULL},
+ { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL},
+ { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL},
+ { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
+ { (char *)"selinux_lsetfilecon_default", _wrap_selinux_lsetfilecon_default, METH_VARARGS, NULL},
+ { (char *)"security_id_ctx_set", _wrap_security_id_ctx_set, METH_VARARGS, NULL},
+ { (char *)"security_id_ctx_get", _wrap_security_id_ctx_get, METH_VARARGS, NULL},
+ { (char *)"security_id_refcnt_set", _wrap_security_id_refcnt_set, METH_VARARGS, NULL},
+ { (char *)"security_id_refcnt_get", _wrap_security_id_refcnt_get, METH_VARARGS, NULL},
+ { (char *)"new_security_id", _wrap_new_security_id, METH_VARARGS, NULL},
+ { (char *)"delete_security_id", _wrap_delete_security_id, METH_VARARGS, NULL},
+ { (char *)"security_id_swigregister", security_id_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_sid_to_context", _wrap_avc_sid_to_context, METH_VARARGS, NULL},
+ { (char *)"avc_sid_to_context_raw", _wrap_avc_sid_to_context_raw, METH_VARARGS, NULL},
+ { (char *)"avc_context_to_sid", _wrap_avc_context_to_sid, METH_VARARGS, NULL},
+ { (char *)"avc_context_to_sid_raw", _wrap_avc_context_to_sid_raw, METH_VARARGS, NULL},
+ { (char *)"sidget", _wrap_sidget, METH_VARARGS, NULL},
+ { (char *)"sidput", _wrap_sidput, METH_VARARGS, NULL},
+ { (char *)"avc_get_initial_sid", _wrap_avc_get_initial_sid, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_ae_set", _wrap_avc_entry_ref_ae_set, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_ae_get", _wrap_avc_entry_ref_ae_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_entry_ref", _wrap_new_avc_entry_ref, METH_VARARGS, NULL},
+ { (char *)"delete_avc_entry_ref", _wrap_delete_avc_entry_ref, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_swigregister", avc_entry_ref_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_malloc_set", _wrap_avc_memory_callback_func_malloc_set, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_malloc_get", _wrap_avc_memory_callback_func_malloc_get, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_free_set", _wrap_avc_memory_callback_func_free_set, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_free_get", _wrap_avc_memory_callback_func_free_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_memory_callback", _wrap_new_avc_memory_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_memory_callback", _wrap_delete_avc_memory_callback, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_swigregister", avc_memory_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_log_set", _wrap_avc_log_callback_func_log_set, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_log_get", _wrap_avc_log_callback_func_log_get, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_audit_set", _wrap_avc_log_callback_func_audit_set, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_audit_get", _wrap_avc_log_callback_func_audit_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_log_callback", _wrap_new_avc_log_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_log_callback", _wrap_delete_avc_log_callback, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_swigregister", avc_log_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_create_thread_set", _wrap_avc_thread_callback_func_create_thread_set, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_create_thread_get", _wrap_avc_thread_callback_func_create_thread_get, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_stop_thread_set", _wrap_avc_thread_callback_func_stop_thread_set, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_stop_thread_get", _wrap_avc_thread_callback_func_stop_thread_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_thread_callback", _wrap_new_avc_thread_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_thread_callback", _wrap_delete_avc_thread_callback, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_swigregister", avc_thread_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_alloc_lock_set", _wrap_avc_lock_callback_func_alloc_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_alloc_lock_get", _wrap_avc_lock_callback_func_alloc_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_get_lock_set", _wrap_avc_lock_callback_func_get_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_get_lock_get", _wrap_avc_lock_callback_func_get_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_release_lock_set", _wrap_avc_lock_callback_func_release_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_release_lock_get", _wrap_avc_lock_callback_func_release_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_free_lock_set", _wrap_avc_lock_callback_func_free_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_free_lock_get", _wrap_avc_lock_callback_func_free_lock_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_lock_callback", _wrap_new_avc_lock_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_lock_callback", _wrap_delete_avc_lock_callback, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_swigregister", avc_lock_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_init", _wrap_avc_init, METH_VARARGS, NULL},
+ { (char *)"avc_open", _wrap_avc_open, METH_VARARGS, NULL},
+ { (char *)"avc_cleanup", _wrap_avc_cleanup, METH_VARARGS, NULL},
+ { (char *)"avc_reset", _wrap_avc_reset, METH_VARARGS, NULL},
+ { (char *)"avc_destroy", _wrap_avc_destroy, METH_VARARGS, NULL},
+ { (char *)"avc_has_perm_noaudit", _wrap_avc_has_perm_noaudit, METH_VARARGS, NULL},
+ { (char *)"avc_has_perm", _wrap_avc_has_perm, METH_VARARGS, NULL},
+ { (char *)"avc_audit", _wrap_avc_audit, METH_VARARGS, NULL},
+ { (char *)"avc_compute_create", _wrap_avc_compute_create, METH_VARARGS, NULL},
+ { (char *)"avc_compute_member", _wrap_avc_compute_member, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_lookups_set", _wrap_avc_cache_stats_entry_lookups_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_lookups_get", _wrap_avc_cache_stats_entry_lookups_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_hits_set", _wrap_avc_cache_stats_entry_hits_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_hits_get", _wrap_avc_cache_stats_entry_hits_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_misses_set", _wrap_avc_cache_stats_entry_misses_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_misses_get", _wrap_avc_cache_stats_entry_misses_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_discards_set", _wrap_avc_cache_stats_entry_discards_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_discards_get", _wrap_avc_cache_stats_entry_discards_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_lookups_set", _wrap_avc_cache_stats_cav_lookups_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_lookups_get", _wrap_avc_cache_stats_cav_lookups_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_hits_set", _wrap_avc_cache_stats_cav_hits_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_hits_get", _wrap_avc_cache_stats_cav_hits_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_probes_set", _wrap_avc_cache_stats_cav_probes_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_probes_get", _wrap_avc_cache_stats_cav_probes_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_misses_set", _wrap_avc_cache_stats_cav_misses_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_misses_get", _wrap_avc_cache_stats_cav_misses_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_cache_stats", _wrap_new_avc_cache_stats, METH_VARARGS, NULL},
+ { (char *)"delete_avc_cache_stats", _wrap_delete_avc_cache_stats, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_swigregister", avc_cache_stats_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_av_stats", _wrap_avc_av_stats, METH_VARARGS, NULL},
+ { (char *)"avc_sid_stats", _wrap_avc_sid_stats, METH_VARARGS, NULL},
+ { (char *)"selinux_default_type_path", _wrap_selinux_default_type_path, METH_VARARGS, NULL},
+ { (char *)"get_default_type", _wrap_get_default_type, METH_VARARGS, NULL},
+ { (char *)"get_ordered_context_list", _wrap_get_ordered_context_list, METH_VARARGS, NULL},
+ { (char *)"get_ordered_context_list_with_level", _wrap_get_ordered_context_list_with_level, METH_VARARGS, NULL},
+ { (char *)"get_default_context", _wrap_get_default_context, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_level", _wrap_get_default_context_with_level, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_role", _wrap_get_default_context_with_role, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_rolelevel", _wrap_get_default_context_with_rolelevel, METH_VARARGS, NULL},
+ { (char *)"query_user_context", _wrap_query_user_context, METH_VARARGS, NULL},
+ { (char *)"manual_user_enter_context", _wrap_manual_user_enter_context, METH_VARARGS, NULL},
+ { NULL, NULL, 0, NULL }
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
+
+static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_av_decision = {"_p_av_decision", "struct av_decision *|av_decision *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_cache_stats = {"_p_avc_cache_stats", "struct avc_cache_stats *|avc_cache_stats *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_entry = {"_p_avc_entry", "struct avc_entry *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_entry_ref = {"_p_avc_entry_ref", "struct avc_entry_ref *|avc_entry_ref *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_lock_callback = {"_p_avc_lock_callback", "struct avc_lock_callback *|avc_lock_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_log_callback = {"_p_avc_log_callback", "struct avc_log_callback *|avc_log_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_memory_callback = {"_p_avc_memory_callback", "struct avc_memory_callback *|avc_memory_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_thread_callback = {"_p_avc_thread_callback", "struct avc_thread_callback *|avc_thread_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_int_p_q_const__char_v_______int = {"_p_f_int_p_q_const__char_v_______int", "int (*)(int,char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_f_void__void__p_void = {"_p_f_p_f_void__void__p_void", "void *(*)(void (*)(void))", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_p_char__int = {"_p_f_p_p_char__int", "int (*)(char **)|int (*)(security_context_t *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__char_v_______void = {"_p_f_p_q_const__char_v_______void", "void (*)(char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void__void = {"_p_f_p_void__void", "void (*)(void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__int = {"_p_f_p_void_unsigned_short_p_char_size_t__int", "int (*)(void *,unsigned short,char *,size_t)|int (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__void = {"_p_f_p_void_unsigned_short_p_char_size_t__void", "void (*)(void *,unsigned short,char *,size_t)|void (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_size_t__p_void = {"_p_f_size_t__p_void", "void *(*)(size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_void__p_void = {"_p_f_void__p_void", "void *(*)(void)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_ino_t = {"_p_ino_t", "ino_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **|security_context_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***|security_context_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_security_id = {"_p_p_security_id", "struct security_id **|security_id_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_security_class_mapping = {"_p_security_class_mapping", "struct security_class_mapping *|security_class_mapping *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_security_id = {"_p_security_id", "security_id_t|struct security_id *|security_id *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_callback = {"_p_selinux_callback", "union selinux_callback *|selinux_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_opt = {"_p_selinux_opt", "struct selinux_opt *|selinux_opt *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *|access_vector_t *|mode_t *|pid_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "security_class_t *|unsigned short *", 0, 0, (void*)0, 0};
+
+static swig_type_info *swig_type_initial[] = {
+ &_swigt__p_SELboolean,
+ &_swigt__p_av_decision,
+ &_swigt__p_avc_cache_stats,
+ &_swigt__p_avc_entry,
+ &_swigt__p_avc_entry_ref,
+ &_swigt__p_avc_lock_callback,
+ &_swigt__p_avc_log_callback,
+ &_swigt__p_avc_memory_callback,
+ &_swigt__p_avc_thread_callback,
+ &_swigt__p_char,
+ &_swigt__p_f_int_p_q_const__char_v_______int,
+ &_swigt__p_f_p_f_void__void__p_void,
+ &_swigt__p_f_p_p_char__int,
+ &_swigt__p_f_p_q_const__char_v_______void,
+ &_swigt__p_f_p_void__void,
+ &_swigt__p_f_p_void_unsigned_short_p_char_size_t__int,
+ &_swigt__p_f_p_void_unsigned_short_p_char_size_t__void,
+ &_swigt__p_f_size_t__p_void,
+ &_swigt__p_f_void__p_void,
+ &_swigt__p_ino_t,
+ &_swigt__p_int,
+ &_swigt__p_p_char,
+ &_swigt__p_p_p_char,
+ &_swigt__p_p_security_id,
+ &_swigt__p_security_class_mapping,
+ &_swigt__p_security_id,
+ &_swigt__p_selinux_callback,
+ &_swigt__p_selinux_opt,
+ &_swigt__p_unsigned_int,
+ &_swigt__p_unsigned_short,
+};
+
+static swig_cast_info _swigc__p_SELboolean[] = { {&_swigt__p_SELboolean, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_av_decision[] = { {&_swigt__p_av_decision, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_cache_stats[] = { {&_swigt__p_avc_cache_stats, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_entry[] = { {&_swigt__p_avc_entry, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_entry_ref[] = { {&_swigt__p_avc_entry_ref, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_lock_callback[] = { {&_swigt__p_avc_lock_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_log_callback[] = { {&_swigt__p_avc_log_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_memory_callback[] = { {&_swigt__p_avc_memory_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_thread_callback[] = { {&_swigt__p_avc_thread_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_int_p_q_const__char_v_______int[] = { {&_swigt__p_f_int_p_q_const__char_v_______int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_f_void__void__p_void[] = { {&_swigt__p_f_p_f_void__void__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_p_char__int[] = { {&_swigt__p_f_p_p_char__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__char_v_______void[] = { {&_swigt__p_f_p_q_const__char_v_______void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void__void[] = { {&_swigt__p_f_p_void__void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__int[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__void[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_size_t__p_void[] = { {&_swigt__p_f_size_t__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_void__p_void[] = { {&_swigt__p_f_void__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_ino_t[] = { {&_swigt__p_ino_t, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_security_id[] = { {&_swigt__p_p_security_id, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_security_class_mapping[] = { {&_swigt__p_security_class_mapping, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_security_id[] = { {&_swigt__p_security_id, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_selinux_callback[] = { {&_swigt__p_selinux_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_selinux_opt[] = { {&_swigt__p_selinux_opt, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
+
+static swig_cast_info *swig_cast_initial[] = {
+ _swigc__p_SELboolean,
+ _swigc__p_av_decision,
+ _swigc__p_avc_cache_stats,
+ _swigc__p_avc_entry,
+ _swigc__p_avc_entry_ref,
+ _swigc__p_avc_lock_callback,
+ _swigc__p_avc_log_callback,
+ _swigc__p_avc_memory_callback,
+ _swigc__p_avc_thread_callback,
+ _swigc__p_char,
+ _swigc__p_f_int_p_q_const__char_v_______int,
+ _swigc__p_f_p_f_void__void__p_void,
+ _swigc__p_f_p_p_char__int,
+ _swigc__p_f_p_q_const__char_v_______void,
+ _swigc__p_f_p_void__void,
+ _swigc__p_f_p_void_unsigned_short_p_char_size_t__int,
+ _swigc__p_f_p_void_unsigned_short_p_char_size_t__void,
+ _swigc__p_f_size_t__p_void,
+ _swigc__p_f_void__p_void,
+ _swigc__p_ino_t,
+ _swigc__p_int,
+ _swigc__p_p_char,
+ _swigc__p_p_p_char,
+ _swigc__p_p_security_id,
+ _swigc__p_security_class_mapping,
+ _swigc__p_security_id,
+ _swigc__p_selinux_callback,
+ _swigc__p_selinux_opt,
+ _swigc__p_unsigned_int,
+ _swigc__p_unsigned_short,
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (END) -------- */
+
+static swig_const_info swig_const_table[] = {
+{0, 0, 0, 0.0, 0, 0}};
+
+#ifdef __cplusplus
+}
+#endif
+/* -----------------------------------------------------------------------------
+ * Type initialization:
+ * This problem is tough by the requirement that no dynamic
+ * memory is used. Also, since swig_type_info structures store pointers to
+ * swig_cast_info structures and swig_cast_info structures store pointers back
+ * to swig_type_info structures, we need some lookup code at initialization.
+ * The idea is that swig generates all the structures that are needed.
+ * The runtime then collects these partially filled structures.
+ * The SWIG_InitializeModule function takes these initial arrays out of
+ * swig_module, and does all the lookup, filling in the swig_module.types
+ * array with the correct data and linking the correct swig_cast_info
+ * structures together.
+ *
+ * The generated swig_type_info structures are assigned staticly to an initial
+ * array. We just loop through that array, and handle each type individually.
+ * First we lookup if this type has been already loaded, and if so, use the
+ * loaded structure instead of the generated one. Then we have to fill in the
+ * cast linked list. The cast data is initially stored in something like a
+ * two-dimensional array. Each row corresponds to a type (there are the same
+ * number of rows as there are in the swig_type_initial array). Each entry in
+ * a column is one of the swig_cast_info structures for that type.
+ * The cast_initial array is actually an array of arrays, because each row has
+ * a variable number of columns. So to actually build the cast linked list,
+ * we find the array of casts associated with the type, and loop through it
+ * adding the casts to the list. The one last trick we need to do is making
+ * sure the type pointer in the swig_cast_info struct is correct.
+ *
+ * First off, we lookup the cast->type name to see if it is already loaded.
+ * There are three cases to handle:
+ * 1) If the cast->type has already been loaded AND the type we are adding
+ * casting info to has not been loaded (it is in this module), THEN we
+ * replace the cast->type pointer with the type pointer that has already
+ * been loaded.
+ * 2) If BOTH types (the one we are adding casting info to, and the
+ * cast->type) are loaded, THEN the cast info has already been loaded by
+ * the previous module so we just ignore it.
+ * 3) Finally, if cast->type has not already been loaded, then we add that
+ * swig_cast_info to the linked list (because the cast->type) pointer will
+ * be correct.
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* c-mode */
+#endif
+#endif
+
+#if 0
+#define SWIGRUNTIME_DEBUG
+#endif
+
+
+SWIGRUNTIME void
+SWIG_InitializeModule(void *clientdata) {
+ size_t i;
+ swig_module_info *module_head, *iter;
+ int found;
+
+ clientdata = clientdata;
+
+ /* check to see if the circular list has been setup, if not, set it up */
+ if (swig_module.next==0) {
+ /* Initialize the swig_module */
+ swig_module.type_initial = swig_type_initial;
+ swig_module.cast_initial = swig_cast_initial;
+ swig_module.next = &swig_module;
+ }
+
+ /* Try and load any already created modules */
+ module_head = SWIG_GetModule(clientdata);
+ if (!module_head) {
+ /* This is the first module loaded for this interpreter */
+ /* so set the swig module into the interpreter */
+ SWIG_SetModule(clientdata, &swig_module);
+ module_head = &swig_module;
+ } else {
+ /* the interpreter has loaded a SWIG module, but has it loaded this one? */
+ found=0;
+ iter=module_head;
+ do {
+ if (iter==&swig_module) {
+ found=1;
+ break;
+ }
+ iter=iter->next;
+ } while (iter!= module_head);
+
+ /* if the is found in the list, then all is done and we may leave */
+ if (found) return;
+ /* otherwise we must add out module into the list */
+ swig_module.next = module_head->next;
+ module_head->next = &swig_module;
+ }
+
+ /* Now work on filling in swig_module.types */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: size %d\n", swig_module.size);
+#endif
+ for (i = 0; i < swig_module.size; ++i) {
+ swig_type_info *type = 0;
+ swig_type_info *ret;
+ swig_cast_info *cast;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+#endif
+
+ /* if there is another module already loaded */
+ if (swig_module.next != &swig_module) {
+ type = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, swig_module.type_initial[i]->name);
+ }
+ if (type) {
+ /* Overwrite clientdata field */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found type %s\n", type->name);
+#endif
+ if (swig_module.type_initial[i]->clientdata) {
+ type->clientdata = swig_module.type_initial[i]->clientdata;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found and overwrite type %s \n", type->name);
+#endif
+ }
+ } else {
+ type = swig_module.type_initial[i];
+ }
+
+ /* Insert casting types */
+ cast = swig_module.cast_initial[i];
+ while (cast->type) {
+ /* Don't need to add information already in the list */
+ ret = 0;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: look cast %s\n", cast->type->name);
+#endif
+ if (swig_module.next != &swig_module) {
+ ret = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, cast->type->name);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ret) printf("SWIG_InitializeModule: found cast %s\n", ret->name);
+#endif
+ }
+ if (ret) {
+ if (type == swig_module.type_initial[i]) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: skip old type %s\n", ret->name);
+#endif
+ cast->type = ret;
+ ret = 0;
+ } else {
+ /* Check for casting already in the list */
+ swig_cast_info *ocast = SWIG_TypeCheck(ret->name, type);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ocast) printf("SWIG_InitializeModule: skip old cast %s\n", ret->name);
+#endif
+ if (!ocast) ret = 0;
+ }
+ }
+
+ if (!ret) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: adding cast %s\n", cast->type->name);
+#endif
+ if (type->cast) {
+ type->cast->prev = cast;
+ cast->next = type->cast;
+ }
+ type->cast = cast;
+ }
+ cast++;
+ }
+ /* Set entry in modules->types array equal to the type */
+ swig_module.types[i] = type;
+ }
+ swig_module.types[i] = 0;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+ for (i = 0; i < swig_module.size; ++i) {
+ int j = 0;
+ swig_cast_info *cast = swig_module.cast_initial[i];
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+ while (cast->type) {
+ printf("SWIG_InitializeModule: cast type %s\n", cast->type->name);
+ cast++;
+ ++j;
+ }
+ printf("---- Total casts: %d\n",j);
+ }
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+#endif
+}
+
+/* This function will propagate the clientdata field of type to
+* any new swig_type_info structures that have been added into the list
+* of equivalent types. It is like calling
+* SWIG_TypeClientData(type, clientdata) a second time.
+*/
+SWIGRUNTIME void
+SWIG_PropagateClientData(void) {
+ size_t i;
+ swig_cast_info *equiv;
+ static int init_run = 0;
+
+ if (init_run) return;
+ init_run = 1;
+
+ for (i = 0; i < swig_module.size; i++) {
+ if (swig_module.types[i]->clientdata) {
+ equiv = swig_module.types[i]->cast;
+ while (equiv) {
+ if (!equiv->converter) {
+ if (equiv->type && !equiv->type->clientdata)
+ SWIG_TypeClientData(equiv->type, swig_module.types[i]->clientdata);
+ }
+ equiv = equiv->next;
+ }
+ }
+ }
+}
+
+#ifdef __cplusplus
+#if 0
+{
+ /* c-mode */
+#endif
+}
+#endif
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ /* Python-specific SWIG API */
+#define SWIG_newvarlink() SWIG_Python_newvarlink()
+#define SWIG_addvarlink(p, name, get_attr, set_attr) SWIG_Python_addvarlink(p, name, get_attr, set_attr)
+#define SWIG_InstallConstants(d, constants) SWIG_Python_InstallConstants(d, constants)
+
+ /* -----------------------------------------------------------------------------
+ * global variable support code.
+ * ----------------------------------------------------------------------------- */
+
+ typedef struct swig_globalvar {
+ char *name; /* Name of global variable */
+ PyObject *(*get_attr)(void); /* Return the current value */
+ int (*set_attr)(PyObject *); /* Set the value */
+ struct swig_globalvar *next;
+ } swig_globalvar;
+
+ typedef struct swig_varlinkobject {
+ PyObject_HEAD
+ swig_globalvar *vars;
+ } swig_varlinkobject;
+
+ SWIGINTERN PyObject *
+ swig_varlink_repr(swig_varlinkobject *SWIGUNUSEDPARM(v)) {
+ return PyString_FromString("<Swig global variables>");
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_str(swig_varlinkobject *v) {
+ PyObject *str = PyString_FromString("(");
+ swig_globalvar *var;
+ for (var = v->vars; var; var=var->next) {
+ PyString_ConcatAndDel(&str,PyString_FromString(var->name));
+ if (var->next) PyString_ConcatAndDel(&str,PyString_FromString(", "));
+ }
+ PyString_ConcatAndDel(&str,PyString_FromString(")"));
+ return str;
+ }
+
+ SWIGINTERN int
+ swig_varlink_print(swig_varlinkobject *v, FILE *fp, int SWIGUNUSEDPARM(flags)) {
+ PyObject *str = swig_varlink_str(v);
+ fprintf(fp,"Swig global variables ");
+ fprintf(fp,"%s\n", PyString_AsString(str));
+ Py_DECREF(str);
+ return 0;
+ }
+
+ SWIGINTERN void
+ swig_varlink_dealloc(swig_varlinkobject *v) {
+ swig_globalvar *var = v->vars;
+ while (var) {
+ swig_globalvar *n = var->next;
+ free(var->name);
+ free(var);
+ var = n;
+ }
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_getattr(swig_varlinkobject *v, char *n) {
+ PyObject *res = NULL;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->get_attr)();
+ break;
+ }
+ var = var->next;
+ }
+ if (res == NULL && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN int
+ swig_varlink_setattr(swig_varlinkobject *v, char *n, PyObject *p) {
+ int res = 1;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->set_attr)(p);
+ break;
+ }
+ var = var->next;
+ }
+ if (res == 1 && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN PyTypeObject*
+ swig_varlink_type(void) {
+ static char varlink__doc__[] = "Swig var link object";
+ static PyTypeObject varlink_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* Number of items in variable part (ob_size) */
+ (char *)"swigvarlink", /* Type name (tp_name) */
+ sizeof(swig_varlinkobject), /* Basic size (tp_basicsize) */
+ 0, /* Itemsize (tp_itemsize) */
+ (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */
+ (printfunc) swig_varlink_print, /* Print (tp_print) */
+ (getattrfunc) swig_varlink_getattr, /* get attr (tp_getattr) */
+ (setattrfunc) swig_varlink_setattr, /* Set attr (tp_setattr) */
+ 0, /* tp_compare */
+ (reprfunc) swig_varlink_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ 0, /* tp_hash */
+ 0, /* tp_call */
+ (reprfunc)swig_varlink_str, /* tp_str */
+ 0, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ 0, /* tp_flags */
+ varlink__doc__, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, /* tp_iter -> tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ varlink_type = tmp;
+ varlink_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &varlink_type;
+ }
+
+ /* Create a variable linking object for use later */
+ SWIGINTERN PyObject *
+ SWIG_Python_newvarlink(void) {
+ swig_varlinkobject *result = PyObject_NEW(swig_varlinkobject, swig_varlink_type());
+ if (result) {
+ result->vars = 0;
+ }
+ return ((PyObject*) result);
+ }
+
+ SWIGINTERN void
+ SWIG_Python_addvarlink(PyObject *p, char *name, PyObject *(*get_attr)(void), int (*set_attr)(PyObject *p)) {
+ swig_varlinkobject *v = (swig_varlinkobject *) p;
+ swig_globalvar *gv = (swig_globalvar *) malloc(sizeof(swig_globalvar));
+ if (gv) {
+ size_t size = strlen(name)+1;
+ gv->name = (char *)malloc(size);
+ if (gv->name) {
+ strncpy(gv->name,name,size);
+ gv->get_attr = get_attr;
+ gv->set_attr = set_attr;
+ gv->next = v->vars;
+ }
+ }
+ v->vars = gv;
+ }
+
+ SWIGINTERN PyObject *
+ SWIG_globals(void) {
+ static PyObject *_SWIG_globals = 0;
+ if (!_SWIG_globals) _SWIG_globals = SWIG_newvarlink();
+ return _SWIG_globals;
+ }
+
+ /* -----------------------------------------------------------------------------
+ * constants/methods manipulation
+ * ----------------------------------------------------------------------------- */
+
+ /* Install Constants */
+ SWIGINTERN void
+ SWIG_Python_InstallConstants(PyObject *d, swig_const_info constants[]) {
+ PyObject *obj = 0;
+ size_t i;
+ for (i = 0; constants[i].type; ++i) {
+ switch(constants[i].type) {
+ case SWIG_PY_POINTER:
+ obj = SWIG_NewPointerObj(constants[i].pvalue, *(constants[i]).ptype,0);
+ break;
+ case SWIG_PY_BINARY:
+ obj = SWIG_NewPackedObj(constants[i].pvalue, constants[i].lvalue, *(constants[i].ptype));
+ break;
+ default:
+ obj = 0;
+ break;
+ }
+ if (obj) {
+ PyDict_SetItemString(d, constants[i].name, obj);
+ Py_DECREF(obj);
+ }
+ }
+ }
+
+ /* -----------------------------------------------------------------------------*/
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ /* -----------------------------------------------------------------------------*/
+
+ SWIGINTERN void
+ SWIG_Python_FixMethods(PyMethodDef *methods,
+ swig_const_info *const_table,
+ swig_type_info **types,
+ swig_type_info **types_initial) {
+ size_t i;
+ for (i = 0; methods[i].ml_name; ++i) {
+ const char *c = methods[i].ml_doc;
+ if (c && (c = strstr(c, "swig_ptr: "))) {
+ int j;
+ swig_const_info *ci = 0;
+ const char *name = c + 10;
+ for (j = 0; const_table[j].type; ++j) {
+ if (strncmp(const_table[j].name, name,
+ strlen(const_table[j].name)) == 0) {
+ ci = &(const_table[j]);
+ break;
+ }
+ }
+ if (ci) {
+ size_t shift = (ci->ptype) - types;
+ swig_type_info *ty = types_initial[shift];
+ size_t ldoc = (c - methods[i].ml_doc);
+ size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
+ char *ndoc = (char*)malloc(ldoc + lptr + 10);
+ if (ndoc) {
+ char *buff = ndoc;
+ void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
+ if (ptr) {
+ strncpy(buff, methods[i].ml_doc, ldoc);
+ buff += ldoc;
+ strncpy(buff, "swig_ptr: ", 10);
+ buff += 10;
+ SWIG_PackVoidPtr(buff, ptr, ty->name, lptr);
+ methods[i].ml_doc = ndoc;
+ }
+ }
+ }
+ }
+ }
+ }
+
+#ifdef __cplusplus
+}
+#endif
+
+/* -----------------------------------------------------------------------------*
+ * Partial Init method
+ * -----------------------------------------------------------------------------*/
+
+#ifdef __cplusplus
+extern "C"
+#endif
+SWIGEXPORT void SWIG_init(void) {
+ PyObject *m, *d;
+
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ SWIG_Python_FixMethods(SwigMethods, swig_const_table, swig_types, swig_type_initial);
+
+ m = Py_InitModule((char *) SWIG_name, SwigMethods);
+ d = PyModule_GetDict(m);
+
+ SWIG_InitializeModule(0);
+ SWIG_InstallConstants(d,swig_const_table);
+
+
+ SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_CB_VALIDATE",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SELINUX_ERROR",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SELINUX_WARNING",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_INFO",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SELINUX_AVC",SWIG_From_int((int)(3)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_BASEONLY",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_NOTRANS",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_VALIDATE",SWIG_From_int((int)(4)));
+ SWIG_Python_SetConstant(d, "AVC_OPT_UNUSED",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "AVC_OPT_SETENFORCE",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_GRANT",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_TRY_REVOKE",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_REVOKE",SWIG_From_int((int)(4)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_RESET",SWIG_From_int((int)(8)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_ENABLE",SWIG_From_int((int)(16)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_DISABLE",SWIG_From_int((int)(32)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_ENABLE",SWIG_From_int((int)(64)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_DISABLE",SWIG_From_int((int)(128)));
+ SWIG_Python_SetConstant(d, "AVC_CACHE_STATS",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_DEFAULTUSER",SWIG_FromCharPtr("user_u"));
+}
+
diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c
new file mode 100644
index 0000000..e5e7612
--- /dev/null
+++ b/libselinux/src/setenforce.c
@@ -0,0 +1,37 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_setenforce(int value)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ snprintf(buf, sizeof buf, "%d", value);
+ ret = write(fd, buf, strlen(buf));
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ return 0;
+}
+
+hidden_def(security_setenforce)
diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c
new file mode 100644
index 0000000..8c633ef
--- /dev/null
+++ b/libselinux/src/setfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int setfilecon_raw(const char *path, security_context_t context)
+{
+ return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(setfilecon_raw)
+
+int setfilecon(const char *path, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = setfilecon_raw(path, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
new file mode 100644
index 0000000..a02f407
--- /dev/null
+++ b/libselinux/src/setrans_client.c
@@ -0,0 +1,345 @@
+/* Author: Trusted Computer Solutions, Inc.
+ *
+ * Modified:
+ * Yuichi Nakamura <ynakam@hitachisoft.jp>
+ - Stubs are used when DISABLE_SETRANS is defined,
+ it is to reduce size for such as embedded devices.
+*/
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include "dso.h"
+#include "selinux_internal.h"
+#include "setrans_internal.h"
+
+#ifndef DISABLE_SETRANS
+static int mls_enabled = -1;
+
+// Simple cache
+static __thread security_context_t prev_t2r_trans = NULL;
+static __thread security_context_t prev_t2r_raw = NULL;
+static __thread security_context_t prev_r2t_trans = NULL;
+static __thread security_context_t prev_r2t_raw = NULL;
+
+/*
+ * setransd_open
+ *
+ * This function opens a socket to the setransd.
+ * Returns: on success, a file descriptor ( >= 0 ) to the socket
+ * on error, a negative value
+ */
+static int setransd_open(void)
+{
+ struct sockaddr_un addr;
+ int fd;
+#ifdef SOCK_CLOEXEC
+ fd = socket(PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
+ if (fd < 0 && errno == EINVAL)
+#endif
+ {
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd >= 0)
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+ }
+ if (fd < 0)
+ return -1;
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path));
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ close(fd);
+ return -1;
+ }
+
+ return fd;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
+{
+ struct msghdr msgh;
+ struct iovec iov[5];
+ uint32_t data1_size;
+ uint32_t data2_size;
+ ssize_t count, expected;
+ unsigned int i;
+
+ if (fd < 0)
+ return -1;
+
+ if (!data1)
+ data1 = "";
+ if (!data2)
+ data2 = "";
+
+ data1_size = strlen(data1) + 1;
+ data2_size = strlen(data2) + 1;
+
+ iov[0].iov_base = &function;
+ iov[0].iov_len = sizeof(function);
+ iov[1].iov_base = &data1_size;
+ iov[1].iov_len = sizeof(data1_size);
+ iov[2].iov_base = &data2_size;
+ iov[2].iov_len = sizeof(data2_size);
+ iov[3].iov_base = (char *)data1;
+ iov[3].iov_len = data1_size;
+ iov[4].iov_base = (char *)data2;
+ iov[4].iov_len = data2_size;
+ memset(&msgh, 0, sizeof(msgh));
+ msgh.msg_iov = iov;
+ msgh.msg_iovlen = sizeof(iov) / sizeof(iov[0]);
+
+ expected = 0;
+ for (i = 0; i < sizeof(iov) / sizeof(iov[0]); i++)
+ expected += iov[i].iov_len;
+
+ while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0)
+ && (errno == EINTR)) ;
+ if (count < 0 || count != expected)
+ return -1;
+
+ return 0;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val)
+{
+ struct iovec resp_hdr[3];
+ uint32_t func;
+ uint32_t data_size;
+ char *data;
+ struct iovec resp_data;
+ ssize_t count;
+
+ if (fd < 0)
+ return -1;
+
+ resp_hdr[0].iov_base = &func;
+ resp_hdr[0].iov_len = sizeof(func);
+ resp_hdr[1].iov_base = &data_size;
+ resp_hdr[1].iov_len = sizeof(data_size);
+ resp_hdr[2].iov_base = ret_val;
+ resp_hdr[2].iov_len = sizeof(*ret_val);
+
+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
+ return -1;
+ }
+
+ if (func != function || !data_size || data_size > MAX_DATA_BUF) {
+ return -1;
+ }
+
+ data = malloc(data_size);
+ if (!data) {
+ return -1;
+ }
+
+ resp_data.iov_base = data;
+ resp_data.iov_len = data_size;
+
+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ;
+ if (count < 0 || (uint32_t) count != data_size ||
+ data[data_size - 1] != '\0') {
+ free(data);
+ return -1;
+ }
+ *outdata = data;
+ return 0;
+}
+
+static int raw_to_trans_context(char *raw, char **transp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *transp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+static int trans_to_raw_context(char *trans, char **rawp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *rawp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden void fini_context_translations(void)
+{
+ free(prev_r2t_trans);
+ free(prev_r2t_raw);
+ free(prev_t2r_trans);
+ free(prev_t2r_raw);
+}
+
+hidden int init_context_translations(void)
+{
+ mls_enabled = is_selinux_mls_enabled();
+ return 0;
+}
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *rawp = strdup(trans);
+ goto out;
+ }
+
+ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) {
+ *rawp = strdup(prev_t2r_raw);
+ } else {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ free(prev_t2r_raw);
+ prev_t2r_raw = NULL;
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ if (*rawp) {
+ prev_t2r_trans = strdup(trans);
+ if (!prev_t2r_trans)
+ goto out;
+ prev_t2r_raw = strdup(*rawp);
+ if (!prev_t2r_raw) {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ }
+ }
+ }
+ out:
+ return *rawp ? 0 : -1;
+}
+
+hidden_def(selinux_trans_to_raw_context)
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *transp = strdup(raw);
+ goto out;
+ }
+
+ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) {
+ *transp = strdup(prev_r2t_trans);
+ } else {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ free(prev_r2t_trans);
+ prev_r2t_trans = NULL;
+ if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
+ if (*transp) {
+ prev_r2t_raw = strdup(raw);
+ if (!prev_r2t_raw)
+ goto out;
+ prev_r2t_trans = strdup(*transp);
+ if (!prev_r2t_trans) {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ }
+ }
+ }
+ out:
+ return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_to_trans_context)
+#else /*DISABLE_SETRANS*/
+
+hidden void fini_context_translations(void)
+{
+}
+
+hidden int init_context_translations(void)
+{
+ return 0;
+}
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ *rawp = strdup(trans);
+
+ return *rawp ? 0 : -1;
+}
+
+hidden_def(selinux_trans_to_raw_context)
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+ *transp = strdup(raw);
+
+ return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_to_trans_context)
+#endif /*DISABLE_SETRANS*/
diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h
new file mode 100644
index 0000000..4e04b54
--- /dev/null
+++ b/libselinux/src/setrans_internal.h
@@ -0,0 +1,10 @@
+/* Author: Trusted Computer Solutions, Inc. */
+
+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
+
+#define RAW_TO_TRANS_CONTEXT 2
+#define TRANS_TO_RAW_CONTEXT 3
+#define MAX_DATA_BUF 8192
+
+extern int init_context_translations(void);
+extern void fini_context_translations(void);
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
new file mode 100644
index 0000000..d6fb29b
--- /dev/null
+++ b/libselinux/src/seusers.c
@@ -0,0 +1,245 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include "selinux_internal.h"
+
+/* Process line from seusers.conf and split into its fields.
+ Returns 0 on success, -1 on comments, and -2 on error. */
+static int process_seusers(const char *buffer,
+ char **luserp,
+ char **seuserp, char **levelp, int mls_enabled)
+{
+ char *newbuf = strdup(buffer);
+ char *luser = NULL, *seuser = NULL, *level = NULL;
+ char *start, *end;
+ int mls_found = 1;
+
+ if (!newbuf)
+ goto err;
+
+ start = newbuf;
+ while (isspace(*start))
+ start++;
+ if (*start == '#' || *start == 0) {
+ free(newbuf);
+ return -1; /* Comment or empty line, skip over */
+ }
+ end = strchr(start, ':');
+ if (!end)
+ goto err;
+ *end = 0;
+
+ luser = strdup(start);
+ if (!luser)
+ goto err;
+
+ start = end + 1;
+ end = strchr(start, ':');
+ if (!end) {
+ mls_found = 0;
+
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ }
+ *end = 0;
+
+ seuser = strdup(start);
+ if (!seuser)
+ goto err;
+
+ if (!strcmp(seuser, ""))
+ goto err;
+
+ /* Skip MLS if disabled, or missing. */
+ if (!mls_enabled || !mls_found)
+ goto out;
+
+ start = ++end;
+ while (*end && !isspace(*end))
+ end++;
+ *end = 0;
+
+ level = strdup(start);
+ if (!level)
+ goto err;
+
+ if (!strcmp(level, ""))
+ goto err;
+
+ out:
+ free(newbuf);
+ *luserp = luser;
+ *seuserp = seuser;
+ *levelp = level;
+ return 0;
+ err:
+ free(newbuf);
+ free(luser);
+ free(seuser);
+ free(level);
+ return -2; /* error */
+}
+
+int require_seusers hidden = 0;
+
+#include <pwd.h>
+#include <grp.h>
+
+static gid_t get_default_gid(const char *name) {
+ struct passwd pwstorage, *pwent = NULL;
+ gid_t gid = -1;
+ /* Allocate space for the getpwnam_r buffer */
+ long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0) return -1;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL) return -1;
+
+ int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval == 0 && pwent) {
+ gid = pwent->pw_gid;
+ }
+ free(rbuf);
+ return gid;
+}
+
+static int check_group(const char *group, const char *name, const gid_t gid) {
+ int match = 0;
+ int i, ng = 0;
+ gid_t *groups = NULL;
+ struct group gbuf, *grent = NULL;
+
+ long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ return 0;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ return 0;
+
+ if (getgrnam_r(group, &gbuf, rbuf, rbuflen,
+ &grent) != 0)
+ goto done;
+
+ if (getgrouplist(name, gid, NULL, &ng) < 0) {
+ groups = (gid_t *) malloc(sizeof (gid_t) * ng);
+ if (!groups) goto done;
+ if (getgrouplist(name, gid, groups, &ng) < 0) goto done;
+ }
+
+ for (i = 0; i < ng; i++) {
+ if (grent->gr_gid == groups[i]) {
+ match = 1;
+ goto done;
+ }
+ }
+
+ done:
+ free(groups);
+ free(rbuf);
+ return match;
+}
+
+int getseuserbyname(const char *name, char **r_seuser, char **r_level)
+{
+ FILE *cfg = NULL;
+ size_t size = 0;
+ char *buffer = NULL;
+ int rc;
+ unsigned long lineno = 0;
+ int mls_enabled = is_selinux_mls_enabled();
+
+ char *username = NULL;
+ char *seuser = NULL;
+ char *level = NULL;
+ char *groupseuser = NULL;
+ char *grouplevel = NULL;
+ char *defaultseuser = NULL;
+ char *defaultlevel = NULL;
+
+ gid_t gid = get_default_gid(name);
+
+ cfg = fopen(selinux_usersconf_path(), "r");
+ if (!cfg)
+ goto nomatch;
+
+ __fsetlocking(cfg, FSETLOCKING_BYCALLER);
+ while (getline(&buffer, &size, cfg) > 0) {
+ ++lineno;
+ rc = process_seusers(buffer, &username, &seuser, &level,
+ mls_enabled);
+ if (rc == -1)
+ continue; /* comment, skip */
+ if (rc == -2) {
+ fprintf(stderr, "%s: error on line %lu, skipping...\n",
+ selinux_usersconf_path(), lineno);
+ continue;
+ }
+
+ if (!strcmp(username, name))
+ break;
+
+ if (username[0] == '%' &&
+ !groupseuser &&
+ check_group(&username[1], name, gid)) {
+ groupseuser = seuser;
+ grouplevel = level;
+ } else {
+ if (!defaultseuser &&
+ !strcmp(username, "__default__")) {
+ defaultseuser = seuser;
+ defaultlevel = level;
+ } else {
+ free(seuser);
+ free(level);
+ }
+ }
+ free(username);
+ username = NULL;
+ seuser = NULL;
+ }
+
+ free(buffer);
+ fclose(cfg);
+
+ if (seuser) {
+ free(username);
+ free(defaultseuser);
+ free(defaultlevel);
+ free(groupseuser);
+ free(grouplevel);
+ *r_seuser = seuser;
+ *r_level = level;
+ return 0;
+ }
+
+ if (groupseuser) {
+ free(defaultseuser);
+ free(defaultlevel);
+ *r_seuser = groupseuser;
+ *r_level = grouplevel;
+ return 0;
+ }
+
+ if (defaultseuser) {
+ *r_seuser = defaultseuser;
+ *r_level = defaultlevel;
+ return 0;
+ }
+
+ nomatch:
+ if (require_seusers)
+ return -1;
+
+ /* Fall back to the Linux username and no level. */
+ *r_seuser = strdup(name);
+ if (!(*r_seuser))
+ return -1;
+ *r_level = NULL;
+ return 0;
+}
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
new file mode 100644
index 0000000..19c5bb6
--- /dev/null
+++ b/libselinux/src/stringrep.c
@@ -0,0 +1,576 @@
+/*
+ * String representation support for classes and permissions.
+ */
+#include <sys/stat.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <ctype.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+/* The following code looks complicated, but it really is not. What it
+ does is to generate two variables. The first is basically a struct
+ of arrays. The second is the real array of structures which would
+ have used string pointers. But instead it now uses an offset value
+ into the first structure. Strings are accessed indirectly by an
+ explicit addition of the string index and the base address of the
+ structure with the strings (all type safe). The advantage is that
+ there are no relocations necessary in the array with the data as it
+ would be the case with string pointers. This has advantages at
+ load time, the data section is smaller, and it is read-only. */
+#define L1(line) L2(line)
+#define L2(line) str##line
+static const union av_perm_to_string_data {
+ struct {
+#define S_(c, v, s) char L1(__LINE__)[sizeof(s)];
+#include "av_perm_to_string.h"
+#undef S_
+ };
+ char str[0];
+} av_perm_to_string_data = {
+ {
+#define S_(c, v, s) s,
+#include "av_perm_to_string.h"
+#undef S_
+ }
+};
+static const struct av_perm_to_string {
+ uint16_t tclass;
+ uint16_t nameidx;
+ uint32_t value;
+} av_perm_to_string[] = {
+#define S_(c, v, s) { c, offsetof(union av_perm_to_string_data, L1(__LINE__)), v },
+#include "av_perm_to_string.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+#define L1(line) L2(line)
+#define L2(line) str##line
+static const union class_to_string_data {
+ struct {
+#define S_(s) char L1(__LINE__)[sizeof(s)];
+#include "class_to_string.h"
+#undef S_
+ };
+ char str[0];
+} class_to_string_data = {
+ {
+#define S_(s) s,
+#include "class_to_string.h"
+#undef S_
+ }
+};
+static const uint16_t class_to_string[] = {
+#define S_(s) offsetof(union class_to_string_data, L1(__LINE__)),
+#include "class_to_string.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+static const union common_perm_to_string_data {
+ struct {
+#define L1(line) L2(line)
+#define L2(line) str##line
+#define S_(s) char L1(__LINE__)[sizeof(s)];
+#define TB_(s)
+#define TE_(s)
+#include "common_perm_to_string.h"
+#undef S_
+#undef L1
+#undef L2
+ };
+ char str[0];
+} common_perm_to_string_data = {
+ {
+#define S_(s) s,
+#include "common_perm_to_string.h"
+#undef S_
+#undef TB_
+#undef TE_
+ }
+};
+static const union common_perm_to_string {
+ struct {
+#define TB_(s) struct {
+#define TE_(s) } s##_part;
+#define S_(s) uint16_t L1(__LINE__)
+#define L1(l) L2(l)
+#define L2(l) field_##l;
+#include "common_perm_to_string.h"
+#undef TB_
+#undef TE_
+#undef S_
+#undef L1
+#undef L2
+ };
+ uint16_t data[0];
+} common_perm_to_string = {
+ {
+#define TB_(s) {
+#define TE_(s) },
+#define S_(s) offsetof(union common_perm_to_string_data, L1(__LINE__)),
+#define L1(line) L2(line)
+#define L2(line) str##line
+#include "common_perm_to_string.h"
+#undef TB_
+#undef TE_
+#undef S_
+#undef L1
+#undef L2
+ }
+};
+
+static const struct av_inherit {
+ uint16_t tclass;
+ uint16_t common_pts_idx;
+ uint32_t common_base;
+} av_inherit[] = {
+#define S_(c, i, b) { c, offsetof(union common_perm_to_string, common_##i##_perm_to_string_part)/sizeof(uint16_t), b },
+#include "av_inherit.h"
+#undef S_
+};
+
+#define NCLASSES ARRAY_SIZE(class_to_string)
+#define NVECTORS ARRAY_SIZE(av_perm_to_string)
+#define MAXVECTORS 8*sizeof(access_vector_t)
+
+extern int obj_class_compat;
+
+struct discover_class_node {
+ char *name;
+ security_class_t value;
+ char **perms;
+
+ struct discover_class_node *next;
+};
+
+static struct discover_class_node *discover_class_cache = NULL;
+
+static struct discover_class_node * get_class_cache_entry_name(const char *s)
+{
+ struct discover_class_node *node = discover_class_cache;
+
+ for (; node != NULL && strcmp(s,node->name) != 0; node = node->next);
+
+ return node;
+}
+
+static struct discover_class_node * get_class_cache_entry_value(security_class_t c)
+{
+ struct discover_class_node *node = discover_class_cache;
+
+ for (; node != NULL && c != node->value; node = node->next);
+
+ return node;
+}
+
+static struct discover_class_node * discover_class(const char *s)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+ DIR *dir;
+ struct dirent *dentry;
+ size_t i;
+
+ struct discover_class_node *node;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return NULL;
+ }
+
+ /* allocate a node */
+ node = malloc(sizeof(struct discover_class_node));
+ if (node == NULL)
+ return NULL;
+
+ /* allocate array for perms */
+ node->perms = calloc(NVECTORS,sizeof(char*));
+ if (node->perms == NULL)
+ goto err1;
+
+ /* load up the name */
+ node->name = strdup(s);
+ if (node->name == NULL)
+ goto err2;
+
+ /* load up class index */
+ snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ goto err3;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ goto err3;
+
+ if (sscanf(buf, "%u", (unsigned int*)&node->value) != 1)
+ goto err3;
+
+ /* load up permission indicies */
+ snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
+ dir = opendir(path);
+ if (dir == NULL)
+ goto err3;
+
+ dentry = readdir(dir);
+ while (dentry != NULL) {
+ unsigned int value;
+ struct stat m;
+
+ snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+ if (stat(path,&m) < 0)
+ goto err4;
+
+ if (m.st_mode & S_IFDIR) {
+ dentry = readdir(dir);
+ continue;
+ }
+
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ goto err4;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ goto err4;
+
+ if (sscanf(buf, "%u", &value) != 1)
+ goto err4;
+
+ node->perms[value-1] = strdup(dentry->d_name);
+ if (node->perms[value-1] == NULL)
+ goto err4;
+
+ dentry = readdir(dir);
+ }
+ closedir(dir);
+
+ node->next = discover_class_cache;
+ discover_class_cache = node;
+
+ return node;
+
+err4:
+ closedir(dir);
+ for (i=0; i<NVECTORS; i++)
+ free(node->perms[i]);
+err3:
+ free(node->name);
+err2:
+ free(node->perms);
+err1:
+ free(node);
+ return NULL;
+}
+
+void flush_class_cache(void)
+{
+ struct discover_class_node *cur = discover_class_cache, *prev = NULL;
+ size_t i;
+
+ while (cur != NULL) {
+ free(cur->name);
+
+ for (i=0 ; i<MAXVECTORS ; i++)
+ free(cur->perms[i]);
+
+ free(cur->perms);
+
+ prev = cur;
+ cur = cur->next;
+
+ free(prev);
+ }
+
+ discover_class_cache = NULL;
+}
+
+static security_class_t string_to_security_class_compat(const char *s)
+{
+ unsigned int val;
+
+ if (isdigit(s[0])) {
+ val = atoi(s);
+ if (val > 0 && val < NCLASSES)
+ return map_class(val);
+ } else {
+ for (val = 0; val < NCLASSES; val++) {
+ if (strcmp(s, (class_to_string_data.str
+ + class_to_string[val])) == 0)
+ return map_class(val);
+ }
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+static access_vector_t string_to_av_perm_compat(security_class_t kclass, const char *s)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t perm, common_base = 0;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == kclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ i = 0;
+ perm = 1;
+ while (perm < common_base) {
+ if (strcmp
+ (s,
+ common_perm_to_string_data.str + common_pts_idx[i]) == 0)
+ return perm;
+ perm <<= 1;
+ i++;
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if ((av_perm_to_string[i].tclass == kclass) &&
+ (strcmp(s, (av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx)) == 0))
+ return av_perm_to_string[i].value;
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+static const char *security_class_to_string_compat(security_class_t tclass)
+{
+ if (tclass > 0 && tclass < NCLASSES)
+ return class_to_string_data.str + class_to_string[tclass];
+
+ errno = EINVAL;
+ return NULL;
+}
+
+static const char *security_av_perm_to_string_compat(security_class_t tclass,
+ access_vector_t av)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t common_base = 0;
+ unsigned int i;
+
+ if (!av)
+ return NULL;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == tclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ if (av < common_base) {
+ i = 0;
+ while (!(av & 1)) {
+ av >>= 1;
+ i++;
+ }
+ return common_perm_to_string_data.str + common_pts_idx[i];
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if (av_perm_to_string[i].tclass == tclass &&
+ av_perm_to_string[i].value == av)
+ return av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx;
+ }
+
+ errno = EINVAL;
+ return NULL;
+}
+
+security_class_t string_to_security_class(const char *s)
+{
+ struct discover_class_node *node;
+
+ if (obj_class_compat)
+ return string_to_security_class_compat(s);
+
+ node = get_class_cache_entry_name(s);
+ if (node == NULL) {
+ node = discover_class(s);
+
+ if (node == NULL) {
+ errno = EINVAL;
+ return 0;
+ }
+ }
+
+ return map_class(node->value);
+}
+
+access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
+{
+ struct discover_class_node *node;
+ security_class_t kclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return map_perm(tclass, string_to_av_perm_compat(kclass, s));
+
+ node = get_class_cache_entry_value(kclass);
+ if (node != NULL) {
+ size_t i;
+ for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++)
+ if (strcmp(node->perms[i],s) == 0)
+ return map_perm(tclass, 1<<i);
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+const char *security_class_to_string(security_class_t tclass)
+{
+ struct discover_class_node *node;
+
+ tclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return security_class_to_string_compat(tclass);
+
+ node = get_class_cache_entry_value(tclass);
+ if (node == NULL)
+ return security_class_to_string_compat(tclass);
+ else
+ return node->name;
+}
+
+const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t av)
+{
+ struct discover_class_node *node;
+ size_t i;
+
+ av = unmap_perm(tclass, av);
+ tclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return security_av_perm_to_string_compat(tclass,av);
+
+ node = get_class_cache_entry_value(tclass);
+ if (av && node)
+ for (i = 0; i<MAXVECTORS; i++)
+ if ((1<<i) & av)
+ return node->perms[i];
+
+ return security_av_perm_to_string_compat(tclass,av);
+}
+
+int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+{
+ unsigned int i = 0;
+ size_t len = 5;
+ access_vector_t tmp = av;
+ int rc = 0;
+ const char *str;
+ char *ptr;
+
+ /* first pass computes the required length */
+ while (tmp) {
+ if (tmp & 1) {
+ str = security_av_perm_to_string(tclass, av & (1<<i));
+ if (str)
+ len += strlen(str) + 1;
+ else {
+ rc = -1;
+ errno = EINVAL;
+ goto out;
+ }
+ }
+ tmp >>= 1;
+ i++;
+ }
+
+ *res = malloc(len);
+ if (!*res) {
+ rc = -1;
+ goto out;
+ }
+
+ /* second pass constructs the string */
+ i = 0;
+ tmp = av;
+ ptr = *res;
+
+ if (!av) {
+ sprintf(ptr, "null");
+ goto out;
+ }
+
+ ptr += sprintf(ptr, "{ ");
+ while (tmp) {
+ if (tmp & 1)
+ ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
+ tclass, av & (1<<i)));
+ tmp >>= 1;
+ i++;
+ }
+ sprintf(ptr, "}");
+out:
+ return rc;
+}
+
+void print_access_vector(security_class_t tclass, access_vector_t av)
+{
+ const char *permstr;
+ access_vector_t bit = 1;
+
+ if (av == 0) {
+ printf(" null");
+ return;
+ }
+
+ printf(" {");
+
+ while (av) {
+ if (av & bit) {
+ permstr = security_av_perm_to_string(tclass, bit);
+ if (!permstr)
+ break;
+ printf(" %s", permstr);
+ av &= ~bit;
+ }
+ bit <<= 1;
+ }
+
+ if (av)
+ printf(" 0x%x", av);
+ printf(" }");
+}
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
new file mode 100644
index 0000000..a2c0a53
--- /dev/null
+++ b/libselinux/utils/Makefile
@@ -0,0 +1,32 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+BINDIR ?= $(PREFIX)/sbin
+
+CFLAGS ?= -Wall
+override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS)
+LDLIBS += -L../src -lselinux -L$(LIBDIR)
+
+TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+ifeq ($(DISABLE_AVC),y)
+ UNUSED_TARGETS+=compute_av compute_create compute_member compute_relabel
+endif
+ifeq ($(DISABLE_BOOL),y)
+ UNUSED_TARGETS+=getsebool togglesebool
+endif
+TARGETS:= $(filter-out $(UNUSED_TARGETS), $(TARGETS))
+
+all: $(TARGETS)
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(BINDIR)
+
+clean:
+ rm -f $(TARGETS) *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
+
diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c
new file mode 100644
index 0000000..772118a
--- /dev/null
+++ b/libselinux/utils/avcstat.c
@@ -0,0 +1,234 @@
+/*
+ * avcstat - Display SELinux avc statistics.
+ *
+ * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/limits.h>
+
+#define DEF_STAT_FILE "/avc/cache_stats"
+#define DEF_BUF_SIZE 8192
+#define HEADERS "lookups hits misses allocations reclaims frees"
+
+struct avc_cache_stats {
+ unsigned long long lookups;
+ unsigned long long hits;
+ unsigned long long misses;
+ unsigned long long allocations;
+ unsigned long long reclaims;
+ unsigned long long frees;
+};
+
+static int interval;
+static int rows;
+static char *progname;
+static char buf[DEF_BUF_SIZE];
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+static void die(const char *msg, ...)
+{
+ va_list args;
+
+ fputs("ERROR: ", stderr);
+
+ va_start(args, msg);
+ vfprintf(stderr, msg, args);
+ va_end(args);
+
+ if (errno)
+ fprintf(stderr, ": %s", strerror(errno));
+
+ fputc('\n', stderr);
+ exit(1);
+}
+
+static void usage(void)
+{
+ printf("\nUsage: %s [-c] [-f status_file] [interval]\n\n", progname);
+ printf
+ ("Display SELinux AVC statistics. If the interval parameter is specified, the\n");
+ printf
+ ("program will loop, displaying updated statistics every \'interval\' seconds.\n");
+ printf
+ ("Relative values are displayed by default. Use the -c option to specify the\n");
+ printf
+ ("display of cumulative values. The -f option specifies the location of the\n");
+ printf("AVC statistics file, defaulting to \'%s%s\'.\n\n", selinux_mnt,
+ DEF_STAT_FILE);
+}
+
+static void set_window_rows(void)
+{
+ int ret;
+ struct winsize ws;
+
+ ret = ioctl(fileno(stdout), TIOCGWINSZ, &ws);
+ if (ret < 0 || ws.ws_row < 3)
+ ws.ws_row = 24;
+ rows = ws.ws_row;
+}
+
+static void sighandler(int num)
+{
+ if (num == SIGWINCH)
+ set_window_rows();
+}
+
+int main(int argc, char **argv)
+{
+ struct avc_cache_stats tot, rel, last;
+ int fd, i, cumulative = 0;
+ struct sigaction sa;
+ char avcstatfile[PATH_MAX];
+ snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt,
+ DEF_STAT_FILE);
+ progname = basename(argv[0]);
+
+ memset(&last, 0, sizeof(last));
+
+ while ((i = getopt(argc, argv, "cf:h?-")) != -1) {
+ switch (i) {
+ case 'c':
+ cumulative = 1;
+ break;
+ case 'f':
+ strncpy(avcstatfile, optarg, sizeof avcstatfile);
+ break;
+ case 'h':
+ case '-':
+ usage();
+ exit(0);
+ default:
+ usage();
+ die("unrecognized parameter", i);
+ }
+ }
+
+ if (optind < argc) {
+ char *arg = argv[optind];
+ unsigned int n = strtoul(arg, NULL, 10);
+
+ if (errno == ERANGE) {
+ usage();
+ die("invalid interval \'%s\'", arg);
+ }
+ if (n == 0) {
+ usage();
+ exit(0);
+ }
+ interval = n;
+ }
+
+ sa.sa_handler = sighandler;
+ sa.sa_flags = SA_RESTART;
+
+ i = sigaction(SIGWINCH, &sa, NULL);
+ if (i < 0)
+ die("sigaction");
+
+ set_window_rows();
+ fd = open(avcstatfile, O_RDONLY);
+ if (fd < 0)
+ die("open: \'%s\'", avcstatfile);
+
+ for (i = 0;; i++) {
+ char *line;
+ ssize_t ret, parsed = 0;
+
+ memset(buf, 0, DEF_BUF_SIZE);
+ ret = read(fd, buf, DEF_BUF_SIZE);
+ if (ret < 0)
+ die("read");
+
+ if (ret == 0)
+ die("read: \'%s\': unexpected end of file",
+ avcstatfile);
+
+ line = strtok(buf, "\n");
+ if (!line)
+ die("unable to parse \'%s\': end of line not found",
+ avcstatfile);
+
+ if (strcmp(line, HEADERS))
+ die("unable to parse \'%s\': invalid headers",
+ avcstatfile);
+
+ if (!i || !(i % (rows - 2)))
+ printf("%10s %10s %10s %10s %10s %10s\n", "lookups",
+ "hits", "misses", "allocs", "reclaims", "frees");
+
+ memset(&tot, 0, sizeof(tot));
+
+ while ((line = strtok(NULL, "\n"))) {
+ struct avc_cache_stats tmp;
+
+ ret = sscanf(line, "%llu %llu %llu %llu %llu %llu",
+ &tmp.lookups,
+ &tmp.hits,
+ &tmp.misses,
+ &tmp.allocations,
+ &tmp.reclaims, &tmp.frees);
+ if (ret != 6)
+ die("unable to parse \'%s\': scan error",
+ avcstatfile);
+
+ tot.lookups += tmp.lookups;
+ tot.hits += tmp.hits;
+ tot.misses += tmp.misses;
+ tot.allocations += tmp.allocations;
+ tot.reclaims += tmp.reclaims;
+ tot.frees += tmp.frees;
+ parsed = 1;
+ }
+
+ if (!parsed)
+ die("unable to parse \'%s\': no data", avcstatfile);
+
+ if (cumulative || (!cumulative && !i))
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ tot.lookups, tot.hits, tot.misses,
+ tot.allocations, tot.reclaims, tot.frees);
+ else {
+ rel.lookups = tot.lookups - last.lookups;
+ rel.hits = tot.hits - last.hits;
+ rel.misses = tot.misses - last.misses;
+ rel.allocations = tot.allocations - last.allocations;
+ rel.reclaims = tot.reclaims - last.reclaims;
+ rel.frees = tot.frees - last.frees;
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ rel.lookups, rel.hits, rel.misses,
+ rel.allocations, rel.reclaims, rel.frees);
+ }
+
+ if (!interval)
+ break;
+
+ memcpy(&last, &tot, sizeof(last));
+ sleep(interval);
+
+ ret = lseek(fd, 0, 0);
+ if (ret < 0)
+ die("lseek");
+ }
+
+ close(fd);
+ return 0;
+}
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
new file mode 100644
index 0000000..574fa6e
--- /dev/null
+++ b/libselinux/utils/compute_av.c
@@ -0,0 +1,55 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ struct av_decision avd;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
+ exit(3);
+ }
+
+ printf("allowed=");
+ print_access_vector(tclass, avd.allowed);
+ printf("\n");
+
+ if (avd.decided != ~0U) {
+ printf("decided=");
+ print_access_vector(tclass, avd.decided);
+ printf("\n");
+ }
+
+ if (avd.auditallow) {
+ printf("auditallow=");
+ print_access_vector(tclass, avd.auditallow);
+ printf("\n");
+ }
+
+ if (avd.auditdeny != ~0U) {
+ printf("auditdeny");
+ print_access_vector(tclass, avd.auditdeny);
+ printf("\n");
+ }
+
+ exit(0);
+}
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
new file mode 100644
index 0000000..4abc29f
--- /dev/null
+++ b/libselinux/utils/compute_create.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_create(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_create failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
new file mode 100644
index 0000000..14edd45
--- /dev/null
+++ b/libselinux/utils/compute_member.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_member(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_member failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
new file mode 100644
index 0000000..970750e
--- /dev/null
+++ b/libselinux/utils/compute_relabel.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_relabel failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_user.c b/libselinux/utils/compute_user.c
new file mode 100644
index 0000000..cae62b2
--- /dev/null
+++ b/libselinux/utils/compute_user.c
@@ -0,0 +1,38 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char **buf, **ptr;
+ int ret;
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s context user\n", argv[0]);
+ exit(1);
+ }
+
+ ret = security_compute_user(argv[1], argv[2], &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_user(%s,%s) failed\n",
+ argv[0], argv[1], argv[2]);
+ exit(2);
+ }
+
+ if (!buf[0]) {
+ printf("none\n");
+ exit(0);
+ }
+
+ for (ptr = buf; *ptr; ptr++) {
+ printf("%s\n", *ptr);
+ }
+ freeconary(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
new file mode 100644
index 0000000..4f473e4
--- /dev/null
+++ b/libselinux/utils/getconlist.c
@@ -0,0 +1,73 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user [context]\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t *list, usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL;
+ int ret, i, opt;
+
+ while ((opt = getopt(argc, argv, "l:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "getconlist may be used only on a SELinux kernel.\n");
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ /* Get the list and print it */
+ if (level)
+ ret =
+ get_ordered_context_list_with_level(user, level,
+ cur_context, &list);
+ else
+ ret = get_ordered_context_list(user, cur_context, &list);
+ if (ret != -1) {
+ for (i = 0; list[i]; i++)
+ puts(list[i]);
+ freeconary(list);
+ }
+
+ free(usercon);
+
+ return 0;
+}
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
new file mode 100644
index 0000000..93762c1
--- /dev/null
+++ b/libselinux/utils/getdefaultcon.c
@@ -0,0 +1,80 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
+
+ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ case 'r':
+ role = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "%s may be used only on a SELinux kernel.\n", argv[0]);
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
+ if (! level) level=dlevel;
+ if (role != NULL && role[0])
+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
+ else
+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
+ }
+ if (ret < 0)
+ perror(argv[0]);
+ else
+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+
+
+ free(role);
+ free(seuser);
+ if (level != dlevel) free(level);
+ free(dlevel);
+ free(usercon);
+
+ return 0;
+}
diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
new file mode 100644
index 0000000..891c7b7
--- /dev/null
+++ b/libselinux/utils/getenforce.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ int rc;
+
+ rc = is_selinux_enabled();
+ if (rc < 0) {
+ fputs("getenforce: is_selinux_enabled() failed", stderr);
+ return 2;
+ }
+ if (rc == 1) {
+ rc = security_getenforce();
+ if (rc < 0) {
+ fputs("getenforce: getenforce() failed", stderr);
+ return 2;
+ }
+
+ if (rc)
+ puts("Enforcing");
+ else
+ puts("Permissive");
+ } else {
+ puts("Disabled");
+ }
+
+ return 0;
+}
diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
new file mode 100644
index 0000000..a7a51ab
--- /dev/null
+++ b/libselinux/utils/getfilecon.c
@@ -0,0 +1,27 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ int rc, i;
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: %s path...\n", argv[0]);
+ exit(1);
+ }
+
+ for (i = 1; i < argc; i++) {
+ rc = getfilecon(argv[i], &buf);
+ if (rc < 0) {
+ fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
+ argv[i]);
+ exit(2);
+ }
+ printf("%s\t%s\n", argv[i], buf);
+ freecon(buf);
+ }
+ exit(0);
+}
diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
new file mode 100644
index 0000000..3df0da1
--- /dev/null
+++ b/libselinux/utils/getpidcon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ pid_t pid;
+ char *buf;
+ int rc;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: %s pid\n", argv[0]);
+ exit(1);
+ }
+
+ if (sscanf(argv[1], "%d", &pid) != 1) {
+ fprintf(stderr, "%s: invalid pid %s\n", argv[0], argv[1]);
+ exit(2);
+ }
+
+ rc = getpidcon(pid, &buf);
+ if (rc < 0) {
+ fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/getsebool.c b/libselinux/utils/getsebool.c
new file mode 100644
index 0000000..cab2bb9
--- /dev/null
+++ b/libselinux/utils/getsebool.c
@@ -0,0 +1,105 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
+ char **names;
+
+ while ((opt = getopt(argc, argv, "a")) > 0) {
+ switch (opt) {
+ case 'a':
+ if (argc > 2)
+ usage(argv[0]);
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n",
+ argv[0]);
+ return 1;
+ }
+ errno = 0;
+ rc = security_get_boolean_names(&names, &len);
+ if (rc) {
+ fprintf(stderr,
+ "%s: Unable to get boolean names: %s\n",
+ argv[0], strerror(errno));
+ return 1;
+ }
+ if (!len) {
+ printf("No booleans\n");
+ return 0;
+ }
+ get_all = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+
+ if (!len) {
+ if (argc < 2)
+ usage(argv[0]);
+ len = argc - 1;
+ names = malloc(sizeof(char *) * len);
+ if (!names) {
+ fprintf(stderr, "%s: out of memory\n", argv[0]);
+ return 2;
+ }
+ for (i = 0; i < len; i++) {
+ names[i] = strdup(argv[i + 1]);
+ if (!names[i]) {
+ fprintf(stderr, "%s: out of memory\n",
+ argv[0]);
+ return 2;
+ }
+ }
+ }
+
+ for (i = 0; i < len; i++) {
+ active = security_get_boolean_active(names[i]);
+ if (active < 0) {
+ if (get_all && errno == EACCES)
+ continue;
+ fprintf(stderr, "Error getting active value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ pending = security_get_boolean_pending(names[i]);
+ if (pending < 0) {
+ fprintf(stderr, "Error getting pending value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ if (pending != active) {
+ printf("%s --> %s pending: %s\n", names[i],
+ (active ? "on" : "off"),
+ (pending ? "on" : "off"));
+ } else {
+ printf("%s --> %s\n", names[i],
+ (active ? "on" : "off"));
+ }
+ }
+
+ out:
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ return rc;
+}
diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c
new file mode 100644
index 0000000..1e7ed76
--- /dev/null
+++ b/libselinux/utils/getseuser.c
@@ -0,0 +1,40 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+int main(int argc, char **argv)
+{
+ char *seuser = NULL, *level = NULL;
+ security_context_t *contextlist;
+ int rc, n, i;
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]);
+ exit(1);
+ }
+
+ rc = getseuserbyname(argv[1], &seuser, &level);
+ if (rc) {
+ fprintf(stderr, "getseuserbyname failed: %s\n",
+ strerror(errno));
+ exit(2);
+ }
+ printf("seuser: %s, level %s\n", seuser, level);
+ n = get_ordered_context_list_with_level(seuser, level, argv[2],
+ &contextlist);
+ if (n <= 0) {
+ fprintf(stderr,
+ "get_ordered_context_list_with_level failed: %s\n",
+ strerror(errno));
+ exit(3);
+ }
+ free(seuser);
+ free(level);
+ for (i = 0; i < n; i++)
+ printf("Context %d\t%s\n", i, contextlist[i]);
+ freeconary(contextlist);
+ exit(0);
+}
diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c
new file mode 100644
index 0000000..5276d24
--- /dev/null
+++ b/libselinux/utils/matchpathcon.c
@@ -0,0 +1,143 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr,
+ "usage: %s [-N] [-n] [-f file_contexts] [-p prefix] [-Vq] path...\n",
+ progname);
+ exit(1);
+}
+
+int printmatchpathcon(char *path, int header, int mode)
+{
+ char *buf;
+ int rc = matchpathcon(path, mode, &buf);
+ if (rc < 0) {
+ fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
+ strerror(errno));
+ return 1;
+ }
+ if (header)
+ printf("%s\t%s\n", path, buf);
+ else
+ printf("%s\n", buf);
+
+ freecon(buf);
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ int i, init = 0;
+ int header = 1, opt;
+ int verify = 0;
+ int notrans = 0;
+ int error = 0;
+ int quiet = 0;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ while ((opt = getopt(argc, argv, "Nnf:p:Vq")) > 0) {
+ switch (opt) {
+ case 'n':
+ header = 0;
+ break;
+ case 'V':
+ verify = 1;
+ break;
+ case 'N':
+ notrans = 1;
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ break;
+ case 'f':
+ if (init) {
+ fprintf(stderr,
+ "%s: -f and -p are exclusive\n",
+ argv[0]);
+ exit(1);
+ }
+ init = 1;
+ if (matchpathcon_init(optarg)) {
+ fprintf(stderr,
+ "Error while processing %s: %s\n",
+ optarg,
+ errno ? strerror(errno) : "invalid");
+ exit(1);
+ }
+ break;
+ case 'p':
+ if (init) {
+ fprintf(stderr,
+ "%s: -f and -p are exclusive\n",
+ argv[0]);
+ exit(1);
+ }
+ init = 1;
+ if (matchpathcon_init_prefix(NULL, optarg)) {
+ fprintf(stderr,
+ "Error while processing %s: %s\n",
+ optarg,
+ errno ? strerror(errno) : "invalid");
+ exit(1);
+ }
+ break;
+ case 'q':
+ quiet = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+ for (i = optind; i < argc; i++) {
+ int mode = 0;
+ struct stat buf;
+ if (lstat(argv[i], &buf) == 0)
+ mode = buf.st_mode;
+
+ if (verify) {
+ if (quiet) {
+ if (selinux_file_context_verify(argv[i], 0))
+ continue;
+ else
+ exit(1);
+ }
+ if (selinux_file_context_verify(argv[i], 0)) {
+ printf("%s verified.\n", argv[i]);
+ } else {
+ security_context_t con;
+ int rc;
+ error = 1;
+ if (notrans)
+ rc = lgetfilecon_raw(argv[i], &con);
+ else
+ rc = lgetfilecon(argv[i], &con);
+
+ if (rc >= 0) {
+ printf("%s has context %s, should be ",
+ argv[i], con);
+ printmatchpathcon(argv[i], 0, mode);
+ freecon(con);
+ } else {
+ printf
+ ("actual context unknown: %s, should be ",
+ strerror(errno));
+ printmatchpathcon(argv[i], 0, mode);
+ }
+ }
+ } else {
+ error |= printmatchpathcon(argv[i], header, mode);
+ }
+ }
+ matchpathcon_fini();
+ return error;
+}
diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
new file mode 100644
index 0000000..0309d7d
--- /dev/null
+++ b/libselinux/utils/policyvers.c
@@ -0,0 +1,18 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ int rc;
+
+ rc = security_policyvers();
+ if (rc < 0) {
+ fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
+ exit(2);
+ }
+
+ printf("%d\n", rc);
+ exit(0);
+}
diff --git a/libselinux/utils/selinux_check_securetty_context.c b/libselinux/utils/selinux_check_securetty_context.c
new file mode 100644
index 0000000..95bfb7f
--- /dev/null
+++ b/libselinux/utils/selinux_check_securetty_context.c
@@ -0,0 +1,35 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s tty_context...\n", progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int i;
+ if (argc < 2)
+ usage(argv[0]);
+
+ for (i = 1; i < argc; i++) {
+ switch (selinux_check_securetty_context(argv[i])) {
+ case 0:
+ printf("%s securetty.\n", argv[i]);
+ break;
+ default:
+ printf("%s not securetty.\n", argv[i]);
+ break;
+ }
+ }
+ return 0;
+}
diff --git a/libselinux/utils/selinuxenabled.c b/libselinux/utils/selinuxenabled.c
new file mode 100644
index 0000000..04ea778
--- /dev/null
+++ b/libselinux/utils/selinuxenabled.c
@@ -0,0 +1,9 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(void)
+{
+ return !is_selinux_enabled();
+}
diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
new file mode 100644
index 0000000..e45b804
--- /dev/null
+++ b/libselinux/utils/setenforce.c
@@ -0,0 +1,42 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <strings.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s [ Enforcing | Permissive | 1 | 0 ]\n",
+ progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int rc = 0;
+ if (argc != 2) {
+ usage(argv[0]);
+ }
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+ if (strlen(argv[1]) == 1 && (argv[1][0] == '0' || argv[1][0] == '1')) {
+ rc = security_setenforce(atoi(argv[1]));
+ } else {
+ if (strcasecmp(argv[1], "enforcing") == 0) {
+ rc = security_setenforce(1);
+ } else if (strcasecmp(argv[1], "permissive") == 0) {
+ rc = security_setenforce(0);
+ } else
+ usage(argv[0]);
+ }
+ if (rc < 0) {
+ fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
+ return 2;
+ }
+ return 0;
+}
diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
new file mode 100644
index 0000000..d69af84
--- /dev/null
+++ b/libselinux/utils/setfilecon.c
@@ -0,0 +1,24 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ int rc, i;
+
+ if (argc < 3) {
+ fprintf(stderr, "usage: %s context path...\n", argv[0]);
+ exit(1);
+ }
+
+ for (i = 2; i < argc; i++) {
+ rc = setfilecon(argv[i], argv[1]);
+ if (rc < 0) {
+ fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
+ argv[0], argv[i], argv[1]);
+ exit(2);
+ }
+ }
+ exit(0);
+}
diff --git a/libselinux/utils/togglesebool.c b/libselinux/utils/togglesebool.c
new file mode 100644
index 0000000..680ed8d
--- /dev/null
+++ b/libselinux/utils/togglesebool.c
@@ -0,0 +1,97 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <string.h>
+
+/* Attempt to rollback the transaction. No need to check error
+ codes since this is rolling back something that blew up. */
+void rollback(int argc, char **argv)
+{
+ int i;
+
+ for (i = 1; i < argc; i++)
+ security_set_boolean(argv[i],
+ security_get_boolean_active(argv[i]));
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+
+ int rc, i, commit = 0;
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+
+ if (argc < 2) {
+ printf("Usage: %s boolname1 [boolname2 ...]\n",
+ basename(argv[0]));
+ return 1;
+ }
+
+ for (i = 1; i < argc; i++) {
+ printf("%s: ", argv[i]);
+ rc = security_get_boolean_active(argv[i]);
+ switch (rc) {
+ case 1:
+ if (security_set_boolean(argv[i], 0) >= 0) {
+ printf("inactive\n");
+ commit++;
+ } else {
+ printf("%s - rolling back all changes\n",
+ strerror(errno));
+ rollback(i, argv);
+ }
+ break;
+ case 0:
+ if (security_set_boolean(argv[i], 1) >= 0) {
+ printf("active\n");
+ commit++;
+ } else {
+ printf("%s - rolling back all changes\n",
+ strerror(errno));
+ rollback(i, argv);
+ }
+ break;
+ default:
+ if (errno == ENOENT)
+ printf
+ ("Boolean does not exist - rolling back all changes.\n");
+ else
+ printf("%s - rolling back all changes.\n",
+ strerror(errno));
+ rollback(i, argv);
+ break; /* Not reached. */
+ }
+ }
+
+ if (commit > 0) {
+ if (security_commit_booleans() < 0) {
+ printf("Commit failed. (%s) No change to booleans.\n",
+ strerror(errno));
+ } else {
+ /* syslog all the changes */
+ struct passwd *pwd = getpwuid(getuid());
+ for (i = 1; i < argc; i++) {
+ if (pwd && pwd->pw_name)
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was toggled by %s",
+ argv[i], pwd->pw_name);
+ else
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was toggled by uid:%d",
+ argv[i], getuid());
+
+ }
+ return 0;
+ }
+ }
+ return 1;
+}
diff --git a/libsemanage/COPYING b/libsemanage/COPYING
new file mode 100644
index 0000000..8add30a
--- /dev/null
+++ b/libsemanage/COPYING
@@ -0,0 +1,504 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+�
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+�
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+�
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+�
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+�
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+�
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+�
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+�
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
+
+
diff --git a/libsemanage/ChangeLog b/libsemanage/ChangeLog
new file mode 100644
index 0000000..ae83ec4
--- /dev/null
+++ b/libsemanage/ChangeLog
@@ -0,0 +1,652 @@
+2.0.27 2008-08-05
+ * Modify genhomedircon to skip %groupname entries.
+ Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax.
+
+2.0.26 2008-07-29
+ * Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
+ Strip any trailing slash before appending /*$.
+
+2.0.25 2008-04-21
+ * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
+ Fixes semanage boolean -D seg fault (bug 441379).
+
+2.0.24 2008-02-26
+ * make swigify
+
+2.0.23 2008-02-04
+ * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
+
+2.0.22 2008-02-04
+ * Free policydb before fork from Joshua Brindle.
+
+2.0.21 2008-02-04
+ * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
+
+2.0.12 2008-02-02
+ * Use sepol_set_expand_consume_base to reduce peak memory usage when
+ using semodule from Joshua Brindle.
+
+2.0.19 2008-01-31
+ * Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
+
+2.0.18 2008-01-28
+ * Fix spurious out of memory error reports.
+
+2.0.17 2008-01-25
+ * Merged second version of fix for genhomedircon handling from Caleb Case.
+
+2.0.16 2008-01-24
+ * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
+
+2.0.15 2007-12-05
+ * Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
+ * Copy the store path in semanage_select_store from Dan Walsh.
+
+2.0.14 2007-11-05
+ * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
+
+2.0.13 2007-11-05
+ * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
+
+2.0.12 2007-10-05
+ * ustr cleanups from James Antill.
+ * Ensure that /root gets labeled even if using the default context from Dan Walsh.
+
+2.0.11 2007-09-28
+ * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
+
+2.0.10 2007-09-28
+ * Fix error checking on getpw*_r functions from Todd Miller.
+ * Make genhomedircon skip invalid homedir contexts from Todd Miller.
+ * Set default user and prefix from seusers from Dan Walsh.
+ * Add swigify Makefile target from Dan Walsh.
+
+2.0.9 2007-09-24
+ * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+
+2.0.8 2007-09-19
+ * Clear errno on non-fatal errors to avoid reporting them upon a
+ later error that does not set errno.
+
+2.0.7 2007-09-19
+ * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
+
+2.0.6 2007-09-10
+ * Change to use getpw* function calls to the _r versions from Todd Miller.
+
+2.0.5 2007-08-23
+ * Replace genhomedircon script with equivalent functionality within
+ libsemanage and introduce disable-genhomedircon option in
+ semanage.conf from Todd Miller.
+ Note: Depends on ustr.
+
+2.0.4 2007-08-16
+ * Allow dontaudits to be turned off via semanage interface when
+ updating policy from Joshua Brindle.
+
+2.0.3 2007-04-25
+ * Fix to libsemanage man patches so whatis will work better from Dan Walsh
+
+2.0.2 2007-04-24
+ * Merged optimizations from Stephen Smalley.
+ - do not set all booleans upon commit, only those whose values have changed
+ - only install the sandbox upon commit if something was rebuilt
+
+2.0.1 2007-03-12
+ * Merged dbase_file_flush patch from Dan Walsh.
+ This removes any mention of specific tools (e.g. semanage)
+ from the comment header of the auto-generated files,
+ since there are multiple front-end tools.
+
+2.0.0 2007-02-20
+ * Merged Makefile test target patch from Caleb Case.
+ * Merged get_commit_number function rename patch from Caleb Case.
+ * Merged strnlen -> strlen patch from Todd Miller.
+
+1.10.1 2007-01-26
+ * Merged python binding fix from Dan Walsh.
+
+1.10.0 2007-01-18
+ * Updated version for stable branch.
+
+1.9.2 2007-01-08
+ * Merged patch to optionally reduce disk usage by removing
+ the backup module store and linked policy from Karl MacMillan
+ * Merged patch to correctly propagate return values in libsemanage
+
+1.9.1 2006-11-27
+ * Merged patch to compile wit -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offest table
+ limit. Patch changed to include libselinux and libsemanage in
+ addition to libsepol.
+
+1.8 2006-10-17
+ * Updated version for release.
+
+1.6.17 2006-09-29
+ * Merged patch to skip reload if no active store exists and
+ the store path doesn't match the active store path from Dan Walsh.
+ * Merged patch to not destroy sepol handle on error path of
+ connect from James Athey.
+ * Merged patch to add genhomedircon path to semanage.conf from
+ James Athey.
+
+1.6.16 2006-08-14
+ * Make most copy errors fatal, but allow exceptions for
+ file_contexts.local, seusers, and netfilter_contexts if
+ the source file does not exist in the store.
+
+1.6.15 2006-08-11
+ * Merged separate local file contexts patch from Chris PeBenito.
+
+1.6.14 2006-08-11
+ * Merged patch to make most copy errors non-fatal from Dan Walsh.
+
+1.6.13 2006-08-03
+ * Merged netfilter contexts support from Chris PeBenito.
+
+1.6.12 2006-07-11
+ * Merged support for read operations on read-only fs from
+ Caleb Case (Tresys Technology).
+
+1.6.11 2006-06-29
+ * Lindent.
+
+1.6.10 2006-06-26
+ * Merged setfiles location check patch from Dan Walsh.
+
+1.6.9 2006-06-16
+ * Merged several fixes from Serge Hallyn:
+ dbase_file_cache: deref of uninit data on error path.
+ dbase_policydb_cache: clear fp to avoid double fclose
+ semanage_fc_sort: destroy temp on error paths
+
+1.6.8 2006-06-02
+ * Updated default location for setfiles to /sbin to
+ match policycoreutils. This can also be adjusted via
+ semanage.conf using the syntax:
+ [setfiles]
+ path = /path/to/setfiles
+ args = -q -c $@ $<
+ [end]
+
+1.6.7 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.6.6 2006-04-14
+ * Merged updated file context sorting patch from Christopher
+ Ashworth, with bug fix for escaped character flag.
+
+1.6.5 2006-04-13
+ * Merged file context sorting code from Christopher Ashworth
+ (Tresys Technology), based on fc_sort.c code in refpolicy.
+
+1.6.4 2006-04-12
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+ * Regenerated swig files.
+
+1.6.3 2006-03-30
+ * Merged corrected fix for descriptor leak from Dan Walsh.
+
+1.6.2 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
+1.6.1 2006-03-20
+ * Merged man page reorganization from Ivan Gyurdiev.
+
+1.6 2006-03-14
+ * Updated version for release.
+
+1.5.31 2006-03-09
+ * Merged abort early on merge errors patch from Ivan Gyurdiev.
+
+1.5.30 2006-03-08
+ * Cleaned up error handling in semanage_split_fc based on a patch
+ by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
+
+1.5.29 2006-02-21
+ * Merged MLS handling fixes from Ivan Gyurdiev.
+
+1.5.28 2006-02-16
+ * Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
+
+1.5.27 2006-02-16
+ * Merged base_merge_components changes from Ivan Gyurdiev.
+
+1.5.26 2006-02-15
+ * Merged paths array patch from Ivan Gyurdiev.
+ * Merged bug fix patch from Ivan Gyurdiev.
+
+1.5.25 2006-02-14
+ * Merged improve bindings patch from Ivan Gyurdiev.
+
+1.5.24 2006-02-14
+ * Merged use PyList patch from Ivan Gyurdiev.
+ * Merged memory leak fix patch from Ivan Gyurdiev.
+ * Merged nodecon support patch from Ivan Gyurdiev.
+ * Merged cleanups patch from Ivan Gyurdiev.
+ * Merged split swig patch from Ivan Gyurdiev.
+
+1.5.23 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.5.22 2006-02-13
+ * Merged treat seusers/users_extra as optional sections patch from
+ Ivan Gyurdiev.
+ * Merged parse_optional fixes from Ivan Gyurdiev.
+
+1.5.21 2006-02-07
+ * Merged seuser/user_extra support patch from Joshua Brindle.
+ * Merged remote system dbase patch from Ivan Gyurdiev.
+
+1.5.20 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.5.19 2006-01-30
+ * Merged fname parameter patch from Ivan Gyurdiev.
+ * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
+ * Merged seusers.system patch from Ivan Gyurdiev.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+
+1.5.18 2006-01-27
+ * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
+
+1.5.17 2006-01-27
+ * Merged set_create_store, access_check, and is_connected interfaces
+ from Joshua Brindle.
+
+1.5.16 2006-01-19
+ * Regenerate python wrappers.
+
+1.5.15 2006-01-18
+ * Merged pywrap Makefile diff from Dan Walsh.
+ * Merged cache management patch from Ivan Gyurdiev.
+ * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
+ * Merged remove apply_local function patch from Ivan Gyurdiev.
+ * Merged only do read locking in direct case patch from Ivan Gyurdiev.
+ * Merged cache error path memory leak fix from Ivan Gyurdiev.
+ * Merged auto-generated file header patch from Ivan Gyurdiev.
+ * Merged pywrap test update from Ivan Gyurdiev.
+ * Merged hidden defs update from Ivan Gyurdiev.
+
+1.5.14 2006-01-13
+ * Merged disallow port overlap patch from Ivan Gyurdiev.
+
+1.5.13 2006-01-12
+ * Merged join prereq and implementation patches from Ivan Gyurdiev.
+ * Merged join user extra data part 2 patch from Ivan Gyurdiev.
+ * Merged bugfix patch from Ivan Gyurdiev.
+
+1.5.12 2006-01-12
+ * Merged remove add_local/set_local patch from Ivan Gyurdiev.
+ * Merged user extra data part 1 patch from Ivan Gyurdiev.
+ * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
+ * Merged calloc check in semanage_store patch from Ivan Gyurdiev,
+ bug noticed by Steve Grubb.
+ * Merged cleanups after add/set removal patch from Ivan Gyurdiev.
+
+1.5.11 2006-01-09
+ * Merged fcontext compare fix from Ivan Gyurdiev.
+
+1.5.10 2006-01-06
+ * Fixed commit to return the commit number aka policy sequence number.
+
+1.5.9 2006-01-06
+ * Merged const in APIs patch from Ivan Gyurdiev.
+ * Merged validation of local file contexts patch from Ivan Gyurdiev.
+ * Merged compare2 function patch from Ivan Gyurdiev.
+ * Merged hidden def/proto update patch from Ivan Gyurdiev.
+
+1.5.8 2006-01-05
+ * Re-applied string and file optimization patch from Russell Coker,
+ with bug fix.
+
+1.5.7 2006-01-05
+ * Reverted string and file optimization patch from Russell Coker.
+
+1.5.6 2006-01-05
+ * Clarified error messages from parse_module_headers and
+ parse_base_headers for base/module mismatches.
+
+1.5.5 2006-01-05
+ * Merged string and file optimization patch from Russell Coker.
+ * Merged swig header reordering patch from Ivan Gyurdiev.
+ * Merged toggle modify on add patch from Ivan Gyurdiev.
+ * Merged ports parser bugfix patch from Ivan Gyurdiev.
+ * Merged fcontext swig patch from Ivan Gyurdiev.
+ * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
+ * Merged man pages for dbase functions patch from Ivan Gyurdiev.
+ * Merged pywrap tests patch from Ivan Gyurdiev.
+
+1.5.4 2006-01-04
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - separate file rw code from linked list
+ - annotate objects
+ - fold together internal headers
+ - support ordering of records in compare function
+ - add active dbase backend, active booleans
+ - return commit numbers for ro database calls
+ - use modified flags to skip rebuild whenever possible
+ - enable port interfaces
+ - update swig interfaces and typemaps
+ - add an API for file_contexts.local and file_contexts
+ - flip the traversal order in iterate/list
+ - reorganize sandbox_expand
+ - add seusers MLS validation
+ - improve dbase spec/documentation
+ - clone record on set/add/modify
+
+1.5.3 2005-12-14
+ * Merged further header cleanups from Ivan Gyurdiev.
+
+1.5.2 2005-12-13
+ * Merged toggle modified flag in policydb_modify, fix memory leak
+ in clear_obsolete, polymorphism vs headers fix, and include guards
+ for internal headers patches from Ivan Gyurdiev.
+
+1.5.1 2005-12-12
+ * Added file-mode= setting to semanage.conf, default to 0644.
+ Changed semanage_copy_file and callers to use this mode when
+ installing policy files to runtime locations.
+
+1.4 2005-12-07
+ * Updated version for release.
+
+1.3.64 2005-12-06
+ * Changed semanage_handle_create() to set do_reload based on
+ is_selinux_enabled(). This prevents improper attempts to
+ load policy on a non-SELinux system.
+
+1.3.63 2005-12-05
+ * Dropped handle from user_del_role interface.
+
+1.3.62 2005-12-05
+ * Removed defrole interfaces.
+
+1.3.61 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.3.60 2005-11-29
+ * Removed is_selinux_mls_enabled() conditionals in seusers and users
+ file parsers.
+
+1.3.59 2005-11-28
+ * Merged wrap char*** for user_get_roles patch from Joshua Brindle.
+
+1.3.58 2005-11-28
+ * Merged remove defrole from sepol patch from Ivan Gyurdiev.
+
+1.3.57 2005-11-28
+ * Merged swig wrappers for modifying users and seusers from Joshua Brindle.
+
+1.3.56 2005-11-16
+ * Fixed free->key_free bug.
+
+1.3.55 2005-11-16
+ * Merged clear obsolete patch from Ivan Gyurdiev.
+
+1.3.54 2005-11-15
+ * Merged modified swigify patch from Dan Walsh
+ (original patch from Joshua Brindle).
+ * Merged move genhomedircon call patch from Chad Sellers.
+
+1.3.53 2005-11-10
+ * Merged move seuser validation patch from Ivan Gyurdiev.
+ * Merged hidden declaration fixes from Ivan Gyurdiev,
+ with minor corrections.
+
+1.3.52 2005-11-09
+ * Merged cleanup patch from Ivan Gyurdiev.
+ This renames semanage_module_conn to semanage_direct_handle,
+ and moves sepol handle create/destroy into semanage handle
+ create/destroy to allow use even when disconnected (for the
+ record interfaces).
+
+1.3.51 2005-11-08
+ * Clear modules modified flag upon disconnect and commit.
+
+1.3.50 2005-11-08
+ * Added tracking of module modifications and use it to
+ determine whether expand-time checks should be applied
+ on commit.
+
+1.3.49 2005-11-08
+ * Reverted semanage_set_reload_bools() interface.
+
+1.3.48 2005-11-08
+ * Disabled calls to port dbase for merge and commit and stubbed
+ out calls to sepol_port interfaces since they are not exported.
+
+1.3.47 2005-11-08
+ * Merged rename instead of copy patch from Joshua Brindle (Tresys).
+
+1.3.46 2005-11-07
+ * Added hidden_def/hidden_proto for exported symbols used within
+ libsemanage to eliminate relocations. Wrapped type definitions
+ in exported headers as needed to avoid conflicts. Added
+ src/context_internal.h and src/iface_internal.h.
+
+1.3.45 2005-11-07
+ * Added semanage_is_managed() interface to allow detection of whether
+ the policy is managed via libsemanage. This enables proper handling
+ in setsebool for non-managed systems.
+
+1.3.44 2005-11-07
+ * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
+ to enable runtime control over preserving active boolean values
+ versus reloading their saved settings upon commit.
+
+1.3.43 2005-11-04
+ * Merged seuser parser resync, dbase tracking and cleanup, strtol
+ bug, copyright, and assert space patches from Ivan Gyurdiev.
+
+1.3.42 2005-11-04
+ * Added src/*_internal.h in preparation for other changes.
+ * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
+ src/seusers.[hc].
+
+1.3.41 2005-11-03
+ * Merged interface parse/print, context_to_string interface change,
+ move assert_noeof, and order preserving patches from Ivan Gyurdiev.
+ * Added src/dso.h in preparation for other changes.
+
+1.3.40 2005-11-01
+ * Merged install seusers, handle/error messages, MLS parsing,
+ and seusers validation patches from Ivan Gyurdiev.
+
+1.3.39 2005-10-31
+ * Merged record interface, dbase flush, common database code,
+ and record bugfix patches from Ivan Gyurdiev.
+
+1.3.38 2005-10-27
+ * Merged dbase policydb list and count change from Ivan Gyurdiev.
+
+1.3.37 2005-10-27
+ * Merged enable dbase and set relay patches from Ivan Gyurdiev.
+
+1.3.36 2005-10-27
+ * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
+
+1.3.35 2005-10-26
+ * Merged sepol handle passing, seusers support, and policydb cache
+ patches from Ivan Gyurdiev.
+
+1.3.34 2005-10-25
+ * Merged resync to sepol changes and booleans fixes/improvements
+ patches from Ivan Gyurdiev.
+
+1.3.33 2005-10-25
+ * Merged support for genhomedircon/homedir template, store selection,
+ explicit policy reload, and semanage.conf relocation from Joshua
+ Brindle.
+
+1.3.32 2005-10-24
+ * Merged resync to sepol changes and transaction fix patches from
+ Ivan Gyurdiev.
+
+1.3.31 2005-10-21
+ * Merged reorganize users patch from Ivan Gyurdiev.
+ * Merged remove unused relay functions patch from Ivan Gyurdiev.
+
+1.3.30 2005-10-20
+ * Fixed policy file leaks in semanage_load_module and
+ semanage_write_module.
+ * Merged further database work from Ivan Gyurdiev.
+
+1.3.29 2005-10-20
+ * Fixed bug in semanage_direct_disconnect.
+
+1.3.28 2005-10-20
+ * Merged interface renaming patch from Ivan Gyurdiev.
+ * Merged policy component patch from Ivan Gyurdiev.
+
+1.3.27 2005-10-20
+ * Renamed 'check=' configuration value to 'expand-check=' for
+ clarity.
+ * Changed semanage_commit_sandbox to check for and report errors
+ on rename(2) calls performed during rollback.
+
+1.3.26 2005-10-19
+ * Added optional check= configuration value to semanage.conf
+ and updated call to sepol_expand_module to pass its value
+ to control assertion and hierarchy checking on module expansion.
+
+1.3.25 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.3.24 2005-10-19
+ * Merged default database from Ivan Gyurdiev.
+ * Merged removal of connect requirement in policydb backend from
+ Ivan Gyurdiev.
+ * Merged commit locking fix and lock rename from Joshua Brindle.
+ * Merged transaction rollback in lock patch from Joshua Brindle.
+
+1.3.23 2005-10-18
+ * Changed default args for load_policy to be null, as it no longer
+ takes a pathname argument and we want to preserve booleans.
+
+1.3.22 2005-10-18
+ * Merged move local dbase initialization patch from Ivan Gyurdiev.
+ * Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
+ * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
+
+1.3.21 2005-10-18
+ * Added calls to sepol_policy_file_set_handle interface prior
+ to invoking sepol operations on policy files.
+ * Updated call to sepol_policydb_from_image to pass the handle.
+
+1.3.20 2005-10-17
+ * Merged user and port APIs - policy database patch from Ivan
+ Gyurdiev.
+
+1.3.19 2005-10-17
+ * Converted calls to sepol link_packages and expand_module interfaces
+ from using buffers to using sepol handles for error reporting, and
+ changed direct_connect/disconnect to create/destroy sepol handles.
+
+1.3.18 2005-10-14
+ * Merged bugfix patch from Ivan Gyurdiev.
+
+1.3.17 2005-10-14
+ * Merged seuser database patch from Ivan Gyurdiev.
+ Merged direct user/port databases to the handle from Ivan Gyurdiev.
+
+1.3.16 2005-10-14
+ * Removed obsolete include/semanage/commit_api.h (leftover).
+ Merged seuser record patch from Ivan Gyurdiev.
+
+1.3.15 2005-10-14
+ * Merged boolean and interface databases from Ivan Gyurdiev.
+
+1.3.14 2005-10-13
+ * Updated to use get interfaces for hidden sepol_module_package type.
+
+1.3.13 2005-10-13
+ * Changed semanage_expand_sandbox and semanage_install_active
+ to generate/install the latest policy version supported by libsepol
+ by default (unless overridden by semanage.conf), since libselinux
+ will now downgrade automatically for load_policy.
+
+1.3.12 2005-10-13
+ * Merged new callback-based error reporting system and ongoing
+ database work from Ivan Gyurdiev.
+
+1.3.11 2005-10-11
+ * Fixed semanage_install_active() to use the same logic for
+ selecting a policy version as semanage_expand_sandbox(). Dropped
+ dead code from semanage_install_sandbox().
+
+1.3.10 2005-10-07
+ * Updated for changes to libsepol, and to only use types and interfaces
+ provided by the shared libsepol.
+
+1.3.9 2005-10-06
+ * Merged further database work from Ivan Gyurdiev.
+
+1.3.8 2005-10-04
+ * Merged iterate, redistribute, and dbase split patches from
+ Ivan Gyurdiev.
+
+1.3.7 2005-09-30
+ * Merged patch series from Ivan Gyurdiev.
+ (pointer typedef elimination, file renames, dbase work, backend
+ separation)
+
+1.3.6 2005-09-28
+ * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
+ * Separated handle create from connect interface.
+ * Added a constructor for initialization.
+ * Moved up src/include/*.h to src.
+ * Created a symbol map file; dropped dso.h and hidden markings.
+
+1.3.5 2005-09-28
+ * Merged major update to libsemanage organization and functionality
+ from Karl MacMillan (Tresys).
+
+1.3.4 2005-09-23
+ * Merged dbase redesign patch from Ivan Gyurdiev.
+
+1.3.3 2005-09-21
+ * Merged boolean record, stub record handler, and status codes
+ patches from Ivan Gyurdiev.
+
+1.3.2 2005-09-16
+ * Merged stub iterator functionality from Ivan Gyurdiev.
+ * Merged interface record patch from Ivan Gyurdiev.
+
+1.3.1 2005-09-14
+ * Merged stub functionality for managing user and port records,
+ and record table code from Ivan Gyurdiev.
+
+1.2 2005-09-06
+ * Updated version for release.
+
+1.1.6 2005-08-31
+ * Merged semod.conf template patch from Dan Walsh (Red Hat),
+ but restored location to /usr/share/semod/semod.conf.
+
+1.1.5 2005-08-30
+ * Fixed several bugs found by valgrind.
+ * Fixed bug in prior patch for the semod_build_module_list leak.
+
+1.1.4 2005-08-25
+ * Merged errno fix from Joshua Brindle (Tresys).
+ * Merged fix for semod_build_modules_list leak on error path
+ from Serge Hallyn (IBM). Bug found by Coverity.
+
+1.1.3 2005-08-22
+ * Merged several fixes from Serge Hallyn (IBM). Bugs found by
+ Coverity.
+ * Fixed several other bugs and warnings.
+
+1.1.2 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.1.1 2005-08-02
+ * Merged relay records patch from Ivan Gyurdiev.
+ * Merged key extract patch from Ivan Gyurdiev.
+
+1.0 2005-07-27
+ * Initial version.
diff --git a/libsemanage/Makefile b/libsemanage/Makefile
new file mode 100644
index 0000000..073dc09
--- /dev/null
+++ b/libsemanage/Makefile
@@ -0,0 +1,30 @@
+all:
+ $(MAKE) -C src all
+
+swigify:
+ $(MAKE) -C src swigify
+
+pywrap:
+ $(MAKE) -C src pywrap
+
+install:
+ $(MAKE) -C include install
+ $(MAKE) -C src install
+ $(MAKE) -C man install
+
+install-pywrap:
+ $(MAKE) -C src install-pywrap
+
+relabel:
+ $(MAKE) -C src relabel
+
+clean distclean:
+ $(MAKE) -C src $@
+ $(MAKE) -C tests $@
+
+indent:
+ $(MAKE) -C src $@
+ $(MAKE) -C include $@
+
+test: all
+ $(MAKE) -C tests test
diff --git a/libsemanage/VERSION b/libsemanage/VERSION
new file mode 100644
index 0000000..2ce4589
--- /dev/null
+++ b/libsemanage/VERSION
@@ -0,0 +1 @@
+2.0.27
diff --git a/libsemanage/include/Makefile b/libsemanage/include/Makefile
new file mode 100644
index 0000000..391f950
--- /dev/null
+++ b/libsemanage/include/Makefile
@@ -0,0 +1,10 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCDIR ?= $(PREFIX)/include/semanage
+
+install:
+ test -d $(INCDIR) || install -m 755 -d $(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+
+indent:
+ ../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/include/semanage/boolean_record.h b/libsemanage/include/semanage/boolean_record.h
new file mode 100644
index 0000000..b618593
--- /dev/null
+++ b/libsemanage/include/semanage/boolean_record.h
@@ -0,0 +1,54 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_BOOLEAN_RECORD_H_
+#define _SEMANAGE_BOOLEAN_RECORD_H_
+
+#include <semanage/handle.h>
+
+#ifndef _SEMANAGE_BOOL_DEFINED_
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool semanage_bool_t;
+typedef struct semanage_bool_key semanage_bool_key_t;
+#define _SEMANAGE_BOOL_DEFINED_
+#endif
+
+/* Key */
+extern int semanage_bool_key_create(semanage_handle_t * handle,
+ const char *name,
+ semanage_bool_key_t ** key);
+
+extern int semanage_bool_key_extract(semanage_handle_t * handle,
+ const semanage_bool_t * boolean,
+ semanage_bool_key_t ** key);
+
+extern void semanage_bool_key_free(semanage_bool_key_t * key);
+
+extern int semanage_bool_compare(const semanage_bool_t * boolean,
+ const semanage_bool_key_t * key);
+
+extern int semanage_bool_compare2(const semanage_bool_t * boolean,
+ const semanage_bool_t * boolean2);
+
+/* Name */
+extern const char *semanage_bool_get_name(const semanage_bool_t * boolean);
+
+extern int semanage_bool_set_name(semanage_handle_t * handle,
+ semanage_bool_t * boolean, const char *name);
+
+/* Value */
+extern int semanage_bool_get_value(const semanage_bool_t * boolean);
+
+extern void semanage_bool_set_value(semanage_bool_t * boolean, int value);
+
+/* Create/Clone/Destroy */
+extern int semanage_bool_create(semanage_handle_t * handle,
+ semanage_bool_t ** bool_ptr);
+
+extern int semanage_bool_clone(semanage_handle_t * handle,
+ const semanage_bool_t * boolean,
+ semanage_bool_t ** bool_ptr);
+
+extern void semanage_bool_free(semanage_bool_t * boolean);
+
+#endif
diff --git a/libsemanage/include/semanage/booleans_active.h b/libsemanage/include/semanage/booleans_active.h
new file mode 100644
index 0000000..0bbe51b
--- /dev/null
+++ b/libsemanage/include/semanage/booleans_active.h
@@ -0,0 +1,33 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_BOOLEANS_ACTIVE_H_
+#define _SEMANAGE_BOOLEANS_ACTIVE_H_
+
+#include <semanage/boolean_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_bool_set_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ const semanage_bool_t * data);
+
+extern int semanage_bool_query_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response);
+
+extern int semanage_bool_exists_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ int *response);
+
+extern int semanage_bool_count_active(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_bool_iterate_active(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_bool_list_active(semanage_handle_t * handle,
+ semanage_bool_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/booleans_local.h b/libsemanage/include/semanage/booleans_local.h
new file mode 100644
index 0000000..a32e98c
--- /dev/null
+++ b/libsemanage/include/semanage/booleans_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_BOOLEANS_LOCAL_H_
+#define _SEMANAGE_BOOLEANS_LOCAL_H_
+
+#include <semanage/boolean_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_bool_modify_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ const semanage_bool_t * data);
+
+extern int semanage_bool_del_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key);
+
+extern int semanage_bool_query_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response);
+
+extern int semanage_bool_exists_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ int *response);
+
+extern int semanage_bool_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_bool_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_bool_list_local(semanage_handle_t * handle,
+ semanage_bool_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/booleans_policy.h b/libsemanage/include/semanage/booleans_policy.h
new file mode 100644
index 0000000..08d0bbb
--- /dev/null
+++ b/libsemanage/include/semanage/booleans_policy.h
@@ -0,0 +1,27 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_BOOLEANS_POLICY_H_
+#define _SEMANAGE_BOOLEANS_POLICY_H_
+
+#include <semanage/handle.h>
+#include <semanage/boolean_record.h>
+
+extern int semanage_bool_query(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response);
+
+extern int semanage_bool_exists(semanage_handle_t * handle,
+ const semanage_bool_key_t * key, int *response);
+
+extern int semanage_bool_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_bool_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t * record,
+ void *varg),
+ void *handler_arg);
+
+extern int semanage_bool_list(semanage_handle_t * handle,
+ semanage_bool_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/context_record.h b/libsemanage/include/semanage/context_record.h
new file mode 100644
index 0000000..54dcea5
--- /dev/null
+++ b/libsemanage/include/semanage/context_record.h
@@ -0,0 +1,61 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_CONTEXT_RECORD_H_
+#define _SEMANAGE_CONTEXT_RECORD_H_
+
+#include <semanage/handle.h>
+
+#ifndef _SEMANAGE_CONTEXT_DEFINED_
+struct semanage_context;
+typedef struct semanage_context semanage_context_t;
+#define _SEMANAGE_CONTEXT_DEFINED_
+#endif
+
+/* User */
+extern const char *semanage_context_get_user(const semanage_context_t * con);
+
+extern int semanage_context_set_user(semanage_handle_t * handle,
+ semanage_context_t * con,
+ const char *user);
+
+/* Role */
+extern const char *semanage_context_get_role(const semanage_context_t * con);
+
+extern int semanage_context_set_role(semanage_handle_t * handle,
+ semanage_context_t * con,
+ const char *role);
+
+/* Type */
+extern const char *semanage_context_get_type(const semanage_context_t * con);
+
+extern int semanage_context_set_type(semanage_handle_t * handle,
+ semanage_context_t * con,
+ const char *type);
+
+/* MLS */
+extern const char *semanage_context_get_mls(const semanage_context_t * con);
+
+extern int semanage_context_set_mls(semanage_handle_t * handle,
+ semanage_context_t * con,
+ const char *mls_range);
+
+/* Create/Clone/Destroy */
+extern int semanage_context_create(semanage_handle_t * handle,
+ semanage_context_t ** con_ptr);
+
+extern int semanage_context_clone(semanage_handle_t * handle,
+ const semanage_context_t * con,
+ semanage_context_t ** con_ptr);
+
+extern void semanage_context_free(semanage_context_t * con);
+
+/* Parse to/from string */
+extern int semanage_context_from_string(semanage_handle_t * handle,
+ const char *str,
+ semanage_context_t ** con);
+
+extern int semanage_context_to_string(semanage_handle_t * handle,
+ const semanage_context_t * con,
+ char **str_ptr);
+
+#endif
diff --git a/libsemanage/include/semanage/debug.h b/libsemanage/include/semanage/debug.h
new file mode 100644
index 0000000..effc24a
--- /dev/null
+++ b/libsemanage/include/semanage/debug.h
@@ -0,0 +1,54 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_DEBUG_H_
+#define _SEMANAGE_DEBUG_H_
+
+#include <semanage/handle.h>
+
+#define SEMANAGE_MSG_ERR 1
+#define SEMANAGE_MSG_WARN 2
+#define SEMANAGE_MSG_INFO 3
+
+extern int semanage_msg_get_level(semanage_handle_t * handle);
+
+extern const char *semanage_msg_get_channel(semanage_handle_t * handle);
+
+extern const char *semanage_msg_get_fname(semanage_handle_t * handle);
+
+/* Set the messaging callback.
+ * By the default, the callback will print
+ * the message on standard output, in a
+ * particular format. Passing NULL here
+ * indicates that messaging should be suppressed */
+extern void semanage_msg_set_callback(semanage_handle_t * handle,
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ semanage_handle_t *
+ handle,
+ const char *fmt,
+ ...),
+ void *msg_callback_arg);
+
+#endif
diff --git a/libsemanage/include/semanage/fcontext_record.h b/libsemanage/include/semanage/fcontext_record.h
new file mode 100644
index 0000000..4cf9261
--- /dev/null
+++ b/libsemanage/include/semanage/fcontext_record.h
@@ -0,0 +1,78 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_FCONTEXT_RECORD_H_
+#define _SEMANAGE_FCONTEXT_RECORD_H_
+
+#include <semanage/context_record.h>
+#include <semanage/handle.h>
+
+#ifndef _SEMANAGE_FCONTEXT_DEFINED_
+struct semanage_fcontext;
+struct semanage_fcontext_key;
+typedef struct semanage_fcontext semanage_fcontext_t;
+typedef struct semanage_fcontext_key semanage_fcontext_key_t;
+#define _SEMANAGE_FCONTEXT_DEFINED_
+#endif
+
+/* Key */
+extern int semanage_fcontext_compare(const semanage_fcontext_t * fcontext,
+ const semanage_fcontext_key_t * key);
+
+extern int semanage_fcontext_compare2(const semanage_fcontext_t * fcontext,
+ const semanage_fcontext_t * fcontext2);
+
+extern int semanage_fcontext_key_create(semanage_handle_t * handle,
+ const char *expr,
+ int type,
+ semanage_fcontext_key_t ** key_ptr);
+
+extern int semanage_fcontext_key_extract(semanage_handle_t * handle,
+ const semanage_fcontext_t * fcontext,
+ semanage_fcontext_key_t ** key_ptr);
+
+extern void semanage_fcontext_key_free(semanage_fcontext_key_t * key);
+
+/* Regexp */
+extern const char *semanage_fcontext_get_expr(const semanage_fcontext_t *
+ fcontext);
+
+extern int semanage_fcontext_set_expr(semanage_handle_t * handle,
+ semanage_fcontext_t * fcontext,
+ const char *expr);
+
+/* Type */
+#define SEMANAGE_FCONTEXT_ALL 0
+#define SEMANAGE_FCONTEXT_REG 1
+#define SEMANAGE_FCONTEXT_DIR 2
+#define SEMANAGE_FCONTEXT_CHAR 3
+#define SEMANAGE_FCONTEXT_BLOCK 4
+#define SEMANAGE_FCONTEXT_SOCK 5
+#define SEMANAGE_FCONTEXT_LINK 6
+#define SEMANAGE_FCONTEXT_PIPE 7
+
+extern int semanage_fcontext_get_type(const semanage_fcontext_t * fcontext);
+
+extern const char *semanage_fcontext_get_type_str(int type);
+
+extern void semanage_fcontext_set_type(semanage_fcontext_t * fcontext,
+ int type);
+
+/* Context */
+extern semanage_context_t *semanage_fcontext_get_con(const semanage_fcontext_t *
+ fcontext);
+
+extern int semanage_fcontext_set_con(semanage_handle_t * handle,
+ semanage_fcontext_t * fcontext,
+ semanage_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int semanage_fcontext_create(semanage_handle_t * handle,
+ semanage_fcontext_t ** fcontext_ptr);
+
+extern int semanage_fcontext_clone(semanage_handle_t * handle,
+ const semanage_fcontext_t * fcontext,
+ semanage_fcontext_t ** fcontext_ptr);
+
+extern void semanage_fcontext_free(semanage_fcontext_t * fcontext);
+
+#endif
diff --git a/libsemanage/include/semanage/fcontexts_local.h b/libsemanage/include/semanage/fcontexts_local.h
new file mode 100644
index 0000000..aaecc0f
--- /dev/null
+++ b/libsemanage/include/semanage/fcontexts_local.h
@@ -0,0 +1,37 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_FCONTEXTS_LOCAL_H_
+#define _SEMANAGE_FCONTEXTS_LOCAL_H_
+
+#include <semanage/fcontext_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_fcontext_modify_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ const semanage_fcontext_t * data);
+
+extern int semanage_fcontext_del_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key);
+
+extern int semanage_fcontext_query_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ semanage_fcontext_t ** response);
+
+extern int semanage_fcontext_exists_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ int *response);
+
+extern int semanage_fcontext_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_fcontext_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const
+ semanage_fcontext_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_fcontext_list_local(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/fcontexts_policy.h b/libsemanage/include/semanage/fcontexts_policy.h
new file mode 100644
index 0000000..a50db2b
--- /dev/null
+++ b/libsemanage/include/semanage/fcontexts_policy.h
@@ -0,0 +1,29 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_FCONTEXTS_POLICY_H_
+#define _SEMANAGE_FCONTEXTS_POLICY_H_
+
+#include <semanage/fcontext_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_fcontext_query(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ semanage_fcontext_t ** response);
+
+extern int semanage_fcontext_exists(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ int *response);
+
+extern int semanage_fcontext_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_fcontext_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_fcontext_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_fcontext_list(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
new file mode 100644
index 0000000..e065070
--- /dev/null
+++ b/libsemanage/include/semanage/handle.h
@@ -0,0 +1,129 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_HANDLE_H_
+#define _SEMANAGE_HANDLE_H_
+
+/* All accesses with semanage are through a "semanage_handle". The
+ * handle may ultimately reference local config files,
+ * the binary policy file, a module store, or a policy management server.
+ */
+struct semanage_handle;
+typedef struct semanage_handle semanage_handle_t;
+
+/* Create and return a semanage handle.
+ The handle is initially in the disconnected state. */
+semanage_handle_t *semanage_handle_create(void);
+
+/* Deallocate all space associated with a semanage_handle_t, including
+ * the pointer itself. CAUTION: this function does not disconnect
+ * from the backend; be sure that a semanage_disconnect() was
+ * previously called if the handle was connected. */
+void semanage_handle_destroy(semanage_handle_t *);
+
+/* This is the type of connection to the store, for now only
+ * direct is supported */
+enum semanage_connect_type {
+ SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT,
+ SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE
+};
+
+/* This function allows you to specify the store to connect to.
+ * It must be called after semanage_handle_create but before
+ * semanage_connect. The argument should be the full path to the store.
+ */
+void semanage_select_store(semanage_handle_t * handle, char *path,
+ enum semanage_connect_type storetype);
+
+/* Just reload the policy */
+int semanage_reload_policy(semanage_handle_t * handle);
+
+/* set whether to reload the policy or not after a commit,
+ * 1 for yes (default), 0 for no */
+void semanage_set_reload(semanage_handle_t * handle, int do_reload);
+
+/* set whether to rebuild the policy on commit, even if no
+ * changes were performed.
+ * 1 for yes, 0 for no (default) */
+void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
+
+/* create the store if it does not exist, this only has an effect on
+ * direct connections and must be called before semanage_connect
+ * 1 for yes, 0 for no (default) */
+void semanage_set_create_store(semanage_handle_t * handle, int create_store);
+
+/* Set whether or not to disable dontaudits upon commit */
+void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
+
+/* Check whether policy is managed via libsemanage on this system.
+ * Must be called prior to trying to connect.
+ * Return 1 if policy is managed via libsemanage on this system,
+ * 0 if policy is not managed, or -1 on error.
+ */
+int semanage_is_managed(semanage_handle_t *);
+
+/* "Connect" to a manager based on the configuration and
+ * associate the provided handle with the connection.
+ * If the connect fails then this function returns a negative value,
+ * else it returns zero.
+ */
+int semanage_connect(semanage_handle_t *);
+
+/* Disconnect from the manager given by the handle. If already
+ * disconnected then this function does nothing. Return 0 if
+ * disconnected properly or already disconnected, negative value on
+ * error. */
+int semanage_disconnect(semanage_handle_t *);
+
+/* Attempt to obtain a transaction lock on the manager. If another
+ * process has the lock then this function may block, depending upon
+ * the timeout value in the handle.
+ *
+ * Note that if the semanage_handle has not yet obtained a transaction
+ * lock whenever a writer function is called, there will be an
+ * implicit call to this function. */
+int semanage_begin_transaction(semanage_handle_t *);
+
+/* Attempt to commit all changes since this transaction began. If the
+ * commit is successful then increment the "policy sequence number"
+ * and then release the transaction lock. Return that policy number
+ * afterwards, or -1 on error.
+ */
+int semanage_commit(semanage_handle_t *);
+
+#define SEMANAGE_CAN_READ 1
+#define SEMANAGE_CAN_WRITE 2
+/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
+ * or writable, respectively. <0 if an error occured */
+int semanage_access_check(semanage_handle_t * sh);
+
+/* returns 0 if not connected, 1 if connected */
+int semanage_is_connected(semanage_handle_t * sh);
+
+/* META NOTES
+ *
+ * For all functions a non-negative number indicates success. For some
+ * functions a >=0 returned value is the "policy sequence number". This
+ * number keeps tracks of policy revisions and is used to detect if
+ * one semanage client has committed policy changes while another is
+ * still connected.
+ */
+
+#endif
diff --git a/libsemanage/include/semanage/iface_record.h b/libsemanage/include/semanage/iface_record.h
new file mode 100644
index 0000000..857d42e
--- /dev/null
+++ b/libsemanage/include/semanage/iface_record.h
@@ -0,0 +1,65 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_IFACE_RECORD_H_
+#define _SEMANAGE_IFACE_RECORD_H_
+
+#include <semanage/context_record.h>
+#include <semanage/handle.h>
+
+#ifndef _SEMANAGE_IFACE_DEFINED_
+struct semanage_iface;
+struct semanage_iface_key;
+typedef struct semanage_iface semanage_iface_t;
+typedef struct semanage_iface_key semanage_iface_key_t;
+#define _SEMANAGE_IFACE_DEFINED_
+#endif
+
+/* Key */
+extern int semanage_iface_compare(const semanage_iface_t * iface,
+ const semanage_iface_key_t * key);
+
+extern int semanage_iface_compare2(const semanage_iface_t * iface,
+ const semanage_iface_t * iface2);
+
+extern int semanage_iface_key_create(semanage_handle_t * handle,
+ const char *name,
+ semanage_iface_key_t ** key_ptr);
+
+extern int semanage_iface_key_extract(semanage_handle_t * handle,
+ const semanage_iface_t * iface,
+ semanage_iface_key_t ** key_ptr);
+
+extern void semanage_iface_key_free(semanage_iface_key_t * key);
+
+/* Name */
+extern const char *semanage_iface_get_name(const semanage_iface_t * iface);
+
+extern int semanage_iface_set_name(semanage_handle_t * handle,
+ semanage_iface_t * iface, const char *name);
+
+/* Context */
+extern semanage_context_t *semanage_iface_get_ifcon(const semanage_iface_t *
+ iface);
+
+extern int semanage_iface_set_ifcon(semanage_handle_t * handle,
+ semanage_iface_t * iface,
+ semanage_context_t * con);
+
+extern semanage_context_t *semanage_iface_get_msgcon(const semanage_iface_t *
+ iface);
+
+extern int semanage_iface_set_msgcon(semanage_handle_t * handle,
+ semanage_iface_t * iface,
+ semanage_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int semanage_iface_create(semanage_handle_t * handle,
+ semanage_iface_t ** iface_ptr);
+
+extern int semanage_iface_clone(semanage_handle_t * handle,
+ const semanage_iface_t * iface,
+ semanage_iface_t ** iface_ptr);
+
+extern void semanage_iface_free(semanage_iface_t * iface);
+
+#endif
diff --git a/libsemanage/include/semanage/interfaces_local.h b/libsemanage/include/semanage/interfaces_local.h
new file mode 100644
index 0000000..9b07ca6
--- /dev/null
+++ b/libsemanage/include/semanage/interfaces_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_INTERFACES_LOCAL_H_
+#define _SEMANAGE_INTERFACES_LOCAL_H_
+
+#include <semanage/iface_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_iface_modify_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ const semanage_iface_t * data);
+
+extern int semanage_iface_del_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key);
+
+extern int semanage_iface_query_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ semanage_iface_t ** response);
+
+extern int semanage_iface_exists_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ int *response);
+
+extern int semanage_iface_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_iface_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_iface_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_iface_list_local(semanage_handle_t * handle,
+ semanage_iface_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/interfaces_policy.h b/libsemanage/include/semanage/interfaces_policy.h
new file mode 100644
index 0000000..9816280
--- /dev/null
+++ b/libsemanage/include/semanage/interfaces_policy.h
@@ -0,0 +1,29 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_INTERFACES_POLICY_H_
+#define _SEMANAGE_INTERFACES_POLICY_H_
+
+#include <semanage/handle.h>
+#include <semanage/iface_record.h>
+
+extern int semanage_iface_query(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ semanage_iface_t ** response);
+
+extern int semanage_iface_exists(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ int *response);
+
+extern int semanage_iface_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_iface_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_iface_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_iface_list(semanage_handle_t * handle,
+ semanage_iface_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h
new file mode 100644
index 0000000..e570169
--- /dev/null
+++ b/libsemanage/include/semanage/modules.h
@@ -0,0 +1,51 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_MODULES_H_
+#define _SEMANAGE_MODULES_H_
+
+#include <stddef.h>
+#include <semanage/handle.h>
+
+/* High level module management functions. These are all part of
+ * a transaction
+ */
+
+int semanage_module_install(semanage_handle_t *,
+ char *module_data, size_t data_len);
+int semanage_module_upgrade(semanage_handle_t *,
+ char *module_data, size_t data_len);
+int semanage_module_install_base(semanage_handle_t *,
+ char *module_data, size_t data_len);
+int semanage_module_remove(semanage_handle_t *, char *module_name);
+
+/* semanage_module_info is for getting information on installed
+ modules, only name and version at this time */
+typedef struct semanage_module_info semanage_module_info_t;
+
+int semanage_module_list(semanage_handle_t *,
+ semanage_module_info_t **, int *num_modules);
+void semanage_module_info_datum_destroy(semanage_module_info_t *);
+semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list,
+ int n);
+const char *semanage_module_get_name(semanage_module_info_t *);
+const char *semanage_module_get_version(semanage_module_info_t *);
+
+#endif
diff --git a/libsemanage/include/semanage/node_record.h b/libsemanage/include/semanage/node_record.h
new file mode 100644
index 0000000..c9e4ce8
--- /dev/null
+++ b/libsemanage/include/semanage/node_record.h
@@ -0,0 +1,95 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_NODE_RECORD_H_
+#define _SEMANAGE_NODE_RECORD_H_
+
+#include <semanage/context_record.h>
+#include <semanage/handle.h>
+#include <stddef.h>
+
+#ifndef _SEMANAGE_NODE_DEFINED_
+struct semanage_node;
+struct semanage_node_key;
+typedef struct semanage_node semanage_node_t;
+typedef struct semanage_node_key semanage_node_key_t;
+#define _SEMANAGE_NODE_DEFINED_
+#endif
+
+#define SEMANAGE_PROTO_IP4 0
+#define SEMANAGE_PROTO_IP6 1
+
+/* Key */
+extern int semanage_node_compare(const semanage_node_t * node,
+ const semanage_node_key_t * key);
+
+extern int semanage_node_compare2(const semanage_node_t * node,
+ const semanage_node_t * node2);
+
+extern int semanage_node_key_create(semanage_handle_t * handle,
+ const char *addr,
+ const char *mask,
+ int proto, semanage_node_key_t ** key_ptr);
+
+extern int semanage_node_key_extract(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ semanage_node_key_t ** key_ptr);
+
+extern void semanage_node_key_free(semanage_node_key_t * key);
+
+/* Address */
+extern int semanage_node_get_addr(semanage_handle_t * handle,
+ const semanage_node_t * node, char **addr);
+
+extern int semanage_node_get_addr_bytes(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ char **addr, size_t * addr_sz);
+
+extern int semanage_node_set_addr(semanage_handle_t * handle,
+ semanage_node_t * node,
+ int proto, const char *addr);
+
+extern int semanage_node_set_addr_bytes(semanage_handle_t * handle,
+ semanage_node_t * node,
+ const char *addr, size_t addr_sz);
+
+/* Netmask */
+extern int semanage_node_get_mask(semanage_handle_t * handle,
+ const semanage_node_t * node, char **mask);
+
+extern int semanage_node_get_mask_bytes(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ char **mask, size_t * mask_sz);
+
+extern int semanage_node_set_mask(semanage_handle_t * handle,
+ semanage_node_t * node,
+ int proto, const char *mask);
+
+extern int semanage_node_set_mask_bytes(semanage_handle_t * handle,
+ semanage_node_t * node,
+ const char *mask, size_t mask_sz);
+
+/* Protocol */
+extern int semanage_node_get_proto(const semanage_node_t * node);
+
+extern void semanage_node_set_proto(semanage_node_t * node, int proto);
+
+extern const char *semanage_node_get_proto_str(int proto);
+
+/* Context */
+extern semanage_context_t *semanage_node_get_con(const semanage_node_t * node);
+
+extern int semanage_node_set_con(semanage_handle_t * handle,
+ semanage_node_t * node,
+ semanage_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int semanage_node_create(semanage_handle_t * handle,
+ semanage_node_t ** node_ptr);
+
+extern int semanage_node_clone(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ semanage_node_t ** node_ptr);
+
+extern void semanage_node_free(semanage_node_t * node);
+
+#endif
diff --git a/libsemanage/include/semanage/nodes_local.h b/libsemanage/include/semanage/nodes_local.h
new file mode 100644
index 0000000..07ffd97
--- /dev/null
+++ b/libsemanage/include/semanage/nodes_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_NODES_LOCAL_H_
+#define _SEMANAGE_NODES_LOCAL_H_
+
+#include <semanage/node_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_node_modify_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ const semanage_node_t * data);
+
+extern int semanage_node_del_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key);
+
+extern int semanage_node_query_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ semanage_node_t ** response);
+
+extern int semanage_node_exists_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ int *response);
+
+extern int semanage_node_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_node_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_node_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_node_list_local(semanage_handle_t * handle,
+ semanage_node_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/nodes_policy.h b/libsemanage/include/semanage/nodes_policy.h
new file mode 100644
index 0000000..9150dfc
--- /dev/null
+++ b/libsemanage/include/semanage/nodes_policy.h
@@ -0,0 +1,27 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_NODES_POLICY_H_
+#define _SEMANAGE_NODES_POLICY_H_
+
+#include <semanage/handle.h>
+#include <semanage/node_record.h>
+
+extern int semanage_node_query(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ semanage_node_t ** response);
+
+extern int semanage_node_exists(semanage_handle_t * handle,
+ const semanage_node_key_t * key, int *response);
+
+extern int semanage_node_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_node_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_node_t * record,
+ void *varg),
+ void *handler_arg);
+
+extern int semanage_node_list(semanage_handle_t * handle,
+ semanage_node_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/port_record.h b/libsemanage/include/semanage/port_record.h
new file mode 100644
index 0000000..20ae4bd
--- /dev/null
+++ b/libsemanage/include/semanage/port_record.h
@@ -0,0 +1,70 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_PORT_RECORD_H_
+#define _SEMANAGE_PORT_RECORD_H_
+
+#include <semanage/context_record.h>
+#include <semanage/handle.h>
+
+#ifndef _SEMANAGE_PORT_DEFINED_
+struct semanage_port;
+struct semanage_port_key;
+typedef struct semanage_port semanage_port_t;
+typedef struct semanage_port_key semanage_port_key_t;
+#define _SEMANAGE_PORT_DEFINED_
+#endif
+
+#define SEMANAGE_PROTO_UDP 0
+#define SEMANAGE_PROTO_TCP 1
+
+/* Key */
+extern int semanage_port_compare(const semanage_port_t * port,
+ const semanage_port_key_t * key);
+
+extern int semanage_port_compare2(const semanage_port_t * port,
+ const semanage_port_t * port2);
+
+extern int semanage_port_key_create(semanage_handle_t * handle,
+ int low, int high, int proto,
+ semanage_port_key_t ** key_ptr);
+
+extern int semanage_port_key_extract(semanage_handle_t * handle,
+ const semanage_port_t * port,
+ semanage_port_key_t ** key_ptr);
+
+extern void semanage_port_key_free(semanage_port_key_t * key);
+
+/* Protocol */
+extern int semanage_port_get_proto(const semanage_port_t * port);
+
+extern void semanage_port_set_proto(semanage_port_t * port, int proto);
+
+extern const char *semanage_port_get_proto_str(int proto);
+
+/* Port */
+extern int semanage_port_get_low(const semanage_port_t * port);
+
+extern int semanage_port_get_high(const semanage_port_t * port);
+
+extern void semanage_port_set_port(semanage_port_t * port, int port_num);
+
+extern void semanage_port_set_range(semanage_port_t * port, int low, int high);
+
+/* Context */
+extern semanage_context_t *semanage_port_get_con(const semanage_port_t * port);
+
+extern int semanage_port_set_con(semanage_handle_t * handle,
+ semanage_port_t * port,
+ semanage_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int semanage_port_create(semanage_handle_t * handle,
+ semanage_port_t ** port_ptr);
+
+extern int semanage_port_clone(semanage_handle_t * handle,
+ const semanage_port_t * port,
+ semanage_port_t ** port_ptr);
+
+extern void semanage_port_free(semanage_port_t * port);
+
+#endif
diff --git a/libsemanage/include/semanage/ports_local.h b/libsemanage/include/semanage/ports_local.h
new file mode 100644
index 0000000..47cba44
--- /dev/null
+++ b/libsemanage/include/semanage/ports_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_PORTS_LOCAL_H_
+#define _SEMANAGE_PORTS_LOCAL_H_
+
+#include <semanage/port_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_port_modify_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ const semanage_port_t * data);
+
+extern int semanage_port_del_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key);
+
+extern int semanage_port_query_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ semanage_port_t ** response);
+
+extern int semanage_port_exists_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ int *response);
+
+extern int semanage_port_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_port_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_port_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_port_list_local(semanage_handle_t * handle,
+ semanage_port_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/ports_policy.h b/libsemanage/include/semanage/ports_policy.h
new file mode 100644
index 0000000..364bce8
--- /dev/null
+++ b/libsemanage/include/semanage/ports_policy.h
@@ -0,0 +1,27 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_PORTS_POLICY_H_
+#define _SEMANAGE_PORTS_POLICY_H_
+
+#include <semanage/handle.h>
+#include <semanage/port_record.h>
+
+extern int semanage_port_query(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ semanage_port_t ** response);
+
+extern int semanage_port_exists(semanage_handle_t * handle,
+ const semanage_port_key_t * key, int *response);
+
+extern int semanage_port_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_port_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_port_t * record,
+ void *varg),
+ void *handler_arg);
+
+extern int semanage_port_list(semanage_handle_t * handle,
+ semanage_port_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/semanage.h b/libsemanage/include/semanage/semanage.h
new file mode 100644
index 0000000..f417ce4
--- /dev/null
+++ b/libsemanage/include/semanage/semanage.h
@@ -0,0 +1,55 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_SEMANAGE_H_
+#define _SEMANAGE_SEMANAGE_H_
+
+#include <semanage/handle.h>
+#include <semanage/modules.h>
+#include <semanage/debug.h>
+
+/* Records */
+#include <semanage/boolean_record.h>
+#include <semanage/user_record.h>
+#include <semanage/seuser_record.h>
+#include <semanage/context_record.h>
+#include <semanage/iface_record.h>
+#include <semanage/port_record.h>
+#include <semanage/node_record.h>
+
+/* Dbase */
+#include <semanage/booleans_local.h>
+#include <semanage/booleans_policy.h>
+#include <semanage/booleans_active.h>
+#include <semanage/users_local.h>
+#include <semanage/users_policy.h>
+#include <semanage/fcontexts_local.h>
+#include <semanage/fcontexts_policy.h>
+#include <semanage/seusers_local.h>
+#include <semanage/seusers_policy.h>
+#include <semanage/ports_local.h>
+#include <semanage/ports_policy.h>
+#include <semanage/interfaces_local.h>
+#include <semanage/interfaces_policy.h>
+#include <semanage/nodes_local.h>
+#include <semanage/nodes_policy.h>
+
+#endif
diff --git a/libsemanage/include/semanage/seuser_record.h b/libsemanage/include/semanage/seuser_record.h
new file mode 100644
index 0000000..bf0dc8e
--- /dev/null
+++ b/libsemanage/include/semanage/seuser_record.h
@@ -0,0 +1,61 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_SEUSER_RECORD_H_
+#define _SEMANAGE_SEUSER_RECORD_H_
+
+#include <semanage/handle.h>
+
+struct semanage_seuser;
+struct semanage_seuser_key;
+typedef struct semanage_seuser semanage_seuser_t;
+typedef struct semanage_seuser_key semanage_seuser_key_t;
+
+/* Key */
+extern int semanage_seuser_key_create(semanage_handle_t * handle,
+ const char *name,
+ semanage_seuser_key_t ** key);
+
+extern int semanage_seuser_key_extract(semanage_handle_t * handle,
+ const semanage_seuser_t * seuser,
+ semanage_seuser_key_t ** key);
+
+extern void semanage_seuser_key_free(semanage_seuser_key_t * key);
+
+extern int semanage_seuser_compare(const semanage_seuser_t * seuser,
+ const semanage_seuser_key_t * key);
+
+extern int semanage_seuser_compare2(const semanage_seuser_t * seuser,
+ const semanage_seuser_t * seuser2);
+
+/* Name */
+extern const char *semanage_seuser_get_name(const semanage_seuser_t * seuser);
+
+extern int semanage_seuser_set_name(semanage_handle_t * handle,
+ semanage_seuser_t * seuser,
+ const char *name);
+
+/* Selinux Name */
+extern const char *semanage_seuser_get_sename(const semanage_seuser_t * seuser);
+
+extern int semanage_seuser_set_sename(semanage_handle_t * handle,
+ semanage_seuser_t * seuser,
+ const char *sename);
+
+/* MLS */
+extern const char *semanage_seuser_get_mlsrange(const semanage_seuser_t *
+ seuser);
+
+extern int semanage_seuser_set_mlsrange(semanage_handle_t * handle,
+ semanage_seuser_t * seuser,
+ const char *mls_range);
+
+/* Create/Clone/Destroy */
+extern int semanage_seuser_create(semanage_handle_t * handle,
+ semanage_seuser_t ** seuser_ptr);
+
+extern int semanage_seuser_clone(semanage_handle_t * handle,
+ const semanage_seuser_t * seuser,
+ semanage_seuser_t ** seuser_ptr);
+
+extern void semanage_seuser_free(semanage_seuser_t * seuser);
+#endif
diff --git a/libsemanage/include/semanage/seusers_local.h b/libsemanage/include/semanage/seusers_local.h
new file mode 100644
index 0000000..4333a7b
--- /dev/null
+++ b/libsemanage/include/semanage/seusers_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_SEUSERS_LOCAL_H_
+#define _SEMANAGE_SEUSERS_LOCAL_H_
+
+#include <semanage/seuser_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_seuser_modify_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ const semanage_seuser_t * data);
+
+extern int semanage_seuser_del_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key);
+
+extern int semanage_seuser_query_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ semanage_seuser_t ** response);
+
+extern int semanage_seuser_exists_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ int *response);
+
+extern int semanage_seuser_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_seuser_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_seuser_t
+ * record, void *varg),
+ void *handler_arg);
+
+extern int semanage_seuser_list_local(semanage_handle_t * handle,
+ semanage_seuser_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/seusers_policy.h b/libsemanage/include/semanage/seusers_policy.h
new file mode 100644
index 0000000..8d39d45
--- /dev/null
+++ b/libsemanage/include/semanage/seusers_policy.h
@@ -0,0 +1,29 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_SEUSERS_POLICY_H_
+#define _SEMANAGE_SEUSERS_POLICY_H_
+
+#include <semanage/seuser_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_seuser_query(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ semanage_seuser_t ** response);
+
+extern int semanage_seuser_exists(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ int *response);
+
+extern int semanage_seuser_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_seuser_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_seuser_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_seuser_list(semanage_handle_t * handle,
+ semanage_seuser_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/user_record.h b/libsemanage/include/semanage/user_record.h
new file mode 100644
index 0000000..d4a4866
--- /dev/null
+++ b/libsemanage/include/semanage/user_record.h
@@ -0,0 +1,90 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_USER_RECORD_H_
+#define _SEMANAGE_USER_RECORD_H_
+
+#include <stddef.h>
+#include <semanage/handle.h>
+
+struct semanage_user;
+typedef struct semanage_user semanage_user_t;
+
+#ifndef _SEMANAGE_USER_KEY_DEFINED_
+struct semanage_user_key;
+typedef struct semanage_user_key semanage_user_key_t;
+#define _SEMANAGE_USER_KEY_DEFINED_
+#endif
+
+/* Key */
+extern int semanage_user_key_create(semanage_handle_t * handle,
+ const char *name,
+ semanage_user_key_t ** key);
+
+extern int semanage_user_key_extract(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ semanage_user_key_t ** key);
+
+extern void semanage_user_key_free(semanage_user_key_t * key);
+
+extern int semanage_user_compare(const semanage_user_t * user,
+ const semanage_user_key_t * key);
+
+extern int semanage_user_compare2(const semanage_user_t * user,
+ const semanage_user_t * user2);
+
+/* Name */
+extern const char *semanage_user_get_name(const semanage_user_t * user);
+
+extern int semanage_user_set_name(semanage_handle_t * handle,
+ semanage_user_t * user, const char *name);
+
+/* Labeling prefix */
+extern const char *semanage_user_get_prefix(const semanage_user_t * user);
+
+extern int semanage_user_set_prefix(semanage_handle_t * handle,
+ semanage_user_t * user, const char *name);
+
+/* MLS */
+extern const char *semanage_user_get_mlslevel(const semanage_user_t * user);
+
+extern int semanage_user_set_mlslevel(semanage_handle_t * handle,
+ semanage_user_t * user,
+ const char *mls_level);
+
+extern const char *semanage_user_get_mlsrange(const semanage_user_t * user);
+
+extern int semanage_user_set_mlsrange(semanage_handle_t * handle,
+ semanage_user_t * user,
+ const char *mls_range);
+
+/* Role management */
+extern int semanage_user_get_num_roles(const semanage_user_t * user);
+
+extern int semanage_user_add_role(semanage_handle_t * handle,
+ semanage_user_t * user, const char *role);
+
+extern void semanage_user_del_role(semanage_user_t * user, const char *role);
+
+extern int semanage_user_has_role(const semanage_user_t * user,
+ const char *role);
+
+extern int semanage_user_get_roles(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ const char ***roles_arr,
+ unsigned int *num_roles);
+
+extern int semanage_user_set_roles(semanage_handle_t * handle,
+ semanage_user_t * user,
+ const char **roles_arr,
+ unsigned int num_roles);
+
+/* Create/Clone/Destroy */
+extern int semanage_user_create(semanage_handle_t * handle,
+ semanage_user_t ** user_ptr);
+
+extern int semanage_user_clone(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ semanage_user_t ** user_ptr);
+
+extern void semanage_user_free(semanage_user_t * user);
+#endif
diff --git a/libsemanage/include/semanage/users_local.h b/libsemanage/include/semanage/users_local.h
new file mode 100644
index 0000000..952474c
--- /dev/null
+++ b/libsemanage/include/semanage/users_local.h
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_USERS_LOCAL_H_
+#define _SEMANAGE_USERS_LOCAL_H_
+
+#include <semanage/user_record.h>
+#include <semanage/handle.h>
+
+extern int semanage_user_modify_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ const semanage_user_t * data);
+
+extern int semanage_user_del_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key);
+
+extern int semanage_user_query_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ semanage_user_t ** response);
+
+extern int semanage_user_exists_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ int *response);
+
+extern int semanage_user_count_local(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_user_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_user_t *
+ record, void *varg),
+ void *handler_arg);
+
+extern int semanage_user_list_local(semanage_handle_t * handle,
+ semanage_user_t *** records,
+ unsigned int *count);
+
+#endif
diff --git a/libsemanage/include/semanage/users_policy.h b/libsemanage/include/semanage/users_policy.h
new file mode 100644
index 0000000..b1677ec
--- /dev/null
+++ b/libsemanage/include/semanage/users_policy.h
@@ -0,0 +1,27 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_USERS_POLICY_H_
+#define _SEMANAGE_USERS_POLICY_H_
+
+#include <semanage/handle.h>
+#include <semanage/user_record.h>
+
+extern int semanage_user_query(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ semanage_user_t ** response);
+
+extern int semanage_user_exists(semanage_handle_t * handle,
+ const semanage_user_key_t * key, int *response);
+
+extern int semanage_user_count(semanage_handle_t * handle,
+ unsigned int *response);
+
+extern int semanage_user_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_user_t * record,
+ void *varg),
+ void *handler_arg);
+
+extern int semanage_user_list(semanage_handle_t * handle,
+ semanage_user_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/man/Makefile b/libsemanage/man/Makefile
new file mode 100644
index 0000000..a84bfb7
--- /dev/null
+++ b/libsemanage/man/Makefile
@@ -0,0 +1,7 @@
+# Installation directories.
+MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+
+install:
+ mkdir -p $(MAN3DIR)
+ install -m 644 man3/*.3 $(MAN3DIR)
+
diff --git a/libsemanage/man/man3/semanage_bool.3 b/libsemanage/man/man3/semanage_bool.3
new file mode 100644
index 0000000..3e38bf6
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool.3
@@ -0,0 +1,177 @@
+.TH semanage_bool 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Policy Booleans Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/boolean_record.h>
+.br
+.B #include <semanage/booleans_active.h>
+.br
+.B #include <semanage/booleans_policy.h>
+.br
+.B #include <semanage/booleans_local.h>
+
+.PP
+This object contains properties associated with a SELinux policy boolean
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_bool_create "(3)" \-
+.br
+create a boolean
+
+.HP
+.BR semanage_bool_free "(3)" \-
+.br
+release resources for this boolean
+
+.HP
+.BR semanage_bool_key_create "(3)" \-
+.br
+create a key, which can be used to identify a boolean
+
+.HP
+.BR semanage_bool_key_free "(3)" \-
+.br
+release resources for this boolean key
+
+.HP
+.BR semanage_bool_key_extract "(3)" \-
+.br
+create a key matching this boolean
+
+.HP
+.BR semanage_bool_clone "(3)" \-
+.br
+create an identical boolean (deep-copy clone)
+
+.HP
+.BR semanage_bool_compare "(3)" \-
+.br
+compare this boolean to the provided key
+
+.HP
+.BR semanage_bool_compare2 "(3)" \-
+.br
+compare this boolean to another
+
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_bool_get_name "(3)" \-
+.br
+return the name of this boolean
+
+.HP
+.BR semanage_bool_set_name "(3)" \-
+.br
+set the name of this boolean
+
+.HP
+.BR semanage_bool_get_value "(3)" \-
+.br
+return the value of this boolean
+
+.HP
+.BR semanage_bool_set_value "(3)" \-
+.br
+set the value of this boolean
+
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_bool_modify_local "(3)" \-
+.br
+add or update a boolean in the local store
+
+.HP
+.BR semanage_bool_set_active "(3)" \-
+.br
+update a boolean in the currently active policy
+
+.HP
+.BR semanage_bool_del_local "(3)" \-
+.br
+delete a boolean from the local store
+
+.HP
+.BR semanage_bool_exists "(3)" \-
+.br
+check if a boolean is defined in the persistent policy
+
+.HP
+.BR semanage_bool_exists_local "(3)" \-
+.br
+check if a boolean is defined in the local store
+
+.HP
+.BR semanage_bool_exists_active "(3)" \-
+.br
+check if a boolean is defined in the currently active policy
+
+.HP
+.BR semanage_bool_query "(3)" \-
+.br
+query a boolean in the persistent policy
+
+.HP
+.BR semanage_bool_query_local "(3)" \-
+.br
+query a boolean in the local store
+
+.HP
+.BR semanage_bool_query_active "(3)" \-
+.br
+query a boolean in the currently active policy
+
+.HP
+.BR semanage_bool_count "(3)" \-
+.br
+count the number of booleans defined in the persistent policy
+
+.HP
+.BR semanage_bool_count_local "(3)" \-
+.br
+count the number of booleans defined in the local store
+
+.HP
+.BR semanage_bool_count_active "(3)" \-
+.br
+count the number of booleans defined in the currently active policy
+
+.HP
+.BR semanage_bool_iterate "(3)" \-
+.br
+execute a callback for each boolean in the persistent policy
+
+.HP
+.BR semanage_bool_iterate_local "(3)" \-
+.br
+execute a callback for each boolean in the local store
+
+.HP
+.BR semanage_bool_iterate_active "(3)" \-
+.br
+execute a callback for each boolean in the currently active policy
+
+.HP
+.BR semanage_bool_list "(3)" \-
+.br
+return an array containing all booleans in the persistent policy
+
+.HP
+.BR semanage_bool_list_local "(3)" \-
+.br
+return an array containing all booleans in the local store
+
+.HP
+.BR semanage_bool_list_active "(3)" \-
+.br
+return an array containing all booleans in the currently active policy
diff --git a/libsemanage/man/man3/semanage_bool_count.3 b/libsemanage/man/man3/semanage_bool_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_bool_count_active.3 b/libsemanage/man/man3/semanage_bool_count_active.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_count_active.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_bool_count_local.3 b/libsemanage/man/man3/semanage_bool_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_bool_del_local.3 b/libsemanage/man/man3/semanage_bool_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_bool_exists.3 b/libsemanage/man/man3/semanage_bool_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_bool_exists_active.3 b/libsemanage/man/man3/semanage_bool_exists_active.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_exists_active.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_bool_exists_local.3 b/libsemanage/man/man3/semanage_bool_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_bool_iterate.3 b/libsemanage/man/man3/semanage_bool_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_bool_iterate_active.3 b/libsemanage/man/man3/semanage_bool_iterate_active.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_iterate_active.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_bool_iterate_local.3 b/libsemanage/man/man3/semanage_bool_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_bool_list.3 b/libsemanage/man/man3/semanage_bool_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_bool_list_active.3 b/libsemanage/man/man3/semanage_bool_list_active.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_list_active.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_bool_list_local.3 b/libsemanage/man/man3/semanage_bool_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_bool_modify_local.3 b/libsemanage/man/man3/semanage_bool_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_bool_query.3 b/libsemanage/man/man3/semanage_bool_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_bool_query_active.3 b/libsemanage/man/man3/semanage_bool_query_active.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_query_active.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_bool_query_local.3 b/libsemanage/man/man3/semanage_bool_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_bool_set_active.3 b/libsemanage/man/man3/semanage_bool_set_active.3
new file mode 100644
index 0000000..d5005cb
--- /dev/null
+++ b/libsemanage/man/man3/semanage_bool_set_active.3
@@ -0,0 +1,48 @@
+.TH semanage_bool_set_local 3 "4 January 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+.SH "NAME"
+.B semanage_bool_set_active \-
+update an existing SELinux boolean in the currently active policy
+
+.SH "SYNOPSIS"
+.B #include <semanage/booleans_active.h>
+.br
+.sp
+.B extern int semanage_bool_set_active (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " const semanage_bool_key_t *" key ","
+.br
+.BI " const semanage_bool_t *" data ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The set function will fail if no matching key is found in the local store. Otherwise, the provided object will replace the current one. When
+.BR semanage_commit "(3)"
+is invoked, changes will be written permanently into the local store, and will be loaded into policy. Validity of the object being added is checked at commit time.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I key
+identifies the
+.I data
+object, which will be written into the store. The key are data are properties of the caller, and are not stored or modified internally.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+), and must be executed in a transaction (see
+.BR semanage_begin_transaction "(3)"
+).
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise 0 is returned.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_begin_transaction "(3), " semanage_connect "(3), " semanage_commit "(3). "
diff --git a/libsemanage/man/man3/semanage_count.3 b/libsemanage/man/man3/semanage_count.3
new file mode 100644
index 0000000..09894ac
--- /dev/null
+++ b/libsemanage/man/man3/semanage_count.3
@@ -0,0 +1,40 @@
+.TH semanage_count 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following count function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int COUNT_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " unsigned int* " response ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The count function will return the number of all objects in the selected location.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The number of objects will be stored at the location poined by
+.I response.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+)
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/man/man3/semanage_del.3 b/libsemanage/man/man3/semanage_del.3
new file mode 100644
index 0000000..ce4b46f
--- /dev/null
+++ b/libsemanage/man/man3/semanage_del.3
@@ -0,0 +1,47 @@
+.TH semanage_del 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following delete function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int DELETE_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " const semanage_OBJECT_key_t *" key ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The delete function will remove the object corresponding to the provided key from the local store. If no match is found, no action is taken. Changes will become permanent when
+.BR semanage_commit "(3)"
+is invoked. Additional checks may be performed at that time to ensure the system is left in a valid state.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I key
+identifies the
+.I data
+object, which will be deleted from the local store. The key is a property of the caller, and will not be stored or modified internally.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+), and must be executed in a transaction (see
+.BR semanage_begin_transaction "(3)"
+).
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise 0 is returned.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_begin_transaction "(3), " semanage_connect "(3), " semanage_commit "(3). "
diff --git a/libsemanage/man/man3/semanage_exists.3 b/libsemanage/man/man3/semanage_exists.3
new file mode 100644
index 0000000..15f164f
--- /dev/null
+++ b/libsemanage/man/man3/semanage_exists.3
@@ -0,0 +1,45 @@
+.TH semanage_exists 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following exists function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int EXISTS_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " const semanage_OBJECT_key_t *" key ","
+.br
+.BI " semanage_OBJECT_t **" response ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The exists function will return 0 if a matching key is not found, and 1 otherwise.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I key
+identifies the object being checked. The result of the test will be stored in the address pointed by
+.I response
+The key is a property of the caller, and will not be stored or modified internally.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+)
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other read calls to the semanage database until the next commit.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/man/man3/semanage_fcontext.3 b/libsemanage/man/man3/semanage_fcontext.3
new file mode 100644
index 0000000..c407899
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext.3
@@ -0,0 +1,160 @@
+.TH semanage_fcontext 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux File Context Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/fcontext_record.h>
+.br
+.B #include <semanage/fcontexts_policy.h>
+.br
+.B #include <semanage/fcontexts_local.h>
+
+.PP
+This object contains properties associated with a SELinux file context specification
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_fcontext_create "(3)" \-
+.br
+create a file context spec
+
+.HP
+.BR semanage_fcontext_free "(3)" \-
+.br
+release resources for this file context spec
+
+.HP
+.BR semanage_fcontext_key_create "(3)" \-
+.br
+create a key, which can be used to identify a file context spec
+
+.HP
+.BR semanage_fcontext_key_free "(3)" \-
+.br
+release resources for this file context spec key
+
+.HP
+.BR semanage_fcontext_key_extract "(3)" \-
+.br
+create a key matching this file context spec
+
+.HP
+.BR semanage_fcontext_clone "(3)" \-
+.br
+create an identical file context spec (deep-copy clone)
+
+.HP
+.BR semanage_fcontext_compare "(3)" \-
+.br
+compare this file context spec to the provided key
+
+.HP
+.BR semanage_fcontext_compare2 "(3)" \-
+.br
+compare this file context spec to another
+
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_fcontext_get_expr "(3)" \-
+.br
+return the regular expression for this file context spec
+
+.HP
+.BR semanage_fcontext_set_expr "(3)" \-
+.br
+set the regular expression for this file context spec
+
+.HP
+.BR semanage_fcontext_get_type "(3)" \-
+.br
+return the file type for this file context spec
+
+.HP
+.BR semanage_fcontext_get_type_str "(3)" \-
+.br
+return a string representation for this file context spec type
+
+.HP
+.BR semanage_fcontext_set_type "(3)" \-
+.br
+set the file type for this file context spec
+
+.HP
+.BR semanage_fcontext_get_con "(3)" \-
+.br
+return the SELinux context for this file context spec
+
+.HP
+.BR semanage_fcontext_set_expr "(3)" \-
+.br
+set the SELinux context for this file context spec
+
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_fcontext_modify_local "(3)" \-
+.br
+add or update a file context spec in the local store
+
+.HP
+.BR semanage_fcontext_del_local "(3)" \-
+.br
+delete a file context spec from the local store
+
+.HP
+.BR semanage_fcontext_exists "(3)" \-
+.br
+check if a file context spec is defined in the persistent policy
+
+.HP
+.BR semanage_fcontext_exists_local "(3)" \-
+.br
+check if a file context spec is defined in the local store
+
+.HP
+.BR semanage_fcontext_query "(3)" \-
+.br
+query a file context spec in the persistent policy
+
+.HP
+.BR semanage_fcontext_query_local "(3)" \-
+.br
+query a file context spec in the local store
+
+.HP
+.BR semanage_fcontext_count "(3)" \-
+.br
+count the number of file context specs defined in the persistent policy
+
+.HP
+.BR semanage_fcontext_count_local "(3)" \-
+.br
+count the number of file context specs defined in the local store
+
+.HP
+.BR semanage_fcontext_iterate "(3)" \-
+.br
+execute a callback for each file context spec in the persistent policy
+
+.HP
+.BR semanage_fcontext_iterate_local "(3)" \-
+.br
+execute a callback for each file context spec in the local store
+
+.HP
+.BR semanage_fcontext_list "(3)" \-
+.br
+return an array containing all file context specs in the persistent policy
+
+.HP
+.BR semanage_fcontext_list_local "(3)" \-
+.br
+return an array containing all file context specs in the local store
diff --git a/libsemanage/man/man3/semanage_fcontext_count.3 b/libsemanage/man/man3/semanage_fcontext_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_fcontext_count_local.3 b/libsemanage/man/man3/semanage_fcontext_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_fcontext_del_local.3 b/libsemanage/man/man3/semanage_fcontext_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_fcontext_exists.3 b/libsemanage/man/man3/semanage_fcontext_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_fcontext_exists_local.3 b/libsemanage/man/man3/semanage_fcontext_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_fcontext_iterate.3 b/libsemanage/man/man3/semanage_fcontext_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_fcontext_iterate_local.3 b/libsemanage/man/man3/semanage_fcontext_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_fcontext_list.3 b/libsemanage/man/man3/semanage_fcontext_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_fcontext_list_local.3 b/libsemanage/man/man3/semanage_fcontext_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_fcontext_modify_local.3 b/libsemanage/man/man3/semanage_fcontext_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_fcontext_query.3 b/libsemanage/man/man3/semanage_fcontext_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_fcontext_query_local.3 b/libsemanage/man/man3/semanage_fcontext_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_fcontext_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_iface.3 b/libsemanage/man/man3/semanage_iface.3
new file mode 100644
index 0000000..e4aa631
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface.3
@@ -0,0 +1,153 @@
+.TH semanage_iface 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Network Interfaces Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/iface_record.h>
+.br
+.B #include <semanage/interfaces_policy.h>
+.br
+.B #include <semanage/interfaces_local.h>
+
+.PP
+This object contains properties associated with a network interface.
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_iface_create "(3)" \-
+.br
+create an interface
+
+.HP
+.BR semanage_iface_free "(3)" \-
+.br
+release resources for this interface
+
+.HP
+.BR semanage_iface_key_create "(3)" \-
+.br
+create a key, which can be used to identify an interface
+
+.HP
+.BR semanage_iface_key_free "(3)" \-
+.br
+release resources for this interface key
+
+.HP
+.BR semanage_iface_key_extract "(3)" \-
+.br
+create a key matching this interface
+
+.HP
+.BR semanage_iface_clone "(3)" \-
+.br
+create an identical interface (deep-copy clone)
+
+.HP
+.BR semanage_iface_compare "(3)" \-
+.br
+compare this interface to the provided key
+
+.HP
+.BR semanage_iface_compare2 "(3)" \-
+.br
+compare this interface to another
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_iface_get_name "(3)" \-
+.br
+return the name of this interface
+
+.HP
+.BR semanage_iface_set_name "(3)" \-
+.br
+set the name of this interface
+
+.HP
+.BR semanage_iface_get_ifcon "(3)" \-
+.br
+return the SELinux context associated with this interface
+
+.HP
+.BR semanage_iface_set_ifcon "(3)" \-
+.br
+set the SELinux context associated with this interface
+
+.HP
+.BR semanage_iface_get_msgcon "(3)" \-
+.br
+return the SELinux context associated with packets sent over this interface
+
+.HP
+.BR semanage_iface_set_msgcon "(3)" \-
+.br
+set the SELinux context associated with packets sent over this interface
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_iface_modify_local "(3)" \-
+.br
+add or update an interface in the local store
+
+.HP
+.BR semanage_iface_del_local "(3)" \-
+.br
+delete an interface from the local store
+
+.HP
+.BR semanage_iface_exists "(3)" \-
+.br
+check if an interface is defined in the persistent policy
+
+.HP
+.BR semanage_iface_exists_local "(3)" \-
+.br
+check if an interface is defined in the local store
+
+.HP
+.BR semanage_iface_query "(3)" \-
+.br
+query an interface in the persistent policy
+
+.HP
+.BR semanage_iface_query_local "(3)" \-
+.br
+query an interface in the local store
+
+.HP
+.BR semanage_iface_count "(3)" \-
+.br
+count the number of interfaces defined in the persistent policy
+
+.HP
+.BR semanage_iface_count_local "(3)" \-
+.br
+count the number of interfaces defined in the local store
+
+.HP
+.BR semanage_iface_iterate "(3)" \-
+.br
+execute a callback for each interface in the persistent policy
+
+.HP
+.BR semanage_iface_iterate_local "(3)" \-
+.br
+execute a callback for each interface in the local store
+
+.HP
+.BR semanage_iface_list "(3)" \-
+.br
+return an array containing all interfaces in the persistent policy
+
+.HP
+.BR semanage_iface_list_local "(3)" \-
+.br
+return an array containing all interfaces in the local store
diff --git a/libsemanage/man/man3/semanage_iface_count.3 b/libsemanage/man/man3/semanage_iface_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_iface_count_local.3 b/libsemanage/man/man3/semanage_iface_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_iface_del_local.3 b/libsemanage/man/man3/semanage_iface_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_iface_exists.3 b/libsemanage/man/man3/semanage_iface_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_iface_exists_local.3 b/libsemanage/man/man3/semanage_iface_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_iface_iterate.3 b/libsemanage/man/man3/semanage_iface_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_iface_iterate_local.3 b/libsemanage/man/man3/semanage_iface_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_iface_list.3 b/libsemanage/man/man3/semanage_iface_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_iface_list_local.3 b/libsemanage/man/man3/semanage_iface_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_iface_modify_local.3 b/libsemanage/man/man3/semanage_iface_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_iface_query.3 b/libsemanage/man/man3/semanage_iface_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_iface_query_local.3 b/libsemanage/man/man3/semanage_iface_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iface_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_iterate.3 b/libsemanage/man/man3/semanage_iterate.3
new file mode 100644
index 0000000..0c9d7d0
--- /dev/null
+++ b/libsemanage/man/man3/semanage_iterate.3
@@ -0,0 +1,57 @@
+.TH semanage_iterate 3 "15 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following iterate function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int ITERATE_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " int (*handler) (
+.br
+.BI " const semanage_OBJECT_t *" object ","
+.br
+.BI " void *" varg "),"
+.br
+.BI " void *" handler_arg ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The iterate function will execute the specified handler over all objects in the selected location. An arbitrary argument can be passed into the handler function along with each object.
+
+The object passed in is property of the libsemanage library, and may not be modified or preserved - use
+.B semanage_OBJECT_clone
+if that is necessary.
+
+The handler code may not invoke any semanage write requests for the same object type (i.e. modifying the underlying store is not allowed). The iterate function is reentrant only while inside a transaction (see
+.B semanage_begin_transaction
+). It is not safe to execute other semanage read or write requests within iterate if not inside a transaction. The handler may return -1 to signal error exit, 0 to signal continue, and 1 to signal successful exit early (the iterate function will stop accordingly).
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I handler
+is the function to execute, with
+.I handler_arg
+as its second parameter, and each object as its first parameter.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+)
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/man/man3/semanage_list.3 b/libsemanage/man/man3/semanage_list.3
new file mode 100644
index 0000000..c4d68ba
--- /dev/null
+++ b/libsemanage/man/man3/semanage_list.3
@@ -0,0 +1,46 @@
+.TH semanage_list 3 "16 March 2006" "ivg2@cornell.edu" "SELinux managent API documentation"
+
+.SH "NAME"
+SELinux Lists Management API
+
+.SH "SYNOPSIS"
+The following list function is supported for any SELinux managent record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int LIST_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " semanage_OBJECT_t ***" objects ","
+.br
+.BI " unsigned int* " count ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The list function will return an array of all the objects in the selected location.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The function will allocate and populate the the array of objects, and store it at the location pointed by
+.I objects.
+It will write the number of objects at the location pointed by
+.I count.
+The array, and all its objects become property of the caller. Each object must be freed with
+.B semanage_OBJECT_free.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+)
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/man/man3/semanage_modify.3 b/libsemanage/man/man3/semanage_modify.3
new file mode 100644
index 0000000..ddee386
--- /dev/null
+++ b/libsemanage/man/man3/semanage_modify.3
@@ -0,0 +1,49 @@
+.TH semanage_modify 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following modify function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int MODIFY_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " const semanage_OBJECT_key_t *" key ","
+.br
+.BI " const semanage_OBJECT_t *" data ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+If a matching key is found in the local store, the provided object will replace the current one. Otherwise, it will be added to the store. When
+.BR semanage_commit "(3)"
+is invoked, changes will be permanently written into the local store, and then loaded into policy. Validity of the object being added is checked at commit time. Adding new objects with respect to policy is allowed, except in the case of booleans. Attempt to add new booleans with respect to policy will fail at commit time.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I key
+identifies the
+.I data
+object, which will be written into the store. The key are data are properties of the caller, and are not stored or modified internally.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+), and must be executed in a transaction (see
+.BR semanage_begin_transaction "(3)"
+).
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise 0 is returned.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_begin_transaction "(3), " semanage_connect "(3), " semanage_commit "(3). "
diff --git a/libsemanage/man/man3/semanage_node.3 b/libsemanage/man/man3/semanage_node.3
new file mode 100644
index 0000000..1098be5
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node.3
@@ -0,0 +1,188 @@
+.TH semanage_node 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Network Nodes Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/node_record.h>
+.br
+.B #include <semanage/nodes_policy.h>
+.br
+.B #include <semanage/nodes_local.h>
+
+.PP
+This object contains properties associated with a network node.
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_node_create "(3)" \-
+.br
+create a node
+
+.HP
+.BR semanage_node_free "(3)" \-
+.br
+release resources for this node
+
+.HP
+.BR semanage_node_key_create "(3)" \-
+.br
+create a key, which can be used to identify a node
+
+.HP
+.BR semanage_node_key_free "(3)" \-
+.br
+release resources for this node key
+
+.HP
+.BR semanage_node_key_extract "(3)" \-
+.br
+create a key matching this node
+
+.HP
+.BR semanage_node_clone "(3)" \-
+.br
+create an identical node (deep-copy clone)
+
+.HP
+.BR semanage_node_compare "(3)" \-
+.br
+compare this node to the provided key
+
+.HP
+.BR semanage_node_compare2 "(3)" \-
+.br
+compare this node to another
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_node_get_addr "(3)" \-
+.br
+return the IP address of this node in string representation
+
+.HP
+.BR semanage_node_set_addr "(3)" \-
+.br
+set the IP address of this node from the provided string representation and protocol
+
+.HP
+.BR semanage_node_get_addr_bytes "(3)" \-
+.br
+return the IP address of this node as a byte array in network byte order
+
+.HP
+.BR semanage_node_set_addr_bytes "(3)" \-
+.br
+set the IP address of this node from the provided byte array in network byte order
+
+.HP
+.BR semanage_node_get_mask "(3)" \-
+.br
+return the IP mask of this node in string representation
+
+.HP
+.BR semanage_node_set_mask "(3)" \-
+.br
+set the IP mask of this node from the provided string representation and protocol version
+
+.HP
+.BR semanage_node_get_mask_bytes "(3)" \-
+.br
+return the IP mask of this node as a byte array in network byte order
+
+.HP
+.BR semanage_node_set_mask_bytes "(3)" \-
+.br
+set the IP mask of this node from the provided byte array in network byte order
+
+.HP
+.BR semanage_node_get_proto "(3)" \-
+.br
+return the IP protocol version for this node
+
+.HP
+.BR semanage_node_get_proto_str "(3)" \-
+.br
+return a string representation of the given node protocol
+
+.HP
+.BR semanage_node_set_proto "(3)" \-
+.br
+set the IP protocol version for this node
+
+.HP
+.BR semanage_node_get_con "(3)" \-
+.br
+return the SELinux context associated with this node
+
+.HP
+.BR semanage_node_set_con "(3)" \-
+.br
+set the SELinux context associated with this node
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_node_modify_local "(3)" \-
+.br
+add or update an interface in the local store
+
+.HP
+.BR semanage_node_del_local "(3)" \-
+.br
+delete an interface from the local store
+
+.HP
+.BR semanage_node_exists "(3)" \-
+.br
+check if an interface is defined in the persistent policy
+
+.HP
+.BR semanage_node_exists_local "(3)" \-
+.br
+check if an interface is defined in the local store
+
+.HP
+.BR semanage_node_query "(3)" \-
+.br
+query an interface in the persistent policy
+
+.HP
+.BR semanage_node_query_local "(3)" \-
+.br
+query an interface in the local store
+
+.HP
+.BR semanage_node_count "(3)" \-
+.br
+count the number of nodes defined in the persistent policy
+
+.HP
+.BR semanage_node_count_local "(3)" \-
+.br
+count the number of nodes defined in the local store
+
+.HP
+.BR semanage_node_iterate "(3)" \-
+.br
+execute a callback for each interface in the persistent policy
+
+.HP
+.BR semanage_node_iterate_local "(3)" \-
+.br
+execute a callback for each interface in the local store
+
+.HP
+.BR semanage_node_list "(3)" \-
+.br
+return an array containing all nodes in the persistent policy
+
+.HP
+.BR semanage_node_list_local "(3)" \-
+.br
+return an array containing all nodes in the local store
diff --git a/libsemanage/man/man3/semanage_node_count.3 b/libsemanage/man/man3/semanage_node_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_node_count_local.3 b/libsemanage/man/man3/semanage_node_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_node_del_local.3 b/libsemanage/man/man3/semanage_node_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_node_exists.3 b/libsemanage/man/man3/semanage_node_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_node_exists_local.3 b/libsemanage/man/man3/semanage_node_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_node_iterate.3 b/libsemanage/man/man3/semanage_node_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_node_iterate_local.3 b/libsemanage/man/man3/semanage_node_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_node_list.3 b/libsemanage/man/man3/semanage_node_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_node_list_local.3 b/libsemanage/man/man3/semanage_node_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_node_modify_local.3 b/libsemanage/man/man3/semanage_node_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_node_query.3 b/libsemanage/man/man3/semanage_node_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_node_query_local.3 b/libsemanage/man/man3/semanage_node_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_node_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_port.3 b/libsemanage/man/man3/semanage_port.3
new file mode 100644
index 0000000..b5f3441
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port.3
@@ -0,0 +1,169 @@
+.TH semanage_port 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Network Ports Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/port_record.h>
+.br
+.B #include <semanage/ports_policy.h>
+.br
+.B #include <semanage/ports_local.h>
+
+.PP
+This object contains properties associated with a range of network ports.
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_port_create "(3)" \-
+.br
+create a port range
+
+.HP
+.BR semanage_port_free "(3)" \-
+.br
+release resources for this port range
+
+.HP
+.BR semanage_port_key_create "(3)" \-
+.br
+create a key, which can be used to identify a port range
+
+.HP
+.BR semanage_port_key_free "(3)" \-
+.br
+release resources for this port range key
+
+.HP
+.BR semanage_port_key_extract "(3)" \-
+.br
+create a key matching this port range
+
+.HP
+.BR semanage_port_clone "(3)" \-
+.br
+create an identical port range (deep-copy clone)
+
+.HP
+.BR semanage_port_compare "(3)" \-
+.br
+compare this port range to the provided key
+
+.HP
+.BR semanage_port_compare2 "(3)" \-
+.br
+compare this port range to another
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_port_get_proto "(3)" \-
+.br
+return the protocol for this port range
+
+.HP
+.BR semanage_port_get_proto_str "(3)" \-
+.br
+return a string representation of the given port protocol
+
+.HP
+.BR semanage_port_set_proto "(3)" \-
+.br
+set the protocol for this port range
+
+.HP
+.BR semanage_port_get_low "(3)" \-
+.br
+return the low port number for this port range
+
+.HP
+.BR semanage_port_get_high "(3)" \-
+.br
+return the high port number for this port range
+
+.HP
+.BR semanage_port_set_port "(3)" \-
+.br
+set the port number (same low and high) for this port range
+
+.HP
+.BR semanage_port_set_range "(3)" \-
+.br
+set the low and high port number for this port range
+
+.HP
+.BR semanage_port_get_con "(3)" \-
+.br
+return the SELinux context for this port range
+
+.HP
+.BR semanage_port_set_con "(3)" \-
+.br
+set the SELinux context for this port range
+
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_port_modify_local "(3)" \-
+.br
+add or update a port range in the local store
+
+.HP
+.BR semanage_port_del_local "(3)" \-
+.br
+delete a port range from the local store
+
+.HP
+.BR semanage_port_exists "(3)" \-
+.br
+check if a port range is defined in the persistent policy
+
+.HP
+.BR semanage_port_exists_local "(3)" \-
+.br
+check if a port range is defined in the local store
+
+.HP
+.BR semanage_port_query "(3)" \-
+.br
+query a port range in the persistent policy
+
+.HP
+.BR semanage_port_query_local "(3)" \-
+.br
+query a port range in the local store
+
+.HP
+.BR semanage_port_count "(3)" \-
+.br
+count the number of port ranges defined in the persistent policy
+
+.HP
+.BR semanage_port_count_local "(3)" \-
+.br
+count the number of port ranges defined in the local store
+
+.HP
+.BR semanage_port_iterate "(3)" \-
+.br
+execute a callback for each port range in the persistent policy
+
+.HP
+.BR semanage_port_iterate_local "(3)" \-
+.br
+execute a callback for each port range in the local store
+
+.HP
+.BR semanage_port_list "(3)" \-
+.br
+return an array containing all port ranges in the persistent policy
+
+.HP
+.BR semanage_port_list_local "(3)" \-
+.br
+return an array containing all port ranges in the local store
diff --git a/libsemanage/man/man3/semanage_port_count.3 b/libsemanage/man/man3/semanage_port_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_port_count_local.3 b/libsemanage/man/man3/semanage_port_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_port_del_local.3 b/libsemanage/man/man3/semanage_port_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_port_exists.3 b/libsemanage/man/man3/semanage_port_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_port_exists_local.3 b/libsemanage/man/man3/semanage_port_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_port_iterate.3 b/libsemanage/man/man3/semanage_port_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_port_iterate_local.3 b/libsemanage/man/man3/semanage_port_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_port_list.3 b/libsemanage/man/man3/semanage_port_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_port_list_local.3 b/libsemanage/man/man3/semanage_port_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_port_modify_local.3 b/libsemanage/man/man3/semanage_port_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_port_query.3 b/libsemanage/man/man3/semanage_port_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_port_query_local.3 b/libsemanage/man/man3/semanage_port_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_port_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_query.3 b/libsemanage/man/man3/semanage_query.3
new file mode 100644
index 0000000..b899595
--- /dev/null
+++ b/libsemanage/man/man3/semanage_query.3
@@ -0,0 +1,46 @@
+.TH semanage_query 3 "15 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux Management API
+
+.SH "SYNOPSIS"
+The following query function is supported for any semanage record.
+.br
+Replace the function and object name as necessary.
+
+.B extern int QUERY_FUNCTION (
+.br
+.BI " semanage_handle_t *" handle ","
+.br
+.BI " const semanage_OBJECT_key_t *" key ","
+.br
+.BI " semanage_OBJECT_t **" response ");"
+
+.SH "DESCRIPTION"
+.TP
+.B Behavior:
+The query function will fail if a matching key is not found. Otherwise, the corresponding object is returned.
+
+.TP
+.B Parameters:
+The
+.I handle
+is used to track persistent state across semanage calls, and for error reporting. The
+.I key
+identifies the object being queried, which will be stored in the address pointed by
+.I response
+The key is a property of the caller, and will not be stored or modified internally. The object returned becomes a property of the caller, and must be freed with
+.B semanage_OBJECT_free.
+
+.TP
+.B Requirements:
+This function requires an semanage connection to be established (see
+.BR semanage_connect "(3)"
+)
+
+.SH "RETURN VALUE"
+In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error.
+Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit.
+
+.SH "SEE ALSO"
+.BR semanage_handle_create "(3), " semanage_connect "(3), "
diff --git a/libsemanage/man/man3/semanage_seuser.3 b/libsemanage/man/man3/semanage_seuser.3
new file mode 100644
index 0000000..9011724
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser.3
@@ -0,0 +1,155 @@
+.TH semanage_seuser 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+Linux UID to SELinux User Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/seuser_record.h>
+.br
+.B #include <semanage/seusers_policy.h>
+.br
+.B #include <semanage/seusers_local.h>
+
+.PP
+This object contains properties associated with a Unix user. Typically many Unix users are mapped to the same SELinux user. See
+.BR semanage_user "(3)"
+for overview of the SELinux user API.
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_seuser_create "(3)" \-
+.br
+create a seuser
+
+.HP
+.BR semanage_seuser_free "(3)" \-
+.br
+release resources for this seuser
+
+.HP
+.BR semanage_seuser_key_create "(3)" \-
+.br
+create a key, which can be used to identify a seuser
+
+.HP
+.BR semanage_seuser_key_free "(3)" \-
+.br
+release resources for this seuser key
+
+.HP
+.BR semanage_seuser_key_extract "(3)" \-
+.br
+create a key matching this seuser
+
+.HP
+.BR semanage_seuser_clone "(3)" \-
+.br
+create an identical seuser (deep-copy clone)
+
+.HP
+.BR semanage_seuser_compare "(3)" \-
+.br
+compare this seuser to the provided key
+
+.HP
+.BR semanage_seuser_compare2 "(3)" \-
+.br
+compare this seuser to another
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_seuser_get_name "(3)" \-
+.br
+return the name of this seuser
+
+.HP
+.BR semanage_user_set_name "(3)" \-
+.br
+set the name of this seuser
+
+.HP
+.BR semanage_seuser_get_sename "(3)" \-
+.br
+return the name of the (SELinux) user mapped to this seuser
+
+.HP
+.BR semanage_user_set_sename "(3)" \-
+.br
+set the name of the (SELinux) user mapped to this seuser
+
+.HP
+.BR semanage_user_get_mlsrange "(3)" \-
+.br
+return a the range of valid MLS sensitivities and categories for this user
+
+.HP
+.BR semanage_user_set_mlsrange "(3)" \-
+.br
+set the range of valid MLS sensitivities and categories for this user
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_seuser_modify_local "(3)" \-
+.br
+add or update a seuser in the local store
+
+.HP
+.BR semanage_seuser_del_local "(3)" \-
+.br
+delete a seuser from the local store
+
+.HP
+.BR semanage_seuser_exists "(3)" \-
+.br
+check if a seuser is defined in the persistent policy
+
+.HP
+.BR semanage_seuser_exists_local "(3)" \-
+.br
+check if a seuser is defined in the local store
+
+.HP
+.BR semanage_seuser_query "(3)" \-
+.br
+query a seuser in the persistent policy
+
+.HP
+.BR semanage_seuser_query_local "(3)" \-
+.br
+query a seuser in the local store
+
+.HP
+.BR semanage_seuser_count "(3)" \-
+.br
+count the number of seusers defined in the persistent policy
+
+.HP
+.BR semanage_seuser_count_local "(3)" \-
+.br
+count the number of seusers defined in the local store
+
+.HP
+.BR semanage_seuser_iterate "(3)" \-
+.br
+execute a callback for each seuser in the persistent policy
+
+.HP
+.BR semanage_seuser_iterate_local "(3)" \-
+.br
+execute a callback for each seuser in the local store
+
+.HP
+.BR semanage_seuser_list "(3)" \-
+.br
+return an array containing all seusers in the persistent policy
+
+.HP
+.BR semanage_seuser_list_local "(3)" \-
+.br
+return an array containing all seusers in the local store
diff --git a/libsemanage/man/man3/semanage_seuser_count.3 b/libsemanage/man/man3/semanage_seuser_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_seuser_count_local.3 b/libsemanage/man/man3/semanage_seuser_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_seuser_del_local.3 b/libsemanage/man/man3/semanage_seuser_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_seuser_exists.3 b/libsemanage/man/man3/semanage_seuser_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_seuser_exists_local.3 b/libsemanage/man/man3/semanage_seuser_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_seuser_iterate.3 b/libsemanage/man/man3/semanage_seuser_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_seuser_iterate_local.3 b/libsemanage/man/man3/semanage_seuser_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_seuser_list.3 b/libsemanage/man/man3/semanage_seuser_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_seuser_list_local.3 b/libsemanage/man/man3/semanage_seuser_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_seuser_modify_local.3 b/libsemanage/man/man3/semanage_seuser_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_seuser_query.3 b/libsemanage/man/man3/semanage_seuser_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_seuser_query_local.3 b/libsemanage/man/man3/semanage_seuser_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_seuser_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_user.3 b/libsemanage/man/man3/semanage_user.3
new file mode 100644
index 0000000..5ba60b2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user.3
@@ -0,0 +1,195 @@
+.TH semanage_user 3 "16 March 2006" "ivg2@cornell.edu" "Libsemanage API documentation"
+
+.SH "NAME"
+SELinux User Management API
+
+.SH "SYNOPSIS"
+.B #include <semanage/user_record.h>
+.br
+.B #include <semanage/users_policy.h>
+.br
+.B #include <semanage/users_local.h>
+
+.PP
+This object contains properties associated with a SELinux user.
+Typically many Unix users are mapped to the same SELinux user. See
+.BR semanage_seuser "(3)"
+for overview of the Unix user API.
+
+.PP
+For details on a specific function, see its manual page.
+
+.SH "Record API Overview"
+
+.HP
+.BR semanage_user_create "(3)" \-
+.br
+create a user
+
+.HP
+.BR semanage_user_free "(3)" \-
+.br
+release resources for this user
+
+.HP
+.BR semanage_user_key_create "(3)" \-
+.br
+create a key, which can be used to identify a user
+
+.HP
+.BR semanage_user_key_free "(3)" \-
+.br
+release resources for this user key
+
+.HP
+.BR semanage_user_key_extract "(3)" \-
+.br
+create a key matching this user
+
+.HP
+.BR semanage_user_clone "(3)" \-
+.br
+create an identical user (deep-copy clone)
+
+.HP
+.BR semanage_user_compare "(3)" \-
+.br
+compare this user to the provided key
+
+.HP
+.BR semanage_user_compare2 "(3)" \-
+.br
+compare this user to another
+
+.SH "Properties API Overview"
+
+.HP
+.BR semanage_user_get_name "(3)" \-
+.br
+return the name of this user
+
+.HP
+.BR semanage_user_set_name "(3)" \-
+.br
+set the name of this user
+
+.HP
+.BR semanage_user_get_prefix "(3)" \-
+.br
+return the labeling prefix for this user, used to control the contexts of user directories
+
+.HP
+.BR semanage_user_set_prefix "(3)" \-
+.br
+set the labeling prefix for this user
+
+.HP
+.BR semanage_user_get_mlslevel "(3)" \-
+.br
+return the default MLS level, which is assigned to this user at login time
+
+.HP
+.BR semanage_user_set_mlslevel "(3)" \-
+.br
+set the default MLS level
+
+.HP
+.BR semanage_user_get_mlsrange "(3)" \-
+.br
+return the range of valid MLS sensitivities and categories for this user
+
+.HP
+.BR semanage_user_set_mlsrange "(3)" \-
+.br
+set the range of valid MLS sensitivities and categories for this user
+
+.HP
+.BR semanage_user_add_role "(3)" \-
+.br
+add a role to the user's list of valid roles
+
+.HP
+.BR semanage_user_del_role "(3)" \-
+.br
+remove a role from the user's list of valid roles
+
+.HP
+.BR semanage_user_has_role "(3)" \-
+.br
+check if a role is valid for this user
+
+.HP
+.BR semanage_user_get_num_roles "(3)" \-
+.br
+return the number of valid roles for this user
+
+.HP
+.BR semanage_user_get_roles "(3)" \-
+.br
+return an array containing the roles for this user
+
+.HP
+.BR semanage_user_set_roles "(3)" \-
+set the roles for this user
+
+.SH "Record Store API Overview"
+
+.HP
+.BR semanage_user_modify_local "(3)" \-
+.br
+add or update a user in the local store
+
+.HP
+.BR semanage_user_del_local "(3)" \-
+.br
+delete a user from the local store
+
+.HP
+.BR semanage_user_exists "(3)" \-
+.br
+check if a user is defined in the persistent policy
+
+.HP
+.BR semanage_user_exists_local "(3)" \-
+.br
+check if a user is defined in the local store
+
+.HP
+.BR semanage_user_query "(3)" \-
+.br
+query a user in the persistent policy
+
+.HP
+.BR semanage_user_query_local "(3)" \-
+.br
+query a user in the local store
+
+.HP
+.BR semanage_user_count "(3)" \-
+.br
+count the number of users defined in the persistent policy
+
+.HP
+.BR semanage_user_count_local "(3)" \-
+.br
+count the number of users defined in the local store
+
+.HP
+.BR semanage_user_iterate "(3)" \-
+.br
+execute a callback for each user in the persistent policy
+
+.HP
+.BR semanage_user_iterate_local "(3)" \-
+.br
+execute a callback for each user in the local store
+
+.HP
+.BR semanage_user_list "(3)" \-
+.br
+return an array containing all users in the persistent policy
+
+.HP
+.BR semanage_user_list_local "(3)" \-
+.br
+return an array containing all users in the local store
diff --git a/libsemanage/man/man3/semanage_user_count.3 b/libsemanage/man/man3/semanage_user_count.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_count.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_user_count_local.3 b/libsemanage/man/man3/semanage_user_count_local.3
new file mode 100644
index 0000000..7478bc2
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_count_local.3
@@ -0,0 +1 @@
+.so man3/semanage_count.3
diff --git a/libsemanage/man/man3/semanage_user_del_local.3 b/libsemanage/man/man3/semanage_user_del_local.3
new file mode 100644
index 0000000..a01dfcd
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_del_local.3
@@ -0,0 +1 @@
+.so man3/semanage_del.3
diff --git a/libsemanage/man/man3/semanage_user_exists.3 b/libsemanage/man/man3/semanage_user_exists.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_exists.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_user_exists_local.3 b/libsemanage/man/man3/semanage_user_exists_local.3
new file mode 100644
index 0000000..40f3406
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_exists_local.3
@@ -0,0 +1 @@
+.so man3/semanage_exists.3
diff --git a/libsemanage/man/man3/semanage_user_iterate.3 b/libsemanage/man/man3/semanage_user_iterate.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_iterate.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_user_iterate_local.3 b/libsemanage/man/man3/semanage_user_iterate_local.3
new file mode 100644
index 0000000..7fc9c3d
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_iterate_local.3
@@ -0,0 +1 @@
+.so man3/semanage_iterate.3
diff --git a/libsemanage/man/man3/semanage_user_list.3 b/libsemanage/man/man3/semanage_user_list.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_list.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_user_list_local.3 b/libsemanage/man/man3/semanage_user_list_local.3
new file mode 100644
index 0000000..b7095f8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_list_local.3
@@ -0,0 +1 @@
+.so man3/semanage_list.3
diff --git a/libsemanage/man/man3/semanage_user_modify_local.3 b/libsemanage/man/man3/semanage_user_modify_local.3
new file mode 100644
index 0000000..3a07fe8
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_modify_local.3
@@ -0,0 +1 @@
+.so man3/semanage_modify.3
diff --git a/libsemanage/man/man3/semanage_user_query.3 b/libsemanage/man/man3/semanage_user_query.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_query.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/man/man3/semanage_user_query_local.3 b/libsemanage/man/man3/semanage_user_query_local.3
new file mode 100644
index 0000000..5b5c844
--- /dev/null
+++ b/libsemanage/man/man3/semanage_user_query_local.3
@@ -0,0 +1 @@
+.so man3/semanage_query.3
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
new file mode 100644
index 0000000..0bc2e04
--- /dev/null
+++ b/libsemanage/src/Makefile
@@ -0,0 +1,116 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+SHLIBDIR ?= $(DESTDIR)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYINC ?= /usr/include/${PYLIBVER}
+PYLIBDIR ?= $(LIBDIR)/${PYLIBVER}
+
+DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
+
+ifeq ($(DEBUG),1)
+ export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
+ export LDFLAGS = -g
+endif
+
+LEX = flex
+LFLAGS = -s
+YACC = bison
+YFLAGS = -d
+
+LIBVERSION = 1
+
+LIBA=libsemanage.a
+TARGET=libsemanage.so
+SWIGIF= semanageswig_python.i
+SWIGCOUT= semanageswig_wrap.c
+SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGSO=_semanage.so
+SWIGFILES=$(SWIGSO) semanage.py
+LIBSO=$(TARGET).$(LIBVERSION)
+OBJS= $(patsubst %.c,%.o,$(filter-out $(SWIGCOUT),$(wildcard *.c))) conf-scan.o conf-parse.o
+LOBJS= $(patsubst %.c,%.lo,$(filter-out $(SWIGCOUT),$(wildcard *.c))) conf-scan.lo conf-parse.lo
+CFLAGS ?= -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+
+override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE
+
+SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
+
+GENERATED=$(SWIGCOUT) $(wildcard conf-*.[ch])
+
+all: $(LIBA) $(LIBSO)
+
+pywrap: all $(SWIGLOBJ) $(SWIGSO)
+
+$(SWIGLOBJ): $(SWIGCOUT)
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGSO): $(SWIGLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -l$(PYLIBVER) -L$(LIBDIR) -Wl,-soname,$@,-z,defs
+
+$(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ ranlib $@
+
+$(LIBSO): $(LOBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ ln -sf $@ $(TARGET)
+
+conf-scan.c: conf-scan.l conf-parse.h
+ $(LEX) $(LFLAGS) -t $< > $@
+
+conf-parse.c: conf-parse.y
+ $(YACC) $(YFLAGS) -o $@ $<
+
+conf-parse.h: conf-parse.c
+
+%.o: %.c
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+%.lo: %.c
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+conf-parse.o: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-parse.lo: conf-parse.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
+conf-scan.o: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -c -o $@ $<
+
+conf-scan.lo: conf-scan.c
+ $(CC) $(filter-out -Werror, $(CFLAGS)) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGCOUT): $(SWIGIF)
+ $(SWIG) $^
+
+swigify: $(SWIGIF)
+ $(SWIG) $^
+
+install: all
+ test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
+ install -m 644 $(LIBA) $(LIBDIR)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
+ test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+
+install-pywrap: pywrap
+ test -d $(PYLIBDIR)/site-packages || install -m 755 -d $(PYLIBDIR)/site-packages
+ install -m 755 $(SWIGFILES) $(PYLIBDIR)/site-packages
+
+relabel:
+ /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+
+clean:
+ rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) conf-parse.c conf-parse.h conf-scan.c
+
+distclean: clean
+ rm -f $(SWIGCOUT) $(SWIGFILES)
+
+indent:
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+
+.PHONY: all clean pywrap swigify install install-pywrap distclean
diff --git a/libsemanage/src/boolean_internal.h b/libsemanage/src/boolean_internal.h
new file mode 100644
index 0000000..66e7f35
--- /dev/null
+++ b/libsemanage/src/boolean_internal.h
@@ -0,0 +1,42 @@
+#ifndef _SEMANAGE_BOOLEAN_INTERNAL_H_
+#define _SEMANAGE_BOOLEAN_INTERNAL_H_
+
+#include <semanage/boolean_record.h>
+#include <semanage/booleans_local.h>
+#include <semanage/booleans_policy.h>
+#include <semanage/booleans_active.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_bool_clone)
+ hidden_proto(semanage_bool_compare)
+ hidden_proto(semanage_bool_compare2)
+ hidden_proto(semanage_bool_create)
+ hidden_proto(semanage_bool_free)
+ hidden_proto(semanage_bool_get_name)
+ hidden_proto(semanage_bool_get_value)
+ hidden_proto(semanage_bool_key_extract)
+ hidden_proto(semanage_bool_key_free)
+ hidden_proto(semanage_bool_set_name)
+ hidden_proto(semanage_bool_set_value)
+
+/* BOOL RECORD: metod table */
+extern record_table_t SEMANAGE_BOOL_RTABLE;
+
+extern int bool_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig);
+
+extern void bool_file_dbase_release(dbase_config_t * dconfig);
+
+extern int bool_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void bool_policydb_dbase_release(dbase_config_t * dconfig);
+
+extern int bool_activedb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void bool_activedb_dbase_release(dbase_config_t * dconfig);
+
+#endif
diff --git a/libsemanage/src/boolean_record.c b/libsemanage/src/boolean_record.c
new file mode 100644
index 0000000..a435107
--- /dev/null
+++ b/libsemanage/src/boolean_record.c
@@ -0,0 +1,146 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_bool_t (Policy Boolean)
+ * Object: semanage_bool_key_t (Policy Boolean Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/boolean_record.h>
+
+typedef sepol_bool_t semanage_bool_t;
+typedef sepol_bool_key_t semanage_bool_key_t;
+#define _SEMANAGE_BOOL_DEFINED_
+
+typedef semanage_bool_t record_t;
+typedef semanage_bool_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include "boolean_internal.h"
+#include "handle.h"
+#include "database.h"
+
+/* Key */
+int semanage_bool_key_create(semanage_handle_t * handle,
+ const char *name, semanage_bool_key_t ** key)
+{
+
+ return sepol_bool_key_create(handle->sepolh, name, key);
+}
+
+int semanage_bool_key_extract(semanage_handle_t * handle,
+ const semanage_bool_t * boolean,
+ semanage_bool_key_t ** key)
+{
+
+ return sepol_bool_key_extract(handle->sepolh, boolean, key);
+}
+
+hidden_def(semanage_bool_key_extract)
+
+void semanage_bool_key_free(semanage_bool_key_t * key)
+{
+ sepol_bool_key_free(key);
+}
+
+hidden_def(semanage_bool_key_free)
+
+int semanage_bool_compare(const semanage_bool_t * boolean,
+ const semanage_bool_key_t * key)
+{
+
+ return sepol_bool_compare(boolean, key);
+}
+
+hidden_def(semanage_bool_compare)
+
+int semanage_bool_compare2(const semanage_bool_t * boolean,
+ const semanage_bool_t * boolean2)
+{
+
+ return sepol_bool_compare2(boolean, boolean2);
+}
+
+hidden_def(semanage_bool_compare2)
+
+static int semanage_bool_compare2_qsort(const semanage_bool_t ** boolean,
+ const semanage_bool_t ** boolean2)
+{
+
+ return sepol_bool_compare2(*boolean, *boolean2);
+}
+
+/* Name */
+const char *semanage_bool_get_name(const semanage_bool_t * boolean)
+{
+
+ return sepol_bool_get_name(boolean);
+}
+
+hidden_def(semanage_bool_get_name)
+
+int semanage_bool_set_name(semanage_handle_t * handle,
+ semanage_bool_t * boolean, const char *name)
+{
+
+ return sepol_bool_set_name(handle->sepolh, boolean, name);
+}
+
+hidden_def(semanage_bool_set_name)
+
+/* Value */
+int semanage_bool_get_value(const semanage_bool_t * boolean)
+{
+
+ return sepol_bool_get_value(boolean);
+}
+
+hidden_def(semanage_bool_get_value)
+
+void semanage_bool_set_value(semanage_bool_t * boolean, int value)
+{
+
+ sepol_bool_set_value(boolean, value);
+}
+
+hidden_def(semanage_bool_set_value)
+
+/* Create/Clone/Destroy */
+int semanage_bool_create(semanage_handle_t * handle,
+ semanage_bool_t ** bool_ptr)
+{
+
+ return sepol_bool_create(handle->sepolh, bool_ptr);
+}
+
+hidden_def(semanage_bool_create)
+
+int semanage_bool_clone(semanage_handle_t * handle,
+ const semanage_bool_t * boolean,
+ semanage_bool_t ** bool_ptr)
+{
+
+ return sepol_bool_clone(handle->sepolh, boolean, bool_ptr);
+}
+
+hidden_def(semanage_bool_clone)
+
+void semanage_bool_free(semanage_bool_t * boolean)
+{
+
+ sepol_bool_free(boolean);
+}
+
+hidden_def(semanage_bool_free)
+
+/* Record base functions */
+record_table_t SEMANAGE_BOOL_RTABLE = {
+ .create = semanage_bool_create,
+ .key_extract = semanage_bool_key_extract,
+ .key_free = semanage_bool_key_free,
+ .clone = semanage_bool_clone,
+ .compare = semanage_bool_compare,
+ .compare2 = semanage_bool_compare2,
+ .compare2_qsort = semanage_bool_compare2_qsort,
+ .free = semanage_bool_free,
+};
diff --git a/libsemanage/src/booleans_active.c b/libsemanage/src/booleans_active.c
new file mode 100644
index 0000000..0725aec
--- /dev/null
+++ b/libsemanage/src/booleans_active.c
@@ -0,0 +1,62 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool_key record_key_t;
+typedef struct semanage_bool record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "boolean_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_bool_set_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ const semanage_bool_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_set(handle, dconfig, key, data);
+}
+
+int semanage_bool_query_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_bool_exists_active(semanage_handle_t * handle,
+ const semanage_bool_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_bool_count_active(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_bool_iterate_active(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_bool_list_active(semanage_handle_t * handle,
+ semanage_bool_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_active(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/booleans_activedb.c b/libsemanage/src/booleans_activedb.c
new file mode 100644
index 0000000..9bcc9d7
--- /dev/null
+++ b/libsemanage/src/booleans_activedb.c
@@ -0,0 +1,167 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool record_t;
+typedef struct semanage_bool_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_activedb;
+typedef struct dbase_activedb dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include <semanage/handle.h>
+#include "boolean_internal.h"
+#include "database_activedb.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int bool_read_list(semanage_handle_t * handle,
+ semanage_bool_t *** booleans, unsigned int *count)
+{
+
+ semanage_bool_t **tmp_booleans = NULL;
+ unsigned int tmp_count = 0;
+ int i;
+
+ char **names = NULL;
+ int len = 0;
+
+ /* Fetch boolean names */
+ if (security_get_boolean_names(&names, &len) < 0) {
+ ERR(handle, "could not get list of boolean names");
+ goto err;
+ }
+
+ /* Allocate a sufficiently large array */
+ tmp_booleans = malloc(sizeof(semanage_bool_t *) * len);
+ if (tmp_booleans == NULL)
+ goto omem;
+
+ /* Create records one by one */
+ for (i = 0; i < len; i++) {
+
+ int value;
+
+ if (semanage_bool_create(handle, &tmp_booleans[i]) < 0)
+ goto err;
+ tmp_count++;
+
+ if (semanage_bool_set_name(handle,
+ tmp_booleans[i], names[i]) < 0)
+ goto err;
+
+ value = security_get_boolean_active(names[i]);
+ if (value < 0) {
+ ERR(handle, "could not get the value "
+ "for boolean %s", names[i]);
+ goto err;
+ }
+
+ semanage_bool_set_value(tmp_booleans[i], value);
+ }
+
+ /* Success */
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ *booleans = tmp_booleans;
+ *count = tmp_count;
+ return STATUS_SUCCESS;
+
+ /* Failure */
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not read boolean list");
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ for (i = 0; (unsigned int)i < tmp_count; i++)
+ semanage_bool_free(tmp_booleans[i]);
+ free(tmp_booleans);
+ return STATUS_ERR;
+}
+
+static int bool_commit_list(semanage_handle_t * handle,
+ semanage_bool_t ** booleans, unsigned int count)
+{
+
+ SELboolean *blist = NULL;
+ const char *name;
+ unsigned int bcount = 0;
+ unsigned int i;
+ int curvalue, newvalue;
+
+ /* Allocate a sufficiently large array */
+ blist = malloc(sizeof(SELboolean) * count);
+ if (blist == NULL)
+ goto omem;
+
+ /* Populate array */
+ for (i = 0; i < count; i++) {
+ name = semanage_bool_get_name(booleans[i]);
+ if (!name)
+ goto omem;
+ newvalue = semanage_bool_get_value(booleans[i]);
+ curvalue = security_get_boolean_active(name);
+ if (newvalue == curvalue)
+ continue;
+ blist[bcount].name = strdup(name);
+ if (blist[bcount].name == NULL)
+ goto omem;
+ blist[bcount].value = newvalue;
+ bcount++;
+ }
+
+ /* Commit */
+ if (security_set_boolean_list(bcount, blist, 0) < 0) {
+ ERR(handle, "libselinux commit failed");
+ goto err;
+ }
+
+ for (i = 0; i < bcount; i++)
+ free(blist[i].name);
+ free(blist);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not commit boolean list");
+ for (i = 0; i < bcount; i++)
+ free(blist[i].name);
+ free(blist);
+ return STATUS_ERR;
+}
+
+/* BOOL RECORD: ACTIVEDB extension: method table */
+record_activedb_table_t SEMANAGE_BOOL_ACTIVEDB_RTABLE = {
+ .read_list = bool_read_list,
+ .commit_list = bool_commit_list,
+};
+
+int bool_activedb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_activedb_init(handle,
+ &SEMANAGE_BOOL_RTABLE,
+ &SEMANAGE_BOOL_ACTIVEDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_ACTIVEDB_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void bool_activedb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_activedb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/booleans_file.c b/libsemanage/src/booleans_file.c
new file mode 100644
index 0000000..af5b1b3
--- /dev/null
+++ b/libsemanage/src/booleans_file.c
@@ -0,0 +1,127 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool record_t;
+typedef struct semanage_bool_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <semanage/handle.h>
+#include "boolean_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int bool_print(semanage_handle_t * handle,
+ semanage_bool_t * boolean, FILE * str)
+{
+
+ const char *name = semanage_bool_get_name(boolean);
+ int value = semanage_bool_get_value(boolean);
+
+ if (fprintf(str, "%s=%d\n", name, value) < 0) {
+ ERR(handle, "could not print boolean %s to stream", name);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+static int bool_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_bool_t * boolean)
+{
+
+ int value = 0;
+ char *str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Extract name */
+ if (parse_fetch_string(handle, info, &str, '=') < 0)
+ goto err;
+
+ if (semanage_bool_set_name(handle, boolean, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Assert = */
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_ch(handle, info, '=') < 0)
+ goto err;
+
+ /* Extract value */
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_optional_str(info, "true") != STATUS_NODATA)
+ value = 1;
+ else if (parse_optional_str(info, "TRUE") != STATUS_NODATA)
+ value = 1;
+ else if (parse_optional_str(info, "false") != STATUS_NODATA)
+ value = 0;
+ else if (parse_optional_str(info, "FALSE") != STATUS_NODATA)
+ value = 0;
+ else if (parse_fetch_int(handle, info, &value, ' ') < 0)
+ goto err;
+
+ if (value != 0 && value != 1) {
+ ERR(handle, "invalid boolean value for \"%s\": %u "
+ "(%s: %u)\n%s", semanage_bool_get_name(boolean),
+ value, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ semanage_bool_set_value(boolean, value);
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse boolean record");
+ free(str);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* BOOL RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_BOOL_FILE_RTABLE = {
+ .parse = bool_parse,
+ .print = bool_print,
+};
+
+int bool_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_BOOL_RTABLE,
+ &SEMANAGE_BOOL_FILE_RTABLE, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void bool_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/booleans_local.c b/libsemanage/src/booleans_local.c
new file mode 100644
index 0000000..508ac10
--- /dev/null
+++ b/libsemanage/src/booleans_local.c
@@ -0,0 +1,70 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool_key record_key_t;
+typedef struct semanage_bool record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "boolean_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_bool_modify_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ const semanage_bool_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_bool_del_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_bool_query_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_bool_exists_local(semanage_handle_t * handle,
+ const semanage_bool_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_bool_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_bool_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_bool_list_local(semanage_handle_t * handle,
+ semanage_bool_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/booleans_policy.c b/libsemanage/src/booleans_policy.c
new file mode 100644
index 0000000..5cccf3d
--- /dev/null
+++ b/libsemanage/src/booleans_policy.c
@@ -0,0 +1,52 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool_key record_key_t;
+typedef struct semanage_bool record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "boolean_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_bool_query(semanage_handle_t * handle,
+ const semanage_bool_key_t * key,
+ semanage_bool_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_bool_exists(semanage_handle_t * handle,
+ const semanage_bool_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_bool_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_bool_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_bool_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_bool_list(semanage_handle_t * handle,
+ semanage_bool_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_bool_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
new file mode 100644
index 0000000..925940c
--- /dev/null
+++ b/libsemanage/src/booleans_policydb.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_bool;
+struct semanage_bool_key;
+typedef struct semanage_bool record_t;
+typedef struct semanage_bool_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <sepol/booleans.h>
+#include <semanage/handle.h>
+#include "boolean_internal.h"
+#include "debug.h"
+#include "database_policydb.h"
+
+/* BOOLEAN RECRORD (SEPOL): POLICYDB extension: method table */
+record_policydb_table_t SEMANAGE_BOOL_POLICYDB_RTABLE = {
+ .add = NULL,
+ .modify = NULL,
+/* FIXME: these casts depend on stucts in libsepol matching structs
+ * in libsemanage. This is incredibly fragile - the casting gets
+ * rid of warnings, but is not type safe.
+ */
+ .set = (record_policydb_table_set_t) sepol_bool_set,
+ .query = (record_policydb_table_query_t) sepol_bool_query,
+ .count = (record_policydb_table_count_t) sepol_bool_count,
+ .exists = (record_policydb_table_exists_t) sepol_bool_exists,
+ .iterate = (record_policydb_table_iterate_t) sepol_bool_iterate,
+};
+
+int bool_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_policydb_init(handle,
+ "policy.kern",
+ &SEMANAGE_BOOL_RTABLE,
+ &SEMANAGE_BOOL_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void bool_policydb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_policydb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
new file mode 100644
index 0000000..2001afb
--- /dev/null
+++ b/libsemanage/src/conf-parse.y
@@ -0,0 +1,395 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ * James Athey <jathey@tresys.com>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+%{
+
+#include "semanage_conf.h"
+
+#include <sepol/policydb.h>
+#include <selinux/selinux.h>
+#include <semanage/handle.h>
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern int semanage_lex(); /* defined in conf-scan.c */
+int semanage_error(char *msg);
+
+extern FILE *semanage_in;
+extern char *semanage_text;
+
+static int parse_module_store(char *arg);
+static void semanage_conf_external_prog_destroy(external_prog_t *ep);
+static int new_external_prog(external_prog_t **chain);
+
+static semanage_conf_t *current_conf;
+static external_prog_t *new_external;
+static int parse_errors;
+
+#define PASSIGN(p1,p2) { free(p1); p1 = p2; }
+
+%}
+
+%name-prefix="semanage_"
+
+%union {
+ int d;
+ char *s;
+}
+
+%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
+%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN
+%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
+%token PROG_PATH PROG_ARGS
+%token <s> ARG
+%type <d> verify_start_tok
+
+%%
+
+config_file: config_line config_file
+ | /* empty */
+ ;
+
+config_line: single_opt
+ | command_block
+ | verify_block
+ ;
+
+single_opt: module_store
+ | version
+ | expand_check
+ | file_mode
+ | save_previous
+ | save_linked
+ | disable_genhomedircon
+ | handle_unknown
+ ;
+
+module_store: MODULE_STORE '=' ARG {
+ if (parse_module_store($3) != 0) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+
+ ;
+
+version: VERSION '=' ARG {
+ current_conf->policyvers = atoi($3);
+ free($3);
+ if (current_conf->policyvers < sepol_policy_kern_vers_min() ||
+ current_conf->policyvers > sepol_policy_kern_vers_max()) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+expand_check: EXPAND_CHECK '=' ARG {
+ current_conf->expand_check = atoi($3);
+ free($3);
+ }
+ ;
+
+file_mode: FILE_MODE '=' ARG {
+ current_conf->file_mode = strtoul($3, NULL, 8);
+ free($3);
+ }
+ ;
+
+save_previous: SAVE_PREVIOUS '=' ARG {
+ if (strcasecmp($3, "true") == 0)
+ current_conf->save_previous = 1;
+ else if (strcasecmp($3, "false") == 0)
+ current_conf->save_previous = 0;
+ else {
+ yyerror("save-previous can only be 'true' or 'false'");
+ }
+ }
+ ;
+
+
+save_linked: SAVE_LINKED '=' ARG {
+ if (strcasecmp($3, "true") == 0)
+ current_conf->save_linked = 1;
+ else if (strcasecmp($3, "false") == 0)
+ current_conf->save_linked = 0;
+ else {
+ yyerror("save-linked can only be 'true' or 'false'");
+ }
+ }
+ ;
+
+disable_genhomedircon: DISABLE_GENHOMEDIRCON '=' ARG {
+ if (strcasecmp($3, "false") == 0) {
+ current_conf->disable_genhomedircon = 0;
+ } else if (strcasecmp($3, "true") == 0) {
+ current_conf->disable_genhomedircon = 1;
+ } else {
+ yyerror("disable-genhomedircon can only be 'true' or 'false'");
+ }
+ free($3);
+ }
+
+handle_unknown: HANDLE_UNKNOWN '=' ARG {
+ if (strcasecmp($3, "deny") == 0) {
+ current_conf->handle_unknown = SEPOL_DENY_UNKNOWN;
+ } else if (strcasecmp($3, "reject") == 0) {
+ current_conf->handle_unknown = SEPOL_REJECT_UNKNOWN;
+ } else if (strcasecmp($3, "allow") == 0) {
+ current_conf->handle_unknown = SEPOL_ALLOW_UNKNOWN;
+ } else {
+ yyerror("handle-unknown can only be 'deny', 'reject' or 'allow'");
+ }
+ free($3);
+ }
+
+command_block:
+ command_start external_opts BLOCK_END {
+ if (new_external->path == NULL) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+command_start:
+ LOAD_POLICY_START {
+ semanage_conf_external_prog_destroy(current_conf->load_policy);
+ current_conf->load_policy = NULL;
+ if (new_external_prog(¤t_conf->load_policy) == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ | SETFILES_START {
+ semanage_conf_external_prog_destroy(current_conf->setfiles);
+ current_conf->setfiles = NULL;
+ if (new_external_prog(¤t_conf->setfiles) == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_block: verify_start external_opts BLOCK_END {
+ if (new_external->path == NULL) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_start: verify_start_tok {
+ if ($1 == -1) {
+ parse_errors++;
+ YYABORT;
+ }
+ }
+ ;
+
+verify_start_tok: VERIFY_MOD_START {$$ = new_external_prog(¤t_conf->mod_prog);}
+ | VERIFY_LINKED_START {$$ = new_external_prog(¤t_conf->linked_prog);}
+ | VERIFY_KERNEL_START {$$ = new_external_prog(¤t_conf->kernel_prog);}
+ ;
+
+external_opts: external_opt external_opts
+ | /* empty */
+ ;
+
+external_opt: PROG_PATH '=' ARG { PASSIGN(new_external->path, $3); }
+ | PROG_ARGS '=' ARG { PASSIGN(new_external->args, $3); }
+ ;
+
+%%
+
+static int semanage_conf_init(semanage_conf_t * conf)
+{
+ conf->store_type = SEMANAGE_CON_DIRECT;
+ conf->store_path = strdup(basename(selinux_policy_root()));
+ conf->policyvers = sepol_policy_kern_vers_max();
+ conf->expand_check = 1;
+ conf->handle_unknown = -1;
+ conf->file_mode = 0644;
+
+ conf->save_previous = 0;
+ conf->save_linked = 0;
+
+ if ((conf->load_policy =
+ calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
+ return -1;
+ }
+ if ((conf->load_policy->path = strdup("/usr/sbin/load_policy")) == NULL) {
+ return -1;
+ }
+ conf->load_policy->args = NULL;
+
+ if ((conf->setfiles =
+ calloc(1, sizeof(*(current_conf->setfiles)))) == NULL) {
+ return -1;
+ }
+ if (access("/sbin/setfiles", X_OK) == 0) {
+ conf->setfiles->path = strdup("/sbin/setfiles");
+ } else {
+ conf->setfiles->path = strdup("/usr/sbin/setfiles");
+ }
+ if ((conf->setfiles->path == NULL) ||
+ (conf->setfiles->args = strdup("-q -c $@ $<")) == NULL) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/* Parse a libsemanage configuration file. THIS FUNCTION IS NOT
+ * THREAD-SAFE! Return a newly allocated semanage_conf_t *. If the
+ * configuration file could be read, parse it; otherwise rely upon
+ * default values. If the file could not be parsed correctly or if
+ * out of memory return NULL.
+ */
+semanage_conf_t *semanage_conf_parse(const char *config_filename)
+{
+ if ((current_conf = calloc(1, sizeof(*current_conf))) == NULL) {
+ return NULL;
+ }
+ if (semanage_conf_init(current_conf) == -1) {
+ goto cleanup;
+ }
+ if ((semanage_in = fopen(config_filename, "r")) == NULL) {
+ /* configuration file does not exist or could not be
+ * read. THIS IS NOT AN ERROR. just rely on the
+ * defaults. */
+ return current_conf;
+ }
+ parse_errors = 0;
+ semanage_parse();
+ fclose(semanage_in);
+ if (parse_errors != 0) {
+ goto cleanup;
+ }
+ return current_conf;
+ cleanup:
+ semanage_conf_destroy(current_conf);
+ return NULL;
+}
+
+static void semanage_conf_external_prog_destroy(external_prog_t * ep)
+{
+ while (ep != NULL) {
+ external_prog_t *next = ep->next;
+ free(ep->path);
+ free(ep->args);
+ free(ep);
+ ep = next;
+ }
+}
+
+/* Deallocates all space associated with a configuration struct,
+ * including the pointer itself. */
+void semanage_conf_destroy(semanage_conf_t * conf)
+{
+ if (conf != NULL) {
+ free(conf->store_path);
+ semanage_conf_external_prog_destroy(conf->load_policy);
+ semanage_conf_external_prog_destroy(conf->setfiles);
+ semanage_conf_external_prog_destroy(conf->mod_prog);
+ semanage_conf_external_prog_destroy(conf->linked_prog);
+ semanage_conf_external_prog_destroy(conf->kernel_prog);
+ free(conf);
+ }
+}
+
+int semanage_error(char *msg)
+{
+ fprintf(stderr, "error parsing semanage configuration file: %s\n", msg);
+ parse_errors++;
+ return 0;
+}
+
+/* Take the string argument for a module store. If it is exactly the
+ * word "direct" then have libsemanage directly manipulate the module
+ * store. The policy path will default to the active policy directory.
+ * Otherwise if it begins with a forward slash interpret it as
+ * an absolute path to a named socket, to which a policy server is
+ * listening on the other end. Otherwise treat it as the host name to
+ * an external server; if there is a colon in the name then everything
+ * after gives a port number. The default port number is 4242.
+ * Returns 0 on success, -1 if out of memory, -2 if a port number is
+ * illegal.
+ */
+static int parse_module_store(char *arg)
+{
+ /* arg is already a strdup()ed copy of yytext */
+ if (arg == NULL) {
+ return -1;
+ }
+ free(current_conf->store_path);
+ if (strcmp(arg, "direct") == 0) {
+ current_conf->store_type = SEMANAGE_CON_DIRECT;
+ current_conf->store_path =
+ strdup(basename(selinux_policy_root()));
+ current_conf->server_port = -1;
+ free(arg);
+ } else if (*arg == '/') {
+ current_conf->store_type = SEMANAGE_CON_POLSERV_LOCAL;
+ current_conf->store_path = arg;
+ current_conf->server_port = -1;
+ } else {
+ char *s;
+ current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
+ if ((s = strchr(arg, ':')) == NULL) {
+ current_conf->store_path = arg;
+ current_conf->server_port = 4242;
+ } else {
+ char *endptr;
+ *s = '\0';
+ current_conf->store_path = arg;
+ current_conf->server_port = strtol(s + 1, &endptr, 10);
+ if (*(s + 1) == '\0' || *endptr != '\0') {
+ return -2;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Helper function; called whenever configuration file specifies
+ * another external program. Returns 0 on success, -1 if out of
+ * memory.
+ */
+static int new_external_prog(external_prog_t ** chain)
+{
+ if ((new_external = calloc(1, sizeof(*new_external))) == NULL) {
+ return -1;
+ }
+ /* hook this new external program to the end of the chain */
+ if (*chain == NULL) {
+ *chain = new_external;
+ } else {
+ external_prog_t *prog = *chain;
+ while (prog->next != NULL) {
+ prog = prog->next;
+ }
+ prog->next = new_external;
+ }
+ return 0;
+}
diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
new file mode 100644
index 0000000..faa0aeb
--- /dev/null
+++ b/libsemanage/src/conf-scan.l
@@ -0,0 +1,94 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ * James Athey <jathey@tresys.com>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+%{
+#include "conf-parse.h"
+
+#include <ctype.h>
+#include <string.h>
+
+static char *my_strdup (char * s);
+static char *my_qstrdup (char * s);
+
+int yywrap(void);
+
+%}
+
+%option stack prefix="semanage_"
+%option noinput nounput noyy_push_state noyy_pop_state noyy_top_state
+
+%x arg
+
+%%
+
+#.* /* ignore comments */
+module-store return MODULE_STORE;
+policy-version return VERSION;
+expand-check return EXPAND_CHECK;
+file-mode return FILE_MODE;
+save-previous return SAVE_PREVIOUS;
+save-linked return SAVE_LINKED;
+disable-genhomedircon return DISABLE_GENHOMEDIRCON;
+handle-unknown return HANDLE_UNKNOWN;
+"[load_policy]" return LOAD_POLICY_START;
+"[setfiles]" return SETFILES_START;
+"[verify module]" return VERIFY_MOD_START;
+"[verify linked]" return VERIFY_LINKED_START;
+"[verify kernel]" return VERIFY_KERNEL_START;
+"[end]" return BLOCK_END;
+path return PROG_PATH;
+args return PROG_ARGS;
+[ \t]*=[ \t]* BEGIN arg; return '=';
+[ \t\n]+ /* ignore */
+. return semanage_text[0];
+<arg>\"\" BEGIN INITIAL; semanage_lval.s = NULL; return ARG;
+<arg>\".+\" BEGIN INITIAL; semanage_lval.s = my_qstrdup(semanage_text); return ARG;
+<arg>.*[^\"\n] BEGIN INITIAL; semanage_lval.s = my_strdup(semanage_text); return ARG;
+<arg>.|\n BEGIN INITIAL; semanage_lval.s = NULL; return ARG;
+
+%%
+
+int yywrap(void) {
+ return 1;
+}
+
+/* Like strdup(), but also trim leading and trailing whitespace.
+ * Returns NULL on error. */
+static char *my_strdup(char *s) {
+ char *t;
+ while (isspace(*s)) {
+ s++;
+ }
+ t = s + strlen(s) - 1;
+ while (t >= s && isspace(*t)) {
+ *t = '\0';
+ t--;
+ }
+ return strdup(s);
+}
+
+/* strdup() a string sans initial and trailing characters. Does /not/
+ * trim any whitespace. Returns NULL on error. */
+static char *my_qstrdup(char *s) {
+ s++;
+ s[strlen(s) - 1] = '\0';
+ return strdup(s);
+}
+
diff --git a/libsemanage/src/context_internal.h b/libsemanage/src/context_internal.h
new file mode 100644
index 0000000..729bfc8
--- /dev/null
+++ b/libsemanage/src/context_internal.h
@@ -0,0 +1,11 @@
+#ifndef _SEMANAGE_CONTEXT_INTERNAL_H_
+#define _SEMANAGE_CONTEXT_INTERNAL_H_
+
+#include <semanage/context_record.h>
+#include "dso.h"
+
+hidden_proto(semanage_context_clone)
+ hidden_proto(semanage_context_free)
+ hidden_proto(semanage_context_from_string)
+ hidden_proto(semanage_context_to_string)
+#endif
diff --git a/libsemanage/src/context_record.c b/libsemanage/src/context_record.c
new file mode 100644
index 0000000..a228565
--- /dev/null
+++ b/libsemanage/src/context_record.c
@@ -0,0 +1,110 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#include <sepol/context_record.h>
+#include "handle.h"
+
+typedef sepol_context_t semanage_context_t;
+
+#define _SEMANAGE_CONTEXT_DEFINED_
+#include "context_internal.h"
+
+/* User */
+const char *semanage_context_get_user(const semanage_context_t * con)
+{
+
+ return sepol_context_get_user(con);
+}
+
+int semanage_context_set_user(semanage_handle_t * handle,
+ semanage_context_t * con, const char *user)
+{
+
+ return sepol_context_set_user(handle->sepolh, con, user);
+}
+
+/* Role */
+const char *semanage_context_get_role(const semanage_context_t * con)
+{
+
+ return sepol_context_get_role(con);
+}
+
+int semanage_context_set_role(semanage_handle_t * handle,
+ semanage_context_t * con, const char *role)
+{
+
+ return sepol_context_set_role(handle->sepolh, con, role);
+}
+
+/* Type */
+const char *semanage_context_get_type(const semanage_context_t * con)
+{
+
+ return sepol_context_get_type(con);
+}
+
+int semanage_context_set_type(semanage_handle_t * handle,
+ semanage_context_t * con, const char *type)
+{
+
+ return sepol_context_set_type(handle->sepolh, con, type);
+}
+
+/* MLS */
+const char *semanage_context_get_mls(const semanage_context_t * con)
+{
+
+ return sepol_context_get_mls(con);
+}
+
+int semanage_context_set_mls(semanage_handle_t * handle,
+ semanage_context_t * con, const char *mls_range)
+{
+
+ return sepol_context_set_mls(handle->sepolh, con, mls_range);
+}
+
+/* Create/Clone/Destroy */
+int semanage_context_create(semanage_handle_t * handle,
+ semanage_context_t ** con_ptr)
+{
+
+ return sepol_context_create(handle->sepolh, con_ptr);
+}
+
+int semanage_context_clone(semanage_handle_t * handle,
+ const semanage_context_t * con,
+ semanage_context_t ** con_ptr)
+{
+
+ return sepol_context_clone(handle->sepolh, con, con_ptr);
+}
+
+hidden_def(semanage_context_clone)
+
+void semanage_context_free(semanage_context_t * con)
+{
+
+ sepol_context_free(con);
+}
+
+hidden_def(semanage_context_free)
+
+/* Parse to/from string */
+int semanage_context_from_string(semanage_handle_t * handle,
+ const char *str, semanage_context_t ** con)
+{
+
+ return sepol_context_from_string(handle->sepolh, str, con);
+}
+
+hidden_def(semanage_context_from_string)
+
+int semanage_context_to_string(semanage_handle_t * handle,
+ const semanage_context_t * con, char **str_ptr)
+{
+
+ return sepol_context_to_string(handle->sepolh, con, str_ptr);
+}
+
+hidden_def(semanage_context_to_string)
diff --git a/libsemanage/src/database.c b/libsemanage/src/database.c
new file mode 100644
index 0000000..faa3840
--- /dev/null
+++ b/libsemanage/src/database.c
@@ -0,0 +1,201 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#include <semanage/handle.h>
+#include "semanage_store.h"
+#include "semanage_conf.h"
+#include "database.h"
+#include "debug.h"
+
+static int assert_init(semanage_handle_t * handle, dbase_config_t * dconfig)
+{
+
+ if (dconfig->dtable == NULL) {
+
+ ERR(handle,
+ "A direct or server connection is needed "
+ "to use this function - please call "
+ "the corresponding connect() method");
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+static int enter_ro(semanage_handle_t * handle, dbase_config_t * dconfig)
+{
+
+ if (assert_init(handle, dconfig) < 0)
+ goto err;
+
+ if (!handle->is_in_transaction &&
+ handle->conf->store_type == SEMANAGE_CON_DIRECT) {
+
+ if (semanage_get_active_lock(handle) < 0) {
+ ERR(handle, "could not get the active lock");
+ goto err;
+ }
+ }
+
+ if (dconfig->dtable->cache(handle, dconfig->dbase) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not enter read-only section");
+ return STATUS_ERR;
+}
+
+static inline int exit_ro(semanage_handle_t * handle, dbase_config_t * dconfig)
+{
+
+ int commit_num = handle->funcs->get_serial(handle);
+
+ if (!handle->is_in_transaction &&
+ handle->conf->store_type == SEMANAGE_CON_DIRECT)
+ semanage_release_active_lock(handle);
+
+ return commit_num;
+}
+
+static int enter_rw(semanage_handle_t * handle, dbase_config_t * dconfig)
+{
+
+ if (assert_init(handle, dconfig) < 0)
+ goto err;
+
+ if (!handle->is_in_transaction) {
+ ERR(handle, "this operation requires a transaction");
+ goto err;
+ }
+
+ if (dconfig->dtable->cache(handle, dconfig->dbase) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not enter read-write section");
+ return STATUS_ERR;
+}
+
+int dbase_modify(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, const record_t * data)
+{
+
+ if (enter_rw(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->modify(handle, dconfig->dbase, key, data) < 0)
+ return STATUS_ERR;
+
+ return STATUS_SUCCESS;
+}
+
+int dbase_set(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, const record_t * data)
+{
+
+ if (enter_rw(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->set(handle, dconfig->dbase, key, data) < 0)
+ return STATUS_ERR;
+
+ return STATUS_SUCCESS;
+}
+
+int dbase_del(semanage_handle_t * handle,
+ dbase_config_t * dconfig, const record_key_t * key)
+{
+
+ if (enter_rw(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->del(handle, dconfig->dbase, key) < 0)
+ return STATUS_ERR;
+
+ return STATUS_SUCCESS;
+}
+
+int dbase_query(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, record_t ** response)
+{
+
+ if (enter_ro(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->query(handle, dconfig->dbase, key, response) < 0) {
+ exit_ro(handle, dconfig);
+ return STATUS_ERR;
+ }
+
+ return exit_ro(handle, dconfig);
+}
+
+int dbase_exists(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, int *response)
+{
+
+ if (enter_ro(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->exists(handle, dconfig->dbase, key, response) < 0) {
+ exit_ro(handle, dconfig);
+ return STATUS_ERR;
+ }
+
+ return exit_ro(handle, dconfig);
+}
+
+int dbase_count(semanage_handle_t * handle,
+ dbase_config_t * dconfig, unsigned int *response)
+{
+
+ if (enter_ro(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->count(handle, dconfig->dbase, response) < 0) {
+ exit_ro(handle, dconfig);
+ return STATUS_ERR;
+ }
+
+ return exit_ro(handle, dconfig);
+}
+
+int dbase_iterate(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ int (*fn) (const record_t * record,
+ void *fn_arg), void *fn_arg)
+{
+
+ if (enter_ro(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->iterate(handle, dconfig->dbase, fn, fn_arg) < 0) {
+ exit_ro(handle, dconfig);
+ return STATUS_ERR;
+ }
+
+ return exit_ro(handle, dconfig);
+}
+
+int dbase_list(semanage_handle_t * handle,
+ dbase_config_t * dconfig,
+ record_t *** records, unsigned int *count)
+{
+
+ if (enter_ro(handle, dconfig) < 0)
+ return STATUS_ERR;
+
+ if (dconfig->dtable->list(handle, dconfig->dbase, records, count) < 0) {
+ exit_ro(handle, dconfig);
+ return STATUS_ERR;
+ }
+
+ return exit_ro(handle, dconfig);
+}
diff --git a/libsemanage/src/database.h b/libsemanage/src/database.h
new file mode 100644
index 0000000..e460379
--- /dev/null
+++ b/libsemanage/src/database.h
@@ -0,0 +1,218 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_H_
+#define _SEMANAGE_DATABASE_H_
+
+#ifndef DBASE_RECORD_DEFINED
+typedef void *record_t;
+typedef void *record_key_t;
+#define DBASE_RECORD_DEFINED
+#endif
+
+#ifndef DBASE_DEFINED
+typedef void *dbase_t;
+#define DBASE_DEFINED
+#endif
+
+/* Circular dependency */
+struct semanage_handle;
+
+/* RECORD interface - method table */
+typedef struct record_table {
+
+ /* Create a record */
+ int (*create) (struct semanage_handle * handle, record_t ** rec);
+
+ /* Extract key from record */
+ int (*key_extract) (struct semanage_handle * handle,
+ const record_t * rec, record_key_t ** key);
+
+ /* Free record key */
+ void (*key_free) (record_key_t * key);
+
+ /* Return 0 if the record matches the key,
+ * -1 if the key represents a record that should
+ * be ordered before this record, and 1 if vice-versa */
+ int (*compare) (const record_t * rec, const record_key_t * key);
+
+ /* Return 0 if the record matches record2,
+ * -1 if record2 should be ordered before this record,
+ * and 1 if vice-versa */
+ int (*compare2) (const record_t * rec, const record_t * rec2);
+
+ /* Same as above, but dereferences the pointer first.
+ * This function is intenteded to be used as a qsort
+ * comparator. */
+ int (*compare2_qsort) (const record_t ** rec, const record_t ** rec2);
+
+ /* Deep-copy clone of this record */
+ int (*clone) (struct semanage_handle * handle,
+ const record_t * rec, record_t ** new_rec);
+
+ /* Deallocate record resources. Must sucessfully handle NULL. */
+ void (*free) (record_t * rec);
+
+} record_table_t;
+
+/* DBASE interface - method table */
+typedef struct dbase_table {
+
+ /* --------------- Database Functionality ----------- */
+
+ /* Note: In all the functions below, the key is property
+ * of the caller, and will not be modified by the database.
+ * In add/set/modify, the data is also property of the caller */
+
+ /* Add the specified record to
+ * the database. No check for duplicates is performed */
+ int (*add) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+ /* Add the specified record to the
+ * database if it not present.
+ * If it's present, replace it
+ */
+ int (*modify) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+ /* Modify the specified record in the database
+ * if it is present. Fail if it does not yet exist
+ */
+ int (*set) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+ /* Delete a record */
+ int (*del) (struct semanage_handle * handle,
+ dbase_t * dbase, const record_key_t * key);
+
+ /* Clear all records, and leave the database in
+ * cached, modified state. This function does
+ * not require a call to cache() */
+ int (*clear) (struct semanage_handle * handle, dbase_t * dbase);
+
+ /* Retrieve a record
+ *
+ * Note: the resultant record
+ * becomes property of the caller, and
+ * must be freed accordingly */
+
+ int (*query) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ const record_key_t * key, record_t ** response);
+
+ /* Check if a record exists */
+ int (*exists) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ const record_key_t * key, int *response);
+
+ /* Count the number of records */
+ int (*count) (struct semanage_handle * handle,
+ dbase_t * dbase, unsigned int *response);
+
+ /* Execute the specified handler over
+ * the records of this database. The handler
+ * can signal a successful exit by returning 1,
+ * an error exit by returning -1, and continue by
+ * returning 0
+ *
+ * Note: The record passed into the iterate handler
+ * may or may not persist after the handler invocation,
+ * and writing to it has unspecified behavior. It *must*
+ * be cloned if modified, or preserved.
+ *
+ * Note: The iterate handler may not invoke any other
+ * semanage read functions outside a transaction. It is only
+ * reentrant while in transaction. The iterate handler may
+ * not modify the underlying database.
+ */
+ int (*iterate) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ int (*fn) (const record_t * record,
+ void *varg), void *fn_arg);
+
+ /* Construct a list of all records in this database
+ *
+ * Note: The list returned becomes property of the caller,
+ * and must be freed accordingly.
+ */
+ int (*list) (struct semanage_handle * handle,
+ dbase_t * dbase,
+ record_t *** records, unsigned int *count);
+
+ /* ---------- Cache/Transaction Management ---------- */
+
+ /* Cache the database (if supported).
+ * This function must be invoked before using
+ * any of the database functions above. It may be invoked
+ * multiple times, and will update the cache if a commit
+ * occured between invocations */
+ int (*cache) (struct semanage_handle * handle, dbase_t * dbase);
+
+ /* Forgets all changes that haven't been written
+ * to the database backend */
+ void (*drop_cache) (dbase_t * dbase);
+
+ /* Checks if there are any changes not written to the backend */
+ int (*is_modified) (dbase_t * dbase);
+
+ /* Writes the database changes to its backend */
+ int (*flush) (struct semanage_handle * handle, dbase_t * dbase);
+
+ /* ------------- Polymorphism ----------------------- */
+
+ /* Retrieves the record table for this database,
+ * which specifies how to perform basic operations
+ * on each record. */
+ record_table_t *(*get_rtable) (dbase_t * dbase);
+
+} dbase_table_t;
+
+typedef struct dbase_config {
+
+ /* Database state */
+ dbase_t *dbase;
+
+ /* Database methods */
+ dbase_table_t *dtable;
+
+} dbase_config_t;
+
+extern int dbase_add(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_modify(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_set(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_del(struct semanage_handle *handle,
+ dbase_config_t * dconfig, const record_key_t * key);
+
+extern int dbase_query(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, record_t ** response);
+
+extern int dbase_exists(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ const record_key_t * key, int *response);
+
+extern int dbase_count(struct semanage_handle *handle,
+ dbase_config_t * dconfig, unsigned int *response);
+
+extern int dbase_iterate(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ int (*fn) (const record_t * record,
+ void *fn_arg), void *fn_arg);
+
+extern int dbase_list(struct semanage_handle *handle,
+ dbase_config_t * dconfig,
+ record_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/src/database_activedb.c b/libsemanage/src/database_activedb.c
new file mode 100644
index 0000000..1cce0b8
--- /dev/null
+++ b/libsemanage/src/database_activedb.c
@@ -0,0 +1,169 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: dbase_activedb_t (Active/Kernel)
+ * Extends: dbase_llist_t (Linked List)
+ * Implements: dbase_t (Database)
+ */
+
+struct dbase_activedb;
+typedef struct dbase_activedb dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "debug.h"
+#include "handle.h"
+#include "database_activedb.h"
+#include "database_llist.h"
+
+/* ACTIVEDB dbase */
+struct dbase_activedb {
+
+ /* Parent object - must always be
+ * the first field - here we are using
+ * a linked list to store the records */
+ dbase_llist_t llist;
+
+ /* ACTIVEDB extension */
+ record_activedb_table_t *ratable;
+};
+
+static int dbase_activedb_cache(semanage_handle_t * handle,
+ dbase_activedb_t * dbase)
+{
+
+ record_table_t *rtable = dbase_llist_get_rtable(&dbase->llist);
+ record_activedb_table_t *ratable = dbase->ratable;
+
+ record_t **records = NULL;
+ unsigned int rcount = 0;
+ unsigned int i = 0;
+
+ /* Already cached */
+ if (!dbase_llist_needs_resync(handle, &dbase->llist))
+ return STATUS_SUCCESS;
+
+ /* Update cache serial */
+ dbase_llist_cache_init(&dbase->llist);
+ if (dbase_llist_set_serial(handle, &dbase->llist) < 0)
+ goto err;
+
+ /* Fetch the entire list */
+ if (ratable->read_list(handle, &records, &rcount) < 0)
+ goto err;
+
+ /* Add records one by one */
+ for (; i < rcount; i++) {
+ if (dbase_llist_cache_prepend(handle, &dbase->llist, records[i])
+ < 0)
+ goto err;
+ rtable->free(records[i]);
+ }
+
+ free(records);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not cache active database");
+ for (; i < rcount; i++)
+ rtable->free(records[i]);
+ dbase_llist_drop_cache(&dbase->llist);
+ free(records);
+ return STATUS_ERR;
+}
+
+static int dbase_activedb_flush(semanage_handle_t * handle,
+ dbase_activedb_t * dbase)
+{
+
+ record_table_t *rtable = dbase_llist_get_rtable(&dbase->llist);
+ record_activedb_table_t *ratable = dbase->ratable;
+
+ record_t **records = NULL;
+ unsigned int rcount = 0;
+ unsigned int i;
+
+ /* Not cached, or not modified - flush is not necessary */
+ if (!dbase_llist_is_modified(&dbase->llist))
+ return STATUS_SUCCESS;
+
+ /* Fetch list */
+ if (dbase_llist_list(handle, &dbase->llist, &records, &rcount) < 0)
+ goto err;
+
+ /* Commit */
+ if (ratable->commit_list(handle, records, rcount) < 0)
+ goto err;
+
+ for (i = 0; i < rcount; i++)
+ rtable->free(records[i]);
+ free(records);
+ dbase_llist_set_modified(&dbase->llist, 0);
+ return STATUS_SUCCESS;
+
+ err:
+ for (i = 0; i < rcount; i++)
+ rtable->free(records[i]);
+ free(records);
+ ERR(handle, "could not flush active database");
+ return STATUS_ERR;
+}
+
+int dbase_activedb_init(semanage_handle_t * handle,
+ record_table_t * rtable,
+ record_activedb_table_t * ratable,
+ dbase_activedb_t ** dbase)
+{
+
+ dbase_activedb_t *tmp_dbase =
+ (dbase_activedb_t *) malloc(sizeof(dbase_activedb_t));
+
+ if (!tmp_dbase)
+ goto omem;
+
+ tmp_dbase->ratable = ratable;
+ dbase_llist_init(&tmp_dbase->llist, rtable, &SEMANAGE_ACTIVEDB_DTABLE);
+
+ *dbase = tmp_dbase;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not initialize active database");
+ free(tmp_dbase);
+ return STATUS_ERR;
+}
+
+/* Release dbase resources */
+void dbase_activedb_release(dbase_activedb_t * dbase)
+{
+
+ dbase_llist_drop_cache(&dbase->llist);
+ free(dbase);
+}
+
+/* ACTIVEDB dbase - method table implementation */
+dbase_table_t SEMANAGE_ACTIVEDB_DTABLE = {
+
+ /* Cache/Transactions */
+ .cache = dbase_activedb_cache,
+ .drop_cache = (void *)dbase_llist_drop_cache,
+ .flush = dbase_activedb_flush,
+ .is_modified = (void *)dbase_llist_is_modified,
+
+ /* Database API */
+ .iterate = (void *)dbase_llist_iterate,
+ .exists = (void *)dbase_llist_exists,
+ .list = (void *)dbase_llist_list,
+ .add = (void *)dbase_llist_add,
+ .set = (void *)dbase_llist_set,
+ .del = (void *)dbase_llist_del,
+ .clear = (void *)dbase_llist_clear,
+ .modify = (void *)dbase_llist_modify,
+ .query = (void *)dbase_llist_query,
+ .count = (void *)dbase_llist_count,
+
+ /* Polymorphism */
+ .get_rtable = (void *)dbase_llist_get_rtable
+};
diff --git a/libsemanage/src/database_activedb.h b/libsemanage/src/database_activedb.h
new file mode 100644
index 0000000..37196c9
--- /dev/null
+++ b/libsemanage/src/database_activedb.h
@@ -0,0 +1,37 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_ACTIVEDB_INTERNAL_H_
+#define _SEMANAGE_DATABASE_ACTIVEDB_INTERNAL_H_
+
+#include "database.h"
+#include "handle.h"
+
+struct dbase_activedb;
+typedef struct dbase_activedb dbase_activedb_t;
+
+/* ACTIVEDB extension to RECORD interface - method table */
+typedef struct record_activedb_table {
+
+ /* Read a list of records */
+ int (*read_list) (semanage_handle_t * handle,
+ record_t *** records, unsigned int *count);
+
+ /* Commit a list of records */
+ int (*commit_list) (semanage_handle_t * handle,
+ record_t ** records, unsigned int count);
+
+} record_activedb_table_t;
+
+/* ACTIVEDB - initialization */
+extern int dbase_activedb_init(semanage_handle_t * handle,
+ record_table_t * rtable,
+ record_activedb_table_t * ratable,
+ dbase_activedb_t ** dbase);
+
+/* ACTIVEDB - release */
+extern void dbase_activedb_release(dbase_activedb_t * dbase);
+
+/* ACTIVEDB - method table implementation */
+extern dbase_table_t SEMANAGE_ACTIVEDB_DTABLE;
+
+#endif
diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
new file mode 100644
index 0000000..2b53521
--- /dev/null
+++ b/libsemanage/src/database_file.c
@@ -0,0 +1,243 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: dbase_file_t (File)
+ * Extends: dbase_llist_t (Linked List)
+ * Implements: dbase_t (Database)
+ */
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include "debug.h"
+#include "handle.h"
+#include "parse_utils.h"
+#include "database_file.h"
+#include "database_llist.h"
+#include "semanage_store.h"
+
+/* FILE dbase */
+struct dbase_file {
+
+ /* Parent object - must always be
+ * the first field - here we are using
+ * a linked list to store the records */
+ dbase_llist_t llist;
+
+ /* Backing file suffix */
+ const char *suffix;
+
+ /* FILE extension */
+ record_file_table_t *rftable;
+};
+
+static int construct_filename(semanage_handle_t * handle,
+ dbase_file_t * dbase, char **filename)
+{
+
+ const char *path = (handle->is_in_transaction) ?
+ semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL) :
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
+
+ size_t fname_length = strlen(path) + strlen(dbase->suffix) + 2;
+
+ char *fname = malloc(fname_length);
+ if (!fname) {
+ ERR(handle, "out of memory, could not construct filename");
+ return STATUS_ERR;
+ }
+ snprintf(fname, fname_length, "%s/%s", path, dbase->suffix);
+
+ *filename = fname;
+ return STATUS_SUCCESS;
+}
+
+static int dbase_file_cache(semanage_handle_t * handle, dbase_file_t * dbase)
+{
+
+ record_table_t *rtable = dbase_llist_get_rtable(&dbase->llist);
+ record_file_table_t *rftable = dbase->rftable;
+
+ record_t *process_record = NULL;
+ int pstatus = STATUS_SUCCESS;
+
+ parse_info_t *parse_info = NULL;
+ char *fname = NULL;
+
+ /* Already cached */
+ if (!dbase_llist_needs_resync(handle, &dbase->llist))
+ return STATUS_SUCCESS;
+
+ /* Update cache serial */
+ dbase_llist_cache_init(&dbase->llist);
+ if (dbase_llist_set_serial(handle, &dbase->llist) < 0)
+ goto err;
+
+ if (construct_filename(handle, dbase, &fname) < 0)
+ goto err;
+
+ if (parse_init(handle, fname, NULL, &parse_info) < 0)
+ goto err;
+
+ if (parse_open(handle, parse_info) < 0)
+ goto err;
+
+ /* Main processing loop */
+ do {
+
+ /* Create record */
+ if (rtable->create(handle, &process_record) < 0)
+ goto err;
+
+ /* Parse record */
+ pstatus = rftable->parse(handle, parse_info, process_record);
+
+ /* Parse error */
+ if (pstatus < 0)
+ goto err;
+
+ /* End of file */
+ else if (pstatus == STATUS_NODATA)
+ break;
+
+ /* Prepend to cache */
+ if (dbase_llist_cache_prepend(handle, &dbase->llist,
+ process_record) < 0)
+ goto err;
+
+ rtable->free(process_record);
+ process_record = NULL;
+
+ } while (pstatus != STATUS_NODATA);
+
+ rtable->free(process_record);
+ parse_close(parse_info);
+ parse_release(parse_info);
+ free(fname);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not cache file database");
+ rtable->free(process_record);
+ if (parse_info) {
+ parse_close(parse_info);
+ parse_release(parse_info);
+ }
+ dbase_llist_drop_cache(&dbase->llist);
+ free(fname);
+ return STATUS_ERR;
+}
+
+/* Flush database to file */
+static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
+{
+
+ record_file_table_t *rftable = dbase->rftable;
+
+ cache_entry_t *ptr;
+ char *fname = NULL;
+ FILE *str = NULL;
+
+ if (!dbase_llist_is_modified(&dbase->llist))
+ return STATUS_SUCCESS;
+
+ if (construct_filename(handle, dbase, &fname) < 0)
+ goto err;
+
+ str = fopen(fname, "w");
+ if (!str) {
+ ERR(handle, "could not open %s for writing: %s",
+ fname, strerror(errno));
+ goto err;
+ }
+ __fsetlocking(str, FSETLOCKING_BYCALLER);
+
+ if (fprintf(str, "# This file is auto-generated by libsemanage\n"
+ "# Do not edit directly.\n\n") < 0) {
+
+ ERR(handle, "could not write file header for %s", fname);
+ goto err;
+ }
+
+ for (ptr = dbase->llist.cache_tail; ptr != NULL; ptr = ptr->prev) {
+ if (rftable->print(handle, ptr->data, str) < 0)
+ goto err;
+ }
+
+ dbase_llist_set_modified(&dbase->llist, 0);
+ fclose(str);
+ free(fname);
+ return STATUS_SUCCESS;
+
+ err:
+ if (str != NULL)
+ fclose(str);
+
+ ERR(handle, "could not flush database to file");
+ free(fname);
+ return STATUS_ERR;
+}
+
+int dbase_file_init(semanage_handle_t * handle,
+ const char *suffix,
+ record_table_t * rtable,
+ record_file_table_t * rftable, dbase_file_t ** dbase)
+{
+
+ dbase_file_t *tmp_dbase = (dbase_file_t *) malloc(sizeof(dbase_file_t));
+
+ if (!tmp_dbase)
+ goto omem;
+
+ tmp_dbase->suffix = suffix;
+ tmp_dbase->rftable = rftable;
+ dbase_llist_init(&tmp_dbase->llist, rtable, &SEMANAGE_FILE_DTABLE);
+
+ *dbase = tmp_dbase;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not initialize file database");
+ free(tmp_dbase);
+ return STATUS_ERR;
+}
+
+/* Release dbase resources */
+void dbase_file_release(dbase_file_t * dbase)
+{
+
+ dbase_llist_drop_cache(&dbase->llist);
+ free(dbase);
+}
+
+/* FILE dbase - method table implementation */
+dbase_table_t SEMANAGE_FILE_DTABLE = {
+
+ /* Cache/Transactions */
+ .cache = dbase_file_cache,
+ .drop_cache = (void *)dbase_llist_drop_cache,
+ .flush = dbase_file_flush,
+ .is_modified = (void *)dbase_llist_is_modified,
+
+ /* Database API */
+ .iterate = (void *)dbase_llist_iterate,
+ .exists = (void *)dbase_llist_exists,
+ .list = (void *)dbase_llist_list,
+ .add = (void *)dbase_llist_add,
+ .set = (void *)dbase_llist_set,
+ .del = (void *)dbase_llist_del,
+ .clear = (void *)dbase_llist_clear,
+ .modify = (void *)dbase_llist_modify,
+ .query = (void *)dbase_llist_query,
+ .count = (void *)dbase_llist_count,
+
+ /* Polymorphism */
+ .get_rtable = (void *)dbase_llist_get_rtable
+};
diff --git a/libsemanage/src/database_file.h b/libsemanage/src/database_file.h
new file mode 100644
index 0000000..717e349
--- /dev/null
+++ b/libsemanage/src/database_file.h
@@ -0,0 +1,42 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_FILE_INTERNAL_H_
+#define _SEMANAGE_DATABASE_FILE_INTERNAL_H_
+
+#include <stdio.h>
+#include "database.h"
+#include "parse_utils.h"
+#include "handle.h"
+
+struct dbase_file;
+typedef struct dbase_file dbase_file_t;
+
+/* FILE extension to RECORD interface - method table */
+typedef struct record_file_table {
+
+ /* Fill record structuure based on supplied parse info.
+ * Parser must return STATUS_NODATA when EOF is encountered.
+ * Parser must handle NULL file stream correctly */
+ int (*parse) (semanage_handle_t * handle,
+ parse_info_t * info, record_t * record);
+
+ /* Print record to stream */
+ int (*print) (semanage_handle_t * handle,
+ record_t * record, FILE * str);
+
+} record_file_table_t;
+
+/* FILE - initialization */
+extern int dbase_file_init(semanage_handle_t * handle,
+ const char *suffix,
+ record_table_t * rtable,
+ record_file_table_t * rftable,
+ dbase_file_t ** dbase);
+
+/* FILE - release */
+extern void dbase_file_release(dbase_file_t * dbase);
+
+/* FILE - method table implementation */
+extern dbase_table_t SEMANAGE_FILE_DTABLE;
+
+#endif
diff --git a/libsemanage/src/database_join.c b/libsemanage/src/database_join.c
new file mode 100644
index 0000000..b9b35a6
--- /dev/null
+++ b/libsemanage/src/database_join.c
@@ -0,0 +1,297 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: dbase_join_t (Join)
+ * Extends: dbase_llist_t (Linked List)
+ * Implements: dbase_t (Database)
+ */
+
+struct dbase_join;
+typedef struct dbase_join dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+
+#include "user_internal.h"
+#include "debug.h"
+#include "handle.h"
+#include "database_join.h"
+#include "database_llist.h"
+
+/* JOIN dbase */
+struct dbase_join {
+
+ /* Parent object - must always be
+ * the first field - here we are using
+ * a linked list to store the records */
+ dbase_llist_t llist;
+
+ /* Backing databases - for each
+ * thing being joined */
+ dbase_config_t *join1;
+ dbase_config_t *join2;
+
+ /* JOIN extension */
+ record_join_table_t *rjtable;
+};
+
+static int dbase_join_cache(semanage_handle_t * handle, dbase_join_t * dbase)
+{
+
+ /* Extract all the object tables information */
+ dbase_t *dbase1 = dbase->join1->dbase;
+ dbase_t *dbase2 = dbase->join2->dbase;
+ dbase_table_t *dtable1 = dbase->join1->dtable;
+ dbase_table_t *dtable2 = dbase->join2->dtable;
+ record_table_t *rtable = dbase_llist_get_rtable(&dbase->llist);
+ record_join_table_t *rjtable = dbase->rjtable;
+ record_table_t *rtable1 = dtable1->get_rtable(dbase1);
+ record_table_t *rtable2 = dtable2->get_rtable(dbase2);
+
+ record_key_t *rkey = NULL;
+ record_t *record = NULL;
+ record1_t **records1 = NULL;
+ record2_t **records2 = NULL;
+ unsigned int rcount1 = 0, rcount2 = 0, i = 0, j = 0;
+
+ /* Already cached */
+ if (!dbase_llist_needs_resync(handle, &dbase->llist))
+ return STATUS_SUCCESS;
+
+ /* Update cache serial */
+ dbase_llist_cache_init(&dbase->llist);
+ if (dbase_llist_set_serial(handle, &dbase->llist) < 0)
+ goto err;
+
+ /* First cache any child dbase, which must
+ * be the first thing done when calling dbase
+ * functions internally */
+ if (dtable1->cache(handle, dbase1) < 0)
+ goto err;
+ if (dtable2->cache(handle, dbase2) < 0)
+ goto err;
+
+ /* Fetch records */
+ if (dtable1->list(handle, dbase1, &records1, &rcount1) < 0)
+ goto err;
+ if (dtable2->list(handle, dbase2, &records2, &rcount2) < 0)
+ goto err;
+
+ /* Sort for quicker merge later */
+ qsort(records1, rcount1, sizeof(record1_t *),
+ (int (*)(const void *, const void *))rtable1->compare2_qsort);
+ qsort(records2, rcount2, sizeof(record2_t *),
+ (int (*)(const void *, const void *))rtable2->compare2_qsort);
+
+ /* Now merge into this dbase */
+ while (i < rcount1 || j < rcount2) {
+ int rc;
+
+ /* End of one list, or the other */
+ if (i == rcount1)
+ rc = -1;
+ else if (j == rcount2)
+ rc = 1;
+
+ /* Still more records to go, compare them */
+ else {
+ if (rtable1->key_extract(handle, records1[i], &rkey) <
+ 0)
+ goto err;
+
+ rc = rtable2->compare(records2[j], rkey);
+
+ rtable->key_free(rkey);
+ rkey = NULL;
+ }
+
+ /* Missing record1 data */
+ if (rc < 0) {
+ if (rjtable->join(handle, NULL,
+ records2[j], &record) < 0)
+ goto err;
+ j++;
+ }
+
+ /* Missing record2 data */
+ else if (rc > 0) {
+ if (rjtable->join(handle, records1[i],
+ NULL, &record) < 0)
+ goto err;
+ i++;
+ }
+
+ /* Both records available */
+ else {
+ if (rjtable->join(handle, records1[i],
+ records2[j], &record) < 0)
+ goto err;
+
+ i++;
+ j++;
+ }
+
+ /* Add result record to database */
+ if (dbase_llist_cache_prepend(handle, &dbase->llist, record) <
+ 0)
+ goto err;
+
+ rtable->free(record);
+ record = NULL;
+ }
+
+ /* Update cache serial */
+ if (dbase_llist_set_serial(handle, &dbase->llist) < 0)
+ goto err;
+
+ for (i = 0; i < rcount1; i++)
+ rtable1->free(records1[i]);
+ for (i = 0; i < rcount2; i++)
+ rtable2->free(records2[i]);
+ free(records1);
+ free(records2);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not cache join database");
+ for (i = 0; i < rcount1; i++)
+ rtable1->free(records1[i]);
+ for (i = 0; i < rcount2; i++)
+ rtable2->free(records2[i]);
+ free(records1);
+ free(records2);
+ rtable->key_free(rkey);
+ rtable->free(record);
+ dbase_llist_drop_cache(&dbase->llist);
+ return STATUS_ERR;
+}
+
+/* Flush database */
+static int dbase_join_flush(semanage_handle_t * handle, dbase_join_t * dbase)
+{
+
+ /* Extract all the object tables information */
+ dbase_t *dbase1 = dbase->join1->dbase;
+ dbase_t *dbase2 = dbase->join2->dbase;
+ dbase_table_t *dtable1 = dbase->join1->dtable;
+ dbase_table_t *dtable2 = dbase->join2->dtable;
+ record_table_t *rtable = dbase_llist_get_rtable(&dbase->llist);
+ record_join_table_t *rjtable = dbase->rjtable;
+ record_table_t *rtable1 = dtable1->get_rtable(dbase1);
+ record_table_t *rtable2 = dtable2->get_rtable(dbase2);
+
+ cache_entry_t *ptr;
+ record_key_t *rkey = NULL;
+ record1_t *record1 = NULL;
+ record2_t *record2 = NULL;
+
+ /* No effect of flush */
+ if (!dbase_llist_is_modified(&dbase->llist))
+ return STATUS_SUCCESS;
+
+ /* Then clear all records from the cache.
+ * This is *not* the same as dropping the cache - it's an explicit
+ * request to delete all current records. We need to do
+ * this because we don't store delete deltas for the join,
+ * so we must re-add all records from scratch */
+ if (dtable1->clear(handle, dbase1) < 0)
+ goto err;
+ if (dtable2->clear(handle, dbase2) < 0)
+ goto err;
+
+ /* For each record, split, and add parts into their corresponding databases */
+ for (ptr = dbase->llist.cache_tail; ptr != NULL; ptr = ptr->prev) {
+
+ if (rtable->key_extract(handle, ptr->data, &rkey) < 0)
+ goto err;
+
+ if (rjtable->split(handle, ptr->data, &record1, &record2) < 0)
+ goto err;
+
+ if (dtable1->add(handle, dbase1, rkey, record1) < 0)
+ goto err;
+
+ if (dtable2->add(handle, dbase2, rkey, record2) < 0)
+ goto err;
+
+ rtable->key_free(rkey);
+ rtable1->free(record1);
+ rtable2->free(record2);
+ rkey = NULL;
+ record1 = NULL;
+ record2 = NULL;
+ }
+
+ /* Note that this function does not flush the child databases, it
+ * leaves that decision up to higher-level code */
+
+ dbase_llist_set_modified(&dbase->llist, 0);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not flush join database");
+ rtable->key_free(rkey);
+ rtable1->free(record1);
+ rtable2->free(record2);
+ return STATUS_ERR;
+}
+
+int dbase_join_init(semanage_handle_t * handle,
+ record_table_t * rtable,
+ record_join_table_t * rjtable,
+ dbase_config_t * join1,
+ dbase_config_t * join2, dbase_t ** dbase)
+{
+
+ dbase_join_t *tmp_dbase = malloc(sizeof(dbase_join_t));
+
+ if (!tmp_dbase)
+ goto omem;
+
+ dbase_llist_init(&tmp_dbase->llist, rtable, &SEMANAGE_JOIN_DTABLE);
+
+ tmp_dbase->rjtable = rjtable;
+ tmp_dbase->join1 = join1;
+ tmp_dbase->join2 = join2;
+
+ *dbase = tmp_dbase;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not initialize join database");
+ free(tmp_dbase);
+ return STATUS_ERR;
+}
+
+/* Release dbase resources */
+void dbase_join_release(dbase_join_t * dbase)
+{
+
+ dbase_llist_drop_cache(&dbase->llist);
+ free(dbase);
+}
+
+/* JOIN dbase - method table implementation */
+dbase_table_t SEMANAGE_JOIN_DTABLE = {
+
+ /* Cache/Transactions */
+ .cache = dbase_join_cache,
+ .drop_cache = (void *)dbase_llist_drop_cache,
+ .flush = dbase_join_flush,
+ .is_modified = (void *)dbase_llist_is_modified,
+
+ /* Database API */
+ .iterate = (void *)dbase_llist_iterate,
+ .exists = (void *)dbase_llist_exists,
+ .list = (void *)dbase_llist_list,
+ .add = (void *)dbase_llist_add,
+ .set = (void *)dbase_llist_set,
+ .del = (void *)dbase_llist_del,
+ .clear = (void *)dbase_llist_clear,
+ .modify = (void *)dbase_llist_modify,
+ .query = (void *)dbase_llist_query,
+ .count = (void *)dbase_llist_count,
+
+ /* Polymorphism */
+ .get_rtable = (void *)dbase_llist_get_rtable
+};
diff --git a/libsemanage/src/database_join.h b/libsemanage/src/database_join.h
new file mode 100644
index 0000000..d477fc4
--- /dev/null
+++ b/libsemanage/src/database_join.h
@@ -0,0 +1,47 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_JOIN_INTERNAL_H_
+#define _SEMANAGE_DATABASE_JOIN_INTERNAL_H_
+
+#include "database.h"
+#include "handle.h"
+
+#ifndef DBASE_RECORD_JOIN_DEFINED
+typedef void *record1_t;
+typedef void *record2_t;
+#define DBASE_RECORD_JOIN_DEFINED
+#endif
+
+struct dbase_join;
+typedef struct dbase_join dbase_join_t;
+
+/* JOIN extension to RECORD interface - method table */
+typedef struct record_join_table {
+
+ /* Join two records together.
+ * One of the provided records could be NULL */
+ int (*join) (semanage_handle_t * handle,
+ const record1_t * record1,
+ const record2_t * record2, record_t ** result);
+
+ /* Splits a record into two */
+ int (*split) (semanage_handle_t * handle,
+ const record_t * record,
+ record1_t ** split1, record2_t ** split2);
+
+} record_join_table_t;
+
+/* JOIN - initialization */
+extern int dbase_join_init(semanage_handle_t * handle,
+ record_table_t * rtable,
+ record_join_table_t * rjtable,
+ dbase_config_t * join1,
+ dbase_config_t * join2, dbase_join_t ** dbase);
+
+/* FILE - release */
+extern void dbase_join_release(dbase_join_t * dbase);
+
+/* JOIN - method table implementation */
+extern dbase_table_t SEMANAGE_JOIN_DTABLE;
+
+#endif
diff --git a/libsemanage/src/database_llist.c b/libsemanage/src/database_llist.c
new file mode 100644
index 0000000..1cb7454
--- /dev/null
+++ b/libsemanage/src/database_llist.c
@@ -0,0 +1,376 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: dbase_llist_t (Linked List)
+ * Partially Implements: dbase_t (Database)
+ */
+
+struct dbase_llist;
+typedef struct dbase_llist dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include "debug.h"
+#include "handle.h"
+#include "database_llist.h"
+
+int dbase_llist_needs_resync(semanage_handle_t * handle, dbase_llist_t * dbase)
+{
+
+ int cache_serial;
+
+ if (dbase->cache_serial < 0)
+ return 1;
+
+ cache_serial = handle->funcs->get_serial(handle);
+ if (cache_serial < 0)
+ return 1;
+
+ if (cache_serial != dbase->cache_serial) {
+ dbase_llist_drop_cache(dbase);
+ dbase->cache_serial = -1;
+ return 1;
+ }
+ return 0;
+}
+
+/* Helper for adding records to the cache */
+int dbase_llist_cache_prepend(semanage_handle_t * handle,
+ dbase_llist_t * dbase, const record_t * data)
+{
+
+ /* Initialize */
+ cache_entry_t *entry = (cache_entry_t *) malloc(sizeof(cache_entry_t));
+ if (entry == NULL)
+ goto omem;
+
+ if (dbase->rtable->clone(handle, data, &entry->data) < 0)
+ goto err;
+
+ entry->prev = NULL;
+ entry->next = dbase->cache;
+
+ /* Link */
+ if (dbase->cache != NULL)
+ dbase->cache->prev = entry;
+ if (dbase->cache_tail == NULL)
+ dbase->cache_tail = entry;
+ dbase->cache = entry;
+ dbase->cache_sz++;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not cache record");
+ free(entry);
+ return STATUS_ERR;
+}
+
+void dbase_llist_drop_cache(dbase_llist_t * dbase)
+{
+
+ if (dbase->cache_serial < 0)
+ return;
+
+ cache_entry_t *prev, *ptr = dbase->cache;
+ while (ptr != NULL) {
+ prev = ptr;
+ ptr = ptr->next;
+ dbase->rtable->free(prev->data);
+ free(prev);
+ }
+
+ dbase->cache_serial = -1;
+ dbase->modified = 0;
+}
+
+int dbase_llist_set_serial(semanage_handle_t * handle, dbase_llist_t * dbase)
+{
+
+ int cache_serial = handle->funcs->get_serial(handle);
+ if (cache_serial < 0) {
+ ERR(handle, "could not update cache serial");
+ return STATUS_ERR;
+ }
+
+ dbase->cache_serial = cache_serial;
+ return STATUS_SUCCESS;
+}
+
+/* Helper for finding records in the cache */
+static int dbase_llist_cache_locate(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key,
+ cache_entry_t ** entry)
+{
+
+ cache_entry_t *ptr;
+
+ /* Implemented in parent */
+ if (dbase->dtable->cache(handle, dbase) < 0)
+ goto err;
+
+ for (ptr = dbase->cache; ptr != NULL; ptr = ptr->next) {
+ if (!dbase->rtable->compare(ptr->data, key)) {
+ *entry = ptr;
+ return STATUS_SUCCESS;
+ }
+ }
+
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not complete cache lookup");
+ return STATUS_ERR;
+}
+
+int dbase_llist_exists(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, int *response)
+{
+
+ cache_entry_t *entry;
+ int status;
+
+ status = dbase_llist_cache_locate(handle, dbase, key, &entry);
+ if (status < 0)
+ goto err;
+
+ *response = (status != STATUS_NODATA);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not check if record exists");
+ return STATUS_ERR;
+}
+
+int dbase_llist_add(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data)
+{
+
+ if (dbase_llist_cache_prepend(handle, dbase, data) < 0)
+ goto err;
+
+ key = NULL;
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not add record to the database");
+ return STATUS_ERR;
+}
+
+int dbase_llist_set(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data)
+{
+
+ cache_entry_t *entry;
+ int status;
+
+ status = dbase_llist_cache_locate(handle, dbase, key, &entry);
+ if (status < 0)
+ goto err;
+ if (status == STATUS_NODATA) {
+ ERR(handle, "record not found in the database");
+ goto err;
+ } else {
+ dbase->rtable->free(entry->data);
+ if (dbase->rtable->clone(handle, data, &entry->data) < 0)
+ goto err;
+ }
+
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not set record value");
+ return STATUS_ERR;
+}
+
+int dbase_llist_modify(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data)
+{
+
+ cache_entry_t *entry;
+ int status;
+
+ status = dbase_llist_cache_locate(handle, dbase, key, &entry);
+ if (status < 0)
+ goto err;
+ if (status == STATUS_NODATA) {
+ if (dbase_llist_cache_prepend(handle, dbase, data) < 0)
+ goto err;
+ } else {
+ dbase->rtable->free(entry->data);
+ if (dbase->rtable->clone(handle, data, &entry->data) < 0)
+ goto err;
+ }
+
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not modify record value");
+ return STATUS_ERR;
+}
+
+hidden int dbase_llist_count(semanage_handle_t * handle,
+ dbase_llist_t * dbase, unsigned int *response)
+{
+
+ *response = dbase->cache_sz;
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int dbase_llist_query(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, record_t ** response)
+{
+
+ cache_entry_t *entry;
+ int status;
+
+ status = dbase_llist_cache_locate(handle, dbase, key, &entry);
+ if (status < 0 || status == STATUS_NODATA)
+ goto err;
+
+ if (dbase->rtable->clone(handle, entry->data, response) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query record value");
+ return STATUS_ERR;
+}
+
+int dbase_llist_iterate(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ int (*fn) (const record_t * record,
+ void *fn_arg), void *arg)
+{
+
+ int rc;
+ cache_entry_t *ptr;
+
+ for (ptr = dbase->cache_tail; ptr != NULL; ptr = ptr->prev) {
+
+ rc = fn(ptr->data, arg);
+ if (rc < 0)
+ goto err;
+
+ else if (rc > 1)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over records");
+ return STATUS_ERR;
+}
+
+int dbase_llist_del(semanage_handle_t * handle,
+ dbase_llist_t * dbase, const record_key_t * key)
+{
+
+ cache_entry_t *ptr, *prev = NULL;
+
+ for (ptr = dbase->cache; ptr != NULL; ptr = ptr->next) {
+ if (!dbase->rtable->compare(ptr->data, key)) {
+ if (prev != NULL)
+ prev->next = ptr->next;
+ else
+ dbase->cache = ptr->next;
+
+ if (ptr->next != NULL)
+ ptr->next->prev = ptr->prev;
+ else
+ dbase->cache_tail = ptr->prev;
+
+ dbase->rtable->free(ptr->data);
+ dbase->cache_sz--;
+ free(ptr);
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+ } else
+ prev = ptr;
+ }
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase)
+{
+
+ int old_serial = dbase->cache_serial;
+
+ if (dbase_llist_set_serial(handle, dbase) < 0) {
+ ERR(handle, "could not set serial of cleared dbase");
+ return STATUS_ERR;
+ }
+
+ if (old_serial >= 0) {
+ cache_entry_t *prev, *ptr = dbase->cache;
+ while (ptr != NULL) {
+ prev = ptr;
+ ptr = ptr->next;
+ dbase->rtable->free(prev->data);
+ free(prev);
+ }
+ }
+
+ dbase->cache = NULL;
+ dbase->cache_tail = NULL;
+ dbase->cache_sz = 0;
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+}
+
+int dbase_llist_list(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ record_t *** records, unsigned int *count)
+{
+
+ cache_entry_t *ptr;
+ record_t **tmp_records = NULL;
+ unsigned int tmp_count;
+ int i = 0;
+
+ tmp_count = dbase->cache_sz;
+ if (tmp_count > 0) {
+ tmp_records = (record_t **)
+ calloc(tmp_count, sizeof(record_t *));
+
+ if (tmp_records == NULL)
+ goto omem;
+
+ for (ptr = dbase->cache_tail; ptr != NULL; ptr = ptr->prev) {
+ if (dbase->rtable->clone(handle,
+ ptr->data,
+ &tmp_records[i]) < 0)
+ goto err;
+ i++;
+ }
+ }
+
+ *records = tmp_records;
+ *count = tmp_count;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ for (; i >= 0; i--)
+ dbase->rtable->free(tmp_records[i]);
+ free(tmp_records);
+ ERR(handle, "could not allocate record array");
+ return STATUS_ERR;
+}
diff --git a/libsemanage/src/database_llist.h b/libsemanage/src/database_llist.h
new file mode 100644
index 0000000..84994ef
--- /dev/null
+++ b/libsemanage/src/database_llist.h
@@ -0,0 +1,122 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_LLIST_INTERNAL_H_
+#define _SEMANAGE_DATABASE_LLIST_INTERNAL_H_
+
+#include "database.h"
+#include "handle.h"
+
+/* Representation of the database once loaded in memory */
+typedef struct cache_entry {
+ record_t *data;
+ struct cache_entry *prev;
+ struct cache_entry *next;
+} cache_entry_t;
+
+/* LLIST dbase */
+typedef struct dbase_llist {
+
+ /* Method tables */
+ record_table_t *rtable;
+ dbase_table_t *dtable;
+
+ /* In-memory representation (cache) */
+ cache_entry_t *cache;
+ cache_entry_t *cache_tail;
+
+ unsigned int cache_sz;
+ int cache_serial;
+ int modified;
+} dbase_llist_t;
+
+/* Helpers for internal use only */
+
+static inline void dbase_llist_cache_init(dbase_llist_t * dbase)
+{
+
+ dbase->cache = NULL;
+ dbase->cache_tail = NULL;
+ dbase->cache_sz = 0;
+ dbase->cache_serial = -1;
+ dbase->modified = 0;
+}
+
+static inline void dbase_llist_init(dbase_llist_t * dbase,
+ record_table_t * rtable,
+ dbase_table_t * dtable)
+{
+
+ dbase->rtable = rtable;
+ dbase->dtable = dtable;
+ dbase_llist_cache_init(dbase);
+}
+
+extern int dbase_llist_cache_prepend(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_t * data);
+
+extern int dbase_llist_needs_resync(semanage_handle_t * handle,
+ dbase_llist_t * dbase);
+
+extern int dbase_llist_set_serial(semanage_handle_t * handle,
+ dbase_llist_t * dbase);
+
+static inline void dbase_llist_set_modified(dbase_llist_t * dbase, int status)
+{
+ dbase->modified = status;
+}
+
+/* LLIST - cache/transactions */
+extern void dbase_llist_drop_cache(dbase_llist_t * dbase);
+
+static inline int dbase_llist_is_modified(dbase_llist_t * dbase)
+{
+
+ return dbase->modified;
+}
+
+/* LLIST - polymorphism */
+static inline record_table_t *dbase_llist_get_rtable(dbase_llist_t * dbase)
+{
+ return dbase->rtable;
+}
+
+/* LLIST - dbase API */
+extern int dbase_llist_exists(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, int *response);
+
+extern int dbase_llist_add(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_llist_set(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_llist_modify(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, const record_t * data);
+
+extern int dbase_llist_count(semanage_handle_t * handle,
+ dbase_llist_t * dbase, unsigned int *response);
+
+extern int dbase_llist_query(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ const record_key_t * key, record_t ** response);
+
+extern int dbase_llist_iterate(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ int (*fn) (const record_t * record,
+ void *fn_arg), void *arg);
+
+extern int dbase_llist_del(semanage_handle_t * handle,
+ dbase_llist_t * dbase, const record_key_t * key);
+
+extern int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase);
+
+extern int dbase_llist_list(semanage_handle_t * handle,
+ dbase_llist_t * dbase,
+ record_t *** records, unsigned int *count);
+
+#endif
diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c
new file mode 100644
index 0000000..839dcbe
--- /dev/null
+++ b/libsemanage/src/database_policydb.c
@@ -0,0 +1,495 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: dbase_policydb_t (Policy)
+ * Implements: dbase_t (Database)
+ */
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <errno.h>
+
+#include <sepol/policydb.h>
+
+#include "database_policydb.h"
+#include "semanage_store.h"
+#include "handle.h"
+#include "debug.h"
+
+/* POLICYDB dbase */
+struct dbase_policydb {
+
+ /* Backing file suffix */
+ const char *suffix;
+
+ /* Base record table */
+ record_table_t *rtable;
+
+ /* Policy extensions */
+ record_policydb_table_t *rptable;
+
+ sepol_policydb_t *policydb;
+
+ int cache_serial;
+ int modified;
+ int attached;
+};
+
+static void dbase_policydb_drop_cache(dbase_policydb_t * dbase)
+{
+
+ if (dbase->cache_serial >= 0) {
+ sepol_policydb_free(dbase->policydb);
+ dbase->cache_serial = -1;
+ dbase->modified = 0;
+ }
+}
+
+static int dbase_policydb_set_serial(semanage_handle_t * handle,
+ dbase_policydb_t * dbase)
+{
+
+ int cache_serial = handle->funcs->get_serial(handle);
+ if (cache_serial < 0) {
+ ERR(handle, "could not update cache serial");
+ return STATUS_ERR;
+ }
+
+ dbase->cache_serial = cache_serial;
+ return STATUS_SUCCESS;
+}
+
+static int dbase_policydb_needs_resync(semanage_handle_t * handle,
+ dbase_policydb_t * dbase)
+{
+
+ int cache_serial;
+
+ if (dbase->cache_serial < 0)
+ return 1;
+
+ cache_serial = handle->funcs->get_serial(handle);
+ if (cache_serial < 0)
+ return 1;
+
+ if (cache_serial != dbase->cache_serial) {
+ dbase_policydb_drop_cache(dbase);
+ dbase->cache_serial = -1;
+ return 1;
+ }
+ return 0;
+}
+
+static int construct_filename(semanage_handle_t * handle,
+ dbase_policydb_t * dbase, char **filename)
+{
+
+ const char *path = (handle->is_in_transaction) ?
+ semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL) :
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
+ size_t fname_length = strlen(path) + strlen(dbase->suffix) + 2;
+
+ char *fname = malloc(fname_length);
+ if (!fname) {
+ ERR(handle, "out of memory, could not construct database name");
+ return STATUS_ERR;
+ }
+ snprintf(fname, fname_length, "%s/%s", path, dbase->suffix);
+
+ *filename = fname;
+ return STATUS_SUCCESS;
+}
+
+static int dbase_policydb_cache(semanage_handle_t * handle,
+ dbase_policydb_t * dbase)
+{
+
+ FILE *fp = NULL;
+ sepol_policydb_t *policydb = NULL;
+ sepol_policy_file_t *pf = NULL;
+ char *fname = NULL;
+
+ /* Check if cache is needed */
+ if (dbase->attached)
+ return STATUS_SUCCESS;
+
+ if (!dbase_policydb_needs_resync(handle, dbase))
+ return STATUS_SUCCESS;
+
+ if (construct_filename(handle, dbase, &fname) < 0)
+ goto err;
+
+ if (sepol_policydb_create(&policydb) < 0) {
+ ERR(handle, "could not create policydb object");
+ goto err;
+ }
+
+ /* Try opening file
+ * ENOENT is not fatal - we just create an empty policydb */
+ fp = fopen(fname, "rb");
+ if (fp == NULL && errno != ENOENT) {
+ ERR(handle, "could not open %s for reading: %s",
+ fname, strerror(errno));
+ goto err;
+ }
+
+ /* If the file was opened successfully, read a policydb */
+ if (fp != NULL) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ if (sepol_policy_file_create(&pf) < 0) {
+ ERR(handle, "could not create policy file object");
+ goto err;
+ }
+
+ sepol_policy_file_set_fp(pf, fp);
+ sepol_policy_file_set_handle(pf, handle->sepolh);
+
+ if (sepol_policydb_read(policydb, pf) < 0)
+ goto err;
+
+ sepol_policy_file_free(pf);
+ fclose(fp);
+ fp = NULL;
+ }
+
+ /* Update cache serial */
+ if (dbase_policydb_set_serial(handle, dbase) < 0)
+ goto err;
+
+ /* Update the database policydb */
+ dbase->policydb = policydb;
+ free(fname);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not cache policy database");
+ if (fp)
+ fclose(fp);
+ sepol_policydb_free(policydb);
+ sepol_policy_file_free(pf);
+ free(fname);
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_flush(semanage_handle_t * handle,
+ dbase_policydb_t * dbase)
+{
+
+ if (!dbase->modified)
+ return STATUS_SUCCESS;
+
+ dbase->modified = 0;
+
+ /* Stub */
+ handle = NULL;
+ return STATUS_ERR;
+}
+
+/* Check if modified */
+static int dbase_policydb_is_modified(dbase_policydb_t * dbase)
+{
+
+ return dbase->modified;
+}
+
+int dbase_policydb_init(semanage_handle_t * handle,
+ const char *suffix,
+ record_table_t * rtable,
+ record_policydb_table_t * rptable,
+ dbase_policydb_t ** dbase)
+{
+
+ dbase_policydb_t *tmp_dbase =
+ (dbase_policydb_t *) malloc(sizeof(dbase_policydb_t));
+
+ if (!tmp_dbase)
+ goto omem;
+
+ tmp_dbase->suffix = suffix;
+ tmp_dbase->rtable = rtable;
+ tmp_dbase->rptable = rptable;
+ tmp_dbase->policydb = NULL;
+ tmp_dbase->cache_serial = -1;
+ tmp_dbase->modified = 0;
+ tmp_dbase->attached = 0;
+ *dbase = tmp_dbase;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not initialize policy database");
+ free(tmp_dbase);
+
+ return STATUS_ERR;
+}
+
+/* Release dbase resources */
+void dbase_policydb_release(dbase_policydb_t * dbase)
+{
+
+ dbase_policydb_drop_cache(dbase);
+ free(dbase);
+}
+
+/* Attach to a shared policydb.
+ * This implies drop_cache(),
+ * and prevents flush() and drop_cache()
+ * until detached. */
+void dbase_policydb_attach(dbase_policydb_t * dbase,
+ sepol_policydb_t * policydb)
+{
+
+ dbase->attached = 1;
+ dbase_policydb_drop_cache(dbase);
+ dbase->policydb = policydb;
+}
+
+/* Detach from a shared policdb.
+ * This implies drop_cache. */
+void dbase_policydb_detach(dbase_policydb_t * dbase)
+{
+
+ dbase->attached = 0;
+ dbase->modified = 0;
+}
+
+static int dbase_policydb_add(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key, const record_t * data)
+{
+
+ if (dbase->rptable->add(handle->sepolh, dbase->policydb, key, data) < 0)
+ goto err;
+
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not add record to the database");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_set(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key, const record_t * data)
+{
+
+ if (dbase->rptable->set(handle->sepolh, dbase->policydb, key, data) < 0)
+ goto err;
+
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not set record value");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_modify(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key,
+ const record_t * data)
+{
+
+ if (dbase->rptable->modify(handle->sepolh,
+ dbase->policydb, key, data) < 0)
+ goto err;
+
+ dbase->modified = 1;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not modify record value");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_del(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key)
+{
+
+ /* Stub */
+ key = NULL;
+ handle = NULL;
+ dbase = NULL;
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_clear(semanage_handle_t * handle,
+ dbase_policydb_t * dbase)
+{
+
+ /* Stub */
+ handle = NULL;
+ dbase = NULL;
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_query(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key, record_t ** response)
+{
+
+ if (dbase->rptable->query(handle->sepolh,
+ dbase->policydb, key, response) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query record value");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_exists(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ const record_key_t * key, int *response)
+{
+
+ if (dbase->rptable->exists(handle->sepolh,
+ dbase->policydb, key, response) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not check if record exists");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_count(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ unsigned int *response)
+{
+
+ if (dbase->rptable->count(handle->sepolh,
+ dbase->policydb, response) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not count the database records");
+ return STATUS_ERR;
+}
+
+static int dbase_policydb_iterate(semanage_handle_t * handle,
+ dbase_policydb_t * dbase,
+ int (*fn) (const record_t * record,
+ void *fn_arg), void *arg)
+{
+
+ if (dbase->rptable->iterate(handle->sepolh,
+ dbase->policydb, fn, arg) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over records");
+ return STATUS_ERR;
+}
+
+struct list_handler_arg {
+ semanage_handle_t *handle;
+ record_table_t *rtable;
+ record_t **records;
+ int pos;
+};
+
+static int list_handler(const record_t * record, void *varg)
+{
+
+ struct list_handler_arg *arg = (struct list_handler_arg *)varg;
+
+ if (arg->rtable->clone(arg->handle, record, &arg->records[arg->pos]) <
+ 0)
+ return -1;
+ arg->pos++;
+ return 0;
+}
+
+static int dbase_policydb_list(semanage_handle_t * handle,
+ dbase_t * dbase,
+ record_t *** records, unsigned int *count)
+{
+
+ record_t **tmp_records = NULL;
+ unsigned int tmp_count;
+ struct list_handler_arg list_arg;
+ list_arg.pos = 0;
+ list_arg.rtable = dbase->rtable;
+ list_arg.handle = handle;
+
+ if (dbase->rptable->count(handle->sepolh,
+ dbase->policydb, &tmp_count) < 0)
+ goto err;
+
+ if (tmp_count > 0) {
+ tmp_records = (record_t **)
+ calloc(tmp_count, sizeof(record_t *));
+
+ if (tmp_records == NULL)
+ goto omem;
+
+ list_arg.records = tmp_records;
+
+ if (dbase->rptable->iterate(handle->sepolh,
+ dbase->policydb, list_handler,
+ &list_arg) < 0) {
+ ERR(handle, "list handler could not extract record");
+ goto err;
+ }
+ }
+
+ *records = tmp_records;
+ *count = tmp_count;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ for (; list_arg.pos >= 0; list_arg.pos--)
+ dbase->rtable->free(tmp_records[list_arg.pos]);
+ free(tmp_records);
+ ERR(handle, "could not list records");
+ return STATUS_ERR;
+}
+
+static record_table_t *dbase_policydb_get_rtable(dbase_policydb_t * dbase)
+{
+
+ return dbase->rtable;
+}
+
+/* POLICYDB dbase - method table implementation */
+dbase_table_t SEMANAGE_POLICYDB_DTABLE = {
+
+ /* Cache/Transactions */
+ .cache = dbase_policydb_cache,
+ .drop_cache = dbase_policydb_drop_cache,
+ .flush = dbase_policydb_flush,
+ .is_modified = dbase_policydb_is_modified,
+
+ /* Database Functionality */
+ .iterate = dbase_policydb_iterate,
+ .exists = dbase_policydb_exists,
+ .list = dbase_policydb_list,
+ .add = dbase_policydb_add,
+ .set = dbase_policydb_set,
+ .del = dbase_policydb_del,
+ .clear = dbase_policydb_clear,
+ .modify = dbase_policydb_modify,
+ .query = dbase_policydb_query,
+ .count = dbase_policydb_count,
+
+ /* Polymorphism */
+ .get_rtable = dbase_policydb_get_rtable
+};
diff --git a/libsemanage/src/database_policydb.h b/libsemanage/src/database_policydb.h
new file mode 100644
index 0000000..88cde5e
--- /dev/null
+++ b/libsemanage/src/database_policydb.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_DATABASE_POLICYDB_INTERNAL_H_
+#define _SEMANAGE_DATABASE_POLICYDB_INTERNAL_H_
+
+#include <sepol/handle.h>
+#include <sepol/policydb.h>
+#include "database.h"
+#include "handle.h"
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_policydb_t;
+
+typedef int (*record_policydb_table_add_t) (sepol_handle_t * h,
+ sepol_policydb_t * p,
+ const record_key_t * rkey,
+ const record_t * record);
+
+typedef int (*record_policydb_table_modify_t) (sepol_handle_t * h,
+ sepol_policydb_t * p,
+ const record_key_t * rkey,
+ const record_t * record);
+
+typedef int (*record_policydb_table_set_t) (sepol_handle_t * h,
+ sepol_policydb_t * p,
+ const record_key_t * rkey,
+ const record_t * record);
+
+typedef int (*record_policydb_table_query_t) (sepol_handle_t * h,
+ const sepol_policydb_t * p,
+ const record_key_t * rkey,
+ record_t ** response);
+
+typedef int (*record_policydb_table_count_t) (sepol_handle_t * h,
+ const sepol_policydb_t * p,
+ unsigned int *response);
+
+typedef int (*record_policydb_table_exists_t) (sepol_handle_t * h,
+ const sepol_policydb_t * p,
+ const record_key_t * rkey,
+ int *response);
+
+typedef int (*record_policydb_table_iterate_t) (sepol_handle_t * h,
+ const sepol_policydb_t * p,
+ int (*fn) (const record_t * r,
+ void *fn_arg),
+ void *arg);
+
+/* POLICYDB extension to RECORD interface - method table */
+typedef struct record_policydb_table {
+ /* Add policy record */
+ record_policydb_table_add_t add;
+ /* Modify policy record, or add if
+ * the key isn't found */
+ record_policydb_table_modify_t modify;
+ /* Set policy record */
+ record_policydb_table_set_t set;
+ /* Query policy record - return the record
+ * or NULL if it isn't found */
+ record_policydb_table_query_t query;
+ /* Count records */
+ record_policydb_table_count_t count;
+ /* Check if a record exists */
+ record_policydb_table_exists_t exists;
+ /* Iterate over records */
+ record_policydb_table_iterate_t iterate;
+} record_policydb_table_t;
+
+/* Initialize database */
+extern int dbase_policydb_init(semanage_handle_t * handle,
+ const char *suffix,
+ record_table_t * rtable,
+ record_policydb_table_t * rptable,
+ dbase_policydb_t ** dbase);
+
+/* Attach to a shared policydb.
+ * This implies drop_cache().
+ * and prevents flush() and drop_cache()
+ * until detached. */
+extern void dbase_policydb_attach(dbase_policydb_t * dbase,
+ sepol_policydb_t * policydb);
+
+/* Detach from a shared policdb.
+ * This implies drop_cache. */
+extern void dbase_policydb_detach(dbase_policydb_t * dbase);
+
+/* Release allocated resources */
+extern void dbase_policydb_release(dbase_policydb_t * dbase);
+
+/* POLICYDB database - method table implementation */
+extern dbase_table_t SEMANAGE_POLICYDB_DTABLE;
+
+#endif
diff --git a/libsemanage/src/debug.c b/libsemanage/src/debug.c
new file mode 100644
index 0000000..4b96c30
--- /dev/null
+++ b/libsemanage/src/debug.c
@@ -0,0 +1,131 @@
+/* Author: Joshua Brindle <jbrindle@tresys.co
+ * Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "handle.h"
+#include "debug.h"
+
+int semanage_msg_get_level(semanage_handle_t * handle)
+{
+ return handle->msg_level;
+}
+
+hidden_def(semanage_msg_get_level)
+
+const char *semanage_msg_get_channel(semanage_handle_t * handle)
+{
+ return handle->msg_channel;
+}
+
+hidden_def(semanage_msg_get_channel)
+
+const char *semanage_msg_get_fname(semanage_handle_t * handle)
+{
+ return handle->msg_fname;
+}
+
+hidden_def(semanage_msg_get_fname)
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+void hidden semanage_msg_default_handler(void *varg,
+ semanage_handle_t * handle,
+ const char *fmt, ...)
+{
+
+ FILE *stream = NULL;
+ int errsv = 0;
+
+ switch (semanage_msg_get_level(handle)) {
+
+ case SEMANAGE_MSG_ERR:
+ errsv = errno;
+ case SEMANAGE_MSG_WARN:
+ stream = stderr;
+ break;
+ case SEMANAGE_MSG_INFO:
+ default:
+ stream = stdout;
+ break;
+ }
+
+ fprintf(stream, "%s.%s: ",
+ semanage_msg_get_channel(handle),
+ semanage_msg_get_fname(handle));
+
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stream, fmt, ap);
+ va_end(ap);
+
+ if (errsv && errsv != ENOMEM)
+ fprintf(stream, " (%s).", strerror(errsv));
+
+ fprintf(stream, "\n");
+
+ varg = NULL;
+}
+
+#ifdef __GNUC__
+__attribute__ ((format(printf, 3, 4)))
+#endif
+void hidden semanage_msg_relay_handler(void *varg,
+ sepol_handle_t * sepolh,
+ const char *fmt, ...)
+{
+ va_list ap;
+ semanage_handle_t *sh = varg;
+ char buffer[1024];
+
+ if (!sh->msg_callback)
+ return;
+
+ va_start(ap, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, ap);
+ va_end(ap);
+
+ sh->msg_fname = sepol_msg_get_fname(sepolh);
+ sh->msg_channel = sepol_msg_get_channel(sepolh);
+ sh->msg_level = sepol_msg_get_level(sepolh); /* XXX should map values */
+ sh->msg_callback(sh->msg_callback_arg, sh, "%s", buffer);
+ return;
+}
+
+extern void semanage_msg_set_callback(semanage_handle_t * handle,
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ semanage_handle_t *
+ handle,
+ const char *fmt,
+ ...),
+ void *msg_callback_arg)
+{
+
+ handle->msg_callback = msg_callback;
+ handle->msg_callback_arg = msg_callback_arg;
+}
diff --git a/libsemanage/src/debug.h b/libsemanage/src/debug.h
new file mode 100644
index 0000000..92bfcf5
--- /dev/null
+++ b/libsemanage/src/debug.h
@@ -0,0 +1,79 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_INTERNAL_DEBUG_H_
+#define _SEMANAGE_INTERNAL_DEBUG_H_
+
+#include <stdio.h>
+#include <semanage/debug.h>
+#include <sepol/debug.h>
+#include "handle.h"
+#include "dso.h"
+
+#define STATUS_SUCCESS 0
+#define STATUS_ERR -1
+#define STATUS_NODATA 1
+
+#define msg_write(handle_arg, level_arg, \
+ channel_arg, func_arg, ...) do { \
+ \
+ if ((handle_arg)->msg_callback) { \
+ (handle_arg)->msg_fname = func_arg; \
+ (handle_arg)->msg_channel = channel_arg; \
+ (handle_arg)->msg_level = level_arg; \
+ \
+ (handle_arg)->msg_callback( \
+ (handle_arg)->msg_callback_arg, \
+ handle_arg, __VA_ARGS__); \
+ } \
+} while(0)
+
+#define ERR(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_ERR, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define INFO(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_INFO, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define WARN(handle, ...) \
+ msg_write(handle, SEMANAGE_MSG_WARN, "libsemanage", \
+ __FUNCTION__, __VA_ARGS__)
+
+#ifdef __GNUC__
+__attribute__ ((format(printf, 3, 4)))
+#endif
+extern void hidden semanage_msg_default_handler(void *varg,
+ semanage_handle_t * handle,
+ const char *fmt, ...);
+
+#ifdef __GNUC__
+__attribute__ ((format(printf, 3, 4)))
+#endif
+extern void hidden semanage_msg_relay_handler(void *varg,
+ sepol_handle_t * handle,
+ const char *fmt, ...);
+
+hidden_proto(semanage_msg_get_channel)
+ hidden_proto(semanage_msg_get_fname)
+ hidden_proto(semanage_msg_get_level)
+#endif
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
new file mode 100644
index 0000000..a5940b6
--- /dev/null
+++ b/libsemanage/src/direct_api.c
@@ -0,0 +1,1008 @@
+/* Author: Jason Tang <jtang@tresys.com>
+ * Christopher Ashworth <cashworth@tresys.com>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <sepol/module.h>
+#include <selinux/selinux.h>
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <limits.h>
+#include <errno.h>
+
+#include "user_internal.h"
+#include "seuser_internal.h"
+#include "port_internal.h"
+#include "iface_internal.h"
+#include "boolean_internal.h"
+#include "fcontext_internal.h"
+#include "node_internal.h"
+#include "genhomedircon.h"
+
+#include "debug.h"
+#include "handle.h"
+#include "modules.h"
+#include "direct_api.h"
+#include "semanage_store.h"
+#include "database_policydb.h"
+#include "policy.h"
+
+static void semanage_direct_destroy(semanage_handle_t * sh);
+static int semanage_direct_disconnect(semanage_handle_t * sh);
+static int semanage_direct_begintrans(semanage_handle_t * sh);
+static int semanage_direct_commit(semanage_handle_t * sh);
+static int semanage_direct_install(semanage_handle_t * sh, char *data,
+ size_t data_len);
+static int semanage_direct_upgrade(semanage_handle_t * sh, char *data,
+ size_t data_len);
+static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data,
+ size_t data_len);
+static int semanage_direct_remove(semanage_handle_t * sh, char *module_name);
+static int semanage_direct_list(semanage_handle_t * sh,
+ semanage_module_info_t ** modinfo,
+ int *num_modules);
+
+static struct semanage_policy_table direct_funcs = {
+ .get_serial = semanage_direct_get_serial,
+ .destroy = semanage_direct_destroy,
+ .disconnect = semanage_direct_disconnect,
+ .begin_trans = semanage_direct_begintrans,
+ .commit = semanage_direct_commit,
+ .install = semanage_direct_install,
+ .upgrade = semanage_direct_upgrade,
+ .install_base = semanage_direct_install_base,
+ .remove = semanage_direct_remove,
+ .list = semanage_direct_list
+};
+
+int semanage_direct_is_managed(semanage_handle_t * sh)
+{
+ char polpath[PATH_MAX];
+
+ snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ sh->conf->store_path);
+
+ if (semanage_check_init(polpath))
+ goto err;
+
+ if (semanage_access_check(sh) < 0)
+ return 0;
+
+ return 1;
+
+ err:
+ ERR(sh, "could not check whether policy is managed");
+ return STATUS_ERR;
+}
+
+/* Check that the module store exists, creating it if necessary.
+ */
+int semanage_direct_connect(semanage_handle_t * sh)
+{
+ char polpath[PATH_MAX];
+
+ snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ sh->conf->store_path);
+
+ if (semanage_check_init(polpath))
+ goto err;
+
+ if (sh->create_store)
+ if (semanage_create_store(sh, 1))
+ goto err;
+
+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
+ goto err;
+
+ sh->u.direct.translock_file_fd = -1;
+ sh->u.direct.activelock_file_fd = -1;
+
+ /* set up function pointers */
+ sh->funcs = &direct_funcs;
+
+ /* Object databases: local modifications */
+ if (user_base_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_USERS_BASE_LOCAL),
+ semanage_user_base_dbase_local(sh)) < 0)
+ goto err;
+
+ if (user_extra_file_dbase_init(sh,
+ semanage_fname
+ (SEMANAGE_USERS_EXTRA_LOCAL),
+ semanage_user_extra_dbase_local(sh)) < 0)
+ goto err;
+
+ if (user_join_dbase_init(sh,
+ semanage_user_base_dbase_local(sh),
+ semanage_user_extra_dbase_local(sh),
+ semanage_user_dbase_local(sh)) < 0)
+ goto err;
+
+ if (port_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_PORTS_LOCAL),
+ semanage_port_dbase_local(sh)) < 0)
+ goto err;
+
+ if (iface_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_INTERFACES_LOCAL),
+ semanage_iface_dbase_local(sh)) < 0)
+ goto err;
+
+ if (bool_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_BOOLEANS_LOCAL),
+ semanage_bool_dbase_local(sh)) < 0)
+ goto err;
+
+ if (fcontext_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_FC_LOCAL),
+ semanage_fcontext_dbase_local(sh)) < 0)
+ goto err;
+
+ if (seuser_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_SEUSERS_LOCAL),
+ semanage_seuser_dbase_local(sh)) < 0)
+ goto err;
+
+ if (node_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_NODES_LOCAL),
+ semanage_node_dbase_local(sh)) < 0)
+ goto err;
+
+ /* Object databases: local modifications + policy */
+ if (user_base_policydb_dbase_init(sh,
+ semanage_user_base_dbase_policy(sh)) <
+ 0)
+ goto err;
+
+ if (user_extra_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_USERS_EXTRA),
+ semanage_user_extra_dbase_policy(sh)) <
+ 0)
+ goto err;
+
+ if (user_join_dbase_init(sh,
+ semanage_user_base_dbase_policy(sh),
+ semanage_user_extra_dbase_policy(sh),
+ semanage_user_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (port_policydb_dbase_init(sh, semanage_port_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (iface_policydb_dbase_init(sh, semanage_iface_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (bool_policydb_dbase_init(sh, semanage_bool_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (fcontext_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_FC),
+ semanage_fcontext_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (seuser_file_dbase_init(sh,
+ semanage_fname(SEMANAGE_SEUSERS),
+ semanage_seuser_dbase_policy(sh)) < 0)
+ goto err;
+
+ if (node_policydb_dbase_init(sh, semanage_node_dbase_policy(sh)) < 0)
+ goto err;
+
+ /* Active kernel policy */
+ if (bool_activedb_dbase_init(sh, semanage_bool_dbase_active(sh)) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(sh, "could not establish direct connection");
+ return STATUS_ERR;
+}
+
+static void semanage_direct_destroy(semanage_handle_t * sh)
+{
+ /* do nothing */
+ sh = NULL;
+}
+
+static int semanage_direct_disconnect(semanage_handle_t * sh)
+{
+ /* destroy transaction */
+ if (sh->is_in_transaction) {
+ /* destroy sandbox */
+ if (semanage_remove_directory
+ (semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) {
+ ERR(sh, "Could not cleanly remove sandbox %s.",
+ semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
+ return -1;
+ }
+ semanage_release_trans_lock(sh);
+ }
+
+ /* Release object databases: local modifications */
+ user_base_file_dbase_release(semanage_user_base_dbase_local(sh));
+ user_extra_file_dbase_release(semanage_user_extra_dbase_local(sh));
+ user_join_dbase_release(semanage_user_dbase_local(sh));
+ port_file_dbase_release(semanage_port_dbase_local(sh));
+ iface_file_dbase_release(semanage_iface_dbase_local(sh));
+ bool_file_dbase_release(semanage_bool_dbase_local(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
+ seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
+ node_file_dbase_release(semanage_node_dbase_local(sh));
+
+ /* Release object databases: local modifications + policy */
+ user_base_policydb_dbase_release(semanage_user_base_dbase_policy(sh));
+ user_extra_file_dbase_release(semanage_user_extra_dbase_policy(sh));
+ user_join_dbase_release(semanage_user_dbase_policy(sh));
+ port_policydb_dbase_release(semanage_port_dbase_policy(sh));
+ iface_policydb_dbase_release(semanage_iface_dbase_policy(sh));
+ bool_policydb_dbase_release(semanage_bool_dbase_policy(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_policy(sh));
+ seuser_file_dbase_release(semanage_seuser_dbase_policy(sh));
+ node_policydb_dbase_release(semanage_node_dbase_policy(sh));
+
+ /* Release object databases: active kernel policy */
+ bool_activedb_dbase_release(semanage_bool_dbase_active(sh));
+
+ return 0;
+}
+
+static int semanage_direct_begintrans(semanage_handle_t * sh)
+{
+
+ if (semanage_access_check(sh) != SEMANAGE_CAN_WRITE) {
+ return -1;
+ }
+ if (semanage_get_trans_lock(sh) < 0) {
+ return -1;
+ }
+ if ((semanage_make_sandbox(sh)) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+/********************* utility functions *********************/
+
+/* Takes a module stored in 'module_data' and parses its headers.
+ * Sets reference variables 'filename' to module's fully qualified
+ * path name into the sandbox, 'module_name' to module's name, and
+ * 'version' to module's version. The caller is responsible for
+ * free()ing 'filename', 'module_name', and 'version'; they will be
+ * set to NULL upon entering this function. Returns 0 on success, -1
+ * if out of memory, or -2 if data did not represent a module.
+ */
+static int parse_module_headers(semanage_handle_t * sh, char *module_data,
+ size_t data_len, char **module_name,
+ char **version, char **filename)
+{
+ struct sepol_policy_file *pf;
+ int file_type;
+ const char *module_path;
+ *module_name = *version = *filename = NULL;
+
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+ sepol_policy_file_set_mem(pf, module_data, data_len);
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+ if (module_data == NULL ||
+ data_len == 0 ||
+ sepol_module_package_info(pf, &file_type, module_name,
+ version) == -1) {
+ sepol_policy_file_free(pf);
+ ERR(sh, "Could not parse module data.");
+ return -2;
+ }
+ sepol_policy_file_free(pf);
+ if (file_type != SEPOL_POLICY_MOD) {
+ if (file_type == SEPOL_POLICY_BASE)
+ ERR(sh,
+ "Received a base module, expected a non-base module.");
+ else
+ ERR(sh, "Data did not represent a module.");
+ return -2;
+ }
+ if ((module_path =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) {
+ return -1;
+ }
+ if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+ return 0;
+}
+
+/* Takes a base module stored in 'module_data' and parse its headers.
+ * Returns 0 on success, -1 if out of memory, or -2 if data did not
+ * represent a module.
+ */
+static int parse_base_headers(semanage_handle_t * sh,
+ char *module_data, size_t data_len)
+{
+ struct sepol_policy_file *pf;
+ char *module_name = NULL, *version = NULL;
+ int file_type;
+
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+ sepol_policy_file_set_mem(pf, module_data, data_len);
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+ if (module_data == NULL ||
+ data_len == 0 ||
+ sepol_module_package_info(pf, &file_type,
+ &module_name, &version) == -1) {
+ sepol_policy_file_free(pf);
+ ERR(sh, "Could not parse base module data.");
+ return -2;
+ }
+ sepol_policy_file_free(pf);
+ free(module_name);
+ free(version);
+ if (file_type != SEPOL_POLICY_BASE) {
+ if (file_type == SEPOL_POLICY_MOD)
+ ERR(sh,
+ "Received a non-base module, expected a base module.");
+ else
+ ERR(sh, "Data did not represent a module.");
+ return -2;
+ }
+ return 0;
+}
+
+/* Writes a block of data to a file. Returns 0 on success, -1 on
+ * error. */
+static int write_file(semanage_handle_t * sh,
+ const char *filename, char *data, size_t num_bytes)
+{
+ int out;
+ if ((out =
+ open(filename, O_WRONLY | O_CREAT | O_TRUNC,
+ S_IRUSR | S_IWUSR)) == -1) {
+ ERR(sh, "Could not open %s for writing.", filename);
+ return -1;
+ }
+ if (write(out, data, num_bytes) == -1) {
+ ERR(sh, "Error while writing to %s.", filename);
+ close(out);
+ return -1;
+ }
+ close(out);
+ return 0;
+}
+
+/* Writes a module (or a base) to the file given by a fully-qualified
+ * 'filename'. Returns 0 on success, -1 if file could not be written.
+ */
+static int semanage_write_module(semanage_handle_t * sh,
+ const char *filename,
+ sepol_module_package_t * package)
+{
+ struct sepol_policy_file *pf;
+ FILE *outfile;
+ int retval;
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+ if ((outfile = fopen(filename, "wb")) == NULL) {
+ sepol_policy_file_free(pf);
+ ERR(sh, "Could not open %s for writing.", filename);
+ return -1;
+ }
+ __fsetlocking(outfile, FSETLOCKING_BYCALLER);
+ sepol_policy_file_set_fp(pf, outfile);
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+ retval = sepol_module_package_write(package, pf);
+ fclose(outfile);
+ sepol_policy_file_free(pf);
+ if (retval == -1) {
+ ERR(sh, "Error while writing module to %s.", filename);
+ return -1;
+ }
+ return 0;
+}
+
+/********************* direct API functions ********************/
+
+/* Commits all changes in sandbox to the actual kernel policy.
+ * Returns commit number on success, -1 on error.
+ */
+static int semanage_direct_commit(semanage_handle_t * sh)
+{
+ char **mod_filenames = NULL;
+ char *sorted_fc_buffer = NULL, *sorted_nc_buffer = NULL;
+ size_t sorted_fc_buffer_len = 0, sorted_nc_buffer_len = 0;
+ const char *linked_filename = NULL, *ofilename = NULL;
+ sepol_module_package_t *base = NULL;
+ int retval = -1, num_modfiles = 0, i;
+ sepol_policydb_t *out = NULL;
+
+ /* Declare some variables */
+ int modified, fcontexts_modified, ports_modified,
+ seusers_modified, users_extra_modified;
+ dbase_config_t *users = semanage_user_dbase_local(sh);
+ dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
+ dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
+ dbase_config_t *users_extra = semanage_user_extra_dbase_local(sh);
+ dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh);
+ dbase_config_t *ports = semanage_port_dbase_local(sh);
+ dbase_config_t *pports = semanage_port_dbase_policy(sh);
+ dbase_config_t *bools = semanage_bool_dbase_local(sh);
+ dbase_config_t *pbools = semanage_bool_dbase_policy(sh);
+ dbase_config_t *ifaces = semanage_iface_dbase_local(sh);
+ dbase_config_t *pifaces = semanage_iface_dbase_policy(sh);
+ dbase_config_t *nodes = semanage_node_dbase_local(sh);
+ dbase_config_t *pnodes = semanage_node_dbase_policy(sh);
+ dbase_config_t *fcontexts = semanage_fcontext_dbase_local(sh);
+ dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh);
+ dbase_config_t *seusers = semanage_seuser_dbase_local(sh);
+ dbase_config_t *pseusers = semanage_seuser_dbase_policy(sh);
+
+ /* Before we do anything else, flush the join to its component parts.
+ * This *does not* flush to disk automatically */
+ if (users->dtable->is_modified(users->dbase)) {
+ retval = users->dtable->flush(sh, users->dbase);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* Decide if anything was modified */
+ fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
+ seusers_modified = seusers->dtable->is_modified(seusers->dbase);
+ users_extra_modified =
+ users_extra->dtable->is_modified(users_extra->dbase);
+ ports_modified = ports->dtable->is_modified(ports->dbase);
+
+ modified = sh->modules_modified;
+ modified |= ports_modified;
+ modified |= users->dtable->is_modified(users_base->dbase);
+ modified |= bools->dtable->is_modified(bools->dbase);
+ modified |= ifaces->dtable->is_modified(ifaces->dbase);
+ modified |= nodes->dtable->is_modified(nodes->dbase);
+
+ /* FIXME: get rid of these, once we support loading the existing policy,
+ * instead of rebuilding it */
+ modified |= seusers_modified;
+ modified |= fcontexts_modified;
+ modified |= users_extra_modified;
+
+ /* If there were policy changes, or explicitly requested, rebuild the policy */
+ if (sh->do_rebuild || modified) {
+
+ /* =================== Module expansion =============== */
+
+ /* link all modules in the sandbox to the base module */
+ retval = semanage_get_modules_names(sh, &mod_filenames, &num_modfiles);
+ if (retval < 0)
+ goto cleanup;
+ retval = semanage_verify_modules(sh, mod_filenames, num_modfiles);
+ if (retval < 0)
+ goto cleanup;
+ retval = semanage_link_sandbox(sh, &base);
+ if (retval < 0)
+ goto cleanup;
+
+ /* write the linked base if we want to save or we have a
+ * verification program that wants it. */
+ linked_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
+ if (linked_filename == NULL) {
+ retval = -1;
+ goto cleanup;
+ }
+ if (sh->conf->save_linked || sh->conf->linked_prog) {
+ retval = semanage_write_module(sh, linked_filename, base);
+ if (retval < 0)
+ goto cleanup;
+ retval = semanage_verify_linked(sh);
+ if (retval < 0)
+ goto cleanup;
+ /* remove the linked policy if we only wrote it for the
+ * verification program. */
+ if (!sh->conf->save_linked) {
+ retval = unlink(linked_filename);
+ if (retval < 0) {
+ ERR(sh, "could not remove linked base %s",
+ linked_filename);
+ goto cleanup;
+ }
+ }
+ } else {
+ /* Try to delete the linked copy - this is needed if
+ * the save_link option has changed to prevent the
+ * old linked copy from being copied forever. No error
+ * checking is done because this is likely to fail because
+ * the file does not exist - which is not an error. */
+ unlink(linked_filename);
+ errno = 0;
+ }
+
+ /* ==================== File-backed ================== */
+
+ /* File Contexts */
+ /* Sort the file contexts. */
+ retval = semanage_fc_sort(sh, sepol_module_package_get_file_contexts(base),
+ sepol_module_package_get_file_contexts_len(base),
+ &sorted_fc_buffer, &sorted_fc_buffer_len);
+ if (retval < 0)
+ goto cleanup;
+
+ /* Write the contexts (including template contexts) to a single file.
+ * The buffer returned by the sort function has a trailing \0 character,
+ * which we do NOT want to write out to disk, so we pass sorted_fc_buffer_len-1. */
+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL);
+ if (ofilename == NULL) {
+ retval = -1;
+ goto cleanup;
+ }
+ retval = write_file(sh, ofilename, sorted_fc_buffer,
+ sorted_fc_buffer_len - 1);
+ if (retval < 0)
+ goto cleanup;
+
+ /* Split complete and template file contexts into their separate files. */
+ retval = semanage_split_fc(sh);
+ if (retval < 0)
+ goto cleanup;
+
+ pfcontexts->dtable->drop_cache(pfcontexts->dbase);
+
+ /* Seusers */
+ if (sepol_module_package_get_seusers_len(base)) {
+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS);
+ if (ofilename == NULL) {
+ retval = -1;
+ goto cleanup;
+ }
+ retval = write_file(sh, ofilename,
+ sepol_module_package_get_seusers(base),
+ sepol_module_package_get_seusers_len(base));
+ if (retval < 0)
+ goto cleanup;
+
+ pseusers->dtable->drop_cache(pseusers->dbase);
+
+ } else {
+ retval = pseusers->dtable->clear(sh, pseusers->dbase);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* Users_extra */
+ if (sepol_module_package_get_user_extra_len(base)) {
+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA);
+ if (ofilename == NULL) {
+ retval = -1;
+ goto cleanup;
+ }
+ retval = write_file(sh, ofilename,
+ sepol_module_package_get_user_extra(base),
+ sepol_module_package_get_user_extra_len(base));
+ if (retval < 0)
+ goto cleanup;
+ pusers_extra->dtable->drop_cache(pusers_extra->dbase);
+
+ } else {
+ retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* Netfilter Contexts */
+ /* Sort the netfilter contexts. */
+ retval = semanage_nc_sort
+ (sh, sepol_module_package_get_netfilter_contexts(base),
+ sepol_module_package_get_netfilter_contexts_len(base),
+ &sorted_nc_buffer, &sorted_nc_buffer_len);
+
+ if (retval < 0)
+ goto cleanup;
+
+ /* Write the contexts to a single file. The buffer returned by
+ * the sort function has a trailing \0 character, which we do
+ * NOT want to write out to disk, so we pass sorted_fc_buffer_len-1. */
+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_NC);
+ retval = write_file
+ (sh, ofilename, sorted_nc_buffer, sorted_nc_buffer_len - 1);
+
+ if (retval < 0)
+ goto cleanup;
+
+ /* ==================== Policydb-backed ================ */
+
+ /* Create new policy object, then attach to policy databases
+ * that work with a policydb */
+ retval = semanage_expand_sandbox(sh, base, &out);
+ if (retval < 0)
+ goto cleanup;
+
+ sepol_module_package_free(base);
+ base = NULL;
+
+ dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
+ out);
+ dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pifaces->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pbools->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pnodes->dbase, out);
+
+ /* ============= Apply changes, and verify =============== */
+
+ retval = semanage_base_merge_components(sh);
+ if (retval < 0)
+ goto cleanup;
+
+ retval = semanage_write_policydb(sh, out);
+ if (retval < 0)
+ goto cleanup;
+
+ retval = semanage_verify_kernel(sh);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* FIXME: else if !modified, but seusers_modified,
+ * load the existing policy instead of rebuilding */
+
+ /* ======= Post-process: Validate non-policydb components ===== */
+
+ /* Validate local modifications to file contexts.
+ * Note: those are still cached, even though they've been
+ * merged into the main file_contexts. We won't check the
+ * large file_contexts - checked at compile time */
+ if (sh->do_rebuild || modified || fcontexts_modified) {
+ retval = semanage_fcontext_validate_local(sh, out);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* Validate local seusers against policy */
+ if (sh->do_rebuild || modified || seusers_modified) {
+ retval = semanage_seuser_validate_local(sh, out);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* Validate local ports for overlap */
+ if (sh->do_rebuild || ports_modified) {
+ retval = semanage_port_validate_local(sh);
+ if (retval < 0)
+ goto cleanup;
+ }
+
+ /* ================== Write non-policydb components ========= */
+
+ /* Commit changes to components */
+ retval = semanage_commit_components(sh);
+ if (retval < 0)
+ goto cleanup;
+
+ /* run genhomedircon if its enabled, this should be the last operation
+ * which requires the out policydb */
+ if (!sh->conf->disable_genhomedircon) {
+ if (out && (retval =
+ semanage_genhomedircon(sh, out, 1)) != 0) {
+ ERR(sh, "semanage_genhomedircon returned error code %d.",
+ retval);
+ goto cleanup;
+ }
+ } else {
+ WARN(sh, "WARNING: genhomedircon is disabled. \
+ See /etc/selinux/semanage.conf if you need to enable it.");
+ }
+
+ /* free out, if we don't free it before calling semanage_install_sandbox
+ * then fork() may fail on low memory machines */
+ sepol_policydb_free(out);
+ out = NULL;
+
+ if (sh->do_rebuild || modified) {
+ retval = semanage_install_sandbox(sh);
+ }
+
+ cleanup:
+ for (i = 0; mod_filenames != NULL && i < num_modfiles; i++) {
+ free(mod_filenames[i]);
+ }
+
+ /* Detach from policydb, so it can be freed */
+ dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
+
+ free(mod_filenames);
+ sepol_policydb_free(out);
+ semanage_release_trans_lock(sh);
+
+ free(sorted_fc_buffer);
+ free(sorted_nc_buffer);
+
+ /* regardless if the commit was successful or not, remove the
+ sandbox if it is still there */
+ semanage_remove_directory(semanage_path
+ (SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
+ return retval;
+}
+
+/* Writes a module to the sandbox's module directory, overwriting any
+ * previous module stored within. Note that module data are not
+ * free()d by this function; caller is responsible for deallocating it
+ * if necessary. Returns 0 on success, -1 if out of memory, -2 if the
+ * data does not represent a valid module file, -3 if error while
+ * writing file. */
+static int semanage_direct_install(semanage_handle_t * sh,
+ char *data, size_t data_len)
+{
+
+ int retval;
+ char *module_name = NULL, *version = NULL, *filename = NULL;
+ if ((retval = parse_module_headers(sh, data, data_len,
+ &module_name, &version,
+ &filename)) != 0) {
+ goto cleanup;
+ }
+ if (write_file(sh, filename, data, data_len) == -1) {
+ retval = -3;
+ }
+ retval = 0;
+ cleanup:
+ free(version);
+ free(filename);
+ free(module_name);
+ return retval;
+}
+
+/* Similar to semanage_direct_install(), except that it checks that
+ * there already exists a module with the same name and that the
+ * module is an older version then the one in 'data'. Returns 0 on
+ * success, -1 if out of memory, -2 if the data does not represent a
+ * valid module file, -3 if error while writing file or reading
+ * modules directory, -4 if there does not exist an older module or if
+ * the previous module is same or newer than 'data'.
+ */
+static int semanage_direct_upgrade(semanage_handle_t * sh,
+ char *data, size_t data_len)
+{
+ int i, retval, num_modules = 0;
+ char *module_name = NULL, *version = NULL, *filename = NULL;
+ semanage_module_info_t *modinfo = NULL;
+ if ((retval = parse_module_headers(sh, data, data_len,
+ &module_name, &version,
+ &filename)) != 0) {
+ goto cleanup;
+ }
+ if (semanage_direct_list(sh, &modinfo, &num_modules) < 0) {
+ goto cleanup;
+ }
+ retval = -4;
+ for (i = 0; i < num_modules; i++) {
+ semanage_module_info_t *m =
+ semanage_module_list_nth(modinfo, i);
+ if (strcmp(semanage_module_get_name(m), module_name) == 0) {
+ if (strverscmp(version, semanage_module_get_version(m))
+ > 0) {
+ retval = 0;
+ break;
+ } else {
+ ERR(sh, "Previous module %s is same or newer.",
+ module_name);
+ retval = -4;
+ goto cleanup;
+ }
+ }
+ }
+ if (retval == -4) {
+ ERR(sh, "There does not already exist a module named %s.",
+ module_name);
+ goto cleanup;
+ }
+ if (write_file(sh, filename, data, data_len) == -1) {
+ retval = -3;
+ }
+ cleanup:
+ free(version);
+ free(filename);
+ free(module_name);
+ for (i = 0; modinfo != NULL && i < num_modules; i++) {
+ semanage_module_info_t *m =
+ semanage_module_list_nth(modinfo, i);
+ semanage_module_info_datum_destroy(m);
+ }
+ free(modinfo);
+ return retval;
+}
+
+/* Writes a base module into a sandbox, overwriting any previous base
+ * module. Note that 'module_data' is not free()d by this function;
+ * caller is responsible for deallocating it if necessary. Returns 0
+ * on success, -1 if out of memory, -2 if the data does not represent
+ * a valid base module file, -3 if error while writing file.
+ */
+static int semanage_direct_install_base(semanage_handle_t * sh,
+ char *base_data, size_t data_len)
+{
+ int retval = -1;
+ const char *filename = NULL;
+ if ((retval = parse_base_headers(sh, base_data, data_len)) != 0) {
+ goto cleanup;
+ }
+ if ((filename = semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) {
+ goto cleanup;
+ }
+ if (write_file(sh, filename, base_data, data_len) == -1) {
+ retval = -3;
+ }
+ retval = 0;
+ cleanup:
+ return retval;
+}
+
+/* Removes a module from the sandbox. Returns 0 on success, -1 if out
+ * of memory, -2 if module not found or could not be removed. */
+static int semanage_direct_remove(semanage_handle_t * sh, char *module_name)
+{
+ int i, retval = -1;
+ char **module_filenames = NULL;
+ int num_mod_files;
+ size_t name_len = strlen(module_name);
+ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) ==
+ -1) {
+ return -1;
+ }
+ for (i = 0; i < num_mod_files; i++) {
+ char *base = strrchr(module_filenames[i], '/');
+ if (base == NULL) {
+ ERR(sh, "Could not read module names.");
+ retval = -2;
+ goto cleanup;
+ }
+ base++;
+ if (memcmp(module_name, base, name_len) == 0 &&
+ strcmp(base + name_len, ".pp") == 0) {
+ if (unlink(module_filenames[i]) == -1) {
+ ERR(sh, "Could not remove module file %s.",
+ module_filenames[i]);
+ retval = -2;
+ }
+ retval = 0;
+ goto cleanup;
+ }
+ }
+ ERR(sh, "Module %s was not found.", module_name);
+ retval = -2; /* module not found */
+ cleanup:
+ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) {
+ free(module_filenames[i]);
+ }
+ free(module_filenames);
+ return retval;
+}
+
+/* Allocate an array of module_info structures for each readable
+ * module within the store. Note that if the calling program has
+ * already begun a transaction then this function will get a list of
+ * modules within the sandbox. The caller is responsible for calling
+ * semanage_module_info_datum_destroy() on each element of the array
+ * as well as free()ing the entire list.
+ */
+static int semanage_direct_list(semanage_handle_t * sh,
+ semanage_module_info_t ** modinfo,
+ int *num_modules)
+{
+ struct sepol_policy_file *pf = NULL;
+ int i, retval = -1;
+ char **module_filenames = NULL;
+ int num_mod_files;
+ *modinfo = NULL;
+ *num_modules = 0;
+
+ /* get the read lock when reading from the active
+ (non-transaction) directory */
+ if (!sh->is_in_transaction)
+ if (semanage_get_active_lock(sh) < 0)
+ return -1;
+
+ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) ==
+ -1) {
+ goto cleanup;
+ }
+ if (num_mod_files == 0) {
+ retval = semanage_direct_get_serial(sh);
+ goto cleanup;
+ }
+
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ goto cleanup;
+ }
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+
+ if ((*modinfo = calloc(num_mod_files, sizeof(**modinfo))) == NULL) {
+ ERR(sh, "Out of memory!");
+ goto cleanup;
+ }
+
+ for (i = 0; i < num_mod_files; i++) {
+ FILE *fp;
+ char *name = NULL, *version = NULL;
+ int type;
+ if ((fp = fopen(module_filenames[i], "rb")) == NULL) {
+ /* could not open this module file, so don't
+ * report it */
+ continue;
+ }
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ sepol_policy_file_set_fp(pf, fp);
+ if (sepol_module_package_info(pf, &type, &name, &version)) {
+ fclose(fp);
+ free(name);
+ free(version);
+ continue;
+ }
+ fclose(fp);
+ if (type == SEPOL_POLICY_MOD) {
+ (*modinfo)[*num_modules].name = name;
+ (*modinfo)[*num_modules].version = version;
+ (*num_modules)++;
+ } else {
+ /* file was not a module, so don't report it */
+ free(name);
+ free(version);
+ }
+ }
+ retval = semanage_direct_get_serial(sh);
+
+ cleanup:
+ sepol_policy_file_free(pf);
+ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) {
+ free(module_filenames[i]);
+ }
+ free(module_filenames);
+ if (!sh->is_in_transaction) {
+ semanage_release_active_lock(sh);
+ }
+ return retval;
+}
+
+int semanage_direct_access_check(semanage_handle_t * sh)
+{
+ char polpath[PATH_MAX];
+
+ snprintf(polpath, PATH_MAX, "%s%s", selinux_path(),
+ sh->conf->store_path);
+
+ if (semanage_check_init(polpath))
+ return -1;
+
+ return semanage_store_access_check(sh);
+}
diff --git a/libsemanage/src/direct_api.h b/libsemanage/src/direct_api.h
new file mode 100644
index 0000000..8f625f5
--- /dev/null
+++ b/libsemanage/src/direct_api.h
@@ -0,0 +1,40 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_DIRECT_API_H_
+#define _SEMANAGE_DIRECT_API_H_
+
+/* Circular dependency */
+struct semanage_handle;
+
+/* Direct component of handle */
+struct semanage_direct_handle {
+
+ /* Locking */
+ int activelock_file_fd;
+ int translock_file_fd;
+};
+
+int semanage_direct_connect(struct semanage_handle *sh);
+
+int semanage_direct_is_managed(struct semanage_handle *sh);
+
+int semanage_direct_access_check(struct semanage_handle *sh);
+
+#endif
diff --git a/libsemanage/src/dso.h b/libsemanage/src/dso.h
new file mode 100644
index 0000000..5c69aae
--- /dev/null
+++ b/libsemanage/src/dso.h
@@ -0,0 +1,23 @@
+#ifndef _SEPOL_DSO_H
+#define _SEPOL_DSO_H 1
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal) \
+ extern __typeof (fct) internal; \
+ extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif
diff --git a/libsemanage/src/fcontext_internal.h b/libsemanage/src/fcontext_internal.h
new file mode 100644
index 0000000..4f45fa6
--- /dev/null
+++ b/libsemanage/src/fcontext_internal.h
@@ -0,0 +1,42 @@
+#ifndef _SEMANAGE_FCONTEXT_INTERNAL_H_
+#define _SEMANAGE_FCONTEXT_INTERNAL_H_
+
+#include <semanage/fcontext_record.h>
+#include <semanage/fcontexts_local.h>
+#include <semanage/fcontexts_policy.h>
+#include <sepol/policydb.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_fcontext_key_create)
+ hidden_proto(semanage_fcontext_key_extract)
+ hidden_proto(semanage_fcontext_key_free)
+ hidden_proto(semanage_fcontext_compare)
+ hidden_proto(semanage_fcontext_compare2)
+ hidden_proto(semanage_fcontext_create)
+ hidden_proto(semanage_fcontext_get_expr)
+ hidden_proto(semanage_fcontext_set_expr)
+ hidden_proto(semanage_fcontext_get_type)
+ hidden_proto(semanage_fcontext_get_type_str)
+ hidden_proto(semanage_fcontext_set_type)
+ hidden_proto(semanage_fcontext_get_con)
+ hidden_proto(semanage_fcontext_set_con)
+ hidden_proto(semanage_fcontext_clone)
+ hidden_proto(semanage_fcontext_free)
+ hidden_proto(semanage_fcontext_iterate_local)
+
+/* FCONTEXT RECORD: metod table */
+extern record_table_t SEMANAGE_FCONTEXT_RTABLE;
+
+extern int fcontext_file_dbase_init(semanage_handle_t * handle,
+ const char *fname,
+ dbase_config_t * dconfig);
+
+extern void fcontext_file_dbase_release(dbase_config_t * dconfig);
+
+extern int hidden semanage_fcontext_validate_local(semanage_handle_t * handle,
+ const sepol_policydb_t *
+ policydb);
+
+#endif
diff --git a/libsemanage/src/fcontext_record.c b/libsemanage/src/fcontext_record.c
new file mode 100644
index 0000000..ec02a89
--- /dev/null
+++ b/libsemanage/src/fcontext_record.c
@@ -0,0 +1,311 @@
+struct semanage_fcontext;
+struct semanage_fcontext_key;
+typedef struct semanage_fcontext record_t;
+typedef struct semanage_fcontext_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include <string.h>
+#include "fcontext_internal.h"
+#include "context_internal.h"
+#include "debug.h"
+
+struct semanage_fcontext {
+
+ /* Matching expression */
+ char *expr;
+
+ /* Type of object */
+ int type;
+
+ /* Context */
+ semanage_context_t *con;
+};
+
+struct semanage_fcontext_key {
+
+ /* Matching expression */
+ const char *expr;
+
+ /* Type of object */
+ int type;
+};
+
+/* Key */
+int semanage_fcontext_key_create(semanage_handle_t * handle,
+ const char *expr,
+ int type, semanage_fcontext_key_t ** key_ptr)
+{
+
+ semanage_fcontext_key_t *tmp_key =
+ (semanage_fcontext_key_t *) malloc(sizeof(semanage_fcontext_key_t));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, could not "
+ "create file context key");
+ return STATUS_ERR;
+ }
+ tmp_key->expr = expr;
+ tmp_key->type = type;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_fcontext_key_create)
+
+int semanage_fcontext_key_extract(semanage_handle_t * handle,
+ const semanage_fcontext_t * fcontext,
+ semanage_fcontext_key_t ** key_ptr)
+{
+
+ if (semanage_fcontext_key_create(handle, fcontext->expr,
+ fcontext->type, key_ptr) < 0) {
+ ERR(handle, "could not extract key from "
+ "file context %s (%s)", fcontext->expr,
+ semanage_fcontext_get_type_str(fcontext->type));
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_fcontext_key_extract)
+
+void semanage_fcontext_key_free(semanage_fcontext_key_t * key)
+{
+ free(key);
+}
+
+hidden_def(semanage_fcontext_key_free)
+
+int semanage_fcontext_compare(const semanage_fcontext_t * fcontext,
+ const semanage_fcontext_key_t * key)
+{
+
+ int rv = strcmp(fcontext->expr, key->expr);
+ if (rv != 0)
+ return rv;
+ else {
+ if (fcontext->type < key->type)
+ return -1;
+
+ else if (key->type < fcontext->type)
+ return 1;
+
+ else
+ return 0;
+ }
+}
+
+hidden_def(semanage_fcontext_compare)
+
+int semanage_fcontext_compare2(const semanage_fcontext_t * fcontext,
+ const semanage_fcontext_t * fcontext2)
+{
+
+ int rv = strcmp(fcontext->expr, fcontext2->expr);
+ if (rv != 0)
+ return rv;
+ else {
+ if (fcontext->type < fcontext2->type)
+ return -1;
+
+ else if (fcontext2->type < fcontext->type)
+ return 1;
+
+ else
+ return 0;
+ }
+}
+
+hidden_def(semanage_fcontext_compare2)
+
+static int semanage_fcontext_compare2_qsort(const semanage_fcontext_t **
+ fcontext,
+ const semanage_fcontext_t **
+ fcontext2)
+{
+
+ return semanage_fcontext_compare2(*fcontext, *fcontext2);
+}
+
+/* Create */
+int semanage_fcontext_create(semanage_handle_t * handle,
+ semanage_fcontext_t ** fcontext)
+{
+
+ semanage_fcontext_t *tmp_fcontext =
+ (semanage_fcontext_t *) malloc(sizeof(semanage_fcontext_t));
+
+ if (!tmp_fcontext) {
+ ERR(handle, "out of memory, could not create "
+ "file context record");
+ return STATUS_ERR;
+ }
+
+ tmp_fcontext->expr = NULL;
+ tmp_fcontext->type = SEMANAGE_FCONTEXT_ALL;
+ tmp_fcontext->con = NULL;
+ *fcontext = tmp_fcontext;
+
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_fcontext_create)
+
+/* Regexp */
+const char *semanage_fcontext_get_expr(const semanage_fcontext_t * fcontext)
+{
+
+ return fcontext->expr;
+}
+
+hidden_def(semanage_fcontext_get_expr)
+
+int semanage_fcontext_set_expr(semanage_handle_t * handle,
+ semanage_fcontext_t * fcontext, const char *expr)
+{
+
+ char *tmp_expr = strdup(expr);
+ if (!tmp_expr) {
+ ERR(handle, "out of memory, " "could not set regexp string");
+ return STATUS_ERR;
+ }
+ free(fcontext->expr);
+ fcontext->expr = tmp_expr;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_fcontext_set_expr)
+
+/* Type */
+int semanage_fcontext_get_type(const semanage_fcontext_t * fcontext)
+{
+
+ return fcontext->type;
+}
+
+hidden_def(semanage_fcontext_get_type)
+
+const char *semanage_fcontext_get_type_str(int type)
+{
+
+ switch (type) {
+ case SEMANAGE_FCONTEXT_ALL:
+ return "all files";
+ case SEMANAGE_FCONTEXT_REG:
+ return "regular file";
+ case SEMANAGE_FCONTEXT_DIR:
+ return "directory";
+ case SEMANAGE_FCONTEXT_CHAR:
+ return "character device";
+ case SEMANAGE_FCONTEXT_BLOCK:
+ return "block device";
+ case SEMANAGE_FCONTEXT_SOCK:
+ return "socket";
+ case SEMANAGE_FCONTEXT_LINK:
+ return "symbolic link";
+ case SEMANAGE_FCONTEXT_PIPE:
+ return "named pipe";
+ default:
+ return "????";
+ }
+}
+
+hidden_def(semanage_fcontext_get_type_str)
+
+void semanage_fcontext_set_type(semanage_fcontext_t * fcontext, int type)
+{
+
+ fcontext->type = type;
+}
+
+hidden_def(semanage_fcontext_set_type)
+
+/* Context */
+semanage_context_t *semanage_fcontext_get_con(const semanage_fcontext_t *
+ fcontext)
+{
+
+ return fcontext->con;
+}
+
+hidden_def(semanage_fcontext_get_con)
+
+int semanage_fcontext_set_con(semanage_handle_t * handle,
+ semanage_fcontext_t * fcontext,
+ semanage_context_t * con)
+{
+
+ semanage_context_t *newcon;
+
+ if (semanage_context_clone(handle, con, &newcon) < 0) {
+ ERR(handle, "out of memory, could not set file context");
+ return STATUS_ERR;
+ }
+
+ semanage_context_free(fcontext->con);
+ fcontext->con = newcon;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_fcontext_set_con)
+
+/* Deep copy clone */
+int semanage_fcontext_clone(semanage_handle_t * handle,
+ const semanage_fcontext_t * fcontext,
+ semanage_fcontext_t ** fcontext_ptr)
+{
+
+ semanage_fcontext_t *new_fcontext = NULL;
+ if (semanage_fcontext_create(handle, &new_fcontext) < 0)
+ goto err;
+
+ if (semanage_fcontext_set_expr(handle, new_fcontext, fcontext->expr) <
+ 0)
+ goto err;
+
+ new_fcontext->type = fcontext->type;
+
+ if (fcontext->con &&
+ (semanage_context_clone(handle, fcontext->con, &new_fcontext->con) <
+ 0))
+ goto err;
+
+ *fcontext_ptr = new_fcontext;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone file context record");
+ semanage_fcontext_free(new_fcontext);
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_fcontext_clone)
+
+/* Destroy */
+void semanage_fcontext_free(semanage_fcontext_t * fcontext)
+{
+
+ if (!fcontext)
+ return;
+
+ free(fcontext->expr);
+ semanage_context_free(fcontext->con);
+ free(fcontext);
+}
+
+hidden_def(semanage_fcontext_free)
+
+/* Record base functions */
+record_table_t SEMANAGE_FCONTEXT_RTABLE = {
+ .create = semanage_fcontext_create,
+ .key_extract = semanage_fcontext_key_extract,
+ .key_free = semanage_fcontext_key_free,
+ .clone = semanage_fcontext_clone,
+ .compare = semanage_fcontext_compare,
+ .compare2 = semanage_fcontext_compare2,
+ .compare2_qsort = semanage_fcontext_compare2_qsort,
+ .free = semanage_fcontext_free,
+};
diff --git a/libsemanage/src/fcontexts_file.c b/libsemanage/src/fcontexts_file.c
new file mode 100644
index 0000000..b1a2f82
--- /dev/null
+++ b/libsemanage/src/fcontexts_file.c
@@ -0,0 +1,186 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_fcontext;
+struct semanage_fcontext_key;
+typedef struct semanage_fcontext record_t;
+typedef struct semanage_fcontext_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+#include <semanage/handle.h>
+#include "fcontext_internal.h"
+#include "context_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static const char *type_str(int type)
+{
+ switch (type) {
+ default:
+ case SEMANAGE_FCONTEXT_ALL:
+ return " ";
+ case SEMANAGE_FCONTEXT_REG:
+ return "--";
+ case SEMANAGE_FCONTEXT_DIR:
+ return "-d";
+ case SEMANAGE_FCONTEXT_CHAR:
+ return "-c";
+ case SEMANAGE_FCONTEXT_BLOCK:
+ return "-b";
+ case SEMANAGE_FCONTEXT_SOCK:
+ return "-s";
+ case SEMANAGE_FCONTEXT_LINK:
+ return "-l";
+ case SEMANAGE_FCONTEXT_PIPE:
+ return "-p";
+ }
+}
+
+static int fcontext_print(semanage_handle_t * handle,
+ semanage_fcontext_t * fcontext, FILE * str)
+{
+
+ char *con_str = NULL;
+
+ const char *expr = semanage_fcontext_get_expr(fcontext);
+ int type = semanage_fcontext_get_type(fcontext);
+ const char *print_str = type_str(type);
+ const char *tstr = semanage_fcontext_get_type_str(type);
+ semanage_context_t *con = semanage_fcontext_get_con(fcontext);
+
+ if (fprintf(str, "%s %s ", expr, print_str) < 0)
+ goto err;
+
+ if (con != NULL) {
+ if (semanage_context_to_string(handle, con, &con_str) < 0)
+ goto err;
+ if (fprintf(str, "%s\n", con_str) < 0)
+ goto err;
+ free(con_str);
+ con_str = NULL;
+ } else {
+ if (fprintf(str, "<<none>>\n") < 0)
+ goto err;
+ }
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not print file context for "
+ "%s (%s) to stream", expr, tstr);
+ free(con_str);
+ return STATUS_ERR;
+}
+
+static int fcontext_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_fcontext_t * fcontext)
+{
+
+ char *str = NULL;
+ semanage_context_t *con = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Regexp */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_fcontext_set_expr(handle, fcontext, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Type */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (!strcasecmp(str, "-s"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_SOCK);
+ else if (!strcasecmp(str, "-p"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_PIPE);
+ else if (!strcasecmp(str, "-b"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_BLOCK);
+ else if (!strcasecmp(str, "-l"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_LINK);
+ else if (!strcasecmp(str, "-c"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_CHAR);
+ else if (!strcasecmp(str, "-d"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_DIR);
+ else if (!strcasecmp(str, "--"))
+ semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_REG);
+ else
+ goto process_context;
+ free(str);
+ str = NULL;
+
+ /* Context */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+
+ process_context:
+ if (semanage_context_from_string(handle, str, &con) < 0) {
+ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
+ str, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ if (con && semanage_fcontext_set_con(handle, fcontext, con) < 0)
+ goto err;
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ semanage_context_free(con);
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse file context record");
+ free(str);
+ semanage_context_free(con);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* FCONTEXT RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_FCONTEXT_FILE_RTABLE = {
+ .parse = fcontext_parse,
+ .print = fcontext_print,
+};
+
+int fcontext_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_FCONTEXT_RTABLE,
+ &SEMANAGE_FCONTEXT_FILE_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void fcontext_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/fcontexts_local.c b/libsemanage/src/fcontexts_local.c
new file mode 100644
index 0000000..b0da236
--- /dev/null
+++ b/libsemanage/src/fcontexts_local.c
@@ -0,0 +1,129 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_fcontext;
+struct semanage_fcontext_key;
+typedef struct semanage_fcontext_key record_key_t;
+typedef struct semanage_fcontext record_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include <sepol/policydb.h>
+#include <sepol/context.h>
+#include "fcontext_internal.h"
+#include "context_internal.h"
+#include "debug.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_fcontext_modify_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ const semanage_fcontext_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_fcontext_del_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_fcontext_query_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ semanage_fcontext_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_fcontext_exists_local(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ int *response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_fcontext_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_fcontext_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_fcontext_t *
+ record, void *varg),
+ void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+hidden_def(semanage_fcontext_iterate_local)
+
+int semanage_fcontext_list_local(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
+
+struct validate_handler_arg {
+ semanage_handle_t *handle;
+ const sepol_policydb_t *policydb;
+};
+
+static int validate_handler(const semanage_fcontext_t * fcon, void *varg)
+{
+
+ char *str;
+
+ /* Unpack varg */
+ struct validate_handler_arg *arg = (struct validate_handler_arg *)varg;
+ semanage_handle_t *handle = arg->handle;
+ const sepol_policydb_t *policydb = arg->policydb;
+
+ /* Unpack fcontext */
+ const char *expr = semanage_fcontext_get_expr(fcon);
+ int type = semanage_fcontext_get_type(fcon);
+ const char *type_str = semanage_fcontext_get_type_str(type);
+ semanage_context_t *con = semanage_fcontext_get_con(fcon);
+
+ if (con
+ && sepol_context_check(handle->sepolh, policydb,
+ (sepol_context_t *) con) < 0)
+ goto invalid;
+
+ return 0;
+
+ invalid:
+ if (semanage_context_to_string(handle, con, &str) >= 0) {
+ ERR(handle, "invalid context %s specified for %s [%s]",
+ str, expr, type_str);
+ free(str);
+ } else
+ ERR(handle, "invalid context specified for %s [%s]",
+ expr, type_str);
+ return -1;
+}
+
+int hidden semanage_fcontext_validate_local(semanage_handle_t * handle,
+ const sepol_policydb_t * policydb)
+{
+
+ struct validate_handler_arg arg;
+ arg.handle = handle;
+ arg.policydb = policydb;
+ return semanage_fcontext_iterate_local(handle, validate_handler, &arg);
+}
diff --git a/libsemanage/src/fcontexts_policy.c b/libsemanage/src/fcontexts_policy.c
new file mode 100644
index 0000000..0b063b1
--- /dev/null
+++ b/libsemanage/src/fcontexts_policy.c
@@ -0,0 +1,53 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_fcontext;
+struct semanage_fcontext_key;
+typedef struct semanage_fcontext_key record_key_t;
+typedef struct semanage_fcontext record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "fcontext_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_fcontext_query(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key,
+ semanage_fcontext_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_fcontext_exists(semanage_handle_t * handle,
+ const semanage_fcontext_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_fcontext_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_fcontext_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_fcontext_t *
+ record, void *varg),
+ void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_fcontext_list(semanage_handle_t * handle,
+ semanage_fcontext_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
new file mode 100644
index 0000000..2823d09
--- /dev/null
+++ b/libsemanage/src/genhomedircon.c
@@ -0,0 +1,983 @@
+/* Author: Mark Goldman <mgoldman@tresys.com>
+ * Paul Rosenfeld <prosenfeld@tresys.com>
+ * Todd C. Miller <tmiller@tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of the
+ * License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <semanage/handle.h>
+#include <semanage/seusers_policy.h>
+#include <semanage/users_policy.h>
+#include <semanage/user_record.h>
+#include <semanage/fcontext_record.h>
+#include <semanage/fcontexts_policy.h>
+#include <sepol/context.h>
+#include <sepol/context_record.h>
+#include "semanage_store.h"
+#include "seuser_internal.h"
+#include "debug.h"
+
+#include "utilities.h"
+#include "genhomedircon.h"
+#include <ustr.h>
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <errno.h>
+#include <unistd.h>
+#include <regex.h>
+
+/* paths used in get_home_dirs() */
+#define PATH_ETC_USERADD "/etc/default/useradd"
+#define PATH_ETC_LIBUSER "/etc/libuser.conf"
+#define PATH_DEFAULT_HOME "/home"
+#define PATH_EXPORT_HOME "/export/home"
+#define PATH_ETC_LOGIN_DEFS "/etc/login.defs"
+
+/* other paths */
+#define PATH_SHELLS_FILE "/etc/shells"
+#define PATH_NOLOGIN_SHELL "/sbin/nologin"
+
+/* comments written to context file */
+#define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
+ "User-specific file contexts, generated via libsemanage\n" \
+ "# use semanage command to manage system users to change" \
+ " the file_context\n#\n#\n"
+
+#define COMMENT_USER_HOME_CONTEXT "\n\n#\n# Home Context for user %s" \
+ "\n#\n\n"
+
+/* placeholders used in the template file
+ which are searched for and replaced */
+#define TEMPLATE_HOME_ROOT "HOME_ROOT"
+#define TEMPLATE_HOME_DIR "HOME_DIR"
+#define TEMPLATE_USER "USER"
+#define TEMPLATE_ROLE "ROLE"
+#define TEMPLATE_SEUSER "system_u"
+
+#define FALLBACK_USER "user_u"
+#define FALLBACK_USER_PREFIX "user"
+#define DEFAULT_LOGIN "__default__"
+
+typedef struct {
+ const char *fcfilepath;
+ int usepasswd;
+ const char *homedir_template_path;
+ char *fallback_user;
+ char *fallback_user_prefix;
+ semanage_handle_t *h_semanage;
+ sepol_policydb_t *policydb;
+} genhomedircon_settings_t;
+
+typedef struct user_entry {
+ char *name;
+ char *sename;
+ char *prefix;
+ char *home;
+ struct user_entry *next;
+} genhomedircon_user_entry_t;
+
+typedef struct {
+ const char *search_for;
+ const char *replace_with;
+} replacement_pair_t;
+
+typedef struct {
+ const char *dir;
+ int matched;
+} fc_match_handle_t;
+
+static semanage_list_t *default_shell_list(void)
+{
+ semanage_list_t *list = NULL;
+
+ if (semanage_list_push(&list, "/bin/csh")
+ || semanage_list_push(&list, "/bin/tcsh")
+ || semanage_list_push(&list, "/bin/ksh")
+ || semanage_list_push(&list, "/bin/bsh")
+ || semanage_list_push(&list, "/bin/ash")
+ || semanage_list_push(&list, "/usr/bin/ksh")
+ || semanage_list_push(&list, "/usr/bin/pdksh")
+ || semanage_list_push(&list, "/bin/zsh")
+ || semanage_list_push(&list, "/bin/sh")
+ || semanage_list_push(&list, "/bin/bash"))
+ goto fail;
+
+ return list;
+
+ fail:
+ semanage_list_destroy(&list);
+ return NULL;
+}
+
+static semanage_list_t *get_shell_list(void)
+{
+ FILE *shells;
+ char *temp = NULL;
+ semanage_list_t *list = NULL;
+ size_t buff_len = 0;
+ ssize_t len;
+
+ shells = fopen(PATH_SHELLS_FILE, "r");
+ if (!shells)
+ return default_shell_list();
+ while ((len = getline(&temp, &buff_len, shells)) > 0) {
+ if (temp[len-1] == '\n') temp[len-1] = 0;
+ if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
+ if (semanage_list_push(&list, temp)) {
+ free(temp);
+ semanage_list_destroy(&list);
+ return default_shell_list();
+ }
+ }
+ }
+ free(temp);
+
+ return list;
+}
+
+/* Helper function called via semanage_fcontext_iterate() */
+static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
+{
+ const char *oexpr = semanage_fcontext_get_expr(fcontext);
+ fc_match_handle_t *handp = varg;
+ struct Ustr *expr;
+ regex_t re;
+ int type, retval = -1;
+
+ /* Only match ALL or DIR */
+ type = semanage_fcontext_get_type(fcontext);
+ if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
+ return 0;
+
+ /* Convert oexpr into a Ustr and anchor it at the beginning */
+ expr = ustr_dup_cstr("^");
+ if (expr == USTR_NULL)
+ goto done;
+ if (!ustr_add_cstr(&expr, oexpr))
+ goto done;
+
+ /* Strip off trailing ".+" or ".*" */
+ if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
+ ustr_cmp_suffix_cstr_eq(expr, ".*")) {
+ if (!ustr_del(&expr, 2))
+ goto done;
+ }
+
+ /* Strip off trailing "(/.*)?" */
+ if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
+ if (!ustr_del(&expr, 6))
+ goto done;
+ }
+
+ if (ustr_cmp_suffix_cstr_eq(expr, "/")) {
+ if (!ustr_del(&expr, 1))
+ goto done;
+ }
+
+ /* Append pattern to eat up trailing slashes */
+ if (!ustr_add_cstr(&expr, "/*$"))
+ goto done;
+
+ /* Check dir against expr */
+ if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
+ goto done;
+ if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
+ handp->matched = 1;
+ regfree(&re);
+
+ retval = 0;
+
+done:
+ ustr_free(expr);
+
+ return retval;
+}
+
+static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
+{
+ semanage_list_t *homedir_list = NULL;
+ semanage_list_t *shells = NULL;
+ fc_match_handle_t hand;
+ char *rbuf = NULL;
+ char *path = NULL;
+ long rbuflen;
+ uid_t temp, minuid = 0;
+ int minuid_set = 0;
+ struct passwd pwstorage, *pwbuf;
+ struct stat buf;
+ int retval;
+
+ shells = get_shell_list();
+ assert(shells);
+
+ path = semanage_findval(PATH_ETC_USERADD, "HOME", "=");
+ if (path && *path) {
+ if (semanage_list_push(&homedir_list, path))
+ goto fail;
+ }
+ free(path);
+
+ path = semanage_findval(PATH_ETC_LIBUSER, "LU_HOMEDIRECTORY", "=");
+ if (path && *path) {
+ if (semanage_list_push(&homedir_list, path))
+ goto fail;
+ }
+ free(path);
+ path = NULL;
+
+ if (!homedir_list) {
+ if (semanage_list_push(&homedir_list, PATH_DEFAULT_HOME)) {
+ goto fail;
+ }
+ }
+
+ if (!stat(PATH_EXPORT_HOME, &buf)) {
+ if (S_ISDIR(buf.st_mode)) {
+ if (semanage_list_push(&homedir_list, PATH_EXPORT_HOME)) {
+ goto fail;
+ }
+ }
+ }
+
+ if (!(s->usepasswd))
+ return homedir_list;
+
+ path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL);
+ if (path && *path) {
+ temp = atoi(path);
+ if (!minuid_set || temp < minuid) {
+ minuid = temp;
+ minuid_set = 1;
+ }
+ }
+ free(path);
+ path = NULL;
+
+ path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=");
+ if (path && *path) {
+ temp = atoi(path);
+ if (!minuid_set || temp < minuid) {
+ minuid = temp;
+ minuid_set = 1;
+ }
+ }
+ free(path);
+ path = NULL;
+
+ if (!minuid_set) {
+ minuid = 500;
+ minuid_set = 1;
+ }
+
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto fail;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto fail;
+ setpwent();
+ while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
+ if (pwbuf->pw_uid < minuid)
+ continue;
+ if (!semanage_list_find(shells, pwbuf->pw_shell))
+ continue;
+ if (strcmp(pwbuf->pw_dir, "/") == 0)
+ continue;
+ if (semanage_str_count(pwbuf->pw_dir, '/') <= 1)
+ continue;
+ if (!(path = strdup(pwbuf->pw_dir))) {
+ break;
+ }
+
+ semanage_rtrim(path, '/');
+
+ if (!semanage_list_find(homedir_list, path)) {
+ /*
+ * Now check for an existing file context that matches
+ * so we don't label a non-homedir as a homedir.
+ */
+ hand.dir = path;
+ hand.matched = 0;
+ if (semanage_fcontext_iterate(s->h_semanage,
+ fcontext_matches, &hand) == STATUS_ERR)
+ goto fail;
+
+ /* NOTE: old genhomedircon printed a warning on match */
+ if (hand.matched) {
+ WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+ } else {
+ if (semanage_list_push(&homedir_list, path))
+ goto fail;
+ }
+ }
+ free(path);
+ path = NULL;
+ }
+
+ if (retval && retval != ENOENT) {
+ WARN(s->h_semanage, "Error while fetching users. "
+ "Returning list so far.");
+ }
+ endpwent();
+ free(rbuf);
+ semanage_list_destroy(&shells);
+ if (semanage_list_sort(&homedir_list))
+ goto fail;
+
+ return homedir_list;
+
+ fail:
+ endpwent();
+ free(rbuf);
+ free(path);
+ semanage_list_destroy(&homedir_list);
+ semanage_list_destroy(&shells);
+ return NULL;
+}
+
+/**
+ * @param s settings structure, stores various paths etc. Must never be NULL
+ * @param out the FILE to put all the output in.
+ * @return 0 on success
+ */
+static int write_file_context_header(genhomedircon_settings_t * s, FILE * out)
+{
+ if (fprintf(out, COMMENT_FILE_CONTEXT_HEADER) < 0) {
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/* Predicates for use with semanage_slurp_file_filter() the homedir_template
+ * file currently contains lines that serve as the template for a user's
+ * homedir.
+ *
+ * It also contains lines that are the template for the parent of a
+ * user's home directory.
+ *
+ * Currently, the only lines that apply to the the root of a user's home
+ * directory are all prefixed with the string "HOME_ROOT". All other
+ * lines apply to a user's home directory. If this changes the
+ * following predicates need to change to reflect that.
+ */
+static int HOME_ROOT_PRED(const char *string)
+{
+ return semanage_is_prefix(string, TEMPLATE_HOME_ROOT);
+}
+
+static int HOME_DIR_PRED(const char *string)
+{
+ return semanage_is_prefix(string, TEMPLATE_HOME_DIR);
+}
+
+static int USER_CONTEXT_PRED(const char *string)
+{
+ return (int)(strstr(string, TEMPLATE_USER) != NULL);
+}
+
+/* make_tempate
+ * @param s the settings holding the paths to various files
+ * @param pred function pointer to function to use as filter for slurp
+ * file filter
+ * @return a list of lines from the template file with inappropriate
+ * lines filtered out.
+ */
+static semanage_list_t *make_template(genhomedircon_settings_t * s,
+ int (*pred) (const char *))
+{
+ FILE *template_file = NULL;
+ semanage_list_t *template_data = NULL;
+
+ template_file = fopen(s->homedir_template_path, "r");
+ if (!template_file)
+ return NULL;
+ template_data = semanage_slurp_file_filter(template_file, pred);
+ fclose(template_file);
+
+ return template_data;
+}
+
+static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
+{
+ Ustr *retval = USTR_NULL;
+ int i;
+
+ if (!str || !repl)
+ goto done;
+ if (!(retval = ustr_dup_cstr(str)))
+ goto done;
+
+ for (i = 0; repl[i].search_for; i++) {
+ ustr_replace_cstr(&retval, repl[i].search_for,
+ repl[i].replace_with, 0);
+ }
+ if (ustr_enomem(retval))
+ ustr_sc_free(&retval);
+
+ done:
+ return retval;
+}
+
+static const char * extract_context(Ustr *line)
+{
+ const char whitespace[] = " \t\n";
+ size_t off, len;
+
+ /* check for trailing whitespace */
+ off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
+
+ /* find the length of the last field in line */
+ len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
+
+ if (len == 0)
+ return NULL;
+ return ustr_cstr(line) + ustr_len(line) - (len + off);
+}
+
+static int check_line(genhomedircon_settings_t * s, Ustr *line)
+{
+ sepol_context_t *ctx_record = NULL;
+ const char *ctx_str;
+ int result;
+
+ ctx_str = extract_context(line);
+ if (!ctx_str)
+ return STATUS_ERR;
+
+ result = sepol_context_from_string(s->h_semanage->sepolh,
+ ctx_str, &ctx_record);
+ if (result == STATUS_SUCCESS && ctx_record != NULL) {
+ sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
+ result = sepol_context_check(s->h_semanage->sepolh,
+ s->policydb, ctx_record);
+ sepol_msg_set_callback(s->h_semanage->sepolh,
+ semanage_msg_relay_handler, s->h_semanage);
+ sepol_context_free(ctx_record);
+ }
+ return result;
+}
+
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, const char *user,
+ const char *seuser, const char *home,
+ const char *role_prefix)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+ {.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
+ {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ if (fprintf(out, COMMENT_USER_HOME_CONTEXT, user) < 0)
+ return STATUS_ERR;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line)
+ goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, char *homedir)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line)
+ goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int write_user_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, const char *user,
+ const char *seuser, const char *role_prefix)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_USER,.replace_with = user},
+ {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
+ {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+ {NULL, NULL}
+ };
+ Ustr *line = USTR_NULL;
+
+ for (; tpl; tpl = tpl->next) {
+ line = replace_all(tpl->data, repl);
+ if (!line)
+ goto fail;
+ if (check_line(s, line) == STATUS_SUCCESS) {
+ if (!ustr_io_putfileline(&line, out))
+ goto fail;
+ }
+ ustr_sc_free(&line);
+ }
+ return STATUS_SUCCESS;
+
+ fail:
+ ustr_sc_free(&line);
+ return STATUS_ERR;
+}
+
+static int user_sort_func(semanage_user_t ** arg1, semanage_user_t ** arg2)
+{
+ return strcmp(semanage_user_get_name(*arg1),
+ semanage_user_get_name(*arg2));
+}
+
+static int name_user_cmp(char *key, semanage_user_t ** val)
+{
+ return strcmp(key, semanage_user_get_name(*val));
+}
+
+static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
+ const char *sen, const char *pre, const char *h)
+{
+ genhomedircon_user_entry_t *temp = NULL;
+ char *name = NULL;
+ char *sename = NULL;
+ char *prefix = NULL;
+ char *home = NULL;
+
+ temp = malloc(sizeof(genhomedircon_user_entry_t));
+ if (!temp)
+ goto cleanup;
+ name = strdup(n);
+ if (!name)
+ goto cleanup;
+ sename = strdup(sen);
+ if (!sename)
+ goto cleanup;
+ prefix = strdup(pre);
+ if (!prefix)
+ goto cleanup;
+ home = strdup(h);
+ if (!home)
+ goto cleanup;
+
+ temp->name = name;
+ temp->sename = sename;
+ temp->prefix = prefix;
+ temp->home = home;
+ temp->next = (*list);
+ (*list) = temp;
+
+ return STATUS_SUCCESS;
+
+ cleanup:
+ free(name);
+ free(sename);
+ free(prefix);
+ free(home);
+ free(temp);
+ return STATUS_ERR;
+}
+
+static void pop_user_entry(genhomedircon_user_entry_t ** list)
+{
+ genhomedircon_user_entry_t *temp;
+
+ if (!list || !(*list))
+ return;
+
+ temp = *list;
+ *list = temp->next;
+ free(temp->name);
+ free(temp->sename);
+ free(temp->prefix);
+ free(temp->home);
+ free(temp);
+}
+
+static int set_fallback_user(genhomedircon_settings_t *s,
+ const char *user, const char *prefix)
+{
+ char *fallback_user = strdup(user);
+ char *fallback_user_prefix = strdup(prefix);
+
+ if (fallback_user == NULL || fallback_user_prefix == NULL) {
+ free(fallback_user);
+ free(fallback_user_prefix);
+ return STATUS_ERR;
+ }
+
+ free(s->fallback_user);
+ free(s->fallback_user_prefix);
+ s->fallback_user = fallback_user;
+ s->fallback_user_prefix = fallback_user_prefix;
+ return STATUS_SUCCESS;
+}
+
+static int setup_fallback_user(genhomedircon_settings_t * s)
+{
+ semanage_seuser_t **seuser_list = NULL;
+ unsigned int nseusers = 0;
+ semanage_user_key_t *key = NULL;
+ semanage_user_t *u = NULL;
+ const char *name = NULL;
+ const char *seuname = NULL;
+ const char *prefix = NULL;
+ unsigned int i;
+ int retval;
+ int errors = 0;
+
+ retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+ if (retval < 0 || (nseusers < 1)) {
+ /* if there are no users, this function can't do any other work */
+ return errors;
+ }
+
+ for (i = 0; i < nseusers; i++) {
+ name = semanage_seuser_get_name(seuser_list[i]);
+ if (strcmp(name, DEFAULT_LOGIN) == 0) {
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+ /* find the user structure given the name */
+ if (semanage_user_key_create(s->h_semanage, seuname,
+ &key) < 0) {
+ errors = STATUS_ERR;
+ break;
+ }
+ if (semanage_user_query(s->h_semanage, key, &u) < 0)
+ prefix = name;
+ else
+ prefix = semanage_user_get_prefix(u);
+
+ if (set_fallback_user(s, seuname, prefix) != 0)
+ errors = STATUS_ERR;
+ semanage_user_key_free(key);
+ if (u)
+ semanage_user_free(u);
+ break;
+ }
+ }
+
+ for (i = 0; i < nseusers; i++)
+ semanage_seuser_free(seuser_list[i]);
+ free(seuser_list);
+
+ return errors;
+}
+
+static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
+ int *errors)
+{
+ genhomedircon_user_entry_t *head = NULL;
+ semanage_seuser_t **seuser_list = NULL;
+ unsigned int nseusers = 0;
+ semanage_user_t **user_list = NULL;
+ unsigned int nusers = 0;
+ semanage_user_t **u = NULL;
+ const char *name = NULL;
+ const char *seuname = NULL;
+ const char *prefix = NULL;
+ struct passwd pwstorage, *pwent = NULL;
+ unsigned int i;
+ long rbuflen;
+ char *rbuf = NULL;
+ int retval;
+
+ *errors = 0;
+ retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+ if (retval < 0 || (nseusers < 1)) {
+ /* if there are no users, this function can't do any other work */
+ return NULL;
+ }
+
+ if (semanage_user_list(s->h_semanage, &user_list, &nusers) < 0) {
+ nusers = 0;
+ }
+
+ qsort(user_list, nusers, sizeof(semanage_user_t *),
+ (int (*)(const void *, const void *))&user_sort_func);
+
+ /* Allocate space for the getpwnam_r buffer */
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto cleanup;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto cleanup;
+
+ for (i = 0; i < nseusers; i++) {
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
+ name = semanage_seuser_get_name(seuser_list[i]);
+
+ if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
+ continue;
+
+ if (strcmp(name, DEFAULT_LOGIN) == 0)
+ continue;
+
+ if (strcmp(name, TEMPLATE_SEUSER) == 0)
+ continue;
+
+ /* %groupname syntax */
+ if (name[0] == '%')
+ continue;
+
+ /* find the user structure given the name */
+ u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *),
+ (int (*)(const void *, const void *))
+ &name_user_cmp);
+ if (u) {
+ prefix = semanage_user_get_prefix(*u);
+ } else {
+ prefix = name;
+ }
+
+ retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval != 0 || pwent == NULL) {
+ if (retval != 0 && retval != ENOENT) {
+ *errors = STATUS_ERR;
+ goto cleanup;
+ }
+
+ WARN(s->h_semanage,
+ "user %s not in password file", name);
+ continue;
+ }
+
+ if (strcmp(pwent->pw_dir, "/") == 0) {
+ /* don't relabel / genhomdircon checked to see if root
+ * was the user and if so, set his home directory to
+ * /root */
+ continue;
+ }
+ if (push_user_entry(&head, name, seuname,
+ prefix, pwent->pw_dir) != STATUS_SUCCESS) {
+ *errors = STATUS_ERR;
+ break;
+ }
+ }
+
+ cleanup:
+ free(rbuf);
+ if (*errors) {
+ for (; head; pop_user_entry(&head)) {
+ /* the pop function takes care of all the cleanup
+ so the loop body is just empty */
+ }
+ }
+ for (i = 0; i < nseusers; i++) {
+ semanage_seuser_free(seuser_list[i]);
+ }
+ free(seuser_list);
+
+ for (i = 0; i < nusers; i++) {
+ semanage_user_free(user_list[i]);
+ }
+ free(user_list);
+
+ return head;
+}
+
+static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * user_context_tpl,
+ semanage_list_t * homedir_context_tpl)
+{
+ genhomedircon_user_entry_t *users;
+ int errors = 0;
+
+ users = get_users(s, &errors);
+ if (!users && errors) {
+ return STATUS_ERR;
+ }
+
+ for (; users; pop_user_entry(&users)) {
+ if (write_home_dir_context(s, out, homedir_context_tpl,
+ users->name,
+ users->sename, users->home,
+ users->prefix)) {
+ return STATUS_ERR;
+ }
+ if (write_user_context(s, out, user_context_tpl, users->name,
+ users->sename, users->prefix)) {
+ return STATUS_ERR;
+ }
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/**
+ * @param s settings structure, stores various paths etc. Must never be NULL
+ * @param out the FILE to put all the output in.
+ * @return 0 on success
+ */
+static int write_context_file(genhomedircon_settings_t * s, FILE * out)
+{
+ semanage_list_t *homedirs = NULL;
+ semanage_list_t *h = NULL;
+ semanage_list_t *user_context_tpl = NULL;
+ semanage_list_t *homedir_context_tpl = NULL;
+ semanage_list_t *homeroot_context_tpl = NULL;
+ int retval = STATUS_SUCCESS;
+
+ homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
+ homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
+ user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
+
+ if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl)
+ goto done;
+
+ if (write_file_context_header(s, out) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (setup_fallback_user(s) != 0) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (homedir_context_tpl || homeroot_context_tpl) {
+ homedirs = get_home_dirs(s);
+ if (!homedirs) {
+ WARN(s->h_semanage,
+ "no home directories were available, exiting without writing");
+ goto done;
+ }
+
+ for (h = homedirs; h; h = h->next) {
+ Ustr *temp = ustr_dup_cstr(h->data);
+
+ if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (write_home_dir_context(s, out,
+ homedir_context_tpl,
+ s->fallback_user, s->fallback_user,
+ ustr_cstr(temp),
+ s->fallback_user_prefix) !=
+ STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+ if (write_home_root_context(s, out,
+ homeroot_context_tpl,
+ h->data) != STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ ustr_sc_free(&temp);
+ }
+ }
+ if (user_context_tpl) {
+ if (write_user_context(s, out, user_context_tpl,
+ ".*", s->fallback_user,
+ s->fallback_user_prefix) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (write_gen_home_dir_context(s, out, user_context_tpl,
+ homedir_context_tpl) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ }
+ }
+
+done:
+ /* Cleanup */
+ semanage_list_destroy(&homedirs);
+ semanage_list_destroy(&user_context_tpl);
+ semanage_list_destroy(&homedir_context_tpl);
+ semanage_list_destroy(&homeroot_context_tpl);
+
+ return retval;
+}
+
+int semanage_genhomedircon(semanage_handle_t * sh,
+ sepol_policydb_t * policydb,
+ int usepasswd)
+{
+ genhomedircon_settings_t s;
+ FILE *out = NULL;
+ int retval = 0;
+
+ assert(sh);
+
+ s.homedir_template_path =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
+ s.fcfilepath = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_HOMEDIRS);
+
+ s.fallback_user = strdup(FALLBACK_USER);
+ s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
+ if (s.fallback_user == NULL || s.fallback_user_prefix == NULL)
+ return STATUS_ERR;
+
+ s.usepasswd = usepasswd;
+ s.h_semanage = sh;
+ s.policydb = policydb;
+
+ if (!(out = fopen(s.fcfilepath, "w"))) {
+ /* couldn't open output file */
+ ERR(sh, "Could not open the file_context file for writing");
+ return STATUS_ERR;
+ }
+
+ retval = write_context_file(&s, out);
+
+ fclose(out);
+
+ free(s.fallback_user);
+ free(s.fallback_user_prefix);
+
+ return retval;
+}
diff --git a/libsemanage/src/genhomedircon.h b/libsemanage/src/genhomedircon.h
new file mode 100644
index 0000000..443e345
--- /dev/null
+++ b/libsemanage/src/genhomedircon.h
@@ -0,0 +1,28 @@
+/* Author: Mark Goldman <mgoldman@tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_GENHOMEDIRCON_H_
+#define _SEMANAGE_GENHOMEDIRCON_H_
+
+#include "utilities.h"
+
+int semanage_genhomedircon(semanage_handle_t * sh,
+ sepol_policydb_t * policydb, int usepasswd);
+
+#endif
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
new file mode 100644
index 0000000..b94db11
--- /dev/null
+++ b/libsemanage/src/handle.c
@@ -0,0 +1,260 @@
+/* Author: Joshua Brindle <jbrindle@tresys.co
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This file implements only the publicly-visible handle functions to libsemanage. */
+
+#include <selinux/selinux.h>
+
+#include <stdarg.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+
+#include "direct_api.h"
+#include "handle.h"
+#include "debug.h"
+#include "semanage_conf.h"
+#include "semanage_store.h"
+
+#define SEMANAGE_COMMIT_READ_WAIT 5
+
+semanage_handle_t *semanage_handle_create(void)
+{
+ semanage_handle_t *sh = NULL;
+ const char *conf_name = NULL;
+
+ /* Allocate handle */
+ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
+ goto err;
+
+ if ((conf_name = semanage_conf_path()) == NULL)
+ goto err;
+
+ if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
+ goto err;
+
+ /* Link to sepol handle */
+ sh->sepolh = sepol_handle_create();
+ if (!sh->sepolh)
+ goto err;
+ sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh);
+
+ /* By default do not rebuild the policy on commit
+ * If any changes are made, this flag is ignored */
+ sh->do_rebuild = 0;
+
+ /* By default always reload policy after commit if SELinux is enabled. */
+ sh->do_reload = (is_selinux_enabled() > 0);
+
+ /* By default do not create store */
+ sh->create_store = 0;
+
+ /* Set timeout: some default value for now, later use config */
+ sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
+
+ /* Set callback */
+ sh->msg_callback = semanage_msg_default_handler;
+ sh->msg_callback_arg = NULL;
+
+ return sh;
+
+ err:
+ semanage_handle_destroy(sh);
+ return NULL;
+}
+
+void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild)
+{
+
+ assert(sh != NULL);
+
+ sh->do_rebuild = do_rebuild;
+ return;
+}
+
+void semanage_set_reload(semanage_handle_t * sh, int do_reload)
+{
+
+ assert(sh != NULL);
+
+ sh->do_reload = do_reload;
+ return;
+}
+
+void semanage_set_create_store(semanage_handle_t * sh, int create_store)
+{
+
+ assert(sh != NULL);
+
+ sh->create_store = create_store;
+ return;
+}
+
+void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh != NULL);
+
+ sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
+ return;
+}
+
+int semanage_is_connected(semanage_handle_t * sh)
+{
+ assert(sh != NULL);
+ return sh->is_connected;
+}
+
+void semanage_select_store(semanage_handle_t * sh, char *storename,
+ enum semanage_connect_type storetype)
+{
+
+ assert(sh != NULL);
+
+ /* This just sets the storename to what the user requests, no
+ verification of existance will be done until connect */
+ sh->conf->store_path = strdup(storename);
+ assert(sh->conf->store_path); /* no way to return failure */
+ sh->conf->store_type = storetype;
+
+ return;
+}
+
+int semanage_is_managed(semanage_handle_t * sh)
+{
+ assert(sh != NULL);
+ if (sh->is_connected) {
+ ERR(sh, "Already connected.");
+ return -1;
+ }
+ switch (sh->conf->store_type) {
+ case SEMANAGE_CON_DIRECT:
+ return semanage_direct_is_managed(sh);
+ default:
+ ERR(sh,
+ "The connection type specified within your semanage.conf file has not been implemented yet.");
+ /* fall through */
+ }
+ return -1;
+}
+
+int semanage_connect(semanage_handle_t * sh)
+{
+ assert(sh != NULL);
+ switch (sh->conf->store_type) {
+ case SEMANAGE_CON_DIRECT:{
+ if (semanage_direct_connect(sh) < 0) {
+ return -1;
+ }
+ break;
+ }
+ default:{
+ ERR(sh,
+ "The connection type specified within your semanage.conf file has not been implemented yet.");
+ return -1;
+ }
+ }
+ sh->is_connected = 1;
+ return 0;
+}
+
+int semanage_access_check(semanage_handle_t * sh)
+{
+ assert(sh != NULL);
+ switch (sh->conf->store_type) {
+ case SEMANAGE_CON_DIRECT:
+ return semanage_direct_access_check(sh);
+ default:
+ return -1;
+ }
+
+ return -1; /* unreachable */
+}
+
+hidden_def(semanage_access_check)
+
+int semanage_disconnect(semanage_handle_t * sh)
+{
+ assert(sh != NULL && sh->funcs != NULL
+ && sh->funcs->disconnect != NULL);
+ if (!sh->is_connected) {
+ return 0;
+ }
+ if (sh->funcs->disconnect(sh) < 0) {
+ return -1;
+ }
+ sh->is_in_transaction = 0;
+ sh->is_connected = 0;
+ sh->modules_modified = 0;
+ return 0;
+}
+
+void semanage_handle_destroy(semanage_handle_t * sh)
+{
+ if (sh == NULL)
+ return;
+
+ if (sh->funcs != NULL && sh->funcs->destroy != NULL)
+ sh->funcs->destroy(sh);
+ semanage_conf_destroy(sh->conf);
+ sepol_handle_destroy(sh->sepolh);
+ free(sh);
+}
+
+hidden_def(semanage_handle_destroy)
+
+/********************* public transaction functions *********************/
+int semanage_begin_transaction(semanage_handle_t * sh)
+{
+ assert(sh != NULL && sh->funcs != NULL
+ && sh->funcs->begin_trans != NULL);
+ if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ }
+ if (sh->is_in_transaction) {
+ return 0;
+ }
+
+ if (sh->funcs->begin_trans(sh) < 0) {
+ return -1;
+ }
+ sh->is_in_transaction = 1;
+ return 0;
+}
+
+hidden_def(semanage_begin_transaction)
+
+int semanage_commit(semanage_handle_t * sh)
+{
+ int retval;
+ assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL);
+ if (!sh->is_in_transaction) {
+ ERR(sh,
+ "Will not commit because caller does not have a tranaction lock yet.");
+ return -1;
+ }
+ retval = sh->funcs->commit(sh);
+ sh->is_in_transaction = 0;
+ sh->modules_modified = 0;
+ return retval;
+}
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
new file mode 100644
index 0000000..8c324df
--- /dev/null
+++ b/libsemanage/src/handle.h
@@ -0,0 +1,225 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Ivan Gyurdiev <ivg2@cornell.edu>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_INTERNAL_HANDLE_H_
+#define _SEMANAGE_INTERNAL_HANDLE_H_
+
+#include <stddef.h>
+#include "handle_internal.h"
+#include <sepol/handle.h>
+#include "modules.h"
+#include "semanage_conf.h"
+#include "database.h"
+#include "direct_api.h"
+#include "policy.h"
+
+struct semanage_handle {
+ int con_id; /* Connection ID */
+
+ /* Error handling */
+ int msg_level;
+ const char *msg_channel;
+ const char *msg_fname;
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ semanage_handle_t * handle, const char *fmt, ...);
+ void *msg_callback_arg;
+
+ /* Direct vs Server specific handle */
+ union {
+ struct semanage_direct_handle direct;
+ } u;
+
+ /* Libsepol handle */
+ sepol_handle_t *sepolh;
+
+ semanage_conf_t *conf;
+ int is_connected;
+ int is_in_transaction;
+ int do_reload; /* whether to reload policy after commit */
+ int do_rebuild; /* whether to rebuild policy if there were no changes */
+ int modules_modified;
+ int create_store; /* whether to create the store if it does not exist
+ * this will only have an effect on direct connections */
+
+ /* This timeout is used for transactions and waiting for lock
+ -1 means wait indefinetely
+ 0 means return immediately
+ >0 means wait that many seconds */
+ int timeout;
+
+ /* these function pointers will point to the appropriate
+ * routine given the connection type. think of these as
+ * simulating polymorphism for non-OO languages. */
+ struct semanage_policy_table *funcs;
+
+ /* Object databases */
+#define DBASE_COUNT 19
+
+/* Local modifications */
+#define DBASE_LOCAL_USERS_BASE 0
+#define DBASE_LOCAL_USERS_EXTRA 1
+#define DBASE_LOCAL_USERS 2
+#define DBASE_LOCAL_PORTS 3
+#define DBASE_LOCAL_INTERFACES 4
+#define DBASE_LOCAL_BOOLEANS 5
+#define DBASE_LOCAL_FCONTEXTS 6
+#define DBASE_LOCAL_SEUSERS 7
+#define DBASE_LOCAL_NODES 8
+
+/* Policy + Local modifications */
+#define DBASE_POLICY_USERS_BASE 9
+#define DBASE_POLICY_USERS_EXTRA 10
+#define DBASE_POLICY_USERS 11
+#define DBASE_POLICY_PORTS 12
+#define DBASE_POLICY_INTERFACES 13
+#define DBASE_POLICY_BOOLEANS 14
+#define DBASE_POLICY_FCONTEXTS 15
+#define DBASE_POLICY_SEUSERS 16
+#define DBASE_POLICY_NODES 17
+
+/* Active kernel policy */
+#define DBASE_ACTIVE_BOOLEANS 18
+ dbase_config_t dbase[DBASE_COUNT];
+};
+
+/* === Local modifications === */
+static inline
+ dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_USERS_BASE];
+}
+
+static inline
+ dbase_config_t * semanage_user_extra_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_USERS_EXTRA];
+}
+
+static inline
+ dbase_config_t * semanage_user_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_USERS];
+}
+
+static inline
+ dbase_config_t * semanage_port_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_PORTS];
+}
+
+static inline
+ dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_INTERFACES];
+}
+
+static inline
+ dbase_config_t * semanage_bool_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_BOOLEANS];
+}
+
+static inline
+ dbase_config_t * semanage_fcontext_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_FCONTEXTS];
+}
+
+static inline
+ dbase_config_t * semanage_seuser_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_SEUSERS];
+}
+
+static inline
+ dbase_config_t * semanage_node_dbase_local(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_LOCAL_NODES];
+}
+
+/* === Policy + Local modifications === */
+static inline
+ dbase_config_t * semanage_user_base_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_USERS_BASE];
+}
+
+static inline
+ dbase_config_t * semanage_user_extra_dbase_policy(semanage_handle_t *
+ handle)
+{
+ return &handle->dbase[DBASE_POLICY_USERS_EXTRA];
+}
+
+static inline
+ dbase_config_t * semanage_user_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_USERS];
+}
+
+static inline
+ dbase_config_t * semanage_port_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_PORTS];
+}
+
+static inline
+ dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_INTERFACES];
+}
+
+static inline
+ dbase_config_t * semanage_bool_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_BOOLEANS];
+}
+
+static inline
+ dbase_config_t * semanage_fcontext_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS];
+}
+
+static inline
+ dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_SEUSERS];
+}
+
+static inline
+ dbase_config_t * semanage_node_dbase_policy(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_POLICY_NODES];
+}
+
+/* === Active kernel policy === */
+static inline
+ dbase_config_t * semanage_bool_dbase_active(semanage_handle_t * handle)
+{
+ return &handle->dbase[DBASE_ACTIVE_BOOLEANS];
+}
+
+#endif
diff --git a/libsemanage/src/handle_internal.h b/libsemanage/src/handle_internal.h
new file mode 100644
index 0000000..8493a39
--- /dev/null
+++ b/libsemanage/src/handle_internal.h
@@ -0,0 +1,11 @@
+#ifndef _SEMANAGE_HANDLE_INTERNAL_H_
+#define _SEMANAGE_HANDLE_INTERNAL_H_
+
+#include <semanage/handle.h>
+#include "dso.h"
+
+hidden_proto(semanage_begin_transaction)
+ hidden_proto(semanage_handle_destroy)
+ hidden_proto(semanage_reload_policy)
+ hidden_proto(semanage_access_check)
+#endif
diff --git a/libsemanage/src/iface_internal.h b/libsemanage/src/iface_internal.h
new file mode 100644
index 0000000..7fe80fd
--- /dev/null
+++ b/libsemanage/src/iface_internal.h
@@ -0,0 +1,38 @@
+#ifndef _SEMANAGE_IFACE_INTERNAL_H_
+#define _SEMANAGE_IFACE_INTERNAL_H_
+
+#include <semanage/iface_record.h>
+#include <semanage/interfaces_local.h>
+#include <semanage/interfaces_policy.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_iface_create)
+ hidden_proto(semanage_iface_compare)
+ hidden_proto(semanage_iface_compare2)
+ hidden_proto(semanage_iface_clone)
+ hidden_proto(semanage_iface_free)
+ hidden_proto(semanage_iface_get_ifcon)
+ hidden_proto(semanage_iface_get_msgcon)
+ hidden_proto(semanage_iface_get_name)
+ hidden_proto(semanage_iface_key_extract)
+ hidden_proto(semanage_iface_key_free)
+ hidden_proto(semanage_iface_set_ifcon)
+ hidden_proto(semanage_iface_set_msgcon)
+ hidden_proto(semanage_iface_set_name)
+
+/* IFACE RECORD: metod table */
+extern record_table_t SEMANAGE_IFACE_RTABLE;
+
+extern int iface_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void iface_policydb_dbase_release(dbase_config_t * dconfig);
+
+extern int iface_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig);
+
+extern void iface_file_dbase_release(dbase_config_t * dconfig);
+
+#endif
diff --git a/libsemanage/src/iface_record.c b/libsemanage/src/iface_record.c
new file mode 100644
index 0000000..e7d72d7
--- /dev/null
+++ b/libsemanage/src/iface_record.c
@@ -0,0 +1,169 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_iface_t (Network Interface)
+ * Object: semanage_iface_key_t (Network Interface Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/context_record.h>
+#include <sepol/iface_record.h>
+
+typedef sepol_context_t semanage_context_t;
+typedef sepol_iface_t semanage_iface_t;
+typedef sepol_iface_key_t semanage_iface_key_t;
+#define _SEMANAGE_CONTEXT_DEFINED_
+#define _SEMANAGE_IFACE_DEFINED_
+
+typedef sepol_iface_t record_t;
+typedef sepol_iface_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include "iface_internal.h"
+#include "handle.h"
+#include "database.h"
+
+/* Key */
+int semanage_iface_compare(const semanage_iface_t * iface,
+ const semanage_iface_key_t * key)
+{
+
+ return sepol_iface_compare(iface, key);
+}
+
+hidden_def(semanage_iface_compare)
+
+int semanage_iface_compare2(const semanage_iface_t * iface,
+ const semanage_iface_t * iface2)
+{
+
+ return sepol_iface_compare2(iface, iface2);
+}
+
+hidden_def(semanage_iface_compare2)
+
+static int semanage_iface_compare2_qsort(const semanage_iface_t ** iface,
+ const semanage_iface_t ** iface2)
+{
+
+ return sepol_iface_compare2(*iface, *iface2);
+}
+
+int semanage_iface_key_create(semanage_handle_t * handle,
+ const char *name, semanage_iface_key_t ** key_ptr)
+{
+
+ return sepol_iface_key_create(handle->sepolh, name, key_ptr);
+}
+
+int semanage_iface_key_extract(semanage_handle_t * handle,
+ const semanage_iface_t * iface,
+ semanage_iface_key_t ** key_ptr)
+{
+
+ return sepol_iface_key_extract(handle->sepolh, iface, key_ptr);
+}
+
+hidden_def(semanage_iface_key_extract)
+
+void semanage_iface_key_free(semanage_iface_key_t * key)
+{
+
+ sepol_iface_key_free(key);
+}
+
+hidden_def(semanage_iface_key_free)
+
+/* Name */
+const char *semanage_iface_get_name(const semanage_iface_t * iface)
+{
+
+ return sepol_iface_get_name(iface);
+}
+
+hidden_def(semanage_iface_get_name)
+
+int semanage_iface_set_name(semanage_handle_t * handle,
+ semanage_iface_t * iface, const char *name)
+{
+
+ return sepol_iface_set_name(handle->sepolh, iface, name);
+}
+
+hidden_def(semanage_iface_set_name)
+
+/* Context */
+semanage_context_t *semanage_iface_get_ifcon(const semanage_iface_t * iface)
+{
+
+ return sepol_iface_get_ifcon(iface);
+}
+
+hidden_def(semanage_iface_get_ifcon)
+
+int semanage_iface_set_ifcon(semanage_handle_t * handle,
+ semanage_iface_t * iface, semanage_context_t * con)
+{
+
+ return sepol_iface_set_ifcon(handle->sepolh, iface, con);
+}
+
+hidden_def(semanage_iface_set_ifcon)
+
+semanage_context_t *semanage_iface_get_msgcon(const semanage_iface_t * iface)
+{
+
+ return sepol_iface_get_msgcon(iface);
+}
+
+hidden_def(semanage_iface_get_msgcon)
+
+int semanage_iface_set_msgcon(semanage_handle_t * handle,
+ semanage_iface_t * iface,
+ semanage_context_t * con)
+{
+
+ return sepol_iface_set_msgcon(handle->sepolh, iface, con);
+}
+
+hidden_def(semanage_iface_set_msgcon)
+
+/* Create/Clone/Destroy */
+int semanage_iface_create(semanage_handle_t * handle,
+ semanage_iface_t ** iface_ptr)
+{
+
+ return sepol_iface_create(handle->sepolh, iface_ptr);
+}
+
+hidden_def(semanage_iface_create)
+
+int semanage_iface_clone(semanage_handle_t * handle,
+ const semanage_iface_t * iface,
+ semanage_iface_t ** iface_ptr)
+{
+
+ return sepol_iface_clone(handle->sepolh, iface, iface_ptr);
+}
+
+hidden_def(semanage_iface_clone)
+
+void semanage_iface_free(semanage_iface_t * iface)
+{
+
+ sepol_iface_free(iface);
+}
+
+hidden_def(semanage_iface_free)
+
+/* Record base functions */
+record_table_t SEMANAGE_IFACE_RTABLE = {
+ .create = semanage_iface_create,
+ .key_extract = semanage_iface_key_extract,
+ .key_free = semanage_iface_key_free,
+ .clone = semanage_iface_clone,
+ .compare = semanage_iface_compare,
+ .compare2 = semanage_iface_compare2,
+ .compare2_qsort = semanage_iface_compare2_qsort,
+ .free = semanage_iface_free,
+};
diff --git a/libsemanage/src/interfaces_file.c b/libsemanage/src/interfaces_file.c
new file mode 100644
index 0000000..78871a2
--- /dev/null
+++ b/libsemanage/src/interfaces_file.c
@@ -0,0 +1,172 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_iface;
+struct semanage_iface_key;
+typedef struct semanage_iface record_t;
+typedef struct semanage_iface_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <semanage/handle.h>
+#include "iface_internal.h"
+#include "context_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int iface_print(semanage_handle_t * handle,
+ semanage_iface_t * iface, FILE * str)
+{
+
+ char *con_str = NULL;
+
+ const char *name = semanage_iface_get_name(iface);
+ semanage_context_t *ifcon = semanage_iface_get_ifcon(iface);
+ semanage_context_t *msgcon = semanage_iface_get_msgcon(iface);
+
+ if (fprintf(str, "netifcon %s ", name) < 0)
+ goto err;
+
+ if (semanage_context_to_string(handle, ifcon, &con_str) < 0)
+ goto err;
+ if (fprintf(str, "%s ", con_str) < 0)
+ goto err;
+ free(con_str);
+ con_str = NULL;
+
+ if (semanage_context_to_string(handle, msgcon, &con_str) < 0)
+ goto err;
+ if (fprintf(str, "%s\n", con_str) < 0)
+ goto err;
+ free(con_str);
+ con_str = NULL;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not print interface %s to stream", name);
+ free(con_str);
+ return STATUS_ERR;
+}
+
+static int iface_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_iface_t * iface)
+{
+
+ char *str = NULL;
+ semanage_context_t *con = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Header */
+ if (parse_assert_str(handle, info, "netifcon") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Name */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_iface_set_name(handle, iface, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Interface context */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_context_from_string(handle, str, &con) < 0) {
+ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
+ str, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ if (con == NULL) {
+ ERR(handle, "<<none>> context is not valid for "
+ "interfaces (%s: %u)\n%s", info->filename,
+ info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ if (semanage_iface_set_ifcon(handle, iface, con) < 0)
+ goto err;
+ semanage_context_free(con);
+ con = NULL;
+
+ /* Message context */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_context_from_string(handle, str, &con) < 0) {
+ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
+ str, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ if (con == NULL) {
+ ERR(handle, "<<none>> context is not valid for "
+ "interfaces (%s: %u)\n%s", info->filename,
+ info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ if (semanage_iface_set_msgcon(handle, iface, con) < 0)
+ goto err;
+ semanage_context_free(con);
+ con = NULL;
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse interface record");
+ free(str);
+ semanage_context_free(con);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* IFACE RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_IFACE_FILE_RTABLE = {
+ .parse = iface_parse,
+ .print = iface_print,
+};
+
+int iface_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_IFACE_RTABLE,
+ &SEMANAGE_IFACE_FILE_RTABLE, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void iface_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/interfaces_local.c b/libsemanage/src/interfaces_local.c
new file mode 100644
index 0000000..acf6851
--- /dev/null
+++ b/libsemanage/src/interfaces_local.c
@@ -0,0 +1,71 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_iface;
+struct semanage_iface_key;
+typedef struct semanage_iface_key record_key_t;
+typedef struct semanage_iface record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "iface_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_iface_modify_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ const semanage_iface_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_iface_del_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_iface_query_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ semanage_iface_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_iface_exists_local(semanage_handle_t * handle,
+ const semanage_iface_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_iface_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_iface_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_iface_t *
+ record, void *varg),
+ void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_iface_list_local(semanage_handle_t * handle,
+ semanage_iface_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/interfaces_policy.c b/libsemanage/src/interfaces_policy.c
new file mode 100644
index 0000000..7f9b2ef
--- /dev/null
+++ b/libsemanage/src/interfaces_policy.c
@@ -0,0 +1,52 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_iface;
+struct semanage_iface_key;
+typedef struct semanage_iface_key record_key_t;
+typedef struct semanage_iface record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "iface_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_iface_query(semanage_handle_t * handle,
+ const semanage_iface_key_t * key,
+ semanage_iface_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_iface_exists(semanage_handle_t * handle,
+ const semanage_iface_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_iface_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_iface_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_iface_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_iface_list(semanage_handle_t * handle,
+ semanage_iface_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_iface_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c
new file mode 100644
index 0000000..b67963d
--- /dev/null
+++ b/libsemanage/src/interfaces_policydb.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_iface;
+struct semanage_iface_key;
+typedef struct semanage_iface record_t;
+typedef struct semanage_iface_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <sepol/interfaces.h>
+#include <semanage/handle.h>
+#include "iface_internal.h"
+#include "debug.h"
+#include "database_policydb.h"
+
+/* INTERFACE RECRORD (SEPOL): POLICYDB extension: method table */
+record_policydb_table_t SEMANAGE_IFACE_POLICYDB_RTABLE = {
+ .add = NULL,
+ .modify = (record_policydb_table_modify_t) sepol_iface_modify,
+ .set = NULL,
+ .query = (record_policydb_table_query_t) sepol_iface_query,
+ .count = (record_policydb_table_count_t) sepol_iface_count,
+ .exists = (record_policydb_table_exists_t) sepol_iface_exists,
+ .iterate = (record_policydb_table_iterate_t) sepol_iface_iterate,
+};
+
+int iface_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_policydb_init(handle,
+ "policy.kern",
+ &SEMANAGE_IFACE_RTABLE,
+ &SEMANAGE_IFACE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void iface_policydb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_policydb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
new file mode 100644
index 0000000..56a83f0
--- /dev/null
+++ b/libsemanage/src/libsemanage.map
@@ -0,0 +1,18 @@
+LIBSEMANAGE_1.0 {
+ global: semanage_handle_create; semanage_handle_destroy;
+ semanage_is_managed; semanage_connect; semanage_disconnect;
+ semanage_msg_*;
+ semanage_begin_transaction; semanage_commit;
+ semanage_module_install; semanage_module_upgrade;
+ semanage_module_install_base; semanage_module_remove;
+ semanage_module_list; semanage_module_info_datum_destroy;
+ semanage_module_list_nth; semanage_module_get_name;
+ semanage_module_get_version; semanage_select_store;
+ semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
+ semanage_user_*; semanage_bool_*; semanage_seuser_*;
+ semanage_iface_*; semanage_port_*; semanage_context_*;
+ semanage_node_*;
+ semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
+ semanage_is_connected; semanage_set_disable_dontaudit;
+ local: *;
+};
diff --git a/libsemanage/src/module_internal.h b/libsemanage/src/module_internal.h
new file mode 100644
index 0000000..f074a3a
--- /dev/null
+++ b/libsemanage/src/module_internal.h
@@ -0,0 +1,11 @@
+#ifndef _SEMANAGE_MODULE_INTERNAL_H_
+#define _SEMANAGE_MODULE_INTERNAL_H_
+
+#include <semanage/modules.h>
+#include "dso.h"
+
+hidden_proto(semanage_module_get_name)
+ hidden_proto(semanage_module_get_version)
+ hidden_proto(semanage_module_info_datum_destroy)
+ hidden_proto(semanage_module_list_nth)
+#endif
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
new file mode 100644
index 0000000..b1b0bdc
--- /dev/null
+++ b/libsemanage/src/modules.c
@@ -0,0 +1,153 @@
+/* Author: Joshua Brindle <jbrindle@tresys.co
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This file implements only the publicly-visible module functions to libsemanage. */
+
+#include "direct_api.h"
+#include "semanage_conf.h"
+#include "semanage_store.h"
+
+#include <stdarg.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "handle.h"
+#include "modules.h"
+#include "debug.h"
+
+int semanage_module_install(semanage_handle_t * sh,
+ char *module_data, size_t data_len)
+{
+ if (sh->funcs->install == NULL) {
+ ERR(sh,
+ "No install function defined for this connection type.");
+ return -1;
+ } else if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ } else if (!sh->is_in_transaction) {
+ if (semanage_begin_transaction(sh) < 0) {
+ return -1;
+ }
+ }
+ sh->modules_modified = 1;
+ return sh->funcs->install(sh, module_data, data_len);
+}
+
+int semanage_module_upgrade(semanage_handle_t * sh,
+ char *module_data, size_t data_len)
+{
+ if (sh->funcs->upgrade == NULL) {
+ ERR(sh,
+ "No upgrade function defined for this connection type.");
+ return -1;
+ } else if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ } else if (!sh->is_in_transaction) {
+ if (semanage_begin_transaction(sh) < 0) {
+ return -1;
+ }
+ }
+ sh->modules_modified = 1;
+ return sh->funcs->upgrade(sh, module_data, data_len);
+}
+
+int semanage_module_install_base(semanage_handle_t * sh,
+ char *module_data, size_t data_len)
+{
+ if (sh->funcs->install_base == NULL) {
+ ERR(sh,
+ "No install base function defined for this connection type.");
+ return -1;
+ } else if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ } else if (!sh->is_in_transaction) {
+ if (semanage_begin_transaction(sh) < 0) {
+ return -1;
+ }
+ }
+ sh->modules_modified = 1;
+ return sh->funcs->install_base(sh, module_data, data_len);
+}
+
+int semanage_module_remove(semanage_handle_t * sh, char *module_name)
+{
+ if (sh->funcs->remove == NULL) {
+ ERR(sh, "No remove function defined for this connection type.");
+ return -1;
+ } else if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ } else if (!sh->is_in_transaction) {
+ if (semanage_begin_transaction(sh) < 0) {
+ return -1;
+ }
+ }
+ sh->modules_modified = 1;
+ return sh->funcs->remove(sh, module_name);
+}
+
+int semanage_module_list(semanage_handle_t * sh,
+ semanage_module_info_t ** modinfo, int *num_modules)
+{
+ if (sh->funcs->list == NULL) {
+ ERR(sh, "No list function defined for this connection type.");
+ return -1;
+ } else if (!sh->is_connected) {
+ ERR(sh, "Not connected.");
+ return -1;
+ }
+ return sh->funcs->list(sh, modinfo, num_modules);
+}
+
+void semanage_module_info_datum_destroy(semanage_module_info_t * modinfo)
+{
+ if (modinfo != NULL) {
+ free(modinfo->name);
+ free(modinfo->version);
+ }
+}
+
+hidden_def(semanage_module_info_datum_destroy)
+
+semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list,
+ int n)
+{
+ return list + n;
+}
+
+hidden_def(semanage_module_list_nth)
+
+const char *semanage_module_get_name(semanage_module_info_t * modinfo)
+{
+ return modinfo->name;
+}
+
+hidden_def(semanage_module_get_name)
+
+const char *semanage_module_get_version(semanage_module_info_t * modinfo)
+{
+ return modinfo->version;
+}
+
+hidden_def(semanage_module_get_version)
diff --git a/libsemanage/src/modules.h b/libsemanage/src/modules.h
new file mode 100644
index 0000000..381b108
--- /dev/null
+++ b/libsemanage/src/modules.h
@@ -0,0 +1,31 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_INTERNAL_MODULES_H_
+#define _SEMANAGE_INTERNAL_MODULES_H_
+
+#include "module_internal.h"
+
+struct semanage_module_info {
+ char *name; /* Key */
+ char *version;
+};
+
+#endif
diff --git a/libsemanage/src/node_internal.h b/libsemanage/src/node_internal.h
new file mode 100644
index 0000000..7653af8
--- /dev/null
+++ b/libsemanage/src/node_internal.h
@@ -0,0 +1,53 @@
+#ifndef _SEMANAGE_NODE_INTERNAL_H_
+#define _SEMANAGE_NODE_INTERNAL_H_
+
+#include <semanage/node_record.h>
+#include <semanage/nodes_local.h>
+#include <semanage/nodes_policy.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_node_create)
+ hidden_proto(semanage_node_compare)
+ hidden_proto(semanage_node_compare2)
+ hidden_proto(semanage_node_clone)
+ hidden_proto(semanage_node_free)
+ hidden_proto(semanage_node_key_extract)
+ hidden_proto(semanage_node_key_free)
+ hidden_proto(semanage_node_get_addr)
+ hidden_proto(semanage_node_get_addr_bytes)
+ hidden_proto(semanage_node_get_mask)
+ hidden_proto(semanage_node_get_mask_bytes)
+ hidden_proto(semanage_node_get_proto)
+ hidden_proto(semanage_node_set_addr)
+ hidden_proto(semanage_node_set_addr_bytes)
+ hidden_proto(semanage_node_set_mask)
+ hidden_proto(semanage_node_set_mask_bytes)
+ hidden_proto(semanage_node_set_proto)
+ hidden_proto(semanage_node_get_proto_str)
+ hidden_proto(semanage_node_get_con)
+ hidden_proto(semanage_node_set_con)
+ hidden_proto(semanage_node_list_local)
+
+/* NODE RECORD: method table */
+extern record_table_t SEMANAGE_NODE_RTABLE;
+
+extern int node_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig);
+
+extern void node_file_dbase_release(dbase_config_t * dconfig);
+
+extern int node_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void node_policydb_dbase_release(dbase_config_t * dconfig);
+
+extern int hidden semanage_node_validate_local(semanage_handle_t * handle);
+
+/* ==== Internal (to nodes) API === */
+
+hidden int semanage_node_compare2_qsort(const semanage_node_t ** node,
+ const semanage_node_t ** node2);
+
+#endif
diff --git a/libsemanage/src/node_record.c b/libsemanage/src/node_record.c
new file mode 100644
index 0000000..5368cee
--- /dev/null
+++ b/libsemanage/src/node_record.c
@@ -0,0 +1,240 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_node_t (Network Port)
+ * Object: semanage_node_key_t (Network Port Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/context_record.h>
+#include <sepol/node_record.h>
+#include <stddef.h>
+
+typedef sepol_context_t semanage_context_t;
+typedef sepol_node_t semanage_node_t;
+typedef sepol_node_key_t semanage_node_key_t;
+#define _SEMANAGE_NODE_DEFINED_
+#define _SEMANAGE_CONTEXT_DEFINED_
+
+typedef semanage_node_t record_t;
+typedef semanage_node_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include "node_internal.h"
+#include "handle.h"
+#include "database.h"
+
+/* Key */
+int semanage_node_compare(const semanage_node_t * node,
+ const semanage_node_key_t * key)
+{
+
+ return sepol_node_compare(node, key);
+}
+
+hidden_def(semanage_node_compare)
+
+int semanage_node_compare2(const semanage_node_t * node,
+ const semanage_node_t * node2)
+{
+
+ return sepol_node_compare2(node, node2);
+}
+
+hidden_def(semanage_node_compare2)
+
+hidden int semanage_node_compare2_qsort(const semanage_node_t ** node,
+ const semanage_node_t ** node2)
+{
+
+ return sepol_node_compare2(*node, *node2);
+}
+
+int semanage_node_key_create(semanage_handle_t * handle,
+ const char *addr,
+ const char *mask,
+ int proto, semanage_node_key_t ** key_ptr)
+{
+
+ return sepol_node_key_create(handle->sepolh, addr, mask, proto,
+ key_ptr);
+}
+
+int semanage_node_key_extract(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ semanage_node_key_t ** key_ptr)
+{
+
+ return sepol_node_key_extract(handle->sepolh, node, key_ptr);
+}
+
+hidden_def(semanage_node_key_extract)
+
+void semanage_node_key_free(semanage_node_key_t * key)
+{
+
+ sepol_node_key_free(key);
+}
+
+hidden_def(semanage_node_key_free)
+
+/* Address */
+int semanage_node_get_addr(semanage_handle_t * handle,
+ const semanage_node_t * node, char **addr_ptr)
+{
+
+ return sepol_node_get_addr(handle->sepolh, node, addr_ptr);
+}
+
+hidden_def(semanage_node_get_addr)
+
+int semanage_node_get_addr_bytes(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ char **addr, size_t * addr_sz)
+{
+
+ return sepol_node_get_addr_bytes(handle->sepolh, node, addr, addr_sz);
+}
+
+hidden_def(semanage_node_get_addr_bytes)
+
+int semanage_node_set_addr(semanage_handle_t * handle,
+ semanage_node_t * node, int proto, const char *addr)
+{
+
+ return sepol_node_set_addr(handle->sepolh, node, proto, addr);
+}
+
+hidden_def(semanage_node_set_addr)
+
+int semanage_node_set_addr_bytes(semanage_handle_t * handle,
+ semanage_node_t * node,
+ const char *addr, size_t addr_sz)
+{
+
+ return sepol_node_set_addr_bytes(handle->sepolh, node, addr, addr_sz);
+}
+
+hidden_def(semanage_node_set_addr_bytes)
+
+/* Netmask */
+int semanage_node_get_mask(semanage_handle_t * handle,
+ const semanage_node_t * node, char **mask_ptr)
+{
+
+ return sepol_node_get_mask(handle->sepolh, node, mask_ptr);
+}
+
+hidden_def(semanage_node_get_mask)
+
+int semanage_node_get_mask_bytes(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ char **mask, size_t * mask_sz)
+{
+
+ return sepol_node_get_mask_bytes(handle->sepolh, node, mask, mask_sz);
+}
+
+hidden_def(semanage_node_get_mask_bytes)
+
+int semanage_node_set_mask(semanage_handle_t * handle,
+ semanage_node_t * node, int proto, const char *mask)
+{
+
+ return sepol_node_set_mask(handle->sepolh, node, proto, mask);
+}
+
+hidden_def(semanage_node_set_mask)
+
+int semanage_node_set_mask_bytes(semanage_handle_t * handle,
+ semanage_node_t * node,
+ const char *mask, size_t mask_sz)
+{
+
+ return sepol_node_set_mask_bytes(handle->sepolh, node, mask, mask_sz);
+}
+
+hidden_def(semanage_node_set_mask_bytes)
+
+/* Protocol */
+int semanage_node_get_proto(const semanage_node_t * node)
+{
+
+ return sepol_node_get_proto(node);
+}
+
+hidden_def(semanage_node_get_proto)
+
+void semanage_node_set_proto(semanage_node_t * node, int proto)
+{
+
+ sepol_node_set_proto(node, proto);
+}
+
+hidden_def(semanage_node_set_proto)
+
+const char *semanage_node_get_proto_str(int proto)
+{
+
+ return sepol_node_get_proto_str(proto);
+}
+
+hidden_def(semanage_node_get_proto_str)
+
+/* Context */
+semanage_context_t *semanage_node_get_con(const semanage_node_t * node)
+{
+
+ return sepol_node_get_con(node);
+}
+
+hidden_def(semanage_node_get_con)
+
+int semanage_node_set_con(semanage_handle_t * handle,
+ semanage_node_t * node, semanage_context_t * con)
+{
+
+ return sepol_node_set_con(handle->sepolh, node, con);
+}
+
+hidden_def(semanage_node_set_con)
+
+/* Create/Clone/Destroy */
+int semanage_node_create(semanage_handle_t * handle,
+ semanage_node_t ** node_ptr)
+{
+
+ return sepol_node_create(handle->sepolh, node_ptr);
+}
+
+hidden_def(semanage_node_create)
+
+int semanage_node_clone(semanage_handle_t * handle,
+ const semanage_node_t * node,
+ semanage_node_t ** node_ptr)
+{
+
+ return sepol_node_clone(handle->sepolh, node, node_ptr);
+}
+
+hidden_def(semanage_node_clone)
+
+void semanage_node_free(semanage_node_t * node)
+{
+
+ sepol_node_free(node);
+}
+
+hidden_def(semanage_node_free)
+
+/* Port base functions */
+record_table_t SEMANAGE_NODE_RTABLE = {
+ .create = semanage_node_create,
+ .key_extract = semanage_node_key_extract,
+ .key_free = semanage_node_key_free,
+ .clone = semanage_node_clone,
+ .compare = semanage_node_compare,
+ .compare2 = semanage_node_compare2,
+ .compare2_qsort = semanage_node_compare2_qsort,
+ .free = semanage_node_free,
+};
diff --git a/libsemanage/src/nodes_file.c b/libsemanage/src/nodes_file.c
new file mode 100644
index 0000000..b80de2d
--- /dev/null
+++ b/libsemanage/src/nodes_file.c
@@ -0,0 +1,181 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_node;
+struct semanage_node_key;
+typedef struct semanage_node record_t;
+typedef struct semanage_node_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+#include <semanage/handle.h>
+#include "node_internal.h"
+#include "context_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int node_print(semanage_handle_t * handle,
+ semanage_node_t * node, FILE * str)
+{
+
+ char *con_str = NULL;
+ char *addr = NULL;
+ char *mask = NULL;
+
+ int proto = semanage_node_get_proto(node);
+ const char *proto_str = semanage_node_get_proto_str(proto);
+ semanage_context_t *con = semanage_node_get_con(node);
+
+ if (semanage_node_get_addr(handle, node, &addr) < 0)
+ goto err;
+
+ if (semanage_node_get_mask(handle, node, &mask) < 0)
+ goto err;
+
+ if (semanage_context_to_string(handle, con, &con_str) < 0)
+ goto err;
+
+ if (fprintf
+ (str, "nodecon %s %s %s %s\n", proto_str, addr, mask, con_str) < 0)
+ goto err;
+
+ free(addr);
+ free(mask);
+ free(con_str);
+ return STATUS_SUCCESS;
+
+ err:
+ free(addr);
+ free(mask);
+ free(con_str);
+ ERR(handle, "could not print node to stream");
+ return STATUS_ERR;
+}
+
+static int node_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_node_t * node)
+{
+
+ int proto;
+ char *str = NULL;
+ semanage_context_t *con = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Header */
+ if (parse_assert_str(handle, info, "nodecon") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Protocol */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (!strcasecmp(str, "ipv4"))
+ proto = SEMANAGE_PROTO_IP4;
+ else if (!strcasecmp(str, "ipv6"))
+ proto = SEMANAGE_PROTO_IP6;
+ else {
+ ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
+ info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ semanage_node_set_proto(node, proto);
+
+ /* Address */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_node_set_addr(handle, node, proto, str) < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Netmask */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_node_set_mask(handle, node, proto, str) < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Port context */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_context_from_string(handle, str, &con) < 0) {
+ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
+ str, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ if (con == NULL) {
+ ERR(handle, "<<none>> context is not valid "
+ "for nodes (%s: %u):\n%s", info->filename,
+ info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ if (semanage_node_set_con(handle, node, con) < 0)
+ goto err;
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ semanage_context_free(con);
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse node record");
+ free(str);
+ semanage_context_free(con);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* NODE RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_NODE_FILE_RTABLE = {
+ .parse = node_parse,
+ .print = node_print,
+};
+
+int node_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_NODE_RTABLE,
+ &SEMANAGE_NODE_FILE_RTABLE, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void node_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/nodes_local.c b/libsemanage/src/nodes_local.c
new file mode 100644
index 0000000..93af450
--- /dev/null
+++ b/libsemanage/src/nodes_local.c
@@ -0,0 +1,72 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_node;
+struct semanage_node_key;
+typedef struct semanage_node_key record_key_t;
+typedef struct semanage_node record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "node_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_node_modify_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ const semanage_node_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_node_del_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_node_query_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ semanage_node_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_node_exists_local(semanage_handle_t * handle,
+ const semanage_node_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_node_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_node_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_node_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_node_list_local(semanage_handle_t * handle,
+ semanage_node_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
+
+hidden_def(semanage_node_list_local)
diff --git a/libsemanage/src/nodes_policy.c b/libsemanage/src/nodes_policy.c
new file mode 100644
index 0000000..dc71cc8
--- /dev/null
+++ b/libsemanage/src/nodes_policy.c
@@ -0,0 +1,52 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_node;
+struct semanage_node_key;
+typedef struct semanage_node_key record_key_t;
+typedef struct semanage_node record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "node_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_node_query(semanage_handle_t * handle,
+ const semanage_node_key_t * key,
+ semanage_node_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_node_exists(semanage_handle_t * handle,
+ const semanage_node_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_node_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_node_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_node_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_node_list(semanage_handle_t * handle,
+ semanage_node_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_node_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c
new file mode 100644
index 0000000..e732e0e
--- /dev/null
+++ b/libsemanage/src/nodes_policydb.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_node;
+struct semanage_node_key;
+typedef struct semanage_node record_t;
+typedef struct semanage_node_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <sepol/nodes.h>
+#include <semanage/handle.h>
+#include "node_internal.h"
+#include "debug.h"
+#include "database_policydb.h"
+
+/* NODE RECORD (SEPOL): POLICYDB extension : method table */
+record_policydb_table_t SEMANAGE_NODE_POLICYDB_RTABLE = {
+ .add = NULL,
+ .modify = (record_policydb_table_modify_t) sepol_node_modify,
+ .set = NULL,
+ .query = (record_policydb_table_query_t) sepol_node_query,
+ .count = (record_policydb_table_count_t) sepol_node_count,
+ .exists = (record_policydb_table_exists_t) sepol_node_exists,
+ .iterate = (record_policydb_table_iterate_t) sepol_node_iterate,
+};
+
+int node_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_policydb_init(handle,
+ "policy.kern",
+ &SEMANAGE_NODE_RTABLE,
+ &SEMANAGE_NODE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
+
+ return STATUS_SUCCESS;
+}
+
+void node_policydb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_policydb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c
new file mode 100644
index 0000000..4fb54fc
--- /dev/null
+++ b/libsemanage/src/parse_utils.c
@@ -0,0 +1,307 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <semanage/handle.h>
+#include "parse_utils.h"
+#include "debug.h"
+
+int parse_init(semanage_handle_t * handle,
+ const char *filename, void *parse_arg, parse_info_t ** info)
+{
+
+ parse_info_t *tmp_info = (parse_info_t *) malloc(sizeof(parse_info_t));
+
+ if (!tmp_info) {
+ ERR(handle,
+ "out of memory, could not allocate parse structure");
+ return STATUS_ERR;
+ }
+
+ tmp_info->filename = filename;
+ tmp_info->file_stream = NULL;
+ tmp_info->working_copy = NULL;
+ tmp_info->orig_line = NULL;
+ tmp_info->ptr = NULL;
+ tmp_info->lineno = 0;
+ tmp_info->parse_arg = parse_arg;
+
+ *info = tmp_info;
+ return STATUS_SUCCESS;
+}
+
+void parse_release(parse_info_t * info)
+{
+
+ parse_close(info);
+ parse_dispose_line(info);
+ free(info);
+}
+
+int parse_open(semanage_handle_t * handle, parse_info_t * info)
+{
+
+ info->file_stream = fopen(info->filename, "r");
+ if (!info->file_stream && (errno != ENOENT)) {
+ ERR(handle, "could not open file %s: %s",
+ info->filename, strerror(errno));
+ return STATUS_ERR;
+ }
+ if (info->file_stream)
+ __fsetlocking(info->file_stream, FSETLOCKING_BYCALLER);
+
+ return STATUS_SUCCESS;
+}
+
+void parse_close(parse_info_t * info)
+{
+
+ if (info->file_stream)
+ fclose(info->file_stream);
+ info->file_stream = NULL;
+}
+
+void parse_dispose_line(parse_info_t * info)
+{
+ if (info->orig_line) {
+ free(info->orig_line);
+ info->orig_line = NULL;
+ }
+
+ if (info->working_copy) {
+ free(info->working_copy);
+ info->working_copy = NULL;
+ }
+
+ info->ptr = NULL;
+}
+
+int parse_skip_space(semanage_handle_t * handle, parse_info_t * info)
+{
+
+ size_t buf_len = 0;
+ ssize_t len;
+ int lineno = info->lineno;
+ char *buffer = NULL;
+ char *ptr;
+
+ if (info->ptr) {
+ while (*(info->ptr) && isspace(*(info->ptr)))
+ info->ptr++;
+
+ if (*(info->ptr))
+ return STATUS_SUCCESS;
+ }
+
+ parse_dispose_line(info);
+
+ while (info->file_stream &&
+ ((len = getline(&buffer, &buf_len, info->file_stream)) > 0)) {
+
+ lineno++;
+
+ /* Eat newline, preceding whitespace */
+ if (buffer[len - 1] == '\n')
+ buffer[len - 1] = '\0';
+
+ ptr = buffer;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+
+ /* Skip comments and blank lines */
+ if ((*ptr) && *ptr != '#') {
+ char *tmp = strdup(buffer);
+ if (!tmp)
+ goto omem;
+
+ info->lineno = lineno;
+ info->working_copy = buffer;
+ info->orig_line = tmp;
+ info->ptr = ptr;
+
+ return STATUS_SUCCESS;
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not allocate buffer");
+ free(buffer);
+ return STATUS_ERR;
+}
+
+int parse_assert_noeof(semanage_handle_t * handle, parse_info_t * info)
+{
+
+ if (!info->ptr) {
+ ERR(handle, "unexpected end of file (%s: %u)",
+ info->filename, info->lineno);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+int parse_assert_space(semanage_handle_t * handle, parse_info_t * info)
+{
+
+ if (parse_assert_noeof(handle, info) < 0)
+ return STATUS_ERR;
+
+ if (*(info->ptr) && !isspace(*(info->ptr))) {
+ ERR(handle, "missing whitespace (%s: %u):\n%s",
+ info->filename, info->lineno, info->orig_line);
+ return STATUS_ERR;
+ }
+
+ if (parse_skip_space(handle, info) < 0)
+ return STATUS_ERR;
+
+ return STATUS_SUCCESS;
+}
+
+int parse_assert_ch(semanage_handle_t * handle,
+ parse_info_t * info, const char ch)
+{
+
+ if (parse_assert_noeof(handle, info) < 0)
+ return STATUS_ERR;
+
+ if (*(info->ptr) != ch) {
+ ERR(handle, "expected character \'%c\', but found \'%c\' "
+ "(%s: %u):\n%s", ch, *(info->ptr), info->filename,
+ info->lineno, info->orig_line);
+ return STATUS_ERR;
+ }
+
+ info->ptr++;
+
+ return STATUS_SUCCESS;
+}
+
+int parse_assert_str(semanage_handle_t * handle,
+ parse_info_t * info, const char *assert_str)
+{
+
+ size_t len = strlen(assert_str);
+
+ if (parse_assert_noeof(handle, info) < 0)
+ return STATUS_ERR;
+
+ if (strncmp(info->ptr, assert_str, len)) {
+ ERR(handle, "experted string \"%s\", but found \"%s\" "
+ "(%s: %u):\n%s", assert_str, info->ptr,
+ info->filename, info->lineno, info->orig_line);
+
+ return STATUS_ERR;
+ }
+
+ info->ptr += len;
+ return STATUS_SUCCESS;
+}
+
+int parse_optional_ch(parse_info_t * info, const char ch)
+{
+
+ if (!info->ptr)
+ return STATUS_NODATA;
+ if (*(info->ptr) != ch)
+ return STATUS_NODATA;
+
+ info->ptr++;
+ return STATUS_SUCCESS;
+}
+
+int parse_optional_str(parse_info_t * info, const char *str)
+{
+ size_t len = strlen(str);
+
+ if (strncmp(info->ptr, str, len))
+ return STATUS_NODATA;
+
+ info->ptr += len;
+ return STATUS_SUCCESS;
+}
+
+int parse_fetch_int(semanage_handle_t * handle,
+ parse_info_t * info, int *num, char delim)
+{
+
+ char *str = NULL;
+ char *test = NULL;
+ int value = 0;
+
+ if (parse_fetch_string(handle, info, &str, delim) < 0)
+ goto err;
+
+ if (!isdigit((int)*str)) {
+ ERR(handle, "expected a numeric value: (%s: %u)\n%s",
+ info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+
+ value = strtol(str, &test, 10);
+ if (*test != '\0') {
+ ERR(handle, "could not parse numeric value \"%s\": "
+ "(%s: %u)\n%s", str, info->filename,
+ info->lineno, info->orig_line);
+ goto err;
+ }
+
+ *num = value;
+ free(str);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not fetch numeric value");
+ free(str);
+ return STATUS_ERR;
+}
+
+int parse_fetch_string(semanage_handle_t * handle,
+ parse_info_t * info, char **str, char delim)
+{
+
+ char *start = info->ptr;
+ int len = 0;
+ char *tmp_str = NULL;
+
+ if (parse_assert_noeof(handle, info) < 0)
+ goto err;
+
+ while (*(info->ptr) && !isspace(*(info->ptr)) &&
+ (*(info->ptr) != delim)) {
+ info->ptr++;
+ len++;
+ }
+
+ if (len == 0) {
+ ERR(handle, "expected non-empty string, but did not "
+ "find one (%s: %u):\n%s", info->filename, info->lineno,
+ info->orig_line);
+ goto err;
+ }
+
+ tmp_str = (char *)malloc(len + 1);
+ if (!tmp_str) {
+ ERR(handle, "out of memory");
+ goto err;
+ }
+
+ strncpy(tmp_str, start, len);
+ *(tmp_str + len) = '\0';
+ *str = tmp_str;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not fetch string value");
+ return STATUS_ERR;
+}
diff --git a/libsemanage/src/parse_utils.h b/libsemanage/src/parse_utils.h
new file mode 100644
index 0000000..0f33486
--- /dev/null
+++ b/libsemanage/src/parse_utils.h
@@ -0,0 +1,82 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#ifndef _SEMANAGE_PARSE_UTILS_INTERNAL_H_
+#define _SEMANAGE_PARSE_UTILS_INTERNAL_H_
+
+#include <stdio.h>
+#include <semanage/handle.h>
+
+typedef struct parse_info {
+ unsigned int lineno; /* Current line number */
+ char *orig_line; /* Original copy of the line being parsed */
+ char *working_copy; /* Working copy of the line being parsed */
+ char *ptr; /* Current parsing location */
+
+ const char *filename; /* Input stream file name */
+ FILE *file_stream; /* Input stream handle */
+
+ void *parse_arg; /* Caller supplied argument */
+} parse_info_t;
+
+/* Initialize structure */
+extern int parse_init(semanage_handle_t * handle,
+ const char *filename,
+ void *parse_arg, parse_info_t ** info);
+
+/* Release structure */
+extern void parse_release(parse_info_t * info);
+
+/* Open file */
+extern int parse_open(semanage_handle_t * handle, parse_info_t * info);
+
+/* Close file */
+extern void parse_close(parse_info_t * info);
+
+/* Release resources for current line */
+extern void parse_dispose_line(parse_info_t * info);
+
+/* Skip all whitespace and comments */
+extern int parse_skip_space(semanage_handle_t * handle, parse_info_t * info);
+
+/* Throw an error if we're at the EOF */
+extern int parse_assert_noeof(semanage_handle_t * handle, parse_info_t * info);
+
+/* Throw an error if no whitespace follows,
+ * otherwise eat the whitespace */
+extern int parse_assert_space(semanage_handle_t * handle, parse_info_t * info);
+
+/* Throw an error if the specified character
+ * does not follow, otherwise eat that character */
+extern int parse_assert_ch(semanage_handle_t * handle,
+ parse_info_t * info, const char ch);
+
+/* Throw an error if the specified string
+ * does not follow is not found, otherwise
+ * eat the string */
+extern int parse_assert_str(semanage_handle_t * handle,
+ parse_info_t * info, const char *assert_str);
+
+/* Eat the optional character, if found,
+ * or return STATUS_NODATA */
+extern int parse_optional_ch(parse_info_t * info, const char ch);
+
+/* Eat the optional string, if found,
+ * or return STATUS_NODATA */
+extern int parse_optional_str(parse_info_t * info, const char *str);
+
+/* Extract the next integer, and move
+ * the read pointer past it. Stop if
+ * the optional character delim is encountered,
+ * or if whitespace/eof is encountered */
+int parse_fetch_int(semanage_handle_t * hgandle,
+ parse_info_t * info, int *num, char delim);
+
+/* Extract the next string (delimited by
+ * whitespace), and move the read pointer past it.
+ * Stop of the optional character delim is encountered,
+ * or if whitespace/eof is encountered. Fail if the
+ * string is of length 0. */
+extern int parse_fetch_string(semanage_handle_t * handle,
+ parse_info_t * info, char **str_ptr, char delim);
+
+#endif
diff --git a/libsemanage/src/policy.h b/libsemanage/src/policy.h
new file mode 100644
index 0000000..7984551
--- /dev/null
+++ b/libsemanage/src/policy.h
@@ -0,0 +1,71 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEMANAGE_POLICY_INTERNAL_H_
+#define _SEMANAGE_POLICY_INTERNAL_H_
+
+#include "modules.h"
+
+/* Circular dependency */
+struct semanage_handle;
+
+/* Backend dependent portion */
+struct semanage_policy_table {
+
+ /* Returns the current policy serial/commit number
+ * A negative number is returned in case of failre */
+ int (*get_serial) (struct semanage_handle *);
+
+ /* Destroy a connection */
+ void (*destroy) (struct semanage_handle *);
+
+ /* Disconnect from policy */
+ int (*disconnect) (struct semanage_handle *);
+
+ /* Begin a policy transaction */
+ int (*begin_trans) (struct semanage_handle *);
+
+ /* Commit a policy transaction */
+ int (*commit) (struct semanage_handle *);
+
+ /* Install a policy module */
+ int (*install) (struct semanage_handle *, char *, size_t);
+
+ /* Upgrade a policy module */
+ int (*upgrade) (struct semanage_handle *, char *, size_t);
+
+ /* Remove a policy module */
+ int (*remove) (struct semanage_handle *, char *);
+
+ /* List policy modules */
+ int (*list) (struct semanage_handle *, semanage_module_info_t **,
+ int *);
+
+ /* Install base policy */
+ int (*install_base) (struct semanage_handle *, char *, size_t);
+};
+
+/* Should be backend independent */
+extern int semanage_base_merge_components(struct semanage_handle *handle);
+
+extern int semanage_commit_components(struct semanage_handle *handle);
+
+#endif
diff --git a/libsemanage/src/policy_components.c b/libsemanage/src/policy_components.c
new file mode 100644
index 0000000..d31bd48
--- /dev/null
+++ b/libsemanage/src/policy_components.c
@@ -0,0 +1,239 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+#include <stdlib.h>
+#include "policy.h"
+#include "handle.h"
+#include "database.h"
+#include "modules.h"
+#include "debug.h"
+
+/* Powers of two only */
+#define MODE_SET 1
+#define MODE_MODIFY 2
+#define MODE_SORT 4
+
+static int clear_obsolete(semanage_handle_t * handle,
+ record_t ** records,
+ unsigned int nrecords,
+ dbase_config_t * src, dbase_config_t * dst)
+{
+
+ record_key_t *key = NULL;
+ unsigned int i;
+
+ dbase_table_t *src_dtable = src->dtable;
+ dbase_table_t *dst_dtable = dst->dtable;
+ record_table_t *rtable = src_dtable->get_rtable(src->dbase);
+
+ for (i = 0; i < nrecords; i++) {
+ int exists;
+
+ if (rtable->key_extract(handle, records[i], &key) < 0)
+ goto err;
+
+ if (dst_dtable->exists(handle, dst->dbase, key, &exists) < 0)
+ goto err;
+
+ if (!exists) {
+ if (src_dtable->del(handle, src->dbase, key) < 0)
+ goto err;
+
+ rtable->free(records[i]);
+ records[i] = NULL;
+
+ /* FIXME: notice to user */
+ /* INFO(handle, "boolean %s is obsolete, unsetting configured value..."); */
+ }
+
+ rtable->key_free(key);
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ /* FIXME: handle error */
+ rtable->key_free(key);
+ return STATUS_ERR;
+}
+
+static int load_records(semanage_handle_t * handle,
+ dbase_config_t * dst,
+ record_t ** records, unsigned int nrecords, int mode)
+{
+
+ unsigned int i;
+ record_key_t *rkey = NULL;
+
+ dbase_t *dbase = dst->dbase;
+ dbase_table_t *dtable = dst->dtable;
+ record_table_t *rtable = dtable->get_rtable(dbase);
+
+ for (i = 0; i < nrecords; i++) {
+
+ /* Possibly obsoleted */
+ if (!records[i])
+ continue;
+
+ if (rtable->key_extract(handle, records[i], &rkey) < 0)
+ goto err;
+
+ if (mode & MODE_SET &&
+ dtable->set(handle, dbase, rkey, records[i]) < 0)
+ goto err;
+
+ else if (mode & MODE_MODIFY &&
+ dtable->modify(handle, dbase, rkey, records[i]) < 0)
+ goto err;
+
+ rtable->key_free(rkey);
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ /* FIXME: handle error */
+ rtable->key_free(rkey);
+ return STATUS_ERR;
+}
+
+typedef struct load_table {
+ dbase_config_t *src;
+ dbase_config_t *dst;
+ int mode;
+} load_table_t;
+
+/* This function must be called AFTER all modules are loaded.
+ * Modules could be represented as a database, in which case
+ * they should be loaded at the beginning of this function */
+
+int semanage_base_merge_components(semanage_handle_t * handle)
+{
+
+ unsigned int i, j;
+ int rc = STATUS_SUCCESS;
+
+ /* Order is important here - change things carefully.
+ * System components first, local next. Verify runs with
+ * mutual dependencies are ran after everything is merged */
+ load_table_t components[] = {
+
+ {semanage_user_base_dbase_local(handle),
+ semanage_user_base_dbase_policy(handle), MODE_MODIFY},
+
+ {semanage_user_extra_dbase_local(handle),
+ semanage_user_extra_dbase_policy(handle), MODE_MODIFY},
+
+ {semanage_port_dbase_local(handle),
+ semanage_port_dbase_policy(handle), MODE_MODIFY},
+
+ {semanage_iface_dbase_local(handle),
+ semanage_iface_dbase_policy(handle), MODE_MODIFY},
+
+ {semanage_bool_dbase_local(handle),
+ semanage_bool_dbase_policy(handle), MODE_SET},
+
+ {semanage_seuser_dbase_local(handle),
+ semanage_seuser_dbase_policy(handle), MODE_MODIFY},
+
+ {semanage_node_dbase_local(handle),
+ semanage_node_dbase_policy(handle), MODE_MODIFY | MODE_SORT},
+ };
+ const unsigned int CCOUNT = sizeof(components) / sizeof(components[0]);
+
+ /* Merge components into policy (and validate) */
+ for (i = 0; i < CCOUNT; i++) {
+
+ record_t **records = NULL;
+ unsigned int nrecords = 0;
+
+ dbase_config_t *src = components[i].src;
+ dbase_config_t *dst = components[i].dst;
+ int mode = components[i].mode;
+ record_table_t *rtable = src->dtable->get_rtable(src->dbase);
+
+ /* Must invoke cache function first */
+ if (src->dtable->cache(handle, src->dbase) < 0)
+ goto err;
+ if (dst->dtable->cache(handle, dst->dbase) < 0)
+ goto err;
+
+ /* List all records */
+ if (src->dtable->list(handle, src->dbase,
+ &records, &nrecords) < 0)
+ goto err;
+
+ /* Sort records on MODE_SORT */
+ if (mode & MODE_SORT) {
+ qsort(records, nrecords, sizeof(record_t *),
+ (int (*)(const void *, const void *))rtable->
+ compare2_qsort);
+ }
+
+ /* Clear obsolete ones for MODE_SET */
+ if (mode & MODE_SET &&
+ clear_obsolete(handle, records, nrecords, src, dst) < 0) {
+ rc = STATUS_ERR;
+ goto dbase_exit;
+ }
+
+ /* Load records */
+ if (load_records(handle, dst, records, nrecords, mode) < 0) {
+
+ rc = STATUS_ERR;
+ goto dbase_exit;
+ }
+
+ /* Cleanup */
+ dbase_exit:
+ for (j = 0; j < nrecords; j++)
+ rtable->free(records[j]);
+ free(records);
+
+ /* Abort on error */
+ if (rc < 0)
+ goto err;
+ }
+
+ return rc;
+
+ err:
+ ERR(handle, "could not merge local modifications into policy");
+ return STATUS_ERR;
+}
+
+int semanage_commit_components(semanage_handle_t * handle)
+{
+
+ int i;
+ dbase_config_t *components[] = {
+ semanage_iface_dbase_local(handle),
+ semanage_bool_dbase_local(handle),
+ semanage_user_base_dbase_local(handle),
+ semanage_user_extra_dbase_local(handle),
+ semanage_user_extra_dbase_policy(handle),
+ semanage_port_dbase_local(handle),
+ semanage_fcontext_dbase_local(handle),
+ semanage_fcontext_dbase_policy(handle),
+ semanage_seuser_dbase_local(handle),
+ semanage_seuser_dbase_policy(handle),
+ semanage_bool_dbase_active(handle),
+ semanage_node_dbase_local(handle),
+ };
+ const int CCOUNT = sizeof(components) / sizeof(components[0]);
+
+ for (i = 0; i < CCOUNT; i++) {
+ /* Flush to disk */
+ if (components[i]->dtable->flush(handle, components[i]->dbase) <
+ 0)
+ goto err;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not commit local/active modifications");
+
+ for (i = 0; i < CCOUNT; i++)
+ components[i]->dtable->drop_cache(components[i]->dbase);
+ return STATUS_ERR;
+}
diff --git a/libsemanage/src/port_internal.h b/libsemanage/src/port_internal.h
new file mode 100644
index 0000000..b3d36ce
--- /dev/null
+++ b/libsemanage/src/port_internal.h
@@ -0,0 +1,49 @@
+#ifndef _SEMANAGE_PORT_INTERNAL_H_
+#define _SEMANAGE_PORT_INTERNAL_H_
+
+#include <semanage/port_record.h>
+#include <semanage/ports_local.h>
+#include <semanage/ports_policy.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_port_create)
+ hidden_proto(semanage_port_compare)
+ hidden_proto(semanage_port_compare2)
+ hidden_proto(semanage_port_clone)
+ hidden_proto(semanage_port_free)
+ hidden_proto(semanage_port_key_extract)
+ hidden_proto(semanage_port_key_free)
+ hidden_proto(semanage_port_get_high)
+ hidden_proto(semanage_port_get_low)
+ hidden_proto(semanage_port_set_port)
+ hidden_proto(semanage_port_set_range)
+ hidden_proto(semanage_port_get_proto)
+ hidden_proto(semanage_port_set_proto)
+ hidden_proto(semanage_port_get_proto_str)
+ hidden_proto(semanage_port_get_con)
+ hidden_proto(semanage_port_set_con)
+ hidden_proto(semanage_port_list_local)
+
+/* PORT RECORD: method table */
+extern record_table_t SEMANAGE_PORT_RTABLE;
+
+extern int port_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig);
+
+extern void port_file_dbase_release(dbase_config_t * dconfig);
+
+extern int port_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void port_policydb_dbase_release(dbase_config_t * dconfig);
+
+extern int hidden semanage_port_validate_local(semanage_handle_t * handle);
+
+/* ==== Internal (to ports) API === */
+
+hidden int semanage_port_compare2_qsort(const semanage_port_t ** port,
+ const semanage_port_t ** port2);
+
+#endif
diff --git a/libsemanage/src/port_record.c b/libsemanage/src/port_record.c
new file mode 100644
index 0000000..b878ca7
--- /dev/null
+++ b/libsemanage/src/port_record.c
@@ -0,0 +1,192 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_port_t (Network Port)
+ * Object: semanage_port_key_t (Network Port Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/context_record.h>
+#include <sepol/port_record.h>
+
+typedef sepol_context_t semanage_context_t;
+typedef sepol_port_t semanage_port_t;
+typedef sepol_port_key_t semanage_port_key_t;
+#define _SEMANAGE_PORT_DEFINED_
+#define _SEMANAGE_CONTEXT_DEFINED_
+
+typedef semanage_port_t record_t;
+typedef semanage_port_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include "port_internal.h"
+#include "handle.h"
+#include "database.h"
+
+/* Key */
+int semanage_port_compare(const semanage_port_t * port,
+ const semanage_port_key_t * key)
+{
+
+ return sepol_port_compare(port, key);
+}
+
+hidden_def(semanage_port_compare)
+
+int semanage_port_compare2(const semanage_port_t * port,
+ const semanage_port_t * port2)
+{
+
+ return sepol_port_compare2(port, port2);
+}
+
+hidden_def(semanage_port_compare2)
+
+hidden int semanage_port_compare2_qsort(const semanage_port_t ** port,
+ const semanage_port_t ** port2)
+{
+
+ return sepol_port_compare2(*port, *port2);
+}
+
+int semanage_port_key_create(semanage_handle_t * handle,
+ int low, int high, int proto,
+ semanage_port_key_t ** key_ptr)
+{
+
+ return sepol_port_key_create(handle->sepolh, low, high, proto, key_ptr);
+}
+
+int semanage_port_key_extract(semanage_handle_t * handle,
+ const semanage_port_t * port,
+ semanage_port_key_t ** key_ptr)
+{
+
+ return sepol_port_key_extract(handle->sepolh, port, key_ptr);
+}
+
+hidden_def(semanage_port_key_extract)
+
+void semanage_port_key_free(semanage_port_key_t * key)
+{
+
+ sepol_port_key_free(key);
+}
+
+hidden_def(semanage_port_key_free)
+
+/* Protocol */
+int semanage_port_get_proto(const semanage_port_t * port)
+{
+
+ return sepol_port_get_proto(port);
+}
+
+hidden_def(semanage_port_get_proto)
+
+void semanage_port_set_proto(semanage_port_t * port, int proto)
+{
+
+ sepol_port_set_proto(port, proto);
+}
+
+hidden_def(semanage_port_set_proto)
+
+const char *semanage_port_get_proto_str(int proto)
+{
+
+ return sepol_port_get_proto_str(proto);
+}
+
+hidden_def(semanage_port_get_proto_str)
+
+/* Port */
+int semanage_port_get_low(const semanage_port_t * port)
+{
+
+ return sepol_port_get_low(port);
+}
+
+hidden_def(semanage_port_get_low)
+
+int semanage_port_get_high(const semanage_port_t * port)
+{
+
+ return sepol_port_get_high(port);
+}
+
+hidden_def(semanage_port_get_high)
+
+void semanage_port_set_port(semanage_port_t * port, int port_num)
+{
+
+ sepol_port_set_port(port, port_num);
+}
+
+hidden_def(semanage_port_set_port)
+
+void semanage_port_set_range(semanage_port_t * port, int low, int high)
+{
+
+ sepol_port_set_range(port, low, high);
+}
+
+hidden_def(semanage_port_set_range)
+
+/* Context */
+semanage_context_t *semanage_port_get_con(const semanage_port_t * port)
+{
+
+ return sepol_port_get_con(port);
+}
+
+hidden_def(semanage_port_get_con)
+
+int semanage_port_set_con(semanage_handle_t * handle,
+ semanage_port_t * port, semanage_context_t * con)
+{
+
+ return sepol_port_set_con(handle->sepolh, port, con);
+}
+
+hidden_def(semanage_port_set_con)
+
+/* Create/Clone/Destroy */
+int semanage_port_create(semanage_handle_t * handle,
+ semanage_port_t ** port_ptr)
+{
+
+ return sepol_port_create(handle->sepolh, port_ptr);
+}
+
+hidden_def(semanage_port_create)
+
+int semanage_port_clone(semanage_handle_t * handle,
+ const semanage_port_t * port,
+ semanage_port_t ** port_ptr)
+{
+
+ return sepol_port_clone(handle->sepolh, port, port_ptr);
+}
+
+hidden_def(semanage_port_clone)
+
+void semanage_port_free(semanage_port_t * port)
+{
+
+ sepol_port_free(port);
+}
+
+hidden_def(semanage_port_free)
+
+/* Port base functions */
+record_table_t SEMANAGE_PORT_RTABLE = {
+ .create = semanage_port_create,
+ .key_extract = semanage_port_key_extract,
+ .key_free = semanage_port_key_free,
+ .clone = semanage_port_clone,
+ .compare = semanage_port_compare,
+ .compare2 = semanage_port_compare2,
+ .compare2_qsort = semanage_port_compare2_qsort,
+ .free = semanage_port_free,
+};
diff --git a/libsemanage/src/ports_file.c b/libsemanage/src/ports_file.c
new file mode 100644
index 0000000..41d2f60
--- /dev/null
+++ b/libsemanage/src/ports_file.c
@@ -0,0 +1,184 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_port;
+struct semanage_port_key;
+typedef struct semanage_port record_t;
+typedef struct semanage_port_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+#include <semanage/handle.h>
+#include "port_internal.h"
+#include "context_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int port_print(semanage_handle_t * handle,
+ semanage_port_t * port, FILE * str)
+{
+
+ char *con_str = NULL;
+
+ int low = semanage_port_get_low(port);
+ int high = semanage_port_get_high(port);
+ int proto = semanage_port_get_proto(port);
+ const char *proto_str = semanage_port_get_proto_str(proto);
+ semanage_context_t *con = semanage_port_get_con(port);
+
+ if (fprintf(str, "portcon %s ", proto_str) < 0)
+ goto err;
+
+ if (low == high) {
+ if (fprintf(str, "%d ", low) < 0)
+ goto err;
+ } else {
+ if (fprintf(str, "%d - %d ", low, high) < 0)
+ goto err;
+ }
+
+ if (semanage_context_to_string(handle, con, &con_str) < 0)
+ goto err;
+ if (fprintf(str, "%s\n", con_str) < 0)
+ goto err;
+
+ free(con_str);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not print port range %u - %u (%s) to stream",
+ low, high, proto_str);
+ free(con_str);
+ return STATUS_ERR;
+}
+
+static int port_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_port_t * port)
+{
+
+ int low, high;
+ char *str = NULL;
+ semanage_context_t *con = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Header */
+ if (parse_assert_str(handle, info, "portcon") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Protocol */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (!strcasecmp(str, "tcp"))
+ semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
+ else if (!strcasecmp(str, "udp"))
+ semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
+ else {
+ ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
+ info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ /* Range/Port */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_int(handle, info, &low, '-') < 0)
+ goto err;
+
+ /* If range (-) does not follow immediately, require a space
+ * In other words, the space here is optional, but only
+ * in the ranged case, not in the single port case,
+ * so do a custom test */
+ if (*(info->ptr) && *(info->ptr) != '-') {
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ }
+
+ if (parse_optional_ch(info, '-') != STATUS_NODATA) {
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_fetch_int(handle, info, &high, ' ') < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ semanage_port_set_range(port, low, high);
+ } else
+ semanage_port_set_port(port, low);
+
+ /* Port context */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_context_from_string(handle, str, &con) < 0) {
+ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
+ str, info->filename, info->lineno, info->orig_line);
+ goto err;
+ }
+ if (con == NULL) {
+ ERR(handle, "<<none>> context is not valid "
+ "for ports (%s: %u):\n%s", info->filename,
+ info->lineno, info->orig_line);
+ goto err;
+ }
+ free(str);
+ str = NULL;
+
+ if (semanage_port_set_con(handle, port, con) < 0)
+ goto err;
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ semanage_context_free(con);
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse port record");
+ free(str);
+ semanage_context_free(con);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* PORT RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_PORT_FILE_RTABLE = {
+ .parse = port_parse,
+ .print = port_print,
+};
+
+int port_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_PORT_RTABLE,
+ &SEMANAGE_PORT_FILE_RTABLE, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void port_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/ports_local.c b/libsemanage/src/ports_local.c
new file mode 100644
index 0000000..ffd5a83
--- /dev/null
+++ b/libsemanage/src/ports_local.c
@@ -0,0 +1,144 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_port;
+struct semanage_port_key;
+typedef struct semanage_port_key record_key_t;
+typedef struct semanage_port record_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include "port_internal.h"
+#include "debug.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_port_modify_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ const semanage_port_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_port_del_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_port_query_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ semanage_port_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_port_exists_local(semanage_handle_t * handle,
+ const semanage_port_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_port_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_port_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_port_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_port_list_local(semanage_handle_t * handle,
+ semanage_port_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
+
+hidden_def(semanage_port_list_local)
+
+int hidden semanage_port_validate_local(semanage_handle_t * handle)
+{
+
+ semanage_port_t **ports = NULL;
+ unsigned int nports = 0;
+ unsigned int i = 0, j = 0;
+
+ /* List and sort the ports */
+ if (semanage_port_list_local(handle, &ports, &nports) < 0)
+ goto err;
+ qsort(ports, nports, sizeof(semanage_port_t *),
+ (int (*)(const void *, const void *))
+ &semanage_port_compare2_qsort);
+
+ /* Test each port for overlap */
+ while (i < nports) {
+
+ int proto = semanage_port_get_proto(ports[i]);
+ int low = semanage_port_get_low(ports[i]);
+ int high = semanage_port_get_high(ports[i]);
+ const char *proto_str = semanage_port_get_proto_str(proto);
+
+ const char *proto_str2;
+ int proto2, low2, high2;
+
+ /* Find the first port with matching
+ protocol to compare against */
+ do {
+ if (j == nports - 1)
+ goto next;
+ j++;
+ proto2 = semanage_port_get_proto(ports[j]);
+ low2 = semanage_port_get_low(ports[j]);
+ high2 = semanage_port_get_high(ports[j]);
+ proto_str2 = semanage_port_get_proto_str(proto2);
+
+ } while (proto != proto2);
+
+ /* Overlap detected */
+ if (low2 <= high) {
+ ERR(handle, "port overlap between ranges "
+ "%u - %u (%s) <--> %u - %u (%s).",
+ low, high, proto_str, low2, high2, proto_str2);
+ goto invalid;
+ }
+
+ /* If closest port of matching protocol doesn't overlap with
+ * test port, neither do the rest of them, because that's
+ * how the sort function works on ports - lower bound
+ * ports come first */
+ next:
+ i++;
+ j = i;
+ }
+
+ for (i = 0; i < nports; i++)
+ semanage_port_free(ports[i]);
+ free(ports);
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not complete ports validity check");
+
+ invalid:
+ for (i = 0; i < nports; i++)
+ semanage_port_free(ports[i]);
+ free(ports);
+ return STATUS_ERR;
+}
diff --git a/libsemanage/src/ports_policy.c b/libsemanage/src/ports_policy.c
new file mode 100644
index 0000000..1bcd3fa
--- /dev/null
+++ b/libsemanage/src/ports_policy.c
@@ -0,0 +1,52 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_port;
+struct semanage_port_key;
+typedef struct semanage_port_key record_key_t;
+typedef struct semanage_port record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "port_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_port_query(semanage_handle_t * handle,
+ const semanage_port_key_t * key,
+ semanage_port_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_port_exists(semanage_handle_t * handle,
+ const semanage_port_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_port_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_port_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_port_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_port_list(semanage_handle_t * handle,
+ semanage_port_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_port_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c
new file mode 100644
index 0000000..429ed72
--- /dev/null
+++ b/libsemanage/src/ports_policydb.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_port;
+struct semanage_port_key;
+typedef struct semanage_port record_t;
+typedef struct semanage_port_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <sepol/ports.h>
+#include <semanage/handle.h>
+#include "port_internal.h"
+#include "debug.h"
+#include "database_policydb.h"
+
+/* PORT RECORD (SEPOL): POLICYDB extension : method table */
+record_policydb_table_t SEMANAGE_PORT_POLICYDB_RTABLE = {
+ .add = NULL,
+ .modify = (record_policydb_table_modify_t) sepol_port_modify,
+ .set = NULL,
+ .query = (record_policydb_table_query_t) sepol_port_query,
+ .count = (record_policydb_table_count_t) sepol_port_count,
+ .exists = (record_policydb_table_exists_t) sepol_port_exists,
+ .iterate = (record_policydb_table_iterate_t) sepol_port_iterate,
+};
+
+int port_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_policydb_init(handle,
+ "policy.kern",
+ &SEMANAGE_PORT_RTABLE,
+ &SEMANAGE_PORT_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
+
+ return STATUS_SUCCESS;
+}
+
+void port_policydb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_policydb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/pywrap-test.py b/libsemanage/src/pywrap-test.py
new file mode 100644
index 0000000..d087e47
--- /dev/null
+++ b/libsemanage/src/pywrap-test.py
@@ -0,0 +1,1140 @@
+#!/usr/bin/python
+import sys
+import getopt
+import semanage
+
+usage = "\
+Choose one of the following tests:\n\
+-m for modules\n\
+-u for users\n\
+-U for add user (warning this will write!)\n\
+-s for seusers\n\
+-S for add seuser (warning this will write!)\n\
+-p for ports\n\
+-P for add port (warning this will write!)\n\
+-f for file contexts \n\
+-F for add file context (warning this will write!)\n\
+-i for network interfaces \n\
+-I for add network interface (warning this will write!)\n\
+-b for booleans \n\
+-B for add boolean (warning this will write!)\n\
+-c for aCtive booleans\n\
+-C for set aCtive boolean (warning this will write!)\n\n\
+-n for network nodes\n\
+-N for add node (warning this will write!)\n\n\
+Other options:\n\
+-h for this help\n\
+-v for verbose output\
+"
+
+class Usage(Exception):
+ def __init__(self, msg):
+ Exception.__init__(self)
+ self.msg = msg
+
+class Status(Exception):
+ def __init__(self, msg):
+ Exception.__init__(self)
+ self.msg = msg
+
+class Error(Exception):
+ def __init__(self, msg):
+ Exception.__init__(self)
+ self.msg = msg
+
+class Tests:
+ def __init__(self):
+ self.all = False
+ self.users = False
+ self.writeuser = False
+ self.seusers = False
+ self.writeseuser = False
+ self.ports = False
+ self.writeport = False
+ self.fcontexts = False
+ self.writefcontext = False
+ self.interfaces = False
+ self.writeinterface = False
+ self.booleans = False
+ self.writeboolean = False
+ self.abooleans = False
+ self.writeaboolean = False
+ self.nodes = False
+ self.writenode = False
+ self.modules = False
+ self.verbose = False
+
+ def selected(self):
+ return (self.all or self.users or self.modules or self.seusers or self.ports or self.fcontexts or self.interfaces or self.booleans or self.abooleans or self.writeuser or self.writeseuser or self.writeport or self.writefcontext or self.writeinterface or self.writeboolean or self.writeaboolean or self.nodes or self.writenode)
+
+ def run(self, handle):
+ if (self.users or self.all):
+ self.test_users(handle)
+ print ""
+ if (self.seusers or self.all):
+ self.test_seusers(handle)
+ print ""
+ if (self.ports or self.all):
+ self.test_ports(handle)
+ print ""
+ if (self.modules or self.all):
+ self.test_modules(handle)
+ print ""
+ if (self.fcontexts or self.all):
+ self.test_fcontexts(handle)
+ print ""
+ if (self.interfaces or self.all):
+ self.test_interfaces(handle)
+ print ""
+ if (self.booleans or self.all):
+ self.test_booleans(handle)
+ print ""
+ if (self.abooleans or self.all):
+ self.test_abooleans(handle)
+ print ""
+ if (self.nodes or self.all):
+ self.test_nodes(handle)
+ print ""
+ if (self.writeuser or self.all):
+ self.test_writeuser(handle)
+ print ""
+ if (self.writeseuser or self.all):
+ self.test_writeseuser(handle)
+ print ""
+ if (self.writeport or self.all):
+ self.test_writeport(handle)
+ print ""
+ if (self.writefcontext or self.all):
+ self.test_writefcontext(handle)
+ print ""
+ if (self.writeinterface or self.all):
+ self.test_writeinterface(handle)
+ print ""
+ if (self.writeboolean or self.all):
+ self.test_writeboolean(handle)
+ print ""
+ if (self.writeaboolean or self.all):
+ self.test_writeaboolean(handle)
+ print ""
+ if (self.writenode or self.all):
+ self.test_writenode(handle)
+ print ""
+
+ def test_modules(self,sh):
+ print "Testing modules..."
+
+ (trans_cnt, mlist, mlist_size) = semanage.semanage_module_list(sh)
+
+ print "Transaction number: ", trans_cnt
+ print "Module list size: ", mlist_size
+ if self.verbose: print "List reference: ", mlist
+
+ if (mlist_size == 0):
+ print "No modules installed!"
+ print "This is not necessarily a test failure."
+ return
+ for idx in range(mlist_size):
+ module = semanage.semanage_module_list_nth(mlist, idx)
+ if self.verbose: print "Module reference: ", module
+ print "Module name: ", semanage.semanage_module_get_name(module)
+ print " Module version: ", semanage.semanage_module_get_version(module)
+
+ def test_seusers(self,sh):
+ print "Testing seusers..."
+
+ (status, slist) = semanage.semanage_seuser_list(sh)
+ if status < 0:
+ raise Error("Could not list seusers")
+ print "Query status (commit number): ", status
+
+ if ( len(slist) == 0):
+ print "No seusers found!"
+ print "This is not necessarily a test failure."
+ return
+ for seuser in slist:
+ if self.verbose: print "seseuser reference: ", seuser
+ print "seuser name: ", semanage.semanage_seuser_get_name(seuser)
+ print " seuser mls range: ", semanage.semanage_seuser_get_mlsrange(seuser)
+ print " seuser sename: ", semanage.semanage_seuser_get_sename(seuser)
+ semanage.semanage_seuser_free(seuser)
+
+ def test_users(self,sh):
+ print "Testing users..."
+
+ (status, ulist) = semanage.semanage_user_list(sh)
+ if status < 0:
+ raise Error("Could not list users")
+ print "Query status (commit number): ", status
+
+ if ( len(ulist) == 0):
+ print "No users found!"
+ print "This is not necessarily a test failure."
+ return
+ for user in ulist:
+ if self.verbose: print "User reference: ", user
+ print "User name: ", semanage.semanage_user_get_name(user)
+ print " User labeling prefix: ", semanage.semanage_user_get_prefix(user)
+ print " User mls level: ", semanage.semanage_user_get_mlslevel(user)
+ print " User mls range: ", semanage.semanage_user_get_mlsrange(user)
+ print " User number of roles: ", semanage.semanage_user_get_num_roles(user)
+ print " User roles: "
+ (status, rlist) = semanage.semanage_user_get_roles(sh, user)
+ if status < 0:
+ raise Error("Could not get user roles")
+
+ for role in rlist:
+ print " ", role
+
+ semanage.semanage_user_free(user)
+
+ def test_ports(self,sh):
+ print "Testing ports..."
+
+ (status, plist) = semanage.semanage_port_list(sh)
+ if status < 0:
+ raise Error("Could not list ports")
+ print "Query status (commit number): ", status
+
+ if ( len(plist) == 0):
+ print "No ports found!"
+ print "This is not necessarily a test failure."
+ return
+ for port in plist:
+ if self.verbose: print "Port reference: ", port
+ low = semanage.semanage_port_get_low(port)
+ high = semanage.semanage_port_get_high(port)
+ con = semanage.semanage_port_get_con(port)
+ proto = semanage.semanage_port_get_proto(port)
+ proto_str = semanage.semanage_port_get_proto_str(proto)
+ if low == high:
+ range_str = str(low)
+ else:
+ range_str = str(low) + "-" + str(high)
+ (rc, con_str) = semanage.semanage_context_to_string(sh,con)
+ if rc < 0: con_str = ""
+ print "Port: ", range_str, " ", proto_str, " Context: ", con_str
+ semanage.semanage_port_free(port)
+
+ def test_fcontexts(self,sh):
+ print "Testing file contexts..."
+
+ (status, flist) = semanage.semanage_fcontext_list(sh)
+ if status < 0:
+ raise Error("Could not list file contexts")
+ print "Query status (commit number): ", status
+
+ if (len(flist) == 0):
+ print "No file contexts found!"
+ print "This is not necessarily a test failure."
+ return
+ for fcon in flist:
+ if self.verbose: print "File Context reference: ", fcon
+ expr = semanage.semanage_fcontext_get_expr(fcon)
+ type = semanage.semanage_fcontext_get_type(fcon)
+ type_str = semanage.semanage_fcontext_get_type_str(type)
+ con = semanage.semanage_fcontext_get_con(fcon)
+ if not con:
+ con_str = "<<none>>"
+ else:
+ (rc, con_str) = semanage.semanage_context_to_string(sh,con)
+ if rc < 0: con_str = ""
+ print "File Expr: ", expr, " [", type_str, "] Context: ", con_str
+ semanage.semanage_fcontext_free(fcon)
+
+ def test_interfaces(self,sh):
+ print "Testing network interfaces..."
+
+ (status, ilist) = semanage.semanage_iface_list(sh)
+ if status < 0:
+ raise Error("Could not list interfaces")
+ print "Query status (commit number): ", status
+
+ if (len(ilist) == 0):
+ print "No network interfaces found!"
+ print "This is not necessarily a test failure."
+ return
+ for iface in ilist:
+ if self.verbose: print "Interface reference: ", iface
+ name = semanage.semanage_iface_get_name(iface)
+ msg_con = semanage.semanage_iface_get_msgcon(iface)
+ if_con = semanage.semanage_iface_get_ifcon(iface)
+ (rc, msg_con_str) = semanage.semanage_context_to_string(sh,msg_con)
+ if rc < 0: msg_con_str = ""
+ (rc, if_con_str) = semanage.semanage_context_to_string(sh, if_con)
+ if rc < 0: if_con_str = ""
+ print "Interface: ", name, " Context: ", if_con_str, " Message Context: ", msg_con_str
+ semanage.semanage_iface_free(iface)
+
+ def test_booleans(self,sh):
+ print "Testing booleans..."
+
+ (status, blist) = semanage.semanage_bool_list(sh)
+ if status < 0:
+ raise Error("Could not list booleans")
+ print "Query status (commit number): ", status
+
+ if (len(blist) == 0):
+ print "No booleans found!"
+ print "This is not necessarily a test failure."
+ return
+ for pbool in blist:
+ if self.verbose: print "Boolean reference: ", pbool
+ name = semanage.semanage_bool_get_name(pbool)
+ value = semanage.semanage_bool_get_value(pbool)
+ print "Boolean: ", name, " Value: ", value
+ semanage.semanage_bool_free(pbool)
+
+ def test_abooleans(self,sh):
+ print "Testing active booleans..."
+
+ (status, ablist) = semanage.semanage_bool_list_active(sh)
+ if status < 0:
+ raise Error("Could not list active booleans")
+ print "Query status (commit number): ", status
+
+ if (len(ablist) == 0):
+ print "No active booleans found!"
+ print "This is not necessarily a test failure."
+ return
+ for abool in ablist:
+ if self.verbose: print "Active boolean reference: ", abool
+ name = semanage.semanage_bool_get_name(abool)
+ value = semanage.semanage_bool_get_value(abool)
+ print "Active Boolean: ", name, " Value: ", value
+ semanage.semanage_bool_free(abool)
+
+ def test_nodes(self,sh):
+ print "Testing network nodes..."
+
+ (status, nlist) = semanage.semanage_node_list(sh)
+ if status < 0:
+ raise Error("Could not list network nodes")
+ print "Query status (commit number): ", status
+
+ if (len(nlist) == 0):
+ print "No network nodes found!"
+ print "This is not necessarily a test failure."
+ return
+ for node in nlist:
+ if self.verbose: print "Network node reference: ", node
+
+ (status, addr) = semanage.semanage_node_get_addr(sh, node)
+ if status < 0: addr = ""
+
+ (status, mask) = semanage.semanage_node_get_mask(sh, node)
+ if status < 0: mask = ""
+
+ proto = semanage.semanage_node_get_proto(node)
+ proto_str = semanage.semanage_node_get_proto_str(proto)
+ con = semanage.semanage_node_get_con(node)
+
+ (status, con_str) = semanage.semanage_context_to_string(sh, con)
+ if status < 0: con_str = ""
+
+ print "Network Node: ", addr, "/", mask, " (", proto_str, ")", "Context: ", con_str
+ semanage.semanage_node_free(node)
+
+ def test_writeuser(self,sh):
+ print "Testing user write..."
+
+ (status, user) = semanage.semanage_user_create(sh)
+ if status < 0:
+ raise Error("Could not create user object")
+ if self.verbose: print "User object created"
+
+ status = semanage.semanage_user_set_name(sh,user, "testPyUser")
+ if status < 0:
+ raise Error("Could not set user name")
+ if self.verbose: print "User name set: ", semanage.semanage_user_get_name(user)
+
+ status = semanage.semanage_user_add_role(sh, user, "user_r")
+ if status < 0:
+ raise Error("Could not add role")
+
+ status = semanage.semanage_user_set_prefix(sh,user, "user")
+ if status < 0:
+ raise Error("Could not set labeling prefix")
+ if self.verbose: print "User prefix set: ", semanage.semanage_user_get_prefix(user)
+
+ status = semanage.semanage_user_set_mlsrange(sh, user, "s0")
+ if status < 0:
+ raise Error("Could not set MLS range")
+ if self.verbose: print "User mlsrange: ", semanage.semanage_user_get_mlsrange(user)
+
+ status = semanage.semanage_user_set_mlslevel(sh, user, "s0")
+ if status < 0:
+ raise Error("Could not set MLS level")
+ if self.verbose: print "User mlslevel: ", semanage.semanage_user_get_mlslevel(user)
+
+ (status,key) = semanage.semanage_user_key_extract(sh,user)
+ if status < 0:
+ raise Error("Could not extract user key")
+ if self.verbose: print "User key extracted: ", key
+
+ (status,exists) = semanage.semanage_user_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if user exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_user) = semanage.semanage_user_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old user")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction.."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_user_modify_local(sh,key,user)
+ if status < 0:
+ raise Error("Could not modify user")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing user..."
+ status = semanage.semanage_user_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test user")
+ if self.verbose: print "User delete: ", status
+ else:
+ print "Resetting user..."
+ status = semanage.semanage_user_modify_local(sh, key, old_user)
+ if status < 0:
+ raise Error("Could not reset test user")
+ if self.verbose: print "User modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_user_key_free(key)
+ semanage.semanage_user_free(user)
+ if exists: semanage.semanage_user_free(old_user)
+
+ def test_writeseuser(self,sh):
+ print "Testing seuser write..."
+
+ (status, seuser) = semanage.semanage_seuser_create(sh)
+ if status < 0:
+ raise Error("Could not create SEUser object")
+ if self.verbose: print "SEUser object created."
+
+ status = semanage.semanage_seuser_set_name(sh,seuser, "testPySEUser")
+ if status < 0:
+ raise Error("Could not set name")
+ if self.verbose: print "SEUser name set: ", semanage.semanage_seuser_get_name(seuser)
+
+ status = semanage.semanage_seuser_set_sename(sh, seuser, "root")
+ if status < 0:
+ raise Error("Could not set sename")
+ if self.verbose: print "SEUser seuser: ", semanage.semanage_seuser_get_sename(seuser)
+
+ status = semanage.semanage_seuser_set_mlsrange(sh, seuser, "s0:c0.c255")
+ if status < 0:
+ raise Error("Could not set MLS range")
+ if self.verbose: print "SEUser mlsrange: ", semanage.semanage_seuser_get_mlsrange(seuser)
+
+ (status,key) = semanage.semanage_seuser_key_extract(sh,seuser)
+ if status < 0:
+ raise Error("Could not extract SEUser key")
+ if self.verbose: print "SEUser key extracted: ", key
+
+ (status,exists) = semanage.semanage_seuser_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SEUser exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_seuser) = semanage.semanage_seuser_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEUser")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_seuser_modify_local(sh,key,seuser)
+ if status < 0:
+ raise Error("Could not modify SEUser")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing seuser..."
+ status = semanage.semanage_seuser_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SEUser")
+ if self.verbose: print "Seuser delete: ", status
+ else:
+ print "Resetting seuser..."
+ status = semanage.semanage_seuser_modify_local(sh, key, old_seuser)
+ if status < 0:
+ raise Error("Could not reset test SEUser")
+ if self.verbose: print "Seuser modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_seuser_key_free(key)
+ semanage.semanage_seuser_free(seuser)
+ if exists: semanage.semanage_seuser_free(old_seuser)
+
+ def test_writeport(self,sh):
+ print "Testing port write..."
+
+ (status, port) = semanage.semanage_port_create(sh)
+ if status < 0:
+ raise Error("Could not create SEPort object")
+ if self.verbose: print "SEPort object created."
+
+ semanage.semanage_port_set_range(port,150,200)
+ low = semanage.semanage_port_get_low(port)
+ high = semanage.semanage_port_get_high(port)
+ if self.verbose: print "SEPort range set: ", low, "-", high
+
+ semanage.semanage_port_set_proto(port, semanage.SEMANAGE_PROTO_TCP);
+ if self.verbose: print "SEPort protocol set: ", \
+ semanage.semanage_port_get_proto_str(semanage.SEMANAGE_PROTO_TCP)
+
+ (status, con) = semanage.semanage_context_create(sh)
+ if status < 0:
+ raise Error("Could not create SEContext object")
+ if self.verbose: print "SEContext object created (for port)."
+
+ status = semanage.semanage_context_set_user(sh, con, "system_u")
+ if status < 0:
+ raise Error("Could not set context user")
+ if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con)
+
+ status = semanage.semanage_context_set_role(sh, con, "object_r")
+ if status < 0:
+ raise Error("Could not set context role")
+ if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
+
+ status = semanage.semanage_context_set_type(sh, con, "http_port_t")
+ if status < 0:
+ raise Error("Could not set context type")
+ if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
+
+ status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
+ if status < 0:
+ raise Error("Could not set context MLS fields")
+ if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
+
+ status = semanage.semanage_port_set_con(sh, port, con)
+ if status < 0:
+ raise Error("Could not set SEPort context")
+ if self.verbose: print "SEPort context set: ", con
+
+ (status,key) = semanage.semanage_port_key_extract(sh,port)
+ if status < 0:
+ raise Error("Could not extract SEPort key")
+ if self.verbose: print "SEPort key extracted: ", key
+
+ (status,exists) = semanage.semanage_port_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SEPort exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_port) = semanage.semanage_port_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEPort")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_port_modify_local(sh,key,port)
+ if status < 0:
+ raise Error("Could not modify SEPort")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing port range..."
+ status = semanage.semanage_port_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SEPort")
+ if self.verbose: print "Port range delete: ", status
+ else:
+ print "Resetting port range..."
+ status = semanage.semanage_port_modify_local(sh, key, old_port)
+ if status < 0:
+ raise Error("Could not reset test SEPort")
+ if self.verbose: print "Port range modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_context_free(con)
+ semanage.semanage_port_key_free(key)
+ semanage.semanage_port_free(port)
+ if exists: semanage.semanage_port_free(old_port)
+
+ def test_writefcontext(self,sh):
+ print "Testing file context write..."
+
+ (status, fcon) = semanage.semanage_fcontext_create(sh)
+ if status < 0:
+ raise Error("Could not create SEFcontext object")
+ if self.verbose: print "SEFcontext object created."
+
+ status = semanage.semanage_fcontext_set_expr(sh, fcon, "/test/fcontext(/.*)?")
+ if status < 0:
+ raise Error("Could not set expression")
+ if self.verbose: print "SEFContext expr set: ", semanage.semanage_fcontext_get_expr(fcon)
+
+ semanage.semanage_fcontext_set_type(fcon, semanage.SEMANAGE_FCONTEXT_REG)
+ if self.verbose: print "SEFContext type set: ", semanage.semanage_fcontext_get_type_str(fcon)
+
+ (status, con) = semanage.semanage_context_create(sh)
+ if status < 0:
+ raise Error("Could not create SEContext object")
+ if self.verbose: print "SEContext object created (for file context)."
+
+ status = semanage.semanage_context_set_user(sh, con, "system_u")
+ if status < 0:
+ raise Error("Could not set context user")
+ if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con)
+
+ status = semanage.semanage_context_set_role(sh, con, "object_r")
+ if status < 0:
+ raise Error("Could not set context role")
+ if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
+
+ status = semanage.semanage_context_set_type(sh, con, "default_t")
+ if status < 0:
+ raise Error("Could not set context type")
+ if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
+
+ status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
+ if status < 0:
+ raise Error("Could not set context MLS fields")
+ if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
+
+ status = semanage.semanage_fcontext_set_con(sh, fcon, con)
+ if status < 0:
+ raise Error("Could not set SEFcontext context")
+ if self.verbose: print "SEFcontext context set: ", con
+
+ (status,key) = semanage.semanage_fcontext_key_extract(sh,fcon)
+ if status < 0:
+ raise Error("Could not extract SEFcontext key")
+ if self.verbose: print "SEFcontext key extracted: ", key
+
+ (status,exists) = semanage.semanage_fcontext_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SEFcontext exists")
+
+ if self.verbose: print "Exists status (commit number): ", status
+ if exists:
+ (status, old_fcontext) = semanage.semanage_fcontext_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEFcontext")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_fcontext_modify_local(sh,key,fcon)
+ if status < 0:
+ raise Error("Could not modify SEFcontext")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing file context..."
+ status = semanage.semanage_fcontext_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SEFcontext")
+ if self.verbose: print "File context delete: ", status
+ else:
+ print "Resetting file context..."
+ status = semanage.semanage_fcontext_modify_local(sh, key, old_fcontext)
+ if status < 0:
+ raise Error("Could not reset test FContext")
+ if self.verbose: print "File context modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_context_free(con)
+ semanage.semanage_fcontext_key_free(key)
+ semanage.semanage_fcontext_free(fcon)
+ if exists: semanage.semanage_fcontext_free(old_fcontext)
+
+ def test_writeinterface(self,sh):
+ print "Testing network interface write..."
+
+ (status, iface) = semanage.semanage_iface_create(sh)
+ if status < 0:
+ raise Error("Could not create SEIface object")
+ if self.verbose: print "SEIface object created."
+
+ status = semanage.semanage_iface_set_name(sh, iface, "test_iface")
+ if status < 0:
+ raise Error("Could not set SEIface name")
+ if self.verbose: print "SEIface name set: ", semanage.semanage_iface_get_name(iface)
+
+ (status, con) = semanage.semanage_context_create(sh)
+ if status < 0:
+ raise Error("Could not create SEContext object")
+ if self.verbose: print "SEContext object created (for network interface)"
+
+ status = semanage.semanage_context_set_user(sh, con, "system_u")
+ if status < 0:
+ raise Error("Could not set interface context user")
+ if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con)
+
+ status = semanage.semanage_context_set_role(sh, con, "object_r")
+ if status < 0:
+ raise Error("Could not set interface context role")
+ if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
+
+ status = semanage.semanage_context_set_type(sh, con, "default_t")
+ if status < 0:
+ raise Error("Could not set interface context type")
+ if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
+
+ status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
+ if status < 0:
+ raise Error("Could not set interface context MLS fields")
+ if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
+
+ status = semanage.semanage_iface_set_ifcon(sh, iface, con)
+ if status < 0:
+ raise Error("Could not set SEIface interface context")
+ if self.verbose: print "SEIface interface context set: ", con
+
+ status = semanage.semanage_iface_set_msgcon(sh, iface, con)
+ if status < 0:
+ raise Error("Could not set SEIface message context")
+ if self.verbose: print "SEIface message context set: ", con
+
+ (status,key) = semanage.semanage_iface_key_extract(sh,iface)
+ if status < 0:
+ raise Error("Could not extract SEIface key")
+ if self.verbose: print "SEIface key extracted: ", key
+
+ (status,exists) = semanage.semanage_iface_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SEIface exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_iface) = semanage.semanage_iface_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEIface")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not begin semanage transaction")
+
+ status = semanage.semanage_iface_modify_local(sh,key,iface)
+ if status < 0:
+ raise Error("Could not modify SEIface")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not begin semanage transaction")
+
+ if not exists:
+ print "Removing interface..."
+ status = semanage.semanage_iface_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SEIface")
+ if self.verbose: print "Interface delete: ", status
+ else:
+ print "Resetting interface..."
+ status = semanage.semanage_iface_modify_local(sh, key, old_iface)
+ if status < 0:
+ raise Error("Could not reset test SEIface")
+ if self.verbose: print "Interface modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_context_free(con)
+ semanage.semanage_iface_key_free(key)
+ semanage.semanage_iface_free(iface)
+ if exists: semanage.semanage_iface_free(old_iface)
+
+ def test_writeboolean(self,sh):
+ print "Testing boolean write..."
+
+ (status, pbool) = semanage.semanage_bool_create(sh)
+ if status < 0:
+ raise Error("Could not create SEBool object")
+ if self.verbose: print "SEBool object created."
+
+ status = semanage.semanage_bool_set_name(sh, pbool, "allow_execmem")
+ if status < 0:
+ raise Error("Could not set name")
+ if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(pbool)
+
+ semanage.semanage_bool_set_value(pbool, 0)
+ if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(pbool)
+
+ (status,key) = semanage.semanage_bool_key_extract(sh, pbool)
+ if status < 0:
+ raise Error("Could not extract SEBool key")
+ if self.verbose: print "SEBool key extracted: ", key
+
+ (status,exists) = semanage.semanage_bool_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SEBool exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_bool) = semanage.semanage_bool_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEBool")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_bool_modify_local(sh, key, pbool)
+
+ if status < 0:
+ raise Error("Could not modify SEBool")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing boolean..."
+ status = semanage.semanage_bool_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SEBool")
+ if self.verbose: print "Boolean delete: ", status
+ else:
+ print "Resetting boolean..."
+ status = semanage.semanage_bool_modify_local(sh, key, old_bool)
+ if status < 0:
+ raise Error("Could not reset test SEBool")
+ if self.verbose: print "Boolean modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_bool_key_free(key)
+ semanage.semanage_bool_free(pbool)
+ if exists: semanage.semanage_bool_free(old_bool)
+
+ def test_writeaboolean(self,sh):
+ print "Testing active boolean write..."
+
+ (status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
+ if status < 0:
+ raise Error("Could not create SEBool key")
+ if self.verbose: print "SEBool key created: ", key
+
+ (status, old_bool) = semanage.semanage_bool_query_active(sh, key)
+ if status < 0:
+ raise Error("Could not query old SEBool")
+ if self.verbose: print "Query status (commit number): ", status
+
+ (status, abool) = semanage.semanage_bool_create(sh)
+ if status < 0:
+ raise Error("Could not create SEBool object")
+ if self.verbose: print "SEBool object created."
+
+ status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
+ if status < 0:
+ raise Error("Could not set name")
+ if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
+
+ semanage.semanage_bool_set_value(abool, 0)
+ if self.verbose: print "SEbool value set: ", semanage.semanage_bool_set_value(abool)
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_bool_set_active(sh,key,abool)
+ if status < 0:
+ raise Error("Could not modify SEBool")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ print "Resetting old active boolean..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_bool_set_active(sh, key,old_bool)
+ if status < 0:
+ raise Error("Could not reset test SEBool")
+ if self.verbose: print "SEBool active reset: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_bool_key_free(key)
+ semanage.semanage_bool_free(abool)
+ semanage.semanage_bool_free(old_bool)
+
+
+ def test_writenode(self,sh):
+ print "Testing network node write..."
+
+ (status, node) = semanage.semanage_node_create(sh)
+ if status < 0:
+ raise Error("Could not create SENode object")
+ if self.verbose: print "SENode object created."
+
+ status = semanage.semanage_node_set_addr(sh, node, semanage.SEMANAGE_PROTO_IP6, "ffee:dddd::bbbb")
+ if status < 0:
+ raise Error("Could not set SENode address")
+
+ status = semanage.semanage_node_set_mask(sh, node, semanage.SEMANAGE_PROTO_IP6, "::ffff:ffff:abcd:0000")
+ if status < 0:
+ raise Error("Could not set SENode netmask")
+
+ semanage.semanage_node_set_proto(node, semanage.SEMANAGE_PROTO_IP6);
+ if self.verbose: print "SENode protocol set: ", \
+ semanage.semanage_node_get_proto_str(semanage.SEMANAGE_PROTO_IP6)
+
+ (status, con) = semanage.semanage_context_create(sh)
+ if status < 0:
+ raise Error("Could not create SEContext object")
+ if self.verbose: print "SEContext object created (for node)."
+
+ status = semanage.semanage_context_set_user(sh, con, "system_u")
+ if status < 0:
+ raise Error("Could not set context user")
+ if self.verbose: print "SEContext user: ", semanage.semanage_context_get_user(con)
+
+ status = semanage.semanage_context_set_role(sh, con, "object_r")
+ if status < 0:
+ raise Error("Could not set context role")
+ if self.verbose: print "SEContext role: ", semanage.semanage_context_get_role(con)
+
+ status = semanage.semanage_context_set_type(sh, con, "lo_node_t")
+ if status < 0:
+ raise Error("Could not set context type")
+ if self.verbose: print "SEContext type: ", semanage.semanage_context_get_type(con)
+
+ status = semanage.semanage_context_set_mls(sh, con, "s0:c0.c255")
+ if status < 0:
+ raise Error("Could not set context MLS fields")
+ if self.verbose: print "SEContext mls: ", semanage.semanage_context_get_mls(con)
+
+ status = semanage.semanage_node_set_con(sh, node, con)
+ if status < 0:
+ raise Error("Could not set SENode context")
+ if self.verbose: print "SENode context set: ", con
+
+ (status,key) = semanage.semanage_node_key_extract(sh, node)
+ if status < 0:
+ raise Error("Could not extract SENode key")
+ if self.verbose: print "SENode key extracted: ", key
+
+ (status,exists) = semanage.semanage_node_exists_local(sh,key)
+ if status < 0:
+ raise Error("Could not check if SENode exists")
+ if self.verbose: print "Exists status (commit number): ", status
+
+ if exists:
+ (status, old_node) = semanage.semanage_node_query_local(sh, key)
+ if status < 0:
+ raise Error("Could not query old SENode")
+ if self.verbose: print "Query status (commit number): ", status
+
+ print "Starting transaction..."
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ status = semanage.semanage_node_modify_local(sh,key, node)
+ if status < 0:
+ raise Error("Could not modify SENode")
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit test transaction")
+ print "Commit status (transaction number): ", status
+
+ status = semanage.semanage_begin_transaction(sh)
+ if status < 0:
+ raise Error("Could not start semanage transaction")
+
+ if not exists:
+ print "Removing network node..."
+ status = semanage.semanage_node_del_local(sh, key)
+ if status < 0:
+ raise Error("Could not delete test SENode")
+ if self.verbose: print "Network node delete: ", status
+ else:
+ print "Resetting network node..."
+ status = semanage.semanage_node_modify_local(sh, key, old_node)
+ if status < 0:
+ raise Error("Could not reset test SENode")
+ if self.verbose: print "Network node modify: ", status
+
+ status = semanage.semanage_commit(sh)
+ if status < 0:
+ raise Error("Could not commit reset transaction")
+ print "Commit status (transaction number): ", status
+
+ semanage.semanage_context_free(con)
+ semanage.semanage_node_key_free(key)
+ semanage.semanage_node_free(node)
+ if exists: semanage.semanage_node_free(old_node)
+
+def main(argv=None):
+ if argv is None:
+ argv = sys.argv
+ try:
+ try:
+ opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"])
+ tests = Tests()
+ for o, a in opts:
+ if o == "-v":
+ tests.verbose = True
+ print "Verbose output selected."
+ if o == "-a":
+ tests.all = True
+ if o == "-u":
+ tests.users = True
+ if o == "-U":
+ tests.writeuser = True
+ if o == "-s":
+ tests.seusers = True
+ if o == "-S":
+ tests.writeseuser = True
+ if o == "-p":
+ tests.ports = True
+ if o == "-P":
+ tests.writeport = True
+ if o == "-f":
+ tests.fcontexts = True
+ if o == "-F":
+ tests.writefcontext = True
+ if o == "-i":
+ tests.interfaces = True
+ if o == "-I":
+ tests.writeinterface = True
+ if o == "-b":
+ tests.booleans = True
+ if o == "-B":
+ tests.writeboolean = True
+ if o == "-c":
+ tests.abooleans = True
+ if o == "-C":
+ tests.writeaboolean = True
+ if o == "-n":
+ tests.nodes = True
+ if o == "-N":
+ tests.writenode = True
+ if o == "-m":
+ tests.modules = True
+ if o == "-h":
+ raise Usage(usage)
+
+ if not tests.selected():
+ raise Usage("Please select a valid test.")
+
+ except getopt.error, msg:
+ raise Usage(msg)
+
+ sh=semanage.semanage_handle_create()
+
+ if (semanage.semanage_is_managed(sh) != 1):
+ raise Status("Unmanaged!")
+
+ status = semanage.semanage_connect(sh)
+ if status < 0:
+ raise Error("Could not establish semanage connection")
+
+ tests.run(sh)
+
+ status = semanage.semanage_disconnect(sh)
+ if status < 0:
+ raise Error("Could not disconnect")
+
+ semanage.semanage_handle_destroy(sh)
+
+ except Usage, err:
+ print >>sys.stderr, err.msg
+ except Status, err:
+ print >>sys.stderr, err.msg
+ except Error, err:
+ print >>sys.stderr, err.msg
+
+ return 2
+
+if __name__ == "__main__":
+ sys.exit(main())
+
diff --git a/libsemanage/src/semanage.conf b/libsemanage/src/semanage.conf
new file mode 100644
index 0000000..5ae18f9
--- /dev/null
+++ b/libsemanage/src/semanage.conf
@@ -0,0 +1,38 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+# "source" - libsemanage manipulates a source SELinux policy
+# "direct" - libsemanage will write directly to a module store.
+# /foo/bar - Write by way of a policy management server, whose
+# named socket is at /foo/bar. The path must begin
+# with a '/'.
+# foo.com:4242 - Establish a TCP connection to a remote policy
+# management server at foo.com. If there is a colon
+# then the remainder is interpreted as a port number;
+# otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>. Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
diff --git a/libsemanage/src/semanage.py b/libsemanage/src/semanage.py
new file mode 100644
index 0000000..6a2327a
--- /dev/null
+++ b/libsemanage/src/semanage.py
@@ -0,0 +1,319 @@
+# This file was automatically generated by SWIG (http://www.swig.org).
+# Version 1.3.33
+#
+# Don't modify this file, modify the SWIG interface instead.
+# This file is compatible with both classic and new-style classes.
+
+import _semanage
+import new
+new_instancemethod = new.instancemethod
+try:
+ _swig_property = property
+except NameError:
+ pass # Python < 2.2 doesn't have 'property'.
+def _swig_setattr_nondynamic(self,class_type,name,value,static=1):
+ if (name == "thisown"): return self.this.own(value)
+ if (name == "this"):
+ if type(value).__name__ == 'PySwigObject':
+ self.__dict__[name] = value
+ return
+ method = class_type.__swig_setmethods__.get(name,None)
+ if method: return method(self,value)
+ if (not static) or hasattr(self,name):
+ self.__dict__[name] = value
+ else:
+ raise AttributeError("You cannot add attributes to %s" % self)
+
+def _swig_setattr(self,class_type,name,value):
+ return _swig_setattr_nondynamic(self,class_type,name,value,0)
+
+def _swig_getattr(self,class_type,name):
+ if (name == "thisown"): return self.this.own()
+ method = class_type.__swig_getmethods__.get(name,None)
+ if method: return method(self)
+ raise AttributeError,name
+
+def _swig_repr(self):
+ try: strthis = "proxy of " + self.this.__repr__()
+ except: strthis = ""
+ return "<%s.%s; %s >" % (self.__class__.__module__, self.__class__.__name__, strthis,)
+
+import types
+try:
+ _object = types.ObjectType
+ _newclass = 1
+except AttributeError:
+ class _object : pass
+ _newclass = 0
+del types
+
+
+SEMANAGE_MSG_ERR = _semanage.SEMANAGE_MSG_ERR
+SEMANAGE_MSG_WARN = _semanage.SEMANAGE_MSG_WARN
+SEMANAGE_MSG_INFO = _semanage.SEMANAGE_MSG_INFO
+semanage_msg_get_level = _semanage.semanage_msg_get_level
+semanage_msg_get_channel = _semanage.semanage_msg_get_channel
+semanage_msg_get_fname = _semanage.semanage_msg_get_fname
+semanage_msg_set_callback = _semanage.semanage_msg_set_callback
+semanage_handle_create = _semanage.semanage_handle_create
+semanage_handle_destroy = _semanage.semanage_handle_destroy
+SEMANAGE_CON_INVALID = _semanage.SEMANAGE_CON_INVALID
+SEMANAGE_CON_DIRECT = _semanage.SEMANAGE_CON_DIRECT
+SEMANAGE_CON_POLSERV_LOCAL = _semanage.SEMANAGE_CON_POLSERV_LOCAL
+SEMANAGE_CON_POLSERV_REMOTE = _semanage.SEMANAGE_CON_POLSERV_REMOTE
+semanage_select_store = _semanage.semanage_select_store
+semanage_reload_policy = _semanage.semanage_reload_policy
+semanage_set_reload = _semanage.semanage_set_reload
+semanage_set_rebuild = _semanage.semanage_set_rebuild
+semanage_set_create_store = _semanage.semanage_set_create_store
+semanage_set_disable_dontaudit = _semanage.semanage_set_disable_dontaudit
+semanage_is_managed = _semanage.semanage_is_managed
+semanage_connect = _semanage.semanage_connect
+semanage_disconnect = _semanage.semanage_disconnect
+semanage_begin_transaction = _semanage.semanage_begin_transaction
+semanage_commit = _semanage.semanage_commit
+SEMANAGE_CAN_READ = _semanage.SEMANAGE_CAN_READ
+SEMANAGE_CAN_WRITE = _semanage.SEMANAGE_CAN_WRITE
+semanage_access_check = _semanage.semanage_access_check
+semanage_is_connected = _semanage.semanage_is_connected
+semanage_module_install = _semanage.semanage_module_install
+semanage_module_upgrade = _semanage.semanage_module_upgrade
+semanage_module_install_base = _semanage.semanage_module_install_base
+semanage_module_remove = _semanage.semanage_module_remove
+semanage_module_list = _semanage.semanage_module_list
+semanage_module_info_datum_destroy = _semanage.semanage_module_info_datum_destroy
+semanage_module_list_nth = _semanage.semanage_module_list_nth
+semanage_module_get_name = _semanage.semanage_module_get_name
+semanage_module_get_version = _semanage.semanage_module_get_version
+semanage_context_get_user = _semanage.semanage_context_get_user
+semanage_context_set_user = _semanage.semanage_context_set_user
+semanage_context_get_role = _semanage.semanage_context_get_role
+semanage_context_set_role = _semanage.semanage_context_set_role
+semanage_context_get_type = _semanage.semanage_context_get_type
+semanage_context_set_type = _semanage.semanage_context_set_type
+semanage_context_get_mls = _semanage.semanage_context_get_mls
+semanage_context_set_mls = _semanage.semanage_context_set_mls
+semanage_context_create = _semanage.semanage_context_create
+semanage_context_clone = _semanage.semanage_context_clone
+semanage_context_free = _semanage.semanage_context_free
+semanage_context_from_string = _semanage.semanage_context_from_string
+semanage_context_to_string = _semanage.semanage_context_to_string
+semanage_bool_key_create = _semanage.semanage_bool_key_create
+semanage_bool_key_extract = _semanage.semanage_bool_key_extract
+semanage_bool_key_free = _semanage.semanage_bool_key_free
+semanage_bool_compare = _semanage.semanage_bool_compare
+semanage_bool_compare2 = _semanage.semanage_bool_compare2
+semanage_bool_get_name = _semanage.semanage_bool_get_name
+semanage_bool_set_name = _semanage.semanage_bool_set_name
+semanage_bool_get_value = _semanage.semanage_bool_get_value
+semanage_bool_set_value = _semanage.semanage_bool_set_value
+semanage_bool_create = _semanage.semanage_bool_create
+semanage_bool_clone = _semanage.semanage_bool_clone
+semanage_bool_free = _semanage.semanage_bool_free
+semanage_bool_query = _semanage.semanage_bool_query
+semanage_bool_exists = _semanage.semanage_bool_exists
+semanage_bool_count = _semanage.semanage_bool_count
+semanage_bool_iterate = _semanage.semanage_bool_iterate
+semanage_bool_list = _semanage.semanage_bool_list
+semanage_bool_modify_local = _semanage.semanage_bool_modify_local
+semanage_bool_del_local = _semanage.semanage_bool_del_local
+semanage_bool_query_local = _semanage.semanage_bool_query_local
+semanage_bool_exists_local = _semanage.semanage_bool_exists_local
+semanage_bool_count_local = _semanage.semanage_bool_count_local
+semanage_bool_iterate_local = _semanage.semanage_bool_iterate_local
+semanage_bool_list_local = _semanage.semanage_bool_list_local
+semanage_bool_set_active = _semanage.semanage_bool_set_active
+semanage_bool_query_active = _semanage.semanage_bool_query_active
+semanage_bool_exists_active = _semanage.semanage_bool_exists_active
+semanage_bool_count_active = _semanage.semanage_bool_count_active
+semanage_bool_iterate_active = _semanage.semanage_bool_iterate_active
+semanage_bool_list_active = _semanage.semanage_bool_list_active
+semanage_iface_compare = _semanage.semanage_iface_compare
+semanage_iface_compare2 = _semanage.semanage_iface_compare2
+semanage_iface_key_create = _semanage.semanage_iface_key_create
+semanage_iface_key_extract = _semanage.semanage_iface_key_extract
+semanage_iface_key_free = _semanage.semanage_iface_key_free
+semanage_iface_get_name = _semanage.semanage_iface_get_name
+semanage_iface_set_name = _semanage.semanage_iface_set_name
+semanage_iface_get_ifcon = _semanage.semanage_iface_get_ifcon
+semanage_iface_set_ifcon = _semanage.semanage_iface_set_ifcon
+semanage_iface_get_msgcon = _semanage.semanage_iface_get_msgcon
+semanage_iface_set_msgcon = _semanage.semanage_iface_set_msgcon
+semanage_iface_create = _semanage.semanage_iface_create
+semanage_iface_clone = _semanage.semanage_iface_clone
+semanage_iface_free = _semanage.semanage_iface_free
+semanage_iface_modify_local = _semanage.semanage_iface_modify_local
+semanage_iface_del_local = _semanage.semanage_iface_del_local
+semanage_iface_query_local = _semanage.semanage_iface_query_local
+semanage_iface_exists_local = _semanage.semanage_iface_exists_local
+semanage_iface_count_local = _semanage.semanage_iface_count_local
+semanage_iface_iterate_local = _semanage.semanage_iface_iterate_local
+semanage_iface_list_local = _semanage.semanage_iface_list_local
+semanage_iface_query = _semanage.semanage_iface_query
+semanage_iface_exists = _semanage.semanage_iface_exists
+semanage_iface_count = _semanage.semanage_iface_count
+semanage_iface_iterate = _semanage.semanage_iface_iterate
+semanage_iface_list = _semanage.semanage_iface_list
+semanage_user_key_create = _semanage.semanage_user_key_create
+semanage_user_key_extract = _semanage.semanage_user_key_extract
+semanage_user_key_free = _semanage.semanage_user_key_free
+semanage_user_compare = _semanage.semanage_user_compare
+semanage_user_compare2 = _semanage.semanage_user_compare2
+semanage_user_get_name = _semanage.semanage_user_get_name
+semanage_user_set_name = _semanage.semanage_user_set_name
+semanage_user_get_prefix = _semanage.semanage_user_get_prefix
+semanage_user_set_prefix = _semanage.semanage_user_set_prefix
+semanage_user_get_mlslevel = _semanage.semanage_user_get_mlslevel
+semanage_user_set_mlslevel = _semanage.semanage_user_set_mlslevel
+semanage_user_get_mlsrange = _semanage.semanage_user_get_mlsrange
+semanage_user_set_mlsrange = _semanage.semanage_user_set_mlsrange
+semanage_user_get_num_roles = _semanage.semanage_user_get_num_roles
+semanage_user_add_role = _semanage.semanage_user_add_role
+semanage_user_del_role = _semanage.semanage_user_del_role
+semanage_user_has_role = _semanage.semanage_user_has_role
+semanage_user_get_roles = _semanage.semanage_user_get_roles
+semanage_user_set_roles = _semanage.semanage_user_set_roles
+semanage_user_create = _semanage.semanage_user_create
+semanage_user_clone = _semanage.semanage_user_clone
+semanage_user_free = _semanage.semanage_user_free
+semanage_user_modify_local = _semanage.semanage_user_modify_local
+semanage_user_del_local = _semanage.semanage_user_del_local
+semanage_user_query_local = _semanage.semanage_user_query_local
+semanage_user_exists_local = _semanage.semanage_user_exists_local
+semanage_user_count_local = _semanage.semanage_user_count_local
+semanage_user_iterate_local = _semanage.semanage_user_iterate_local
+semanage_user_list_local = _semanage.semanage_user_list_local
+semanage_user_query = _semanage.semanage_user_query
+semanage_user_exists = _semanage.semanage_user_exists
+semanage_user_count = _semanage.semanage_user_count
+semanage_user_iterate = _semanage.semanage_user_iterate
+semanage_user_list = _semanage.semanage_user_list
+SEMANAGE_PROTO_UDP = _semanage.SEMANAGE_PROTO_UDP
+SEMANAGE_PROTO_TCP = _semanage.SEMANAGE_PROTO_TCP
+semanage_port_compare = _semanage.semanage_port_compare
+semanage_port_compare2 = _semanage.semanage_port_compare2
+semanage_port_key_create = _semanage.semanage_port_key_create
+semanage_port_key_extract = _semanage.semanage_port_key_extract
+semanage_port_key_free = _semanage.semanage_port_key_free
+semanage_port_get_proto = _semanage.semanage_port_get_proto
+semanage_port_set_proto = _semanage.semanage_port_set_proto
+semanage_port_get_proto_str = _semanage.semanage_port_get_proto_str
+semanage_port_get_low = _semanage.semanage_port_get_low
+semanage_port_get_high = _semanage.semanage_port_get_high
+semanage_port_set_port = _semanage.semanage_port_set_port
+semanage_port_set_range = _semanage.semanage_port_set_range
+semanage_port_get_con = _semanage.semanage_port_get_con
+semanage_port_set_con = _semanage.semanage_port_set_con
+semanage_port_create = _semanage.semanage_port_create
+semanage_port_clone = _semanage.semanage_port_clone
+semanage_port_free = _semanage.semanage_port_free
+semanage_port_modify_local = _semanage.semanage_port_modify_local
+semanage_port_del_local = _semanage.semanage_port_del_local
+semanage_port_query_local = _semanage.semanage_port_query_local
+semanage_port_exists_local = _semanage.semanage_port_exists_local
+semanage_port_count_local = _semanage.semanage_port_count_local
+semanage_port_iterate_local = _semanage.semanage_port_iterate_local
+semanage_port_list_local = _semanage.semanage_port_list_local
+semanage_port_query = _semanage.semanage_port_query
+semanage_port_exists = _semanage.semanage_port_exists
+semanage_port_count = _semanage.semanage_port_count
+semanage_port_iterate = _semanage.semanage_port_iterate
+semanage_port_list = _semanage.semanage_port_list
+semanage_fcontext_compare = _semanage.semanage_fcontext_compare
+semanage_fcontext_compare2 = _semanage.semanage_fcontext_compare2
+semanage_fcontext_key_create = _semanage.semanage_fcontext_key_create
+semanage_fcontext_key_extract = _semanage.semanage_fcontext_key_extract
+semanage_fcontext_key_free = _semanage.semanage_fcontext_key_free
+semanage_fcontext_get_expr = _semanage.semanage_fcontext_get_expr
+semanage_fcontext_set_expr = _semanage.semanage_fcontext_set_expr
+SEMANAGE_FCONTEXT_ALL = _semanage.SEMANAGE_FCONTEXT_ALL
+SEMANAGE_FCONTEXT_REG = _semanage.SEMANAGE_FCONTEXT_REG
+SEMANAGE_FCONTEXT_DIR = _semanage.SEMANAGE_FCONTEXT_DIR
+SEMANAGE_FCONTEXT_CHAR = _semanage.SEMANAGE_FCONTEXT_CHAR
+SEMANAGE_FCONTEXT_BLOCK = _semanage.SEMANAGE_FCONTEXT_BLOCK
+SEMANAGE_FCONTEXT_SOCK = _semanage.SEMANAGE_FCONTEXT_SOCK
+SEMANAGE_FCONTEXT_LINK = _semanage.SEMANAGE_FCONTEXT_LINK
+SEMANAGE_FCONTEXT_PIPE = _semanage.SEMANAGE_FCONTEXT_PIPE
+semanage_fcontext_get_type = _semanage.semanage_fcontext_get_type
+semanage_fcontext_get_type_str = _semanage.semanage_fcontext_get_type_str
+semanage_fcontext_set_type = _semanage.semanage_fcontext_set_type
+semanage_fcontext_get_con = _semanage.semanage_fcontext_get_con
+semanage_fcontext_set_con = _semanage.semanage_fcontext_set_con
+semanage_fcontext_create = _semanage.semanage_fcontext_create
+semanage_fcontext_clone = _semanage.semanage_fcontext_clone
+semanage_fcontext_free = _semanage.semanage_fcontext_free
+semanage_fcontext_modify_local = _semanage.semanage_fcontext_modify_local
+semanage_fcontext_del_local = _semanage.semanage_fcontext_del_local
+semanage_fcontext_query_local = _semanage.semanage_fcontext_query_local
+semanage_fcontext_exists_local = _semanage.semanage_fcontext_exists_local
+semanage_fcontext_count_local = _semanage.semanage_fcontext_count_local
+semanage_fcontext_iterate_local = _semanage.semanage_fcontext_iterate_local
+semanage_fcontext_list_local = _semanage.semanage_fcontext_list_local
+semanage_fcontext_query = _semanage.semanage_fcontext_query
+semanage_fcontext_exists = _semanage.semanage_fcontext_exists
+semanage_fcontext_count = _semanage.semanage_fcontext_count
+semanage_fcontext_iterate = _semanage.semanage_fcontext_iterate
+semanage_fcontext_list = _semanage.semanage_fcontext_list
+semanage_seuser_key_create = _semanage.semanage_seuser_key_create
+semanage_seuser_key_extract = _semanage.semanage_seuser_key_extract
+semanage_seuser_key_free = _semanage.semanage_seuser_key_free
+semanage_seuser_compare = _semanage.semanage_seuser_compare
+semanage_seuser_compare2 = _semanage.semanage_seuser_compare2
+semanage_seuser_get_name = _semanage.semanage_seuser_get_name
+semanage_seuser_set_name = _semanage.semanage_seuser_set_name
+semanage_seuser_get_sename = _semanage.semanage_seuser_get_sename
+semanage_seuser_set_sename = _semanage.semanage_seuser_set_sename
+semanage_seuser_get_mlsrange = _semanage.semanage_seuser_get_mlsrange
+semanage_seuser_set_mlsrange = _semanage.semanage_seuser_set_mlsrange
+semanage_seuser_create = _semanage.semanage_seuser_create
+semanage_seuser_clone = _semanage.semanage_seuser_clone
+semanage_seuser_free = _semanage.semanage_seuser_free
+semanage_seuser_modify_local = _semanage.semanage_seuser_modify_local
+semanage_seuser_del_local = _semanage.semanage_seuser_del_local
+semanage_seuser_query_local = _semanage.semanage_seuser_query_local
+semanage_seuser_exists_local = _semanage.semanage_seuser_exists_local
+semanage_seuser_count_local = _semanage.semanage_seuser_count_local
+semanage_seuser_iterate_local = _semanage.semanage_seuser_iterate_local
+semanage_seuser_list_local = _semanage.semanage_seuser_list_local
+semanage_seuser_query = _semanage.semanage_seuser_query
+semanage_seuser_exists = _semanage.semanage_seuser_exists
+semanage_seuser_count = _semanage.semanage_seuser_count
+semanage_seuser_iterate = _semanage.semanage_seuser_iterate
+semanage_seuser_list = _semanage.semanage_seuser_list
+SEMANAGE_PROTO_IP4 = _semanage.SEMANAGE_PROTO_IP4
+SEMANAGE_PROTO_IP6 = _semanage.SEMANAGE_PROTO_IP6
+semanage_node_compare = _semanage.semanage_node_compare
+semanage_node_compare2 = _semanage.semanage_node_compare2
+semanage_node_key_create = _semanage.semanage_node_key_create
+semanage_node_key_extract = _semanage.semanage_node_key_extract
+semanage_node_key_free = _semanage.semanage_node_key_free
+semanage_node_get_addr = _semanage.semanage_node_get_addr
+semanage_node_get_addr_bytes = _semanage.semanage_node_get_addr_bytes
+semanage_node_set_addr = _semanage.semanage_node_set_addr
+semanage_node_set_addr_bytes = _semanage.semanage_node_set_addr_bytes
+semanage_node_get_mask = _semanage.semanage_node_get_mask
+semanage_node_get_mask_bytes = _semanage.semanage_node_get_mask_bytes
+semanage_node_set_mask = _semanage.semanage_node_set_mask
+semanage_node_set_mask_bytes = _semanage.semanage_node_set_mask_bytes
+semanage_node_get_proto = _semanage.semanage_node_get_proto
+semanage_node_set_proto = _semanage.semanage_node_set_proto
+semanage_node_get_proto_str = _semanage.semanage_node_get_proto_str
+semanage_node_get_con = _semanage.semanage_node_get_con
+semanage_node_set_con = _semanage.semanage_node_set_con
+semanage_node_create = _semanage.semanage_node_create
+semanage_node_clone = _semanage.semanage_node_clone
+semanage_node_free = _semanage.semanage_node_free
+semanage_node_modify_local = _semanage.semanage_node_modify_local
+semanage_node_del_local = _semanage.semanage_node_del_local
+semanage_node_query_local = _semanage.semanage_node_query_local
+semanage_node_exists_local = _semanage.semanage_node_exists_local
+semanage_node_count_local = _semanage.semanage_node_count_local
+semanage_node_iterate_local = _semanage.semanage_node_iterate_local
+semanage_node_list_local = _semanage.semanage_node_list_local
+semanage_node_query = _semanage.semanage_node_query
+semanage_node_exists = _semanage.semanage_node_exists
+semanage_node_count = _semanage.semanage_node_count
+semanage_node_iterate = _semanage.semanage_node_iterate
+semanage_node_list = _semanage.semanage_node_list
+
+
diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
new file mode 100644
index 0000000..7ee139f
--- /dev/null
+++ b/libsemanage/src/semanage_conf.h
@@ -0,0 +1,60 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef SEMANAGE_CONF_H
+#define SEMANAGE_CONF_H
+
+#include <semanage/handle.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+/* libsemanage has its own configuration file. It has two main parts:
+ * - single options
+ * - external programs to execute whenever a policy is to be loaded
+ */
+
+typedef struct semanage_conf {
+ enum semanage_connect_type store_type;
+ char *store_path; /* used for both socket path and policy dir */
+ int server_port;
+ int policyvers; /* version for server generated policies */
+ int expand_check;
+ int save_previous;
+ int save_linked;
+ int disable_genhomedircon;
+ int handle_unknown;
+ mode_t file_mode;
+ struct external_prog *load_policy;
+ struct external_prog *setfiles;
+ struct external_prog *mod_prog, *linked_prog, *kernel_prog;
+} semanage_conf_t;
+
+/* A linked list of verification programs. Each one is called in
+ * order of appearance within the configuration file.
+ */
+typedef struct external_prog {
+ char *path;
+ char *args;
+ struct external_prog *next;
+} external_prog_t;
+
+semanage_conf_t *semanage_conf_parse(const char *config_filename);
+void semanage_conf_destroy(semanage_conf_t * conf);
+
+#endif
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
new file mode 100644
index 0000000..8531353
--- /dev/null
+++ b/libsemanage/src/semanage_store.c
@@ -0,0 +1,2521 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Christopher Ashworth <cashworth@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This file contains semanage routines that manipulate the files on a
+ * local module store. Sandbox routines, used by both source and
+ * direct connections, are here as well.
+ */
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include "semanage_store.h"
+#include "database_policydb.h"
+#include "handle.h"
+
+#include <selinux/selinux.h>
+#include <sepol/policydb.h>
+#include <sepol/module.h>
+
+#include <assert.h>
+#include <ctype.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <limits.h>
+
+#include "debug.h"
+
+#define SEMANAGE_CONF_FILE "semanage.conf"
+/* relative path names to enum semanage_paths to special files and
+ * directories for the module store */
+
+#define TRUE 1
+
+enum semanage_file_defs {
+ SEMANAGE_ROOT,
+ SEMANAGE_TRANS_LOCK,
+ SEMANAGE_READ_LOCK,
+ SEMANAGE_NUM_FILES
+};
+
+static char *semanage_paths[SEMANAGE_NUM_STORES][SEMANAGE_STORE_NUM_PATHS];
+static char *semanage_files[SEMANAGE_NUM_FILES] = { NULL };
+static char *semanage_conf;
+static int semanage_paths_initialized = 0;
+
+/* These are paths relative to the bottom of the module store */
+static const char *semanage_relative_files[SEMANAGE_NUM_FILES] = {
+ "",
+ "/semanage.trans.LOCK",
+ "/semanage.read.LOCK"
+};
+
+static const char *semanage_store_paths[SEMANAGE_NUM_STORES] = {
+ "/active",
+ "/previous",
+ "/tmp"
+};
+
+/* this is the module store path relative to selinux_policy_root() */
+#define SEMANAGE_MOD_DIR "/modules"
+/* relative path names to enum sandbox_paths for special files within
+ * a sandbox */
+static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
+ "",
+ "/modules",
+ "/policy.kern",
+ "/base.pp",
+ "/base.linked",
+ "/file_contexts",
+ "/homedir_template",
+ "/file_contexts.template",
+ "/commit_num",
+ "/ports.local",
+ "/interfaces.local",
+ "/nodes.local",
+ "/booleans.local",
+ "/file_contexts.local",
+ "/seusers",
+ "/users.local",
+ "/users_extra.local",
+ "/seusers.final",
+ "/users_extra",
+ "/netfilter_contexts",
+ "/file_contexts.homedirs",
+};
+
+/* A node used in a linked list of file contexts; used for sorting.
+ */
+typedef struct semanage_file_context_node {
+ char *path;
+ char *file_type;
+ char *context;
+ int path_len;
+ int effective_len;
+ int type_len;
+ int context_len;
+ int meta; /* position of first meta char in path, -1 if none */
+ struct semanage_file_context_node *next;
+} semanage_file_context_node_t;
+
+/* A node used in a linked list of buckets that contain
+ * semanage_file_context_node lists. Used for sorting.
+ */
+typedef struct semanage_file_context_bucket {
+ semanage_file_context_node_t *data;
+ struct semanage_file_context_bucket *next;
+} semanage_file_context_bucket_t;
+
+/* A node used in a linked list of netfilter rules.
+ */
+typedef struct semanage_netfilter_context_node {
+ char *rule;
+ size_t rule_len;
+ struct semanage_netfilter_context_node *next;
+} semanage_netfilter_context_node_t;
+
+/* Initialize the paths to config file, lock files and store root.
+ */
+static int semanage_init_paths(const char *root)
+{
+ size_t len, prefix_len;
+ int i;
+
+ if (!root)
+ return -1;
+
+ prefix_len = (strlen(root) + strlen(SEMANAGE_MOD_DIR));
+
+ for (i = 0; i < SEMANAGE_NUM_FILES; i++) {
+ len = (strlen(semanage_relative_files[i]) + prefix_len);
+ semanage_files[i] = calloc(len + 1, sizeof(char));
+ if (!semanage_files[i])
+ return -1;
+ sprintf(semanage_files[i], "%s%s%s", root, SEMANAGE_MOD_DIR,
+ semanage_relative_files[i]);
+ }
+
+ len = strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
+ semanage_conf = calloc(len + 1, sizeof(char));
+ if (!semanage_conf)
+ return -1;
+ snprintf(semanage_conf, len, "%s%s", selinux_path(),
+ SEMANAGE_CONF_FILE);
+
+ return 0;
+}
+
+/* This initializes the paths inside the stores, this is only necessary
+ * when directly accessing the store
+ */
+static int semanage_init_store_paths(const char *root)
+{
+ int i, j;
+ size_t len;
+ size_t prefix_len;
+ char *prefix;
+
+ if (!root)
+ return -1;
+
+ prefix_len = (strlen(root) + strlen(SEMANAGE_MOD_DIR));
+ prefix = calloc(prefix_len + 1, sizeof(char));
+ if (!prefix)
+ return -1;
+ sprintf(prefix, "%s%s", root, SEMANAGE_MOD_DIR);
+
+ for (i = 0; i < SEMANAGE_NUM_STORES; i++) {
+ for (j = 0; j < SEMANAGE_STORE_NUM_PATHS; j++) {
+ len = prefix_len + strlen(semanage_store_paths[i])
+ + strlen(semanage_sandbox_paths[j]);
+ semanage_paths[i][j] = calloc(len + 1, sizeof(char));
+ if (!semanage_paths[i][j])
+ goto cleanup;
+ sprintf(semanage_paths[i][j], "%s%s%s", prefix,
+ semanage_store_paths[i],
+ semanage_sandbox_paths[j]);
+ }
+ }
+
+ cleanup:
+ free(prefix);
+ return 0;
+}
+
+/* THIS MUST BE THE FIRST FUNCTION CALLED IN THIS LIBRARY. If the
+ * library has nnot been initialized yet then call the functions that
+ * initialize the path variables. This function does nothing if it
+ * was previously called and that call was successful. Return 0 on
+ * success, -1 on error.
+ *
+ * Note that this function is NOT thread-safe.
+ */
+int semanage_check_init(const char *root)
+{
+ int rc;
+ if (semanage_paths_initialized == 0) {
+ rc = semanage_init_paths(root);
+ if (rc)
+ return rc;
+ rc = semanage_init_store_paths(root);
+ if (rc)
+ return rc;
+ semanage_paths_initialized = 1;
+ }
+ return 0;
+}
+
+/* Given a definition number, return a file name from the paths array */
+const char *semanage_fname(enum semanage_sandbox_defs file_enum)
+{
+ return semanage_sandbox_paths[file_enum];
+}
+
+/* Given a store location (active/previous/tmp) and a definition
+ * number, return a fully-qualified path to that file or directory.
+ * The caller must not alter the string returned (and hence why this
+ * function return type is const).
+ *
+ * This function shall never return a NULL, assuming that
+ * semanage_check_init() was previously called.
+ */
+const char *semanage_path(enum semanage_store_defs store,
+ enum semanage_sandbox_defs path_name)
+{
+ assert(semanage_paths[store][path_name]);
+ return semanage_paths[store][path_name];
+}
+
+/* Return a fully-qualified path + filename to the semanage
+ * configuration file. The caller must not alter the string returned
+ * (and hence why this function return type is const).
+ *
+ * This is going to be hard coded to /etc/selinux/semanage.conf for
+ * the time being. FIXME
+ */
+const char *semanage_conf_path(void)
+{
+ return "/etc/selinux/semanage.conf";
+}
+
+/**************** functions that create module store ***************/
+
+/* Check that the semanage store exists. If 'create' is non-zero then
+ * create the directories. Returns 0 if module store exists (either
+ * already or just created), -1 if does not exist or could not be
+ * read, or -2 if it could not create the store. */
+int semanage_create_store(semanage_handle_t * sh, int create)
+{
+ struct stat sb;
+ int mode_mask = R_OK | W_OK | X_OK;
+ const char *path = semanage_files[SEMANAGE_ROOT];
+ int fd;
+
+ if (stat(path, &sb) == -1) {
+ if (errno == ENOENT && create) {
+ if (mkdir(path, S_IRWXU) == -1) {
+ ERR(sh, "Could not create module store at %s.",
+ path);
+ return -2;
+ }
+ } else {
+ if (create)
+ ERR(sh,
+ "Could not read from module store at %s.",
+ path);
+ return -1;
+ }
+ } else {
+ if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ ERR(sh,
+ "Could not access module store at %s, or it is not a directory.",
+ path);
+ return -1;
+ }
+ }
+ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
+ if (stat(path, &sb) == -1) {
+ if (errno == ENOENT && create) {
+ if (mkdir(path, S_IRWXU) == -1) {
+ ERR(sh,
+ "Could not create module store, active subdirectory at %s.",
+ path);
+ return -2;
+ }
+ } else {
+ ERR(sh,
+ "Could not read from module store, active subdirectory at %s.",
+ path);
+ return -1;
+ }
+ } else {
+ if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ ERR(sh,
+ "Could not access module store active subdirectory at %s, or it is not a directory.",
+ path);
+ return -1;
+ }
+ }
+ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_MODULES);
+ if (stat(path, &sb) == -1) {
+ if (errno == ENOENT && create) {
+ if (mkdir(path, S_IRWXU) == -1) {
+ ERR(sh,
+ "Could not create module store, active modules subdirectory at %s.",
+ path);
+ return -2;
+ }
+ } else {
+ ERR(sh,
+ "Could not read from module store, active modules subdirectory at %s.",
+ path);
+ return -1;
+ }
+ } else {
+ if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ ERR(sh,
+ "Could not access module store active modules subdirectory at %s, or it is not a directory.",
+ path);
+ return -1;
+ }
+ }
+ path = semanage_files[SEMANAGE_READ_LOCK];
+ if (stat(path, &sb) == -1) {
+ if (errno == ENOENT && create) {
+ if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) {
+ ERR(sh, "Could not create lock file at %s.",
+ path);
+ return -2;
+ }
+ } else {
+ ERR(sh, "Could not read lock file at %s.", path);
+ return -1;
+ }
+ } else {
+ if (!S_ISREG(sb.st_mode) || access(path, R_OK | W_OK) == -1) {
+ ERR(sh, "Could not access lock file at %s.", path);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+/* returns <0 if the active store cannot be read or doesn't exist
+ * 0 if the store exists but the lock file cannot be accessed
+ * SEMANAGE_CAN_READ if the store can be read and the lock file used
+ * SEMANAGE_CAN_WRITE if the modules directory and binary policy dir can be written to
+ */
+int semanage_store_access_check(semanage_handle_t * sh)
+{
+ const char *path;
+ int rc = -1;
+
+ /* read access on active store */
+ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
+ if (access(path, R_OK | X_OK) != 0)
+ goto out;
+
+ /* we can read the active store meaning it is managed
+ * so now we return 0 to indicate no error */
+ rc = 0;
+
+ /* read access on lock file required for locking
+ * write access necessary if the lock file does not exist
+ */
+ path = semanage_files[SEMANAGE_READ_LOCK];
+ if (access(path, R_OK) != 0) {
+ if (access(path, F_OK) == 0) {
+ goto out;
+ }
+
+ path = semanage_files[SEMANAGE_ROOT];
+ if (access(path, R_OK | W_OK | X_OK) != 0) {
+ goto out;
+ }
+ }
+
+ /* everything needed for reading has been checked */
+ rc = SEMANAGE_CAN_READ;
+
+ /* check the modules directory */
+ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_MODULES);
+ if (access(path, R_OK | W_OK | X_OK) != 0)
+ goto out;
+
+ rc = SEMANAGE_CAN_WRITE;
+
+ out:
+ return rc;
+}
+
+/********************* other I/O functions *********************/
+
+/* Callback used by scandir() to select files. */
+static int semanage_filename_select(const struct dirent *d)
+{
+ if (d->d_name[0] == '.'
+ && (d->d_name[1] == '\0'
+ || (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+ return 0;
+ return 1;
+}
+
+/* Copies a file from src to dst. If dst already exists then
+ * overwrite it. Returns 0 on success, -1 on error. */
+static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
+{
+ int in, out, retval = 0, amount_read, n, errsv = errno;
+ char tmp[PATH_MAX];
+ char buf[4192];
+
+ n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
+ if (n < 0 || n >= PATH_MAX)
+ return -1;
+
+ if ((in = open(src, O_RDONLY)) == -1) {
+ return -1;
+ }
+
+ if (!mode)
+ mode = S_IRUSR | S_IWUSR;
+
+ if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+ errsv = errno;
+ close(in);
+ retval = -1;
+ goto out;
+ }
+ while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
+ if (write(out, buf, amount_read) < 0) {
+ errsv = errno;
+ retval = -1;
+ }
+ }
+ if (amount_read < 0) {
+ errsv = errno;
+ retval = -1;
+ }
+ close(in);
+ if (close(out) < 0) {
+ errsv = errno;
+ retval = -1;
+ }
+
+ if (!retval && rename(tmp, dst) == -1)
+ return -1;
+
+out:
+ errno = errsv;
+ return retval;
+}
+
+/* Copies all of the files from src to dst, recursing into
+ * subdirectories. Returns 0 on success, -1 on error. */
+static int semanage_copy_dir(const char *src, const char *dst)
+{
+ int i, len = 0, retval = -1;
+ struct stat sb;
+ struct dirent **names = NULL;
+ char path[PATH_MAX], path2[PATH_MAX];
+
+ if ((len = scandir(src, &names, semanage_filename_select, NULL)) == -1) {
+ return -1;
+ }
+ for (i = 0; i < len; i++) {
+ snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name);
+ /* stat() to see if this entry is a file or not since
+ * d_type isn't set properly on XFS */
+ if (stat(path, &sb)) {
+ goto cleanup;
+ }
+ snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name);
+ if (S_ISDIR(sb.st_mode)) {
+ if (mkdir(path2, 0700) == -1 ||
+ semanage_copy_dir(path, path2) == -1) {
+ goto cleanup;
+ }
+ } else if (S_ISREG(sb.st_mode)) {
+ if (semanage_copy_file(path, path2, sb.st_mode) == -1) {
+ goto cleanup;
+ }
+ }
+ }
+ retval = 0;
+ cleanup:
+ for (i = 0; names != NULL && i < len; i++) {
+ free(names[i]);
+ }
+ free(names);
+ return retval;
+}
+
+/* Recursively removes the contents of a directory along with the
+ * directory itself. Returns 0 on success, non-zero on error. */
+int semanage_remove_directory(const char *path)
+{
+ struct dirent **namelist = NULL;
+ int num_entries, i;
+ if ((num_entries = scandir(path, &namelist, semanage_filename_select,
+ NULL)) == -1) {
+ return -1;
+ }
+ for (i = 0; i < num_entries; i++) {
+ char s[NAME_MAX];
+ struct stat buf;
+ snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name);
+ if (stat(s, &buf) == -1) {
+ return -2;
+ }
+ if (S_ISDIR(buf.st_mode)) {
+ int retval;
+ if ((retval = semanage_remove_directory(s)) != 0) {
+ return retval;
+ }
+ } else {
+ if (remove(s) == -1) {
+ return -3;
+ }
+ }
+ free(namelist[i]);
+ }
+ free(namelist);
+ if (rmdir(path) == -1) {
+ return -4;
+ }
+ return 0;
+}
+
+/********************* sandbox management routines *********************/
+
+/* Creates a sandbox for a single client. Returns 0 if a
+ * sandbox was created, -1 on error.
+ */
+int semanage_make_sandbox(semanage_handle_t * sh)
+{
+ const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
+ struct stat buf;
+ int errsv;
+
+ if (stat(sandbox, &buf) == -1) {
+ if (errno != ENOENT) {
+ ERR(sh, "Error scanning directory %s.", sandbox);
+ return -1;
+ }
+ errno = 0;
+ } else {
+ /* remove the old sandbox */
+ if (semanage_remove_directory(sandbox) != 0) {
+ ERR(sh, "Error removing old sandbox directory %s.",
+ sandbox);
+ return -1;
+ }
+ }
+
+ if (mkdir(sandbox, S_IRWXU) == -1 ||
+ semanage_copy_dir(semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL),
+ sandbox) == -1) {
+ ERR(sh, "Could not copy files to sandbox %s.", sandbox);
+ goto cleanup;
+ }
+ return 0;
+
+ cleanup:
+ errsv = errno;
+ semanage_remove_directory(sandbox);
+ errno = errsv;
+ return -1;
+}
+
+/* Scans the modules directory for the current semanage handler. This
+ * might be the active directory or sandbox, depending upon if the
+ * handler has a transaction lock. Allocates and fills in *filenames
+ * with an array of module filenames; length of array is stored in
+ * *len. The caller is responsible for free()ing *filenames and its
+ * individual elements. Upon success returns 0, -1 on error.
+ */
+int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames,
+ int *len)
+{
+ const char *modules_path;
+ struct dirent **namelist = NULL;
+ int num_files, i, retval = -1;
+
+ if (sh->is_in_transaction) {
+ modules_path = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES);
+ } else {
+ modules_path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_MODULES);
+ }
+
+ *filenames = NULL;
+ *len = 0;
+ if ((num_files = scandir(modules_path, &namelist,
+ semanage_filename_select, alphasort)) == -1) {
+ ERR(sh, "Error while scanning directory %s.", modules_path);
+ goto cleanup;
+ }
+ if (num_files == 0) {
+ retval = 0;
+ goto cleanup;
+ }
+ if ((*filenames =
+ (char **)calloc(num_files, sizeof(**filenames))) == NULL) {
+ ERR(sh, "Out of memory!");
+ goto cleanup;
+ }
+ for (i = 0; i < num_files; i++) {
+ char *filename;
+ char path[PATH_MAX];
+
+ snprintf(path, PATH_MAX, "%s/%s", modules_path,
+ namelist[i]->d_name);
+ if ((filename = strdup(path)) == NULL) {
+ int j;
+ ERR(sh, "Out of memory!");
+ for (j = 0; j < i; j++) {
+ free((*filenames)[j]);
+ }
+ free(*filenames);
+ *filenames = NULL;
+ goto cleanup;
+ }
+ (*filenames)[i] = filename;
+ }
+ *len = num_files;
+ retval = 0;
+ cleanup:
+ for (i = 0; i < num_files; i++) {
+ free(namelist[i]);
+ }
+ free(namelist);
+ return retval;
+}
+
+/******************* routines that run external programs *******************/
+
+/* Appends a single character to a string. Returns a pointer to the
+ * realloc()ated string. If out of memory return NULL; original
+ * string will remain untouched.
+ */
+static char *append(char *s, char c)
+{
+ size_t len = (s == NULL ? 0 : strlen(s));
+ char *new_s = realloc(s, len + 2);
+ if (new_s == NULL) {
+ return NULL;
+ }
+ s = new_s;
+ s[len] = c;
+ s[len + 1] = '\0';
+ return s;
+}
+
+/* Append string 't' to string 's', realloc()ating 's' as needed. 't'
+ * may be safely free()d afterwards. Returns a pointer to the
+ * realloc()ated 's'. If out of memory return NULL; original strings
+ * will remain untouched.
+ */
+static char *append_str(char *s, const char *t)
+{
+ size_t s_len = (s == NULL ? 0 : strlen(s));
+ size_t t_len = (t == NULL ? 0 : strlen(t));
+ char *new_s = realloc(s, s_len + t_len + 1);
+ if (new_s == NULL) {
+ return NULL;
+ }
+ s = new_s;
+ memcpy(s + s_len, t, t_len);
+ s[s_len + t_len] = '\0';
+ return s;
+}
+
+/* Append an argument string to an argument vector, returning a
+ * pointer to the realloc()ated argument vector. Also increments
+ * 'num_args'.
+ */
+static char **append_arg(char **argv, int *num_args, const char *arg)
+{
+ char **a;
+ if ((a = realloc(argv, sizeof(*argv) * (*num_args + 1))) == NULL) {
+ return NULL;
+ }
+ argv = a;
+ if (arg == NULL) {
+ argv[*num_args] = NULL;
+ } else {
+ argv[*num_args] = strdup(arg);
+ if (!argv[*num_args]) {
+ return NULL;
+ }
+ }
+ (*num_args)++;
+ return argv;
+}
+
+/* free()s all strings within a null-terminated argument vector, as
+ * well as the pointer itself. */
+static void free_argv(char **argv)
+{
+ int i;
+ for (i = 0; argv != NULL && argv[i] != NULL; i++) {
+ free(argv[i]);
+ }
+ free(argv);
+}
+
+/* Take an argument string and split and place into an argument
+ * vector. Respect normal quoting, double-quoting, and backslash
+ * conventions. Perform substitutions on $@ and $< symbols. Returns
+ * a NULL-terminated argument vector; caller is responsible for
+ * free()ing the vector and its elements. */
+static char **split_args(const char *arg0, char *arg_string,
+ const char *new_name, const char *old_name)
+{
+ char **argv = NULL, **tv, *s, *arg = NULL, *targ;
+ int num_args = 0, in_quote = 0, in_dquote = 0;
+
+ if ((tv = append_arg(argv, &num_args, arg0)) == NULL) {
+ goto cleanup;
+ } else {
+ argv = tv;
+ }
+ s = arg_string;
+ /* parse the argument string one character at a time,
+ * repsecting quotes and other special characters */
+ while (s != NULL && *s != '\0') {
+ switch (*s) {
+ case '\\':{
+ if (*(s + 1) == '\0') {
+ if ((targ = append(arg, '\\')) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ } else {
+ if ((targ =
+ append(arg, *(s + 1))) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ s++;
+ }
+ break;
+ }
+ case '\'':{
+ if (in_dquote) {
+ if ((targ = append(arg, *s)) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ } else if (in_quote) {
+ in_quote = 0;
+ } else {
+ in_quote = 1;
+ if ((targ = append(arg, '\0')) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ }
+ break;
+ }
+ case '\"':{
+ if (in_quote) {
+ if ((targ = append(arg, *s)) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ } else if (in_dquote) {
+ in_dquote = 0;
+ } else {
+ in_dquote = 1;
+ if ((targ = append(arg, '\0')) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ }
+ break;
+ }
+ case '$':{
+ switch (*(s + 1)) {
+ case '@':{
+ if ((targ =
+ append_str(arg,
+ new_name)) ==
+ NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ s++;
+ break;
+ }
+ case '<':{
+ if ((targ =
+ append_str(arg,
+ old_name)) ==
+ NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ s++;
+ break;
+ }
+ default:{
+ if ((targ =
+ append(arg, *s)) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ }
+ }
+ break;
+ }
+ default:{
+ if (isspace(*s) && !in_quote && !in_dquote) {
+ if (arg != NULL) {
+ if ((tv =
+ append_arg(argv, &num_args,
+ arg)) == NULL) {
+ goto cleanup;
+ } else {
+ argv = tv;
+ }
+ free(arg);
+ arg = NULL;
+ }
+ } else {
+ if ((targ = append(arg, *s)) == NULL) {
+ goto cleanup;
+ } else {
+ arg = targ;
+ }
+ }
+ }
+ }
+ s++;
+ }
+ if (arg != NULL) {
+ if ((tv = append_arg(argv, &num_args, arg)) == NULL) {
+ goto cleanup;
+ } else {
+ argv = tv;
+ }
+ free(arg);
+ arg = NULL;
+ }
+ /* explicitly add a NULL at the end */
+ if ((tv = append_arg(argv, &num_args, NULL)) != NULL) {
+ return tv;
+ }
+ cleanup:
+ free_argv(argv);
+ free(arg);
+ return NULL;
+}
+
+/* Take the arguments given in v->args and expand any $ macros within.
+ * Split the arguments into different strings (argv). Next fork and
+ * execute the process. BE SURE THAT ALL FILE DESCRIPTORS ARE SET TO
+ * CLOSE-ON-EXEC. Take the return value of the child process and
+ * return it, -1 on error.
+ */
+static int semanage_exec_prog(semanage_handle_t * sh,
+ external_prog_t * e, const char *new_name,
+ const char *old_name)
+{
+ char **argv;
+ pid_t forkval;
+
+ if ((argv = split_args(e->path, e->args, new_name, old_name)) == NULL) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+
+ /* no need to use pthread_atfork() -- child will not be using
+ * any mutexes. */
+ if ((forkval = vfork()) == -1) {
+ ERR(sh, "Error while forking process.");
+ return -1;
+ } else if (forkval == 0) {
+ /* child process. file descriptors will be closed
+ * because they were set as close-on-exec. */
+ execve(e->path, argv, NULL);
+ _exit(EXIT_FAILURE); /* if execve() failed */
+ } else {
+ /* parent process. wait for child to finish */
+ int status = 0;
+ free_argv(argv);
+ if (waitpid(forkval, &status, 0) == -1 || !WIFEXITED(status)) {
+ ERR(sh, "Child process %s did not exit cleanly.",
+ e->path);
+ return -1;
+ }
+ return WEXITSTATUS(status);
+ }
+ assert(0);
+ return 0; /* never reached, but here to satisfy lint */
+}
+
+/* reloads the policy pointed to by the handle, used locally by install
+ * and exported for user reload requests */
+int semanage_reload_policy(semanage_handle_t * sh)
+{
+ int r = 0;
+
+ if (!sh)
+ return -1;
+
+ if ((r = semanage_exec_prog(sh, sh->conf->load_policy, "", "")) != 0) {
+ ERR(sh, "load_policy returned error code %d.", r);
+ }
+ return r;
+}
+
+hidden_def(semanage_reload_policy)
+
+/* This expands the file_context.tmpl file to file_context and homedirs.template */
+int semanage_split_fc(semanage_handle_t * sh)
+{
+ FILE *file_con = NULL;
+ int fc = -1, hd = -1, retval = -1;
+ char buf[PATH_MAX] = { 0 };
+
+ /* I use fopen here instead of open so that I can use fgets which only reads a single line */
+ file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r");
+ if (!file_con) {
+ ERR(sh, "Could not open %s for reading.",
+ semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+ goto cleanup;
+ }
+
+ fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_FC),
+ O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ if (!fc) {
+ ERR(sh, "Could not open %s for writing.",
+ semanage_path(SEMANAGE_TMP, SEMANAGE_FC));
+ goto cleanup;
+ }
+ hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
+ O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ if (!hd) {
+ ERR(sh, "Could not open %s for writing.",
+ semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
+ goto cleanup;
+ }
+
+ while (fgets_unlocked(buf, PATH_MAX, file_con)) {
+ if (!strncmp(buf, "HOME_DIR", 8) ||
+ !strncmp(buf, "HOME_ROOT", 9) || strstr(buf, "ROLE")) {
+ /* This contains one of the template variables, write it to homedir.template */
+ if (write(hd, buf, strlen(buf)) < 0) {
+ ERR(sh, "Write to %s failed.",
+ semanage_path(SEMANAGE_TMP,
+ SEMANAGE_HOMEDIR_TMPL));
+ goto cleanup;
+ }
+ } else {
+ if (write(fc, buf, strlen(buf)) < 0) {
+ ERR(sh, "Write to %s failed.",
+ semanage_path(SEMANAGE_TMP, SEMANAGE_FC));
+ goto cleanup;
+ }
+ }
+ }
+
+ retval = 0;
+ cleanup:
+ if (file_con)
+ fclose(file_con);
+ if (fc >= 0)
+ close(fc);
+ if (hd >= 0)
+ close(hd);
+
+ return retval;
+
+}
+
+/* Actually load the contents of the current active directory into the
+ * kernel. Return 0 on success, -3 on error. */
+static int semanage_install_active(semanage_handle_t * sh)
+{
+ int retval = -3, r, len;
+ char *storepath = NULL;
+ struct stat astore, istore;
+ const char *active_kernel =
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_KERNEL);
+ const char *active_fc = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC);
+ const char *active_fc_loc =
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_LOCAL);
+ const char *active_seusers =
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_SEUSERS);
+ const char *active_nc = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_NC);
+ const char *active_fc_hd =
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_FC_HOMEDIRS);
+
+ const char *running_fc = selinux_file_context_path();
+ const char *running_fc_loc = selinux_file_context_local_path();
+ const char *running_fc_hd = selinux_file_context_homedir_path();
+ const char *running_hd = selinux_homedir_context_path();
+ const char *running_policy = selinux_binary_policy_path();
+ const char *running_seusers = selinux_usersconf_path();
+ const char *running_nc = selinux_netfilter_context_path();
+ const char *really_active_store = selinux_policy_root();
+
+ /* This is very unelegant, the right thing to do is export the path
+ * building code in libselinux so that you can get paths for a given
+ * POLICYTYPE and should probably be done in the future. */
+ char store_fc[PATH_MAX];
+ char store_fc_loc[PATH_MAX];
+ char store_pol[PATH_MAX];
+ char store_seusers[PATH_MAX];
+ char store_nc[PATH_MAX];
+ char store_fc_hd[PATH_MAX];
+
+ len = strlen(really_active_store);
+ running_fc += len;
+ running_fc_loc += len;
+ running_fc_hd += len;
+ running_hd += len;
+ running_policy += len;
+ running_seusers += len;
+ running_nc += len;
+
+ len = strlen(selinux_path()) + strlen(sh->conf->store_path) + 1;
+ storepath = (char *)malloc(len);
+ if (!storepath)
+ goto cleanup;
+ snprintf(storepath, PATH_MAX, "%s%s", selinux_path(),
+ sh->conf->store_path);
+
+ snprintf(store_pol, PATH_MAX, "%s%s.%d", storepath,
+ running_policy, sh->conf->policyvers);
+ if (semanage_copy_file(active_kernel, store_pol, sh->conf->file_mode) ==
+ -1) {
+ ERR(sh, "Could not copy %s to %s.", active_kernel, store_pol);
+ goto cleanup;
+ }
+
+ if (!sh->conf->disable_genhomedircon) {
+ snprintf(store_fc_hd, PATH_MAX, "%s%s", storepath, running_fc_hd);
+ if (semanage_copy_file(active_fc_hd, store_fc_hd, sh->conf->file_mode)
+ == -1) {
+ ERR(sh, "Could not copy %s to %s.", active_fc_hd, store_fc_hd);
+ goto cleanup;
+ }
+ }
+
+ snprintf(store_fc, PATH_MAX, "%s%s", storepath, running_fc);
+ if (semanage_copy_file(active_fc, store_fc, sh->conf->file_mode) == -1) {
+ ERR(sh, "Could not copy %s to %s.", active_fc, store_fc);
+ goto cleanup;
+ }
+
+ snprintf(store_fc_loc, PATH_MAX, "%s%s", storepath, running_fc_loc);
+ if (semanage_copy_file(active_fc_loc, store_fc_loc, sh->conf->file_mode)
+ == -1 && errno != ENOENT) {
+ ERR(sh, "Could not copy %s to %s.", active_fc_loc,
+ store_fc_loc);
+ goto cleanup;
+ }
+ errno = 0;
+
+ snprintf(store_seusers, PATH_MAX, "%s%s", storepath, running_seusers);
+ if (semanage_copy_file
+ (active_seusers, store_seusers, sh->conf->file_mode) == -1
+ && errno != ENOENT) {
+ ERR(sh, "Could not copy %s to %s.", active_seusers,
+ store_seusers);
+ goto cleanup;
+ }
+ errno = 0;
+
+ snprintf(store_nc, PATH_MAX, "%s%s", storepath, running_nc);
+ if (semanage_copy_file(active_nc, store_nc, sh->conf->file_mode) == -1
+ && errno != ENOENT) {
+ ERR(sh, "Could not copy %s to %s.", active_nc, store_nc);
+ goto cleanup;
+ }
+ errno = 0;
+
+ if (!sh->do_reload)
+ goto skip_reload;
+
+ /* This stats what libselinux says the active store is (according to config)
+ * and what we are installing to, to decide if they are the same store. If
+ * they are not then we do not reload policy */
+
+ if (stat(really_active_store, &astore) == 0) {
+
+ if (stat(storepath, &istore)) {
+ ERR(sh, "Could not stat store path %s.", storepath);
+ goto cleanup;
+ }
+
+ if (!(astore.st_ino == istore.st_ino &&
+ astore.st_dev == istore.st_dev)) {
+ /* They are not the same store */
+ goto skip_reload;
+ }
+ } else if (errno == ENOENT &&
+ strcmp(really_active_store, storepath) != 0) {
+ errno = 0;
+ goto skip_reload;
+ }
+
+ if (semanage_reload_policy(sh)) {
+ goto cleanup;
+ }
+
+ skip_reload:
+
+ if ((r =
+ semanage_exec_prog(sh, sh->conf->setfiles, store_pol,
+ store_fc)) != 0) {
+ ERR(sh, "setfiles returned error code %d.", r);
+ goto cleanup;
+ }
+
+ retval = 0;
+ cleanup:
+ free(storepath);
+ return retval;
+}
+
+/* Prepare the sandbox to be installed by making a backup of the
+ * current active directory. Then copy the sandbox to the active
+ * directory. Return the new commit number on success, negative
+ * values on error. */
+static int semanage_commit_sandbox(semanage_handle_t * sh)
+{
+ int commit_number, fd, retval;
+ char write_buf[32];
+ const char *commit_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_COMMIT_NUM_FILE);
+ ssize_t amount_written;
+ const char *active = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_TOPLEVEL);
+ const char *backup =
+ semanage_path(SEMANAGE_PREVIOUS, SEMANAGE_TOPLEVEL);
+ const char *sandbox = semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL);
+ struct stat buf;
+
+ /* update the commit number */
+ if ((commit_number = semanage_direct_get_serial(sh)) < 0) {
+ return -1;
+ }
+ commit_number++;
+ memset(write_buf, 0, sizeof(write_buf));
+ snprintf(write_buf, sizeof(write_buf), "%d", commit_number);
+ if ((fd =
+ open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC,
+ S_IRUSR | S_IWUSR)) == -1) {
+ ERR(sh, "Could not open commit number file %s for writing.",
+ commit_filename);
+ return -1;
+ }
+ amount_written = write(fd, write_buf, sizeof(write_buf));
+ if (amount_written == -1) {
+ ERR(sh, "Error while writing commit number to %s.",
+ commit_filename);
+ close(fd);
+ return -1;
+ }
+ close(fd);
+
+ retval = commit_number;
+
+ if (semanage_get_active_lock(sh) < 0) {
+ return -1;
+ }
+ /* make the backup of the current active directory */
+ if (stat(backup, &buf) == 0) {
+ if (S_ISDIR(buf.st_mode) &&
+ semanage_remove_directory(backup) != 0) {
+ ERR(sh, "Could not remove previous backup %s.", backup);
+ retval = -1;
+ goto cleanup;
+ }
+ } else if (errno != ENOENT) {
+ ERR(sh, "Could not stat directory %s.", backup);
+ retval = -1;
+ goto cleanup;
+ }
+
+ if (rename(active, backup) == -1) {
+ ERR(sh, "Error while renaming %s to %s.", active, backup);
+ retval = -1;
+ goto cleanup;
+ }
+
+ /* clean up some files from the sandbox before install */
+ /* remove homedir_template from sandbox */
+
+ if (rename(sandbox, active) == -1) {
+ ERR(sh, "Error while renaming %s to %s.", sandbox, active);
+ /* note that if an error occurs during the next
+ * function then the store will be left in an
+ * inconsistent state */
+ if (rename(backup, active) < 0)
+ ERR(sh, "Error while renaming %s back to %s.", backup,
+ active);
+ retval = -1;
+ goto cleanup;
+ }
+ if (semanage_install_active(sh) != 0) {
+ /* note that if an error occurs during the next three
+ * function then the store will be left in an
+ * inconsistent state */
+ int errsv = errno;
+ if (rename(active, sandbox) < 0)
+ ERR(sh, "Error while renaming %s back to %s.", active,
+ sandbox);
+ else if (rename(backup, active) < 0)
+ ERR(sh, "Error while renaming %s back to %s.", backup,
+ active);
+ else
+ semanage_install_active(sh);
+ errno = errsv;
+ retval = -1;
+ goto cleanup;
+ }
+
+ if (!sh->conf->save_previous) {
+ int errsv = errno;
+ retval = semanage_remove_directory(backup);
+ if (retval < 0) {
+ ERR(sh, "Could not delete previous directory %s.", backup);
+ goto cleanup;
+ }
+ errno = errsv;
+ }
+
+ cleanup:
+ semanage_release_active_lock(sh);
+ return retval;
+}
+
+/* Takes the kernel policy in a sandbox, move it to the active
+ * directory, copy it to the binary policy path, then load it. Upon
+ * error move the active directory back to the sandbox. This function
+ * should be placed within a mutex lock to ensure that it runs
+ * atomically. Returns commit number on success, -1 on error.
+ */
+int semanage_install_sandbox(semanage_handle_t * sh)
+{
+ int retval = -1, commit_num = -1;
+
+ if (sh->conf->load_policy == NULL) {
+ ERR(sh,
+ "No load_policy program specified in configuration file.");
+ goto cleanup;
+ }
+ if (sh->conf->setfiles == NULL) {
+ ERR(sh, "No setfiles program specified in configuration file.");
+ goto cleanup;
+ }
+
+ if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
+ retval = commit_num;
+ goto cleanup;
+ }
+
+ retval = commit_num;
+
+ cleanup:
+ return retval;
+
+}
+
+/********************* functions that manipulate lock *********************/
+
+static int semanage_get_lock(semanage_handle_t * sh,
+ const char *lock_name, const char *lock_file)
+{
+ int fd;
+ struct timeval origtime, curtime;
+ int got_lock = 0;
+
+ if ((fd = open(lock_file, O_RDONLY)) == -1) {
+ if ((fd =
+ open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
+ S_IRUSR | S_IWUSR)) == -1) {
+ ERR(sh, "Could not open direct %s at %s.", lock_name,
+ lock_file);
+ return -1;
+ }
+ }
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) {
+ ERR(sh, "Could not set close-on-exec for %s at %s.", lock_name,
+ lock_file);
+ close(fd);
+ return -1;
+ }
+
+ if (sh->timeout == 0) {
+ /* return immediately */
+ origtime.tv_sec = 0;
+ } else {
+ origtime.tv_sec = sh->timeout;
+ }
+ origtime.tv_usec = 0;
+ do {
+ curtime.tv_sec = 1;
+ curtime.tv_usec = 0;
+ if (flock(fd, LOCK_EX | LOCK_NB) == 0) {
+ got_lock = 1;
+ break;
+ } else if (errno != EAGAIN) {
+ ERR(sh, "Error obtaining direct %s at %s.", lock_name,
+ lock_file);
+ close(fd);
+ return -1;
+ }
+ if (origtime.tv_sec > 0 || sh->timeout == -1) {
+ if (select(0, NULL, NULL, NULL, &curtime) == -1) {
+ if (errno == EINTR) {
+ continue;
+ }
+ ERR(sh,
+ "Error while waiting to get direct %s at %s.",
+ lock_name, lock_file);
+ close(fd);
+ return -1;
+ }
+ origtime.tv_sec--;
+ }
+ } while (origtime.tv_sec > 0 || sh->timeout == -1);
+ if (!got_lock) {
+ ERR(sh, "Could not get direct %s at %s.", lock_name, lock_file);
+ close(fd);
+ return -1;
+ }
+ return fd;
+}
+
+/* Locking for the module store for transactions. This is very basic
+ * locking of the module store and doesn't do anything if the module
+ * store is being manipulated with a program not using this library
+ * (but the policy should prevent that). Returns 0 on success, -1 if
+ * it could not obtain a lock.
+ */
+int semanage_get_trans_lock(semanage_handle_t * sh)
+{
+ const char *lock_file = semanage_files[SEMANAGE_TRANS_LOCK];
+
+ if (sh->u.direct.translock_file_fd >= 0)
+ return 0;
+
+ sh->u.direct.translock_file_fd =
+ semanage_get_lock(sh, "transaction lock", lock_file);
+ if (sh->u.direct.translock_file_fd >= 0) {
+ return 0;
+ } else {
+ return -1;
+ }
+}
+
+/* Locking for the module store for active store reading; this also includes
+ * the file containing the commit number. This is very basic locking
+ * of the module store and doesn't do anything if the module store is
+ * being manipulated with a program not using this library (but the
+ * policy should prevent that). Returns 0 on success, -1 if it could
+ * not obtain a lock.
+ */
+int semanage_get_active_lock(semanage_handle_t * sh)
+{
+ const char *lock_file = semanage_files[SEMANAGE_READ_LOCK];
+
+ if (sh->u.direct.activelock_file_fd >= 0)
+ return 0;
+
+ sh->u.direct.activelock_file_fd =
+ semanage_get_lock(sh, "read lock", lock_file);
+ if (sh->u.direct.activelock_file_fd >= 0) {
+ return 0;
+ } else {
+ return -1;
+ }
+}
+
+/* Releases the transaction lock. Does nothing if there was not one already
+ * there. */
+void semanage_release_trans_lock(semanage_handle_t * sh)
+{
+ int errsv = errno;
+ if (sh->u.direct.translock_file_fd >= 0) {
+ flock(sh->u.direct.translock_file_fd, LOCK_UN);
+ close(sh->u.direct.translock_file_fd);
+ sh->u.direct.translock_file_fd = -1;
+ }
+ errno = errsv;
+}
+
+/* Releases the read lock. Does nothing if there was not one already
+ * there. */
+void semanage_release_active_lock(semanage_handle_t * sh)
+{
+ int errsv = errno;
+ if (sh->u.direct.activelock_file_fd >= 0) {
+ flock(sh->u.direct.activelock_file_fd, LOCK_UN);
+ close(sh->u.direct.activelock_file_fd);
+ sh->u.direct.activelock_file_fd = -1;
+ }
+ errno = errsv;
+}
+
+/* Read the current commit number from the commit number file which
+ * the handle is pointing, resetting the file pointer afterwards.
+ * Return it (a non-negative number), or -1 on error. */
+int semanage_direct_get_serial(semanage_handle_t * sh)
+{
+ char buf[32];
+ int fd, commit_number;
+ ssize_t amount_read;
+ const char *commit_filename;
+ memset(buf, 0, sizeof(buf));
+
+ if (sh->is_in_transaction) {
+ commit_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_COMMIT_NUM_FILE);
+ } else {
+ commit_filename =
+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE);
+ }
+
+ if ((fd = open(commit_filename, O_RDONLY)) == -1) {
+ if (errno == ENOENT) {
+ /* the commit number file does not exist yet,
+ * so assume that the number is 0 */
+ errno = 0;
+ return 0;
+ } else {
+ ERR(sh, "Could not open commit number file %s.",
+ commit_filename);
+ return -1;
+ }
+ }
+
+ amount_read = read(fd, buf, sizeof(buf));
+ if (amount_read == -1) {
+ ERR(sh, "Error while reading commit number from %s.",
+ commit_filename);
+ commit_number = -1;
+ } else if (sscanf(buf, "%d", &commit_number) != 1) {
+ /* if nothing was read, assume that the commit number is 0 */
+ commit_number = 0;
+ } else if (commit_number < 0) {
+ /* read file ought never have negative values */
+ ERR(sh,
+ "Commit number file %s is corrupted; it should only contain a non-negative integer.",
+ commit_filename);
+ commit_number = -1;
+ }
+
+ close(fd);
+ return commit_number;
+}
+
+/* HIGHER LEVEL COMMIT FUNCTIONS */
+
+/* Loads a module (or a base) from a fully-qualified 'filename' into a
+ * newly allocated sepol_module_package_t structure and returns it in
+ * '*package'. Caller is responsible for destroying it afterwards via
+ * sepol_module_package_destroy(). Returns 0 on success, -1 on error.
+ */
+static int semanage_load_module(semanage_handle_t * sh, const char *filename,
+ sepol_module_package_t ** package)
+{
+ int retval = 0;
+ FILE *fp;
+ struct sepol_policy_file *pf = NULL;
+
+ *package = NULL;
+ if (sepol_module_package_create(package) == -1) {
+ ERR(sh, "Out of memory!");
+ return -1;
+ }
+
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ goto cleanup;
+ }
+
+ if ((fp = fopen(filename, "rb")) == NULL) {
+ ERR(sh, "Could not open module file %s for reading.", filename);
+ goto cleanup;
+ }
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ sepol_policy_file_set_fp(pf, fp);
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+ if (sepol_module_package_read(*package, pf, 0) == -1) {
+ ERR(sh, "Error while reading from module file %s.", filename);
+ fclose(fp);
+ goto cleanup;
+ }
+ sepol_policy_file_free(pf);
+ fclose(fp);
+ return retval;
+
+ cleanup:
+ sepol_module_package_free(*package);
+ *package = NULL;
+ sepol_policy_file_free(pf);
+ return -1;
+}
+
+/* Links all of the modules within the sandbox into the base module.
+ * '*base' will point to the module package that contains everything
+ * linked together (caller must call sepol_module_package_destroy() on
+ * it afterwards). '*mods' will be a list of module packages and
+ * '*num_modules' will be the number of elements within '*mods'
+ * (caller must destroy each element as well as the pointer itself.)
+ * Both '*base' and '*mods' will be set to NULL upon entering this
+ * function. Returns 0 on success, -1 on error.
+ */
+int semanage_link_sandbox(semanage_handle_t * sh,
+ sepol_module_package_t ** base)
+{
+ const char *base_filename = NULL;
+ char **module_filenames = NULL;
+ int retval = -1, i;
+ int num_modules = 0;
+ sepol_module_package_t **mods = NULL;
+
+ *base = NULL;
+
+ /* first make sure that base module is readable */
+ if ((base_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_BASE)) == NULL) {
+ goto cleanup;
+ }
+ if (access(base_filename, R_OK) == -1) {
+ ERR(sh, "Could not access sandbox base file %s.",
+ base_filename);
+ goto cleanup;
+ }
+
+ /* get list of modules and load them */
+ if (semanage_get_modules_names(sh, &module_filenames, &num_modules) ==
+ -1 || semanage_load_module(sh, base_filename, base) == -1) {
+ goto cleanup;
+ }
+ if ((mods = calloc(num_modules, sizeof(*mods))) == NULL) {
+ ERR(sh, "Out of memory!");
+ num_modules = 0;
+ goto cleanup;
+ }
+ for (i = 0; i < num_modules; i++) {
+ if (semanage_load_module(sh, module_filenames[i], mods + i) ==
+ -1) {
+ goto cleanup;
+ }
+ }
+
+ if (sepol_link_packages(sh->sepolh, *base, mods, num_modules, 0) != 0) {
+ ERR(sh, "Link packages failed");
+ goto cleanup;
+ }
+
+ retval = 0;
+
+ cleanup:
+ for (i = 0; module_filenames != NULL && i < num_modules; i++) {
+ free(module_filenames[i]);
+ }
+ free(module_filenames);
+ for (i = 0; mods != NULL && i < num_modules; i++) {
+ sepol_module_package_free(mods[i]);
+ }
+ free(mods);
+ return retval;
+}
+
+/*
+ * Expands the policy contained within *base
+ */
+int semanage_expand_sandbox(semanage_handle_t * sh,
+ sepol_module_package_t * base,
+ sepol_policydb_t ** policydb)
+{
+
+ struct sepol_policydb *out = NULL;
+ int policyvers = sh->conf->policyvers;
+ int expand_check = sh->conf->expand_check ? sh->modules_modified : 0;
+
+ if (sepol_policydb_create(&out))
+ goto err;
+
+ sepol_set_expand_consume_base(sh->sepolh, 1);
+
+ if (sepol_expand_module(sh->sepolh,
+ sepol_module_package_get_policy(base), out, 0,
+ expand_check)
+ == -1) {
+ ERR(sh, "Expand module failed");
+ goto err;
+ }
+ if (sepol_policydb_set_vers(out, policyvers)) {
+ ERR(sh, "Unknown/Invalid policy version %d.", policyvers);
+ goto err;
+ }
+ if (sh->conf->handle_unknown >= 0)
+ sepol_policydb_set_handle_unknown(out, sh->conf->handle_unknown);
+
+ *policydb = out;
+ return STATUS_SUCCESS;
+
+ err:
+ sepol_policydb_free(out);
+ return STATUS_ERR;
+}
+
+/**
+ * Writes the final policy to the sandbox (kernel)
+ */
+int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
+{
+
+ int retval = STATUS_ERR;
+ const char *kernel_filename = NULL;
+ struct sepol_policy_file *pf = NULL;
+ FILE *outfile = NULL;
+
+ if ((kernel_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL)) == NULL) {
+ goto cleanup;
+ }
+ if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+ ERR(sh, "Could not open kernel policy %s for writing.",
+ kernel_filename);
+ goto cleanup;
+ }
+ __fsetlocking(outfile, FSETLOCKING_BYCALLER);
+ if (sepol_policy_file_create(&pf)) {
+ ERR(sh, "Out of memory!");
+ goto cleanup;
+ }
+ sepol_policy_file_set_fp(pf, outfile);
+ sepol_policy_file_set_handle(pf, sh->sepolh);
+ if (sepol_policydb_write(out, pf) == -1) {
+ ERR(sh, "Error while writing kernel policy to %s.",
+ kernel_filename);
+ goto cleanup;
+ }
+ retval = STATUS_SUCCESS;
+
+ cleanup:
+ if (outfile != NULL) {
+ fclose(outfile);
+ }
+ sepol_policy_file_free(pf);
+ return retval;
+}
+
+/* Execute the module verification programs for each source module.
+ * Returns 0 if every verifier returned success, -1 on error.
+ */
+int semanage_verify_modules(semanage_handle_t * sh,
+ char **module_filenames, int num_modules)
+{
+ int i, retval;
+ semanage_conf_t *conf = sh->conf;
+ if (conf->mod_prog == NULL) {
+ return 0;
+ }
+ for (i = 0; i < num_modules; i++) {
+ char *module = module_filenames[i];
+ external_prog_t *e;
+ for (e = conf->mod_prog; e != NULL; e = e->next) {
+ if ((retval =
+ semanage_exec_prog(sh, e, module, "$<")) != 0) {
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Execute the linker verification programs for the linked (but not
+ * expanded) base. Returns 0 if every verifier returned success, -1
+ * on error.
+ */
+int semanage_verify_linked(semanage_handle_t * sh)
+{
+ external_prog_t *e;
+ semanage_conf_t *conf = sh->conf;
+ const char *linked_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
+ int retval = -1;
+ if (conf->linked_prog == NULL) {
+ return 0;
+ }
+ for (e = conf->linked_prog; e != NULL; e = e->next) {
+ if (semanage_exec_prog(sh, e, linked_filename, "$<") != 0) {
+ goto cleanup;
+ }
+ }
+ retval = 0;
+ cleanup:
+ return retval;
+}
+
+/* Execute each of the kernel verification programs. Returns 0 if
+ * every verifier returned success, -1 on error.
+ */
+int semanage_verify_kernel(semanage_handle_t * sh)
+{
+ int retval = -1;
+ const char *kernel_filename =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL);
+ semanage_conf_t *conf = sh->conf;
+ external_prog_t *e;
+ if (conf->kernel_prog == NULL) {
+ return 0;
+ }
+ for (e = conf->kernel_prog; e != NULL; e = e->next) {
+ if (semanage_exec_prog(sh, e, kernel_filename, "$<") != 0) {
+ goto cleanup;
+ }
+ }
+ retval = 0;
+ cleanup:
+ return retval;
+}
+
+/********************* functions that sort file contexts *********************/
+
+/* Free the given node. */
+static void semanage_fc_node_destroy(semanage_file_context_node_t * x)
+{
+ free(x->path);
+ free(x->file_type);
+ free(x->context);
+ free(x);
+}
+
+/* Free the linked list of nodes starting at the given node. */
+static void semanage_fc_node_list_destroy(semanage_file_context_node_t * x)
+{
+ semanage_file_context_node_t *temp;
+
+ while (x) {
+ temp = x;
+ x = x->next;
+ semanage_fc_node_destroy(temp);
+ }
+}
+
+/* Free the linked list of buckets (and their node lists)
+ * starting at the given bucket. */
+static void semanage_fc_bucket_list_destroy(semanage_file_context_bucket_t * x)
+{
+ semanage_file_context_bucket_t *temp;
+
+ while (x) {
+ temp = x;
+ x = x->next;
+ semanage_fc_node_list_destroy(temp->data);
+ free(temp);
+ }
+}
+
+/* Compares two file contexts' regular expressions and returns:
+ * -1 if a is less specific than b
+ * 0 if a and be are equally specific
+ * 1 if a is more specific than b
+ * The comparison is based on the following heuristics,
+ * in order from most important to least important, given a and b:
+ * If a is a regular expression and b is not,
+ * -> a is less specific than b.
+ * If a's stem length is shorter than b's stem length,
+ * -> a is less specific than b.
+ * If a's string length is shorter than b's string length,
+ * -> a is less specific than b.
+ * If a does not have a specified type and b does not,
+ * -> a is less specific than b.
+ * FIXME: These heuristics are imperfect, but good enough for
+ * now. A proper comparison would determine which (if either)
+ * regular expression is a subset of the other.
+ */
+static int semanage_fc_compare(semanage_file_context_node_t * a,
+ semanage_file_context_node_t * b)
+{
+ int a_has_meta = (a->meta >= 0);
+ int b_has_meta = (b->meta >= 0);
+
+ /* Check to see if either a or b are regexes
+ * and the other isn't. */
+ if (a_has_meta && !b_has_meta)
+ return -1;
+ if (b_has_meta && !a_has_meta)
+ return 1;
+
+ /* Check to see if either a or b have a shorter stem
+ * length than the other. */
+ if (a->meta < b->meta)
+ return -1;
+ if (b->meta < a->meta)
+ return 1;
+
+ /* Check to see if either a or b have a shorter string
+ * length than the other. */
+ if (a->effective_len < b->effective_len)
+ return -1;
+ if (b->effective_len < a->effective_len)
+ return 1;
+
+ /* Check to see if either a or b has a specified type
+ * and the other doesn't. */
+ if (!a->file_type && b->file_type)
+ return -1;
+ if (!b->file_type && a->file_type)
+ return 1;
+
+ /* If none of the above conditions were satisfied,
+ * then a and b are equally specific. */
+ return 0;
+}
+
+/* Merges two sorted file context linked lists into a single sorted one.
+ * The left list is assumed to represent nodes that came first in the original ordering.
+ * The final sorted list is returned.
+ */
+static semanage_file_context_node_t
+ * semanage_fc_merge(semanage_file_context_node_t * left,
+ semanage_file_context_node_t * right)
+{
+ semanage_file_context_node_t *head;
+ semanage_file_context_node_t *current;
+ semanage_file_context_node_t *tail;
+
+ if (!left)
+ return right;
+
+ if (!right)
+ return left;
+
+ if (semanage_fc_compare(left, right) == 1) {
+ head = tail = right;
+ right = right->next;
+ } else {
+ head = tail = left;
+ left = left->next;
+ }
+
+ while (left && right) {
+ /* if left was more specific than right,
+ * insert right before left. Otherwise leave order alone. */
+ if (semanage_fc_compare(left, right) == 1) {
+ current = right;
+ right = right->next;
+ } else {
+ current = left;
+ left = left->next;
+ }
+
+ tail = tail->next = current;
+ }
+
+ tail->next = (left != NULL) ? left : right;
+
+ return head;
+}
+
+/* Sorts file contexts from least specific to most specific.
+ * A bucket linked list is passed in. Upon completion,
+ * there is only one bucket (pointed to by master) that
+ * contains a linked list of all the file contexts in sorted order.
+ * Explanation of the algorithm:
+ * This is a stable implementation of an iterative merge sort.
+ * Each bucket initially has a linked list of file contexts
+ * that are 1 node long.
+ * Each pass, buckets (and the nodes they contain) are merged
+ * two at time.
+ * Buckets are merged until there is only one bucket left,
+ * containing the list of file contexts, sorted.
+ */
+static void semanage_fc_merge_sort(semanage_file_context_bucket_t * master)
+{
+ semanage_file_context_bucket_t *current;
+ semanage_file_context_bucket_t *temp;
+
+ /* Loop until master is the only bucket left.
+ * When we stop master contains the sorted list. */
+ while (master->next) {
+ current = master;
+
+ /* Merge buckets two-by-two.
+ * If there is an odd number of buckets, the last
+ * bucket will be left alone, which corresponds
+ * to the operation of merging it with an empty bucket. */
+ while (current) {
+ if (current->next) {
+ current->data =
+ semanage_fc_merge(current->data,
+ current->next->data);
+ temp = current->next;
+ current->next = current->next->next;
+
+ /* Free the (now empty) second bucket.
+ * (This does not touch the node list
+ * in the bucket because it has been
+ * shifted over to the first bucket. */
+ free(temp);
+ }
+ current = current->next;
+ }
+ }
+}
+
+/* Compute the location of the first regular expression
+ * meta character in the path of the given node, if it exists.
+ * On return:
+ * fc_node->meta = position of meta character, if it exists
+ * (-1 corresponds to no character)
+ */
+static void semanage_fc_find_meta(semanage_file_context_node_t * fc_node)
+{
+ int c = 0;
+ int escape_chars = 0;
+
+ fc_node->meta = -1;
+
+ /* Note: this while loop has been adapted from
+ * spec_hasMetaChars in matchpathcon.c from
+ * libselinux-1.22. */
+ while (fc_node->path[c] != '\0') {
+ switch (fc_node->path[c]) {
+ case '.':
+ case '^':
+ case '$':
+ case '?':
+ case '*':
+ case '+':
+ case '|':
+ case '[':
+ case '(':
+ case '{':
+ fc_node->meta = c - escape_chars;
+ return;
+ case '\\':
+ /* If an escape character is found,
+ * skip the next character. */
+ c++;
+ escape_chars++;
+ break;
+ }
+
+ c++;
+ }
+}
+
+/* Replicates strchr, but limits search to buf_len characters. */
+static char *semanage_strnchr(const char *buf, size_t buf_len, char c)
+{
+ size_t idx = 0;
+
+ if (buf == NULL)
+ return NULL;
+ if (buf_len <= 0)
+ return NULL;
+
+ while (idx < buf_len) {
+ if (buf[idx] == c)
+ return (char *)buf + idx;
+ idx++;
+ }
+
+ return NULL;
+}
+
+/* Returns a pointer to the end of line character in the given buffer.
+ * Used in the context of a file context char buffer that we will be
+ * parsing and sorting.
+ */
+static char *semanage_get_line_end(const char *buf, size_t buf_len)
+{
+ char *line_end = NULL;
+
+ if (buf == NULL)
+ return NULL;
+ if (buf_len <= 0)
+ return NULL;
+
+ line_end = semanage_strnchr(buf, buf_len, '\n');
+ if (!line_end)
+ line_end = semanage_strnchr(buf, buf_len, '\r');
+ if (!line_end)
+ line_end = semanage_strnchr(buf, buf_len, EOF);
+
+ return line_end;
+}
+
+/* Entry function for sorting a set of file context lines.
+ * Returns 0 on success, -1 on failure.
+ * Allocates a buffer pointed to by sorted_buf that contains the sorted lines.
+ * sorted_buf_len is set to the size of this buffer.
+ * This buffer is guaranteed to have a final \0 character.
+ * This buffer must be released by the caller.
+ */
+int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len)
+{
+ size_t start, finish, regex_len, type_len, context_len;
+ size_t line_len, buf_remainder, i;
+ ssize_t sanity_check;
+ const char *line_buf, *line_end;
+ char *sorted_buf_pos;
+ int escape_chars, just_saw_escape;
+
+ semanage_file_context_node_t *temp;
+ semanage_file_context_node_t *head;
+ semanage_file_context_node_t *current;
+ semanage_file_context_bucket_t *master;
+ semanage_file_context_bucket_t *bcurrent;
+
+ i = 0;
+
+ if (sh == NULL) {
+ return -1;
+ }
+ if (buf == NULL) {
+ ERR(sh, "Received NULL buffer.");
+ return -1;
+ }
+ if (buf_len <= 0) {
+ ERR(sh, "Received buffer of length 0.");
+ return -1;
+ }
+
+ /* Initialize the head of the linked list
+ * that will contain a node for each file context line. */
+ head = current =
+ (semanage_file_context_node_t *) calloc(1,
+ sizeof
+ (semanage_file_context_node_t));
+ if (!head) {
+ ERR(sh, "Failure allocating memory.");
+ return -1;
+ }
+
+ /* Parse the char buffer into a semanage_file_context_node_t linked list. */
+ line_buf = buf;
+ buf_remainder = buf_len;
+ while ((line_end = semanage_get_line_end(line_buf, buf_remainder))) {
+ line_len = line_end - line_buf + 1;
+ sanity_check = buf_remainder - line_len;
+ buf_remainder = buf_remainder - line_len;
+
+ if (sanity_check < 0) {
+ ERR(sh, "Failure parsing file context buffer.");
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+
+ if (line_len == 0 || line_len == 1) {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Skip the whitespace at the front of the line. */
+ for (i = 0; i < line_len; i++) {
+ if (!isspace(line_buf[i]))
+ break;
+ }
+
+ /* Check for a blank line. */
+ if (i >= line_len) {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Check if the line is a comment. */
+ if (line_buf[i] == '#') {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Allocate a new node. */
+ temp =
+ (semanage_file_context_node_t *) calloc(1,
+ sizeof
+ (semanage_file_context_node_t));
+ if (!temp) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+ temp->next = NULL;
+
+ /* Extract the regular expression from the line. */
+ escape_chars = 0;
+ just_saw_escape = 0;
+ start = i;
+ while (i < line_len && (!isspace(line_buf[i]))) {
+ if (line_buf[i] == '\\') {
+ if (!just_saw_escape) {
+ escape_chars++;
+ just_saw_escape = 1;
+ } else {
+ /* We're looking at an escaped
+ escape. Reset our flag. */
+ just_saw_escape = 0;
+ }
+ } else {
+ just_saw_escape = 0;
+ }
+ i++;
+ }
+ finish = i;
+ regex_len = finish - start;
+
+ if (regex_len == 0) {
+ ERR(sh,
+ "WARNING: semanage_fc_sort: Regex of length 0.");
+ semanage_fc_node_destroy(temp);
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ temp->path = (char *)strndup(&line_buf[start], regex_len);
+ if (!temp->path) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_node_destroy(temp);
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+
+ /* Skip the whitespace after the regular expression. */
+ for (; i < line_len; i++) {
+ if (!isspace(line_buf[i]))
+ break;
+ }
+ if (i == line_len) {
+ ERR(sh,
+ "WARNING: semanage_fc_sort: Incomplete context.");
+ semanage_fc_node_destroy(temp);
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Extract the inode type from the line (if it exists). */
+ if (line_buf[i] == '-') {
+ type_len = 2; /* defined as '--', '-d', '-f', etc. */
+
+ if (i + type_len >= line_len) {
+ ERR(sh,
+ "WARNING: semanage_fc_sort: Incomplete context.");
+ semanage_fc_node_destroy(temp);
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Record the inode type. */
+ temp->file_type =
+ (char *)strndup(&line_buf[i], type_len);
+ if (!temp->file_type) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_node_destroy(temp);
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+
+ i += type_len;
+
+ /* Skip the whitespace after the type. */
+ for (; i < line_len; i++) {
+ if (!isspace(line_buf[i]))
+ break;
+ }
+ if (i == line_len) {
+ ERR(sh,
+ "WARNING: semanage_fc_sort: Incomplete context.");
+ semanage_fc_node_destroy(temp);
+ line_buf = line_end + 1;
+ continue;
+ }
+ } else {
+ type_len = 0; /* inode type did not exist in the file context */
+ }
+
+ /* Extract the context from the line. */
+ start = i;
+ while (i < line_len && (!isspace(line_buf[i])))
+ i++;
+ finish = i;
+ context_len = finish - start;
+
+ temp->context = (char *)strndup(&line_buf[start], context_len);
+ if (!temp->context) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_node_destroy(temp);
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+
+ /* Initialize the data about the file context. */
+ temp->path_len = regex_len;
+ temp->effective_len = regex_len - escape_chars;
+ temp->type_len = type_len;
+ temp->context_len = context_len;
+ semanage_fc_find_meta(temp);
+
+ /* Add this node to the end of the linked list. */
+ current->next = temp;
+ current = current->next;
+
+ line_buf = line_end + 1;
+ }
+
+ /* Create the bucket linked list from the node linked list. */
+ current = head->next;
+ bcurrent = master = (semanage_file_context_bucket_t *)
+ calloc(1, sizeof(semanage_file_context_bucket_t));
+ if (!master) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_node_list_destroy(head);
+ return -1;
+ }
+
+ /* Free the head node, as it is no longer used. */
+ semanage_fc_node_destroy(head);
+ head = NULL;
+
+ /* Place each node into a bucket. */
+ while (current) {
+ bcurrent->data = current;
+ current = current->next;
+
+ /* Detach the node in the bucket from the old list. */
+ bcurrent->data->next = NULL;
+
+ /* If we need another bucket, add one to the end. */
+ if (current) {
+ bcurrent->next = (semanage_file_context_bucket_t *)
+ calloc(1, sizeof(semanage_file_context_bucket_t));
+ if (!(bcurrent->next)) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_bucket_list_destroy(master);
+ return -1;
+ }
+
+ bcurrent = bcurrent->next;
+ }
+ }
+
+ /* Sort the bucket list. */
+ semanage_fc_merge_sort(master);
+
+ /* First, calculate how much space we'll need for
+ * the newly sorted block of data. (We don't just
+ * use buf_len for this because we have extracted
+ * comments and whitespace.) */
+ i = 0;
+ current = master->data;
+ while (current) {
+ i += current->path_len + 1; /* +1 for a tab */
+ if (current->file_type) {
+ i += current->type_len + 1; /* +1 for a tab */
+ }
+ i += current->context_len + 1; /* +1 for a newline */
+ current = current->next;
+ }
+ i = i + 1; /* +1 for trailing \0 */
+
+ /* Allocate the buffer for the sorted list. */
+ *sorted_buf = calloc(i, sizeof(char));
+ if (!*sorted_buf) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_fc_bucket_list_destroy(master);
+ return -1;
+ }
+ *sorted_buf_len = i;
+
+ /* Output the sorted semanage_file_context linked list to the char buffer. */
+ sorted_buf_pos = *sorted_buf;
+ current = master->data;
+ while (current) {
+ /* Output the path. */
+ i = current->path_len + 1; /* +1 for tab */
+ snprintf(sorted_buf_pos, i + 1, "%s\t", current->path);
+ sorted_buf_pos = sorted_buf_pos + i;
+
+ /* Output the type, if there is one. */
+ if (current->file_type) {
+ i = strlen(current->file_type) + 1; /* +1 for tab */
+ snprintf(sorted_buf_pos, i + 1, "%s\t",
+ current->file_type);
+ sorted_buf_pos = sorted_buf_pos + i;
+ }
+
+ /* Output the context. */
+ i = strlen(current->context) + 1; /* +1 for newline */
+ snprintf(sorted_buf_pos, i + 1, "%s\n", current->context);
+ sorted_buf_pos = sorted_buf_pos + i;
+
+ current = current->next;
+ }
+
+ /* Clean up. */
+ semanage_fc_bucket_list_destroy(master);
+
+ /* Sanity check. */
+ sorted_buf_pos++;
+ if ((sorted_buf_pos - *sorted_buf) != (ssize_t) * sorted_buf_len) {
+ ERR(sh, "Failure writing sorted buffer.");
+ free(*sorted_buf);
+ *sorted_buf = NULL;
+ return -1;
+ }
+
+ return 0;
+}
+
+/********************* functions that sort netfilter contexts *********************/
+#define NC_SORT_NAMES { "pre", "base", "module", "local", "post" }
+#define NC_SORT_NAMES_LEN { 3, 4, 6, 5, 4 }
+#define NC_SORT_NEL 5
+static void semanage_nc_destroy_ruletab(semanage_netfilter_context_node_t *
+ ruletab[NC_SORT_NEL][2])
+{
+ semanage_netfilter_context_node_t *curr, *next;
+ int i;
+
+ for (i = 0; i < NC_SORT_NEL; i++) {
+ for (curr = ruletab[i][0]; curr != NULL; curr = next) {
+ next = curr->next;
+ free(curr->rule);
+ free(curr);
+ }
+ }
+}
+
+/* Entry function for sorting a set of netfilter context lines.
+ * Returns 0 on success, -1 on failure.
+ * Allocates a buffer pointed to by sorted_buf that contains the sorted lines.
+ * sorted_buf_len is set to the size of this buffer.
+ * This buffer is guaranteed to have a final \0 character.
+ * This buffer must be released by the caller.
+ */
+int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len)
+{
+
+ /* parsing bits */
+ const char *priority_names[] = NC_SORT_NAMES;
+ const int priority_names_len[] = NC_SORT_NAMES_LEN;
+ size_t line_len, buf_remainder, i, offset;
+ const char *line_buf, *line_end;
+
+ /* ruletab bits */
+ /* keep track of the head (index 0) and tail (index 1) with this array */
+ semanage_netfilter_context_node_t *ruletab[NC_SORT_NEL][2];
+ semanage_netfilter_context_node_t *curr, *node;
+ int priority;
+
+ /* sorted buffer bits */
+ char *sorted_buf_pos;
+ size_t count;
+
+ /* initialize ruletab */
+ memset(ruletab, 0,
+ NC_SORT_NEL * 2 * sizeof(semanage_netfilter_context_node_t *));
+
+ /* while lines to be read */
+ line_buf = buf;
+ buf_remainder = buf_len;
+ while ((line_end = semanage_get_line_end(line_buf, buf_remainder))) {
+ line_len = line_end - line_buf + 1;
+ buf_remainder = buf_remainder - line_len;
+
+ if (line_len == 0 || line_len == 1) {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Skip the whitespace at the front of the line. */
+ for (i = 0; i < line_len; i++) {
+ if (!isspace(line_buf[i]))
+ break;
+ }
+
+ /* Check for a blank line. */
+ if (i >= line_len) {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* Check if the line is a comment. */
+ if (line_buf[i] == '#') {
+ line_buf = line_end + 1;
+ continue;
+ }
+
+ /* extract priority */
+ priority = -1;
+ offset = 0;
+ for (i = 0; i < NC_SORT_NEL; i++) {
+ if (strncmp
+ (line_buf, priority_names[i],
+ priority_names_len[i]) == 0) {
+ priority = i;
+ offset = priority_names_len[i];
+ break;
+ }
+ }
+
+ if (priority < 0) {
+ ERR(sh, "Netfilter context line missing priority.");
+ semanage_nc_destroy_ruletab(ruletab);
+ return -1;
+ }
+
+ /* skip over whitespace */
+ for (; offset < line_len && isspace(line_buf[offset]);
+ offset++) ;
+
+ /* load rule into node */
+ node = (semanage_netfilter_context_node_t *)
+ malloc(sizeof(semanage_netfilter_context_node_t));
+ if (!node) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_nc_destroy_ruletab(ruletab);
+ return -1;
+ }
+
+ node->rule =
+ (char *)strndup(line_buf + offset, line_len - offset);
+ node->rule_len = line_len - offset;
+ node->next = NULL;
+
+ if (!node->rule) {
+ ERR(sh, "Failure allocating memory.");
+ free(node);
+ semanage_nc_destroy_ruletab(ruletab);
+ return -1;
+ }
+
+ /* add node to rule table */
+ if (ruletab[priority][0] && ruletab[priority][1]) {
+ /* add to end of list, update tail pointer */
+ ruletab[priority][1]->next = node;
+ ruletab[priority][1] = node;
+ } else {
+ /* this list is empty, make head and tail point to the node */
+ ruletab[priority][0] = ruletab[priority][1] = node;
+ }
+
+ line_buf = line_end + 1;
+ }
+
+ /* First, calculate how much space we'll need for
+ * the newly sorted block of data. (We don't just
+ * use buf_len for this because we have extracted
+ * comments and whitespace.) Start at 1 for trailing \0 */
+ count = 1;
+ for (i = 0; i < NC_SORT_NEL; i++)
+ for (curr = ruletab[i][0]; curr != NULL; curr = curr->next)
+ count += curr->rule_len;
+
+ /* Allocate the buffer for the sorted list. */
+ *sorted_buf = calloc(count, sizeof(char));
+ if (!*sorted_buf) {
+ ERR(sh, "Failure allocating memory.");
+ semanage_nc_destroy_ruletab(ruletab);
+ return -1;
+ }
+ *sorted_buf_len = count;
+
+ /* write out rule buffer */
+ sorted_buf_pos = *sorted_buf;
+ for (i = 0; i < NC_SORT_NEL; i++) {
+ for (curr = ruletab[i][0]; curr != NULL; curr = curr->next) {
+ /* put rule into buffer */
+ snprintf(sorted_buf_pos, curr->rule_len + 1, "%s\n", curr->rule); /* +1 for newline */
+ sorted_buf_pos = sorted_buf_pos + curr->rule_len;
+ }
+ }
+
+ /* free ruletab */
+ semanage_nc_destroy_ruletab(ruletab);
+
+ return 0;
+}
diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h
new file mode 100644
index 0000000..8b4236a
--- /dev/null
+++ b/libsemanage/src/semanage_store.h
@@ -0,0 +1,124 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Christopher Ashworth <cashworth@tresys.com>
+ *
+ * Copyright (C) 2004-2006 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef SEMANAGE_MODULE_STORE_H
+#define SEMANAGE_MODULE_STORE_H
+
+#include <sys/time.h>
+#include <sepol/module.h>
+#include "handle.h"
+
+enum semanage_store_defs {
+ SEMANAGE_ACTIVE,
+ SEMANAGE_PREVIOUS,
+ SEMANAGE_TMP,
+ SEMANAGE_NUM_STORES
+};
+
+/* sandbox filenames and paths */
+enum semanage_sandbox_defs {
+ SEMANAGE_TOPLEVEL,
+ SEMANAGE_MODULES,
+ SEMANAGE_KERNEL,
+ SEMANAGE_BASE,
+ SEMANAGE_LINKED,
+ SEMANAGE_FC,
+ SEMANAGE_HOMEDIR_TMPL,
+ SEMANAGE_FC_TMPL,
+ SEMANAGE_COMMIT_NUM_FILE,
+ SEMANAGE_PORTS_LOCAL,
+ SEMANAGE_INTERFACES_LOCAL,
+ SEMANAGE_NODES_LOCAL,
+ SEMANAGE_BOOLEANS_LOCAL,
+ SEMANAGE_FC_LOCAL,
+ SEMANAGE_SEUSERS_LOCAL,
+ SEMANAGE_USERS_BASE_LOCAL,
+ SEMANAGE_USERS_EXTRA_LOCAL,
+ SEMANAGE_SEUSERS,
+ SEMANAGE_USERS_EXTRA,
+ SEMANAGE_NC,
+ SEMANAGE_FC_HOMEDIRS,
+ SEMANAGE_STORE_NUM_PATHS
+};
+
+/* FIXME: this needs to be made a module store specific init and the
+ * global configuration moved to another file.
+ */
+const char *semanage_conf_path(void);
+int semanage_check_init(const char *root);
+
+extern const char *semanage_fname(enum semanage_sandbox_defs file_enum);
+
+extern const char *semanage_path(enum semanage_store_defs store,
+ enum semanage_sandbox_defs file);
+
+int semanage_create_store(semanage_handle_t * sh, int create);
+
+int semanage_store_access_check(semanage_handle_t * sh);
+
+int semanage_remove_directory(const char *path);
+
+int semanage_make_sandbox(semanage_handle_t * sh);
+
+int semanage_get_modules_names(semanage_handle_t * sh,
+ char ***filenames, int *len);
+
+/* lock file routines */
+int semanage_get_trans_lock(semanage_handle_t * sh);
+int semanage_get_active_lock(semanage_handle_t * sh);
+void semanage_release_trans_lock(semanage_handle_t * sh);
+void semanage_release_active_lock(semanage_handle_t * sh);
+int semanage_direct_get_serial(semanage_handle_t * sh);
+
+int semanage_link_sandbox(semanage_handle_t * sh,
+ sepol_module_package_t ** base);
+
+int semanage_expand_sandbox(semanage_handle_t * sh,
+ sepol_module_package_t * base,
+ sepol_policydb_t ** policydb);
+
+int semanage_write_policydb(semanage_handle_t * sh,
+ sepol_policydb_t * policydb);
+
+int semanage_install_sandbox(semanage_handle_t * sh);
+
+int semanage_verify_modules(semanage_handle_t * sh,
+ char **module_filenames, int num_modules);
+
+int semanage_verify_linked(semanage_handle_t * sh);
+int semanage_verify_kernel(semanage_handle_t * sh);
+int semanage_split_fc(semanage_handle_t * sh);
+
+/* sort file context routines */
+int semanage_fc_sort(semanage_handle_t * sh,
+ const char *buf,
+ size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len);
+
+/* sort netfilter context routines */
+int semanage_nc_sort(semanage_handle_t * sh,
+ const char *buf,
+ size_t buf_len,
+ char **sorted_buf, size_t * sorted_buf_len);
+
+#endif
diff --git a/libsemanage/src/semanageswig.i b/libsemanage/src/semanageswig.i
new file mode 100644
index 0000000..583b7d8
--- /dev/null
+++ b/libsemanage/src/semanageswig.i
@@ -0,0 +1,51 @@
+/* Author: Spencer Shimko <sshimko@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2006 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+%module semanage
+
+/* pull in the headers */
+%include "../include/semanage/debug.h"
+%include "../include/semanage/handle.h"
+%include "../include/semanage/modules.h"
+%include "../include/semanage/context_record.h"
+%include "../include/semanage/boolean_record.h"
+%include "../include/semanage/booleans_policy.h"
+%include "../include/semanage/booleans_local.h"
+%include "../include/semanage/booleans_active.h"
+%include "../include/semanage/iface_record.h"
+%include "../include/semanage/interfaces_local.h"
+%include "../include/semanage/interfaces_policy.h"
+%include "../include/semanage/user_record.h"
+%include "../include/semanage/users_local.h"
+%include "../include/semanage/users_policy.h"
+%include "../include/semanage/port_record.h"
+%include "../include/semanage/ports_local.h"
+%include "../include/semanage/ports_policy.h"
+%include "../include/semanage/fcontext_record.h"
+%include "../include/semanage/fcontexts_local.h"
+%include "../include/semanage/fcontexts_policy.h"
+%include "../include/semanage/seuser_record.h"
+%include "../include/semanage/seusers_local.h"
+%include "../include/semanage/seusers_policy.h"
+%include "../include/semanage/node_record.h"
+%include "../include/semanage/nodes_local.h"
+%include "../include/semanage/nodes_policy.h"
+%include "../include/semanage/semanage.h"
diff --git a/libsemanage/src/semanageswig_python.i b/libsemanage/src/semanageswig_python.i
new file mode 100644
index 0000000..96c670c
--- /dev/null
+++ b/libsemanage/src/semanageswig_python.i
@@ -0,0 +1,463 @@
+/* Author: Spencer Shimko <sshimko@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2006 Red Hat, Inc
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/** standard typemaps **/
+
+%header %{
+ #include <stdlib.h>
+ #include <semanage/semanage.h>
+
+ #define STATUS_SUCCESS 0
+ #define STATUS_ERR -1
+%}
+
+%wrapper %{
+
+
+ /* There are two ways to call this function:
+ * One is with a valid swig_type and destructor.
+ * Two is with a NULL swig_type and NULL destructor.
+ *
+ * In the first mode, the function converts
+ * an array of *cloned* objects [of the given pointer swig type]
+ * into a PyList, and destroys the array in the process
+ * (the objects pointers are preserved).
+ *
+ * In the second mode, the function converts
+ * an array of *constant* strings into a PyList, and destroys
+ * the array in the process
+ * (the strings are copied, originals not freed). */
+
+ static int semanage_array2plist(
+ semanage_handle_t* handle,
+ void** arr,
+ unsigned int asize,
+ swig_type_info* swig_type,
+ void (*destructor) (void*),
+ PyObject** result) {
+
+ PyObject* plist = PyList_New(0);
+ unsigned int i;
+
+ if (!plist)
+ goto err;
+
+ for (i = 0; i < asize; i++) {
+
+ PyObject* obj = NULL;
+
+ /* NULL indicates string conversion,
+ * otherwise create an opaque pointer */
+ if (!swig_type)
+ obj = SWIG_FromCharPtr(arr[i]);
+ else
+ obj = SWIG_NewPointerObj(arr[i], swig_type, 0);
+
+ if (!obj)
+ goto err;
+
+ if (PyList_Append(plist, obj) < 0)
+ goto err;
+ }
+
+ free(arr);
+
+ *result = plist;
+ return STATUS_SUCCESS;
+
+ err:
+ for (i = 0; i < asize; i++)
+ if (destructor)
+ destructor(arr[i]);
+ free(arr);
+ return STATUS_ERR;
+ }
+%}
+
+/* a few helpful typemaps are available in this library */
+%include <typemaps.i>
+/* wrap all int*'s so they can be used for results
+ if it becomes necessary to send in data this should be changed to INOUT */
+%apply int *OUTPUT { int * };
+%apply int *OUTPUT { size_t * };
+%apply int *OUTPUT { unsigned int * };
+
+%typemap(in, numinputs=0) char **(char *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) char** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1));
+ free(*$1);
+}
+
+%typemap(in, numinputs=0) char ***(char **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ const semanage_user_t* user,
+ const char*** roles_arr,
+ unsigned int* num_roles) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$3, *$4,
+ NULL, NULL, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+/** module typemaps**/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_module_info_t ** parameter */
+%typemap(in, numinputs=0) semanage_module_info_t **(semanage_module_info_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_module_info_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+/** context typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_context_t ** parameter */
+%typemap(in, numinputs=0) semanage_context_t **(semanage_context_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_context_t** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+/** boolean typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_bool_t *** parameter */
+%typemap(in, numinputs=0) semanage_bool_t ***(semanage_bool_t **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_bool_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_bool,
+ (void (*) (void*)) &semanage_bool_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_bool_t **(semanage_bool_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_bool_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_bool_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** fcontext typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_fcontext_t *** parameter */
+%typemap(in, numinputs=0) semanage_fcontext_t ***(semanage_fcontext_t **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_fcontext_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_fcontext,
+ (void (*) (void*)) &semanage_fcontext_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_fcontext_t **(semanage_fcontext_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_fcontext_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_fcontext_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** interface typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_iface_t *** parameter */
+%typemap(in, numinputs=0) semanage_iface_t ***(semanage_iface_t **temp=NULL) {
+ $1 = &temp;
+}
+
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_iface_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_iface,
+ (void (*) (void*)) &semanage_iface_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_iface_t **(semanage_iface_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_iface_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_iface_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** seuser typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_seuser_t *** parameter */
+%typemap(in, numinputs=0) semanage_seuser_t ***(semanage_seuser_t **temp=NULL) {
+ $1 = &temp;
+}
+
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_seuser_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_seuser,
+ (void (*) (void*)) &semanage_seuser_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_seuser_t **(semanage_seuser_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_seuser_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_seuser_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** user typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_user_t *** parameter */
+%typemap(in, numinputs=0) semanage_user_t ***(semanage_user_t **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_user_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_user,
+ (void (*) (void*)) &semanage_user_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_user_t **(semanage_user_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_user_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_user_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** port typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_port_t *** parameter */
+%typemap(in, numinputs=0) semanage_port_t ***(semanage_port_t **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_port_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_port,
+ (void (*) (void*)) &semanage_port_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_port_t **(semanage_port_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_port_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(argout) semanage_port_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+/** node typemaps **/
+
+/* the wrapper will setup this parameter for passing... the resulting python functions
+ will not take the semanage_node_t *** parameter */
+%typemap(in, numinputs=0) semanage_node_t ***(semanage_node_t **temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) (
+ semanage_handle_t* handle,
+ semanage_node_t*** records,
+ unsigned int* count) {
+
+ if ($result) {
+ int value;
+ SWIG_AsVal_int($result, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_node,
+ (void (*) (void*)) &semanage_node_free, &plist) < 0)
+ $result = SWIG_From_int(STATUS_ERR);
+ else
+ $result = SWIG_Python_AppendOutput($result, plist);
+ }
+ }
+}
+
+%typemap(in, numinputs=0) semanage_node_t **(semanage_node_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%typemap(argout) semanage_node_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+
+%typemap(argout) semanage_node_key_t ** {
+ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
+}
+
+%typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) {
+ $1 = &temp;
+}
+
+%include "semanageswig.i"
diff --git a/libsemanage/src/semanageswig_wrap.c b/libsemanage/src/semanageswig_wrap.c
new file mode 100644
index 0000000..86736b0
--- /dev/null
+++ b/libsemanage/src/semanageswig_wrap.c
@@ -0,0 +1,12391 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 1.3.33
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+#define SWIGPYTHON
+#define SWIG_PYTHON_DIRECTOR_NO_VTABLE
+/* -----------------------------------------------------------------------------
+ * This section contains generic SWIG labels for method/variable
+ * declarations/attributes, and other compiler dependent labels.
+ * ----------------------------------------------------------------------------- */
+
+/* template workaround for compilers that cannot correctly implement the C++ standard */
+#ifndef SWIGTEMPLATEDISAMBIGUATOR
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# else
+# define SWIGTEMPLATEDISAMBIGUATOR
+# endif
+#endif
+
+/* inline attribute */
+#ifndef SWIGINLINE
+# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__))
+# define SWIGINLINE inline
+# else
+# define SWIGINLINE
+# endif
+#endif
+
+/* attribute recognised by some compilers to avoid 'unused' warnings */
+#ifndef SWIGUNUSED
+# if defined(__GNUC__)
+# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+# elif defined(__ICC)
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+#endif
+
+#ifndef SWIGUNUSEDPARM
+# ifdef __cplusplus
+# define SWIGUNUSEDPARM(p)
+# else
+# define SWIGUNUSEDPARM(p) p SWIGUNUSED
+# endif
+#endif
+
+/* internal SWIG method */
+#ifndef SWIGINTERN
+# define SWIGINTERN static SWIGUNUSED
+#endif
+
+/* internal inline SWIG method */
+#ifndef SWIGINTERNINLINE
+# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE
+#endif
+
+/* exporting methods */
+#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# ifndef GCC_HASCLASSVISIBILITY
+# define GCC_HASCLASSVISIBILITY
+# endif
+#endif
+
+#ifndef SWIGEXPORT
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# if defined(STATIC_LINKED)
+# define SWIGEXPORT
+# else
+# define SWIGEXPORT __declspec(dllexport)
+# endif
+# else
+# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY)
+# define SWIGEXPORT __attribute__ ((visibility("default")))
+# else
+# define SWIGEXPORT
+# endif
+# endif
+#endif
+
+/* calling conventions for Windows */
+#ifndef SWIGSTDCALL
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# define SWIGSTDCALL __stdcall
+# else
+# define SWIGSTDCALL
+# endif
+#endif
+
+/* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+# define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
+
+/* Python.h has to appear first */
+#include <Python.h>
+
+/* -----------------------------------------------------------------------------
+ * swigrun.swg
+ *
+ * This file contains generic CAPI SWIG runtime support for pointer
+ * type checking.
+ * ----------------------------------------------------------------------------- */
+
+/* This should only be incremented when either the layout of swig_type_info changes,
+ or for whatever reason, the runtime changes incompatibly */
+#define SWIG_RUNTIME_VERSION "3"
+
+/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
+#ifdef SWIG_TYPE_TABLE
+# define SWIG_QUOTE_STRING(x) #x
+# define SWIG_EXPAND_AND_QUOTE_STRING(x) SWIG_QUOTE_STRING(x)
+# define SWIG_TYPE_TABLE_NAME SWIG_EXPAND_AND_QUOTE_STRING(SWIG_TYPE_TABLE)
+#else
+# define SWIG_TYPE_TABLE_NAME
+#endif
+
+/*
+ You can use the SWIGRUNTIME and SWIGRUNTIMEINLINE macros for
+ creating a static or dynamic library from the swig runtime code.
+ In 99.9% of the cases, swig just needs to declare them as 'static'.
+
+ But only do this if is strictly necessary, ie, if you have problems
+ with your compiler or so.
+*/
+
+#ifndef SWIGRUNTIME
+# define SWIGRUNTIME SWIGINTERN
+#endif
+
+#ifndef SWIGRUNTIMEINLINE
+# define SWIGRUNTIMEINLINE SWIGRUNTIME SWIGINLINE
+#endif
+
+/* Generic buffer size */
+#ifndef SWIG_BUFFER_SIZE
+# define SWIG_BUFFER_SIZE 1024
+#endif
+
+/* Flags for pointer conversions */
+#define SWIG_POINTER_DISOWN 0x1
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_OWN 0x1
+
+
+/*
+ Flags/methods for returning states.
+
+ The swig conversion methods, as ConvertPtr, return and integer
+ that tells if the conversion was successful or not. And if not,
+ an error code can be returned (see swigerrors.swg for the codes).
+
+ Use the following macros/flags to set or process the returning
+ states.
+
+ In old swig versions, you usually write code as:
+
+ if (SWIG_ConvertPtr(obj,vptr,ty.flags) != -1) {
+ // success code
+ } else {
+ //fail code
+ }
+
+ Now you can be more explicit as:
+
+ int res = SWIG_ConvertPtr(obj,vptr,ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ } else {
+ // fail code
+ }
+
+ that seems to be the same, but now you can also do
+
+ Type *ptr;
+ int res = SWIG_ConvertPtr(obj,(void **)(&ptr),ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ if (SWIG_IsNewObj(res) {
+ ...
+ delete *ptr;
+ } else {
+ ...
+ }
+ } else {
+ // fail code
+ }
+
+ I.e., now SWIG_ConvertPtr can return new objects and you can
+ identify the case and take care of the deallocation. Of course that
+ requires also to SWIG_ConvertPtr to return new result values, as
+
+ int SWIG_ConvertPtr(obj, ptr,...) {
+ if (<obj is ok>) {
+ if (<need new object>) {
+ *ptr = <ptr to new allocated object>;
+ return SWIG_NEWOBJ;
+ } else {
+ *ptr = <ptr to old object>;
+ return SWIG_OLDOBJ;
+ }
+ } else {
+ return SWIG_BADOBJ;
+ }
+ }
+
+ Of course, returning the plain '0(success)/-1(fail)' still works, but you can be
+ more explicit by returning SWIG_BADOBJ, SWIG_ERROR or any of the
+ swig errors code.
+
+ Finally, if the SWIG_CASTRANK_MODE is enabled, the result code
+ allows to return the 'cast rank', for example, if you have this
+
+ int food(double)
+ int fooi(int);
+
+ and you call
+
+ food(1) // cast rank '1' (1 -> 1.0)
+ fooi(1) // cast rank '0'
+
+ just use the SWIG_AddCast()/SWIG_CheckState()
+
+
+ */
+#define SWIG_OK (0)
+#define SWIG_ERROR (-1)
+#define SWIG_IsOK(r) (r >= 0)
+#define SWIG_ArgError(r) ((r != SWIG_ERROR) ? r : SWIG_TypeError)
+
+/* The CastRankLimit says how many bits are used for the cast rank */
+#define SWIG_CASTRANKLIMIT (1 << 8)
+/* The NewMask denotes the object was created (using new/malloc) */
+#define SWIG_NEWOBJMASK (SWIG_CASTRANKLIMIT << 1)
+/* The TmpMask is for in/out typemaps that use temporal objects */
+#define SWIG_TMPOBJMASK (SWIG_NEWOBJMASK << 1)
+/* Simple returning values */
+#define SWIG_BADOBJ (SWIG_ERROR)
+#define SWIG_OLDOBJ (SWIG_OK)
+#define SWIG_NEWOBJ (SWIG_OK | SWIG_NEWOBJMASK)
+#define SWIG_TMPOBJ (SWIG_OK | SWIG_TMPOBJMASK)
+/* Check, add and del mask methods */
+#define SWIG_AddNewMask(r) (SWIG_IsOK(r) ? (r | SWIG_NEWOBJMASK) : r)
+#define SWIG_DelNewMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_NEWOBJMASK) : r)
+#define SWIG_IsNewObj(r) (SWIG_IsOK(r) && (r & SWIG_NEWOBJMASK))
+#define SWIG_AddTmpMask(r) (SWIG_IsOK(r) ? (r | SWIG_TMPOBJMASK) : r)
+#define SWIG_DelTmpMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_TMPOBJMASK) : r)
+#define SWIG_IsTmpObj(r) (SWIG_IsOK(r) && (r & SWIG_TMPOBJMASK))
+
+
+/* Cast-Rank Mode */
+#if defined(SWIG_CASTRANK_MODE)
+# ifndef SWIG_TypeRank
+# define SWIG_TypeRank unsigned long
+# endif
+# ifndef SWIG_MAXCASTRANK /* Default cast allowed */
+# define SWIG_MAXCASTRANK (2)
+# endif
+# define SWIG_CASTRANKMASK ((SWIG_CASTRANKLIMIT) -1)
+# define SWIG_CastRank(r) (r & SWIG_CASTRANKMASK)
+SWIGINTERNINLINE int SWIG_AddCast(int r) {
+ return SWIG_IsOK(r) ? ((SWIG_CastRank(r) < SWIG_MAXCASTRANK) ? (r + 1) : SWIG_ERROR) : r;
+}
+SWIGINTERNINLINE int SWIG_CheckState(int r) {
+ return SWIG_IsOK(r) ? SWIG_CastRank(r) + 1 : 0;
+}
+#else /* no cast-rank mode */
+# define SWIG_AddCast
+# define SWIG_CheckState(r) (SWIG_IsOK(r) ? 1 : 0)
+#endif
+
+
+
+
+#include <string.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void *(*swig_converter_func)(void *);
+typedef struct swig_type_info *(*swig_dycast_func)(void **);
+
+/* Structure to store inforomation on one type */
+typedef struct swig_type_info {
+ const char *name; /* mangled name of this type */
+ const char *str; /* human readable name of this type */
+ swig_dycast_func dcast; /* dynamic cast function down a hierarchy */
+ struct swig_cast_info *cast; /* linked list of types that can cast into this type */
+ void *clientdata; /* language specific type data */
+ int owndata; /* flag if the structure owns the clientdata */
+} swig_type_info;
+
+/* Structure to store a type and conversion function used for casting */
+typedef struct swig_cast_info {
+ swig_type_info *type; /* pointer to type that is equivalent to this type */
+ swig_converter_func converter; /* function to cast the void pointers */
+ struct swig_cast_info *next; /* pointer to next cast in linked list */
+ struct swig_cast_info *prev; /* pointer to the previous cast */
+} swig_cast_info;
+
+/* Structure used to store module information
+ * Each module generates one structure like this, and the runtime collects
+ * all of these structures and stores them in a circularly linked list.*/
+typedef struct swig_module_info {
+ swig_type_info **types; /* Array of pointers to swig_type_info structures that are in this module */
+ size_t size; /* Number of types in this module */
+ struct swig_module_info *next; /* Pointer to next element in circularly linked list */
+ swig_type_info **type_initial; /* Array of initially generated type structures */
+ swig_cast_info **cast_initial; /* Array of initially generated casting structures */
+ void *clientdata; /* Language specific module data */
+} swig_module_info;
+
+/*
+ Compare two type names skipping the space characters, therefore
+ "char*" == "char *" and "Class<int>" == "Class<int >", etc.
+
+ Return 0 when the two name types are equivalent, as in
+ strncmp, but skipping ' '.
+*/
+SWIGRUNTIME int
+SWIG_TypeNameComp(const char *f1, const char *l1,
+ const char *f2, const char *l2) {
+ for (;(f1 != l1) && (f2 != l2); ++f1, ++f2) {
+ while ((*f1 == ' ') && (f1 != l1)) ++f1;
+ while ((*f2 == ' ') && (f2 != l2)) ++f2;
+ if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
+ }
+ return (int)((l1 - f1) - (l2 - f2));
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if not equal, 1 if equal
+*/
+SWIGRUNTIME int
+SWIG_TypeEquiv(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if equal, -1 if nb < tb, 1 if nb > tb
+*/
+SWIGRUNTIME int
+SWIG_TypeCompare(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+
+/* think of this as a c++ template<> or a scheme macro */
+#define SWIG_TypeCheck_Template(comparison, ty) \
+ if (ty) { \
+ swig_cast_info *iter = ty->cast; \
+ while (iter) { \
+ if (comparison) { \
+ if (iter == ty->cast) return iter; \
+ /* Move iter to the top of the linked list */ \
+ iter->prev->next = iter->next; \
+ if (iter->next) \
+ iter->next->prev = iter->prev; \
+ iter->next = ty->cast; \
+ iter->prev = 0; \
+ if (ty->cast) ty->cast->prev = iter; \
+ ty->cast = iter; \
+ return iter; \
+ } \
+ iter = iter->next; \
+ } \
+ } \
+ return 0
+
+/*
+ Check the typename
+*/
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheck(const char *c, swig_type_info *ty) {
+ SWIG_TypeCheck_Template(strcmp(iter->type->name, c) == 0, ty);
+}
+
+/* Same as previous function, except strcmp is replaced with a pointer comparison */
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheckStruct(swig_type_info *from, swig_type_info *into) {
+ SWIG_TypeCheck_Template(iter->type == from, into);
+}
+
+/*
+ Cast a pointer up an inheritance hierarchy
+*/
+SWIGRUNTIMEINLINE void *
+SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+}
+
+/*
+ Dynamic pointer casting. Down an inheritance hierarchy
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeDynamicCast(swig_type_info *ty, void **ptr) {
+ swig_type_info *lastty = ty;
+ if (!ty || !ty->dcast) return ty;
+ while (ty && (ty->dcast)) {
+ ty = (*ty->dcast)(ptr);
+ if (ty) lastty = ty;
+ }
+ return lastty;
+}
+
+/*
+ Return the name associated with this type
+*/
+SWIGRUNTIMEINLINE const char *
+SWIG_TypeName(const swig_type_info *ty) {
+ return ty->name;
+}
+
+/*
+ Return the pretty name associated with this type,
+ that is an unmangled type name in a form presentable to the user.
+*/
+SWIGRUNTIME const char *
+SWIG_TypePrettyName(const swig_type_info *type) {
+ /* The "str" field contains the equivalent pretty names of the
+ type, separated by vertical-bar characters. We choose
+ to print the last name, as it is often (?) the most
+ specific. */
+ if (!type) return NULL;
+ if (type->str != NULL) {
+ const char *last_name = type->str;
+ const char *s;
+ for (s = type->str; *s; s++)
+ if (*s == '|') last_name = s+1;
+ return last_name;
+ }
+ else
+ return type->name;
+}
+
+/*
+ Set the clientdata field for a type
+*/
+SWIGRUNTIME void
+SWIG_TypeClientData(swig_type_info *ti, void *clientdata) {
+ swig_cast_info *cast = ti->cast;
+ /* if (ti->clientdata == clientdata) return; */
+ ti->clientdata = clientdata;
+
+ while (cast) {
+ if (!cast->converter) {
+ swig_type_info *tc = cast->type;
+ if (!tc->clientdata) {
+ SWIG_TypeClientData(tc, clientdata);
+ }
+ }
+ cast = cast->next;
+ }
+}
+SWIGRUNTIME void
+SWIG_TypeNewClientData(swig_type_info *ti, void *clientdata) {
+ SWIG_TypeClientData(ti, clientdata);
+ ti->owndata = 1;
+}
+
+/*
+ Search for a swig_type_info structure only by mangled name
+ Search is a O(log #types)
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_MangledTypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ swig_module_info *iter = start;
+ do {
+ if (iter->size) {
+ register size_t l = 0;
+ register size_t r = iter->size - 1;
+ do {
+ /* since l+r >= 0, we can (>> 1) instead (/ 2) */
+ register size_t i = (l + r) >> 1;
+ const char *iname = iter->types[i]->name;
+ if (iname) {
+ register int compare = strcmp(name, iname);
+ if (compare == 0) {
+ return iter->types[i];
+ } else if (compare < 0) {
+ if (i) {
+ r = i - 1;
+ } else {
+ break;
+ }
+ } else if (compare > 0) {
+ l = i + 1;
+ }
+ } else {
+ break; /* should never happen */
+ }
+ } while (l <= r);
+ }
+ iter = iter->next;
+ } while (iter != end);
+ return 0;
+}
+
+/*
+ Search for a swig_type_info structure for either a mangled name or a human readable name.
+ It first searches the mangled names of the types, which is a O(log #types)
+ If a type is not found it then searches the human readable names, which is O(#types).
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ /* STEP 1: Search the name field using binary search */
+ swig_type_info *ret = SWIG_MangledTypeQueryModule(start, end, name);
+ if (ret) {
+ return ret;
+ } else {
+ /* STEP 2: If the type hasn't been found, do a complete search
+ of the str field (the human readable name) */
+ swig_module_info *iter = start;
+ do {
+ register size_t i = 0;
+ for (; i < iter->size; ++i) {
+ if (iter->types[i]->str && (SWIG_TypeEquiv(iter->types[i]->str, name)))
+ return iter->types[i];
+ }
+ iter = iter->next;
+ } while (iter != end);
+ }
+
+ /* neither found a match */
+ return 0;
+}
+
+/*
+ Pack binary data into a string
+*/
+SWIGRUNTIME char *
+SWIG_PackData(char *c, void *ptr, size_t sz) {
+ static const char hex[17] = "0123456789abcdef";
+ register const unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register unsigned char uu = *u;
+ *(c++) = hex[(uu & 0xf0) >> 4];
+ *(c++) = hex[uu & 0xf];
+ }
+ return c;
+}
+
+/*
+ Unpack binary data from a string
+*/
+SWIGRUNTIME const char *
+SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
+ register unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register char d = *(c++);
+ register unsigned char uu;
+ if ((d >= '0') && (d <= '9'))
+ uu = ((d - '0') << 4);
+ else if ((d >= 'a') && (d <= 'f'))
+ uu = ((d - ('a'-10)) << 4);
+ else
+ return (char *) 0;
+ d = *(c++);
+ if ((d >= '0') && (d <= '9'))
+ uu |= (d - '0');
+ else if ((d >= 'a') && (d <= 'f'))
+ uu |= (d - ('a'-10));
+ else
+ return (char *) 0;
+ *u = uu;
+ }
+ return c;
+}
+
+/*
+ Pack 'void *' into a string buffer.
+*/
+SWIGRUNTIME char *
+SWIG_PackVoidPtr(char *buff, void *ptr, const char *name, size_t bsz) {
+ char *r = buff;
+ if ((2*sizeof(void *) + 2) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,&ptr,sizeof(void *));
+ if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
+ strcpy(r,name);
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackVoidPtr(const char *c, void **ptr, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ *ptr = (void *) 0;
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sizeof(void *));
+}
+
+SWIGRUNTIME char *
+SWIG_PackDataName(char *buff, void *ptr, size_t sz, const char *name, size_t bsz) {
+ char *r = buff;
+ size_t lname = (name ? strlen(name) : 0);
+ if ((2*sz + 2 + lname) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,ptr,sz);
+ if (lname) {
+ strncpy(r,name,lname+1);
+ } else {
+ *r = 0;
+ }
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ memset(ptr,0,sz);
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sz);
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Errors in SWIG */
+#define SWIG_UnknownError -1
+#define SWIG_IOError -2
+#define SWIG_RuntimeError -3
+#define SWIG_IndexError -4
+#define SWIG_TypeError -5
+#define SWIG_DivisionByZero -6
+#define SWIG_OverflowError -7
+#define SWIG_SyntaxError -8
+#define SWIG_ValueError -9
+#define SWIG_SystemError -10
+#define SWIG_AttributeError -11
+#define SWIG_MemoryError -12
+#define SWIG_NullReferenceError -13
+
+
+
+
+/* Add PyOS_snprintf for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# if defined(_MSC_VER) || defined(__BORLANDC__) || defined(_WATCOM)
+# define PyOS_snprintf _snprintf
+# else
+# define PyOS_snprintf snprintf
+# endif
+#endif
+
+/* A crude PyString_FromFormat implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+
+#ifndef SWIG_PYBUFFER_SIZE
+# define SWIG_PYBUFFER_SIZE 1024
+#endif
+
+static PyObject *
+PyString_FromFormat(const char *fmt, ...) {
+ va_list ap;
+ char buf[SWIG_PYBUFFER_SIZE * 2];
+ int res;
+ va_start(ap, fmt);
+ res = vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ return (res < 0 || res >= (int)sizeof(buf)) ? 0 : PyString_FromString(buf);
+}
+#endif
+
+/* Add PyObject_Del for old Pythons */
+#if PY_VERSION_HEX < 0x01060000
+# define PyObject_Del(op) PyMem_DEL((op))
+#endif
+#ifndef PyObject_DEL
+# define PyObject_DEL PyObject_Del
+#endif
+
+/* A crude PyExc_StopIteration exception for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# ifndef PyExc_StopIteration
+# define PyExc_StopIteration PyExc_RuntimeError
+# endif
+# ifndef PyObject_GenericGetAttr
+# define PyObject_GenericGetAttr 0
+# endif
+#endif
+/* Py_NotImplemented is defined in 2.1 and up. */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef Py_NotImplemented
+# define Py_NotImplemented PyExc_RuntimeError
+# endif
+#endif
+
+
+/* A crude PyString_AsStringAndSize implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef PyString_AsStringAndSize
+# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
+# endif
+#endif
+
+/* PySequence_Size for old Pythons */
+#if PY_VERSION_HEX < 0x02000000
+# ifndef PySequence_Size
+# define PySequence_Size PySequence_Length
+# endif
+#endif
+
+
+/* PyBool_FromLong for old Pythons */
+#if PY_VERSION_HEX < 0x02030000
+static
+PyObject *PyBool_FromLong(long ok)
+{
+ PyObject *result = ok ? Py_True : Py_False;
+ Py_INCREF(result);
+ return result;
+}
+#endif
+
+/* Py_ssize_t for old Pythons */
+/* This code is as recommended by: */
+/* http://www.python.org/dev/peps/pep-0353/#conversion-guidelines */
+#if PY_VERSION_HEX < 0x02050000 && !defined(PY_SSIZE_T_MIN)
+typedef int Py_ssize_t;
+# define PY_SSIZE_T_MAX INT_MAX
+# define PY_SSIZE_T_MIN INT_MIN
+#endif
+
+/* -----------------------------------------------------------------------------
+ * error manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIME PyObject*
+SWIG_Python_ErrorType(int code) {
+ PyObject* type = 0;
+ switch(code) {
+ case SWIG_MemoryError:
+ type = PyExc_MemoryError;
+ break;
+ case SWIG_IOError:
+ type = PyExc_IOError;
+ break;
+ case SWIG_RuntimeError:
+ type = PyExc_RuntimeError;
+ break;
+ case SWIG_IndexError:
+ type = PyExc_IndexError;
+ break;
+ case SWIG_TypeError:
+ type = PyExc_TypeError;
+ break;
+ case SWIG_DivisionByZero:
+ type = PyExc_ZeroDivisionError;
+ break;
+ case SWIG_OverflowError:
+ type = PyExc_OverflowError;
+ break;
+ case SWIG_SyntaxError:
+ type = PyExc_SyntaxError;
+ break;
+ case SWIG_ValueError:
+ type = PyExc_ValueError;
+ break;
+ case SWIG_SystemError:
+ type = PyExc_SystemError;
+ break;
+ case SWIG_AttributeError:
+ type = PyExc_AttributeError;
+ break;
+ default:
+ type = PyExc_RuntimeError;
+ }
+ return type;
+}
+
+
+SWIGRUNTIME void
+SWIG_Python_AddErrorMsg(const char* mesg)
+{
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+
+ if (PyErr_Occurred()) PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ PyErr_Clear();
+ Py_XINCREF(type);
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ Py_DECREF(old_str);
+ Py_DECREF(value);
+ } else {
+ PyErr_Format(PyExc_RuntimeError, mesg);
+ }
+}
+
+
+
+#if defined(SWIG_PYTHON_NO_THREADS)
+# if defined(SWIG_PYTHON_THREADS)
+# undef SWIG_PYTHON_THREADS
+# endif
+#endif
+#if defined(SWIG_PYTHON_THREADS) /* Threading support is enabled */
+# if !defined(SWIG_PYTHON_USE_GIL) && !defined(SWIG_PYTHON_NO_USE_GIL)
+# if (PY_VERSION_HEX >= 0x02030000) /* For 2.3 or later, use the PyGILState calls */
+# define SWIG_PYTHON_USE_GIL
+# endif
+# endif
+# if defined(SWIG_PYTHON_USE_GIL) /* Use PyGILState threads calls */
+# ifndef SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_INITIALIZE_THREADS PyEval_InitThreads()
+# endif
+# ifdef __cplusplus /* C++ code */
+ class SWIG_Python_Thread_Block {
+ bool status;
+ PyGILState_STATE state;
+ public:
+ void end() { if (status) { PyGILState_Release(state); status = false;} }
+ SWIG_Python_Thread_Block() : status(true), state(PyGILState_Ensure()) {}
+ ~SWIG_Python_Thread_Block() { end(); }
+ };
+ class SWIG_Python_Thread_Allow {
+ bool status;
+ PyThreadState *save;
+ public:
+ void end() { if (status) { PyEval_RestoreThread(save); status = false; }}
+ SWIG_Python_Thread_Allow() : status(true), save(PyEval_SaveThread()) {}
+ ~SWIG_Python_Thread_Allow() { end(); }
+ };
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK SWIG_Python_Thread_Block _swig_thread_block
+# define SWIG_PYTHON_THREAD_END_BLOCK _swig_thread_block.end()
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW SWIG_Python_Thread_Allow _swig_thread_allow
+# define SWIG_PYTHON_THREAD_END_ALLOW _swig_thread_allow.end()
+# else /* C code */
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK PyGILState_STATE _swig_thread_block = PyGILState_Ensure()
+# define SWIG_PYTHON_THREAD_END_BLOCK PyGILState_Release(_swig_thread_block)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW PyThreadState *_swig_thread_allow = PyEval_SaveThread()
+# define SWIG_PYTHON_THREAD_END_ALLOW PyEval_RestoreThread(_swig_thread_allow)
+# endif
+# else /* Old thread way, not implemented, user must provide it */
+# if !defined(SWIG_PYTHON_INITIALIZE_THREADS)
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_BLOCK)
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_BLOCK)
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_ALLOW)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_ALLOW)
+# define SWIG_PYTHON_THREAD_END_ALLOW
+# endif
+# endif
+#else /* No thread support */
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# define SWIG_PYTHON_THREAD_END_ALLOW
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Python API portion that goes into the runtime
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Constant declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Constant Types */
+#define SWIG_PY_POINTER 4
+#define SWIG_PY_BINARY 5
+
+/* Constant information structure */
+typedef struct swig_const_info {
+ int type;
+ char *name;
+ long lvalue;
+ double dvalue;
+ void *pvalue;
+ swig_type_info **ptype;
+} swig_const_info;
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+/* -----------------------------------------------------------------------------
+ * See the LICENSE file for information on copyright, usage and redistribution
+ * of SWIG, and the README file for authors - http://www.swig.org/release.html.
+ *
+ * pyrun.swg
+ *
+ * This file contains the runtime support for Python modules
+ * and includes code for managing global variables and pointer
+ * type checking.
+ *
+ * ----------------------------------------------------------------------------- */
+
+/* Common SWIG API */
+
+/* for raw pointers */
+#define SWIG_Python_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, 0)
+#define SWIG_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_ConvertPtrAndOwn(obj,pptr,type,flags,own) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, own)
+#define SWIG_NewPointerObj(ptr, type, flags) SWIG_Python_NewPointerObj(ptr, type, flags)
+#define SWIG_CheckImplicit(ty) SWIG_Python_CheckImplicit(ty)
+#define SWIG_AcquirePtr(ptr, src) SWIG_Python_AcquirePtr(ptr, src)
+#define swig_owntype int
+
+/* for raw packed data */
+#define SWIG_ConvertPacked(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewPackedObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+/* for class or struct pointers */
+#define SWIG_ConvertInstance(obj, pptr, type, flags) SWIG_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_NewInstanceObj(ptr, type, flags) SWIG_NewPointerObj(ptr, type, flags)
+
+/* for C or C++ function pointers */
+#define SWIG_ConvertFunctionPtr(obj, pptr, type) SWIG_Python_ConvertFunctionPtr(obj, pptr, type)
+#define SWIG_NewFunctionPtrObj(ptr, type) SWIG_Python_NewPointerObj(ptr, type, 0)
+
+/* for C++ member pointers, ie, member methods */
+#define SWIG_ConvertMember(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewMemberObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+
+/* Runtime API */
+
+#define SWIG_GetModule(clientdata) SWIG_Python_GetModule()
+#define SWIG_SetModule(clientdata, pointer) SWIG_Python_SetModule(pointer)
+#define SWIG_NewClientData(obj) PySwigClientData_New(obj)
+
+#define SWIG_SetErrorObj SWIG_Python_SetErrorObj
+#define SWIG_SetErrorMsg SWIG_Python_SetErrorMsg
+#define SWIG_ErrorType(code) SWIG_Python_ErrorType(code)
+#define SWIG_Error(code, msg) SWIG_Python_SetErrorMsg(SWIG_ErrorType(code), msg)
+#define SWIG_fail goto fail
+
+
+/* Runtime API implementation */
+
+/* Error manipulation */
+
+SWIGINTERN void
+SWIG_Python_SetErrorObj(PyObject *errtype, PyObject *obj) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetObject(errtype, obj);
+ Py_DECREF(obj);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+SWIGINTERN void
+SWIG_Python_SetErrorMsg(PyObject *errtype, const char *msg) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetString(errtype, (char *) msg);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+#define SWIG_Python_Raise(obj, type, desc) SWIG_Python_SetErrorObj(SWIG_Python_ExceptionType(desc), obj)
+
+/* Set a constant value */
+
+SWIGINTERN void
+SWIG_Python_SetConstant(PyObject *d, const char *name, PyObject *obj) {
+ PyDict_SetItemString(d, (char*) name, obj);
+ Py_DECREF(obj);
+}
+
+/* Append a value to the result obj */
+
+SWIGINTERN PyObject*
+SWIG_Python_AppendOutput(PyObject* result, PyObject* obj) {
+#if !defined(SWIG_PYTHON_OUTPUT_TUPLE)
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyList_Check(result)) {
+ PyObject *o2 = result;
+ result = PyList_New(1);
+ PyList_SetItem(result, 0, o2);
+ }
+ PyList_Append(result,obj);
+ Py_DECREF(obj);
+ }
+ return result;
+#else
+ PyObject* o2;
+ PyObject* o3;
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyTuple_Check(result)) {
+ o2 = result;
+ result = PyTuple_New(1);
+ PyTuple_SET_ITEM(result, 0, o2);
+ }
+ o3 = PyTuple_New(1);
+ PyTuple_SET_ITEM(o3, 0, obj);
+ o2 = result;
+ result = PySequence_Concat(o2, o3);
+ Py_DECREF(o2);
+ Py_DECREF(o3);
+ }
+ return result;
+#endif
+}
+
+/* Unpack the argument tuple */
+
+SWIGINTERN int
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
+{
+ if (!args) {
+ if (!min && !max) {
+ return 1;
+ } else {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
+ name, (min == max ? "" : "at least "), (int)min);
+ return 0;
+ }
+ }
+ if (!PyTuple_Check(args)) {
+ PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
+ return 0;
+ } else {
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
+ if (l < min) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
+ return 0;
+ } else if (l > max) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
+ return 0;
+ } else {
+ register int i;
+ for (i = 0; i < l; ++i) {
+ objs[i] = PyTuple_GET_ITEM(args, i);
+ }
+ for (; l < max; ++l) {
+ objs[l] = 0;
+ }
+ return i + 1;
+ }
+ }
+}
+
+/* A functor is a function object with one single object argument */
+#if PY_VERSION_HEX >= 0x02020000
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunctionObjArgs(functor, obj, NULL);
+#else
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunction(functor, "O", obj);
+#endif
+
+/*
+ Helper for static pointer initialization for both C and C++ code, for example
+ static PyObject *SWIG_STATIC_POINTER(MyVar) = NewSomething(...);
+*/
+#ifdef __cplusplus
+#define SWIG_STATIC_POINTER(var) var
+#else
+#define SWIG_STATIC_POINTER(var) var = 0; if (!var) var
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Pointer declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_NOSHADOW (SWIG_POINTER_OWN << 1)
+#define SWIG_POINTER_NEW (SWIG_POINTER_NOSHADOW | SWIG_POINTER_OWN)
+
+#define SWIG_POINTER_IMPLICIT_CONV (SWIG_POINTER_DISOWN << 1)
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* How to access Py_None */
+#if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# ifndef SWIG_PYTHON_NO_BUILD_NONE
+# ifndef SWIG_PYTHON_BUILD_NONE
+# define SWIG_PYTHON_BUILD_NONE
+# endif
+# endif
+#endif
+
+#ifdef SWIG_PYTHON_BUILD_NONE
+# ifdef Py_None
+# undef Py_None
+# define Py_None SWIG_Py_None()
+# endif
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_Py_None(void)
+{
+ PyObject *none = Py_BuildValue((char*)"");
+ Py_DECREF(none);
+ return none;
+}
+SWIGRUNTIME PyObject *
+SWIG_Py_None(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(none) = _SWIG_Py_None();
+ return none;
+}
+#endif
+
+/* The python void return value */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Py_Void(void)
+{
+ PyObject *none = Py_None;
+ Py_INCREF(none);
+ return none;
+}
+
+/* PySwigClientData */
+
+typedef struct {
+ PyObject *klass;
+ PyObject *newraw;
+ PyObject *newargs;
+ PyObject *destroy;
+ int delargs;
+ int implicitconv;
+} PySwigClientData;
+
+SWIGRUNTIMEINLINE int
+SWIG_Python_CheckImplicit(swig_type_info *ty)
+{
+ PySwigClientData *data = (PySwigClientData *)ty->clientdata;
+ return data ? data->implicitconv : 0;
+}
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_ExceptionType(swig_type_info *desc) {
+ PySwigClientData *data = desc ? (PySwigClientData *) desc->clientdata : 0;
+ PyObject *klass = data ? data->klass : 0;
+ return (klass ? klass : PyExc_RuntimeError);
+}
+
+
+SWIGRUNTIME PySwigClientData *
+PySwigClientData_New(PyObject* obj)
+{
+ if (!obj) {
+ return 0;
+ } else {
+ PySwigClientData *data = (PySwigClientData *)malloc(sizeof(PySwigClientData));
+ /* the klass element */
+ data->klass = obj;
+ Py_INCREF(data->klass);
+ /* the newraw method and newargs arguments used to create a new raw instance */
+ if (PyClass_Check(obj)) {
+ data->newraw = 0;
+ data->newargs = obj;
+ Py_INCREF(obj);
+ } else {
+#if (PY_VERSION_HEX < 0x02020000)
+ data->newraw = 0;
+#else
+ data->newraw = PyObject_GetAttrString(data->klass, (char *)"__new__");
+#endif
+ if (data->newraw) {
+ Py_INCREF(data->newraw);
+ data->newargs = PyTuple_New(1);
+ PyTuple_SetItem(data->newargs, 0, obj);
+ } else {
+ data->newargs = obj;
+ }
+ Py_INCREF(data->newargs);
+ }
+ /* the destroy method, aka as the C++ delete method */
+ data->destroy = PyObject_GetAttrString(data->klass, (char *)"__swig_destroy__");
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ data->destroy = 0;
+ }
+ if (data->destroy) {
+ int flags;
+ Py_INCREF(data->destroy);
+ flags = PyCFunction_GET_FLAGS(data->destroy);
+#ifdef METH_O
+ data->delargs = !(flags & (METH_O));
+#else
+ data->delargs = 0;
+#endif
+ } else {
+ data->delargs = 0;
+ }
+ data->implicitconv = 0;
+ return data;
+ }
+}
+
+SWIGRUNTIME void
+PySwigClientData_Del(PySwigClientData* data)
+{
+ Py_XDECREF(data->newraw);
+ Py_XDECREF(data->newargs);
+ Py_XDECREF(data->destroy);
+}
+
+/* =============== PySwigObject =====================*/
+
+typedef struct {
+ PyObject_HEAD
+ void *ptr;
+ swig_type_info *ty;
+ int own;
+ PyObject *next;
+} PySwigObject;
+
+SWIGRUNTIME PyObject *
+PySwigObject_long(PySwigObject *v)
+{
+ return PyLong_FromVoidPtr(v->ptr);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_format(const char* fmt, PySwigObject *v)
+{
+ PyObject *res = NULL;
+ PyObject *args = PyTuple_New(1);
+ if (args) {
+ if (PyTuple_SetItem(args, 0, PySwigObject_long(v)) == 0) {
+ PyObject *ofmt = PyString_FromString(fmt);
+ if (ofmt) {
+ res = PyString_Format(ofmt,args);
+ Py_DECREF(ofmt);
+ }
+ Py_DECREF(args);
+ }
+ }
+ return res;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_oct(PySwigObject *v)
+{
+ return PySwigObject_format("%o",v);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_hex(PySwigObject *v)
+{
+ return PySwigObject_format("%x",v);
+}
+
+SWIGRUNTIME PyObject *
+#ifdef METH_NOARGS
+PySwigObject_repr(PySwigObject *v)
+#else
+PySwigObject_repr(PySwigObject *v, PyObject *args)
+#endif
+{
+ const char *name = SWIG_TypePrettyName(v->ty);
+ PyObject *hex = PySwigObject_hex(v);
+ PyObject *repr = PyString_FromFormat("<Swig Object of type '%s' at 0x%s>", name, PyString_AsString(hex));
+ Py_DECREF(hex);
+ if (v->next) {
+#ifdef METH_NOARGS
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next);
+#else
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next, args);
+#endif
+ PyString_ConcatAndDel(&repr,nrep);
+ }
+ return repr;
+}
+
+SWIGRUNTIME int
+PySwigObject_print(PySwigObject *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+#ifdef METH_NOARGS
+ PyObject *repr = PySwigObject_repr(v);
+#else
+ PyObject *repr = PySwigObject_repr(v, NULL);
+#endif
+ if (repr) {
+ fputs(PyString_AsString(repr), fp);
+ Py_DECREF(repr);
+ return 0;
+ } else {
+ return 1;
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_str(PySwigObject *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ return SWIG_PackVoidPtr(result, v->ptr, v->ty->name, sizeof(result)) ?
+ PyString_FromString(result) : 0;
+}
+
+SWIGRUNTIME int
+PySwigObject_compare(PySwigObject *v, PySwigObject *w)
+{
+ void *i = v->ptr;
+ void *j = w->ptr;
+ return (i < j) ? -1 : ((i > j) ? 1 : 0);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigObject_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigObject_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigObject_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigObject_Check(PyObject *op) {
+ return ((op)->ob_type == PySwigObject_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigObject") == 0);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own);
+
+SWIGRUNTIME void
+PySwigObject_dealloc(PyObject *v)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ PyObject *next = sobj->next;
+ if (sobj->own) {
+ swig_type_info *ty = sobj->ty;
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ PyObject *destroy = data ? data->destroy : 0;
+ if (destroy) {
+ /* destroy is always a VARARGS method */
+ PyObject *res;
+ if (data->delargs) {
+ /* we need to create a temporal object to carry the destroy operation */
+ PyObject *tmp = PySwigObject_New(sobj->ptr, ty, 0);
+ res = SWIG_Python_CallFunctor(destroy, tmp);
+ Py_DECREF(tmp);
+ } else {
+ PyCFunction meth = PyCFunction_GET_FUNCTION(destroy);
+ PyObject *mself = PyCFunction_GET_SELF(destroy);
+ res = ((*meth)(mself, v));
+ }
+ Py_XDECREF(res);
+ } else {
+ const char *name = SWIG_TypePrettyName(ty);
+#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
+#endif
+ }
+ }
+ Py_XDECREF(next);
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyObject*
+PySwigObject_append(PyObject* v, PyObject* next)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+#ifndef METH_O
+ PyObject *tmp = 0;
+ if (!PyArg_ParseTuple(next,(char *)"O:append", &tmp)) return NULL;
+ next = tmp;
+#endif
+ if (!PySwigObject_Check(next)) {
+ return NULL;
+ }
+ sobj->next = next;
+ Py_INCREF(next);
+ return SWIG_Py_Void();
+}
+
+SWIGRUNTIME PyObject*
+#ifdef METH_NOARGS
+PySwigObject_next(PyObject* v)
+#else
+PySwigObject_next(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ if (sobj->next) {
+ Py_INCREF(sobj->next);
+ return sobj->next;
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_disown(PyObject *v)
+#else
+PySwigObject_disown(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = 0;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_acquire(PyObject *v)
+#else
+PySwigObject_acquire(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = SWIG_POINTER_OWN;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+PySwigObject_own(PyObject *v, PyObject *args)
+{
+ PyObject *val = 0;
+#if (PY_VERSION_HEX < 0x02020000)
+ if (!PyArg_ParseTuple(args,(char *)"|O:own",&val))
+#else
+ if (!PyArg_UnpackTuple(args, (char *)"own", 0, 1, &val))
+#endif
+ {
+ return NULL;
+ }
+ else
+ {
+ PySwigObject *sobj = (PySwigObject *)v;
+ PyObject *obj = PyBool_FromLong(sobj->own);
+ if (val) {
+#ifdef METH_NOARGS
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v);
+ } else {
+ PySwigObject_disown(v);
+ }
+#else
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v,args);
+ } else {
+ PySwigObject_disown(v,args);
+ }
+#endif
+ }
+ return obj;
+ }
+}
+
+#ifdef METH_O
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_NOARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_NOARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_O, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_NOARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_NOARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#else
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_VARARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_VARARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_VARARGS, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_VARARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_VARARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#endif
+
+#if PY_VERSION_HEX < 0x02020000
+SWIGINTERN PyObject *
+PySwigObject_getattr(PySwigObject *sobj,char *name)
+{
+ return Py_FindMethod(swigobject_methods, (PyObject *)sobj, name);
+}
+#endif
+
+SWIGRUNTIME PyTypeObject*
+_PySwigObject_type(void) {
+ static char swigobject_doc[] = "Swig object carries a C/C++ instance pointer";
+
+ static PyNumberMethods PySwigObject_as_number = {
+ (binaryfunc)0, /*nb_add*/
+ (binaryfunc)0, /*nb_subtract*/
+ (binaryfunc)0, /*nb_multiply*/
+ (binaryfunc)0, /*nb_divide*/
+ (binaryfunc)0, /*nb_remainder*/
+ (binaryfunc)0, /*nb_divmod*/
+ (ternaryfunc)0,/*nb_power*/
+ (unaryfunc)0, /*nb_negative*/
+ (unaryfunc)0, /*nb_positive*/
+ (unaryfunc)0, /*nb_absolute*/
+ (inquiry)0, /*nb_nonzero*/
+ 0, /*nb_invert*/
+ 0, /*nb_lshift*/
+ 0, /*nb_rshift*/
+ 0, /*nb_and*/
+ 0, /*nb_xor*/
+ 0, /*nb_or*/
+ (coercion)0, /*nb_coerce*/
+ (unaryfunc)PySwigObject_long, /*nb_int*/
+ (unaryfunc)PySwigObject_long, /*nb_long*/
+ (unaryfunc)0, /*nb_float*/
+ (unaryfunc)PySwigObject_oct, /*nb_oct*/
+ (unaryfunc)PySwigObject_hex, /*nb_hex*/
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
+ 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
+#endif
+ };
+
+ static PyTypeObject pyswigobject_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigObject", /* tp_name */
+ sizeof(PySwigObject), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigObject_dealloc, /* tp_dealloc */
+ (printfunc)PySwigObject_print, /* tp_print */
+#if PY_VERSION_HEX < 0x02020000
+ (getattrfunc)PySwigObject_getattr, /* tp_getattr */
+#else
+ (getattrfunc)0, /* tp_getattr */
+#endif
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigObject_compare, /* tp_compare */
+ (reprfunc)PySwigObject_repr, /* tp_repr */
+ &PySwigObject_as_number, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigObject_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigobject_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ swigobject_methods, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigobject_type = tmp;
+ pyswigobject_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigobject_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own)
+{
+ PySwigObject *sobj = PyObject_NEW(PySwigObject, PySwigObject_type());
+ if (sobj) {
+ sobj->ptr = ptr;
+ sobj->ty = ty;
+ sobj->own = own;
+ sobj->next = 0;
+ }
+ return (PyObject *)sobj;
+}
+
+/* -----------------------------------------------------------------------------
+ * Implements a simple Swig Packed type, and use it instead of string
+ * ----------------------------------------------------------------------------- */
+
+typedef struct {
+ PyObject_HEAD
+ void *pack;
+ swig_type_info *ty;
+ size_t size;
+} PySwigPacked;
+
+SWIGRUNTIME int
+PySwigPacked_print(PySwigPacked *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+ char result[SWIG_BUFFER_SIZE];
+ fputs("<Swig Packed ", fp);
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ fputs("at ", fp);
+ fputs(result, fp);
+ }
+ fputs(v->ty->name,fp);
+ fputs(">", fp);
+ return 0;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_repr(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ return PyString_FromFormat("<Swig Packed at %s%s>", result, v->ty->name);
+ } else {
+ return PyString_FromFormat("<Swig Packed %s>", v->ty->name);
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_str(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))){
+ return PyString_FromFormat("%s%s", result, v->ty->name);
+ } else {
+ return PyString_FromString(v->ty->name);
+ }
+}
+
+SWIGRUNTIME int
+PySwigPacked_compare(PySwigPacked *v, PySwigPacked *w)
+{
+ size_t i = v->size;
+ size_t j = w->size;
+ int s = (i < j) ? -1 : ((i > j) ? 1 : 0);
+ return s ? s : strncmp((char *)v->pack, (char *)w->pack, 2*v->size);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigPacked_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigPacked_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigPacked_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigPacked_Check(PyObject *op) {
+ return ((op)->ob_type == _PySwigPacked_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigPacked") == 0);
+}
+
+SWIGRUNTIME void
+PySwigPacked_dealloc(PyObject *v)
+{
+ if (PySwigPacked_Check(v)) {
+ PySwigPacked *sobj = (PySwigPacked *) v;
+ free(sobj->pack);
+ }
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyTypeObject*
+_PySwigPacked_type(void) {
+ static char swigpacked_doc[] = "Swig object carries a C/C++ instance pointer";
+ static PyTypeObject pyswigpacked_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigPacked", /* tp_name */
+ sizeof(PySwigPacked), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigPacked_dealloc, /* tp_dealloc */
+ (printfunc)PySwigPacked_print, /* tp_print */
+ (getattrfunc)0, /* tp_getattr */
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigPacked_compare, /* tp_compare */
+ (reprfunc)PySwigPacked_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigPacked_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigpacked_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ 0, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigpacked_type = tmp;
+ pyswigpacked_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigpacked_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_New(void *ptr, size_t size, swig_type_info *ty)
+{
+ PySwigPacked *sobj = PyObject_NEW(PySwigPacked, PySwigPacked_type());
+ if (sobj) {
+ void *pack = malloc(size);
+ if (pack) {
+ memcpy(pack, ptr, size);
+ sobj->pack = pack;
+ sobj->ty = ty;
+ sobj->size = size;
+ } else {
+ PyObject_DEL((PyObject *) sobj);
+ sobj = 0;
+ }
+ }
+ return (PyObject *) sobj;
+}
+
+SWIGRUNTIME swig_type_info *
+PySwigPacked_UnpackData(PyObject *obj, void *ptr, size_t size)
+{
+ if (PySwigPacked_Check(obj)) {
+ PySwigPacked *sobj = (PySwigPacked *)obj;
+ if (sobj->size != size) return 0;
+ memcpy(ptr, sobj->pack, size);
+ return sobj->ty;
+ } else {
+ return 0;
+ }
+}
+
+/* -----------------------------------------------------------------------------
+ * pointers/data manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_This(void)
+{
+ return PyString_FromString("this");
+}
+
+SWIGRUNTIME PyObject *
+SWIG_This(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(swig_this) = _SWIG_This();
+ return swig_this;
+}
+
+/* #define SWIG_PYTHON_SLOW_GETSET_THIS */
+
+SWIGRUNTIME PySwigObject *
+SWIG_Python_GetSwigThis(PyObject *pyobj)
+{
+ if (PySwigObject_Check(pyobj)) {
+ return (PySwigObject *) pyobj;
+ } else {
+ PyObject *obj = 0;
+#if (!defined(SWIG_PYTHON_SLOW_GETSET_THIS) && (PY_VERSION_HEX >= 0x02030000))
+ if (PyInstance_Check(pyobj)) {
+ obj = _PyInstance_Lookup(pyobj, SWIG_This());
+ } else {
+ PyObject **dictptr = _PyObject_GetDictPtr(pyobj);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ obj = dict ? PyDict_GetItem(dict, SWIG_This()) : 0;
+ } else {
+#ifdef PyWeakref_CheckProxy
+ if (PyWeakref_CheckProxy(pyobj)) {
+ PyObject *wobj = PyWeakref_GET_OBJECT(pyobj);
+ return wobj ? SWIG_Python_GetSwigThis(wobj) : 0;
+ }
+#endif
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+ }
+ }
+#else
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+#endif
+ if (obj && !PySwigObject_Check(obj)) {
+ /* a PyObject is called 'this', try to get the 'real this'
+ PySwigObject from it */
+ return SWIG_Python_GetSwigThis(obj);
+ }
+ return (PySwigObject *)obj;
+ }
+}
+
+/* Acquire a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_AcquirePtr(PyObject *obj, int own) {
+ if (own) {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (sobj) {
+ int oldown = sobj->own;
+ sobj->own = own;
+ return oldown;
+ }
+ }
+ return 0;
+}
+
+/* Convert a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int flags, int *own) {
+ if (!obj) return SWIG_ERROR;
+ if (obj == Py_None) {
+ if (ptr) *ptr = 0;
+ return SWIG_OK;
+ } else {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ while (sobj) {
+ void *vptr = sobj->ptr;
+ if (ty) {
+ swig_type_info *to = sobj->ty;
+ if (to == ty) {
+ /* no type cast needed */
+ if (ptr) *ptr = vptr;
+ break;
+ } else {
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) {
+ sobj = (PySwigObject *)sobj->next;
+ } else {
+ if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ break;
+ }
+ }
+ } else {
+ if (ptr) *ptr = vptr;
+ break;
+ }
+ }
+ if (sobj) {
+ if (own) *own = sobj->own;
+ if (flags & SWIG_POINTER_DISOWN) {
+ sobj->own = 0;
+ }
+ return SWIG_OK;
+ } else {
+ int res = SWIG_ERROR;
+ if (flags & SWIG_POINTER_IMPLICIT_CONV) {
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ if (data && !data->implicitconv) {
+ PyObject *klass = data->klass;
+ if (klass) {
+ PyObject *impconv;
+ data->implicitconv = 1; /* avoid recursion and call 'explicit' constructors*/
+ impconv = SWIG_Python_CallFunctor(klass, obj);
+ data->implicitconv = 0;
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ impconv = 0;
+ }
+ if (impconv) {
+ PySwigObject *iobj = SWIG_Python_GetSwigThis(impconv);
+ if (iobj) {
+ void *vptr;
+ res = SWIG_Python_ConvertPtrAndOwn((PyObject*)iobj, &vptr, ty, 0, 0);
+ if (SWIG_IsOK(res)) {
+ if (ptr) {
+ *ptr = vptr;
+ /* transfer the ownership to 'ptr' */
+ iobj->own = 0;
+ res = SWIG_AddCast(res);
+ res = SWIG_AddNewMask(res);
+ } else {
+ res = SWIG_AddCast(res);
+ }
+ }
+ }
+ Py_DECREF(impconv);
+ }
+ }
+ }
+ }
+ return res;
+ }
+ }
+}
+
+/* Convert a function ptr value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) {
+ if (!PyCFunction_Check(obj)) {
+ return SWIG_ConvertPtr(obj, ptr, ty, 0);
+ } else {
+ void *vptr = 0;
+
+ /* here we get the method pointer for callbacks */
+ const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
+ const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0;
+ if (desc) {
+ desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0;
+ if (!desc) return SWIG_ERROR;
+ }
+ if (ty) {
+ swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
+ if (!tc) return SWIG_ERROR;
+ *ptr = SWIG_TypeCast(tc,vptr);
+ } else {
+ *ptr = vptr;
+ }
+ return SWIG_OK;
+ }
+}
+
+/* Convert a packed value value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPacked(PyObject *obj, void *ptr, size_t sz, swig_type_info *ty) {
+ swig_type_info *to = PySwigPacked_UnpackData(obj, ptr, sz);
+ if (!to) return SWIG_ERROR;
+ if (ty) {
+ if (to != ty) {
+ /* check type cast? */
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) return SWIG_ERROR;
+ }
+ }
+ return SWIG_OK;
+}
+
+/* -----------------------------------------------------------------------------
+ * Create a new pointer object
+ * ----------------------------------------------------------------------------- */
+
+/*
+ Create a new instance object, whitout calling __init__, and set the
+ 'this' attribute.
+*/
+
+SWIGRUNTIME PyObject*
+SWIG_Python_NewShadowInstance(PySwigClientData *data, PyObject *swig_this)
+{
+#if (PY_VERSION_HEX >= 0x02020000)
+ PyObject *inst = 0;
+ PyObject *newraw = data->newraw;
+ if (newraw) {
+ inst = PyObject_Call(newraw, data->newargs, NULL);
+ if (inst) {
+#if !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ }
+ }
+#else
+ PyObject *key = SWIG_This();
+ PyObject_SetAttr(inst, key, swig_this);
+#endif
+ }
+ } else {
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ }
+ return inst;
+#else
+#if (PY_VERSION_HEX >= 0x02010000)
+ PyObject *inst;
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ return (PyObject *) inst;
+#else
+ PyInstanceObject *inst = PyObject_NEW(PyInstanceObject, &PyInstance_Type);
+ if (inst == NULL) {
+ return NULL;
+ }
+ inst->in_class = (PyClassObject *)data->newargs;
+ Py_INCREF(inst->in_class);
+ inst->in_dict = PyDict_New();
+ if (inst->in_dict == NULL) {
+ Py_DECREF(inst);
+ return NULL;
+ }
+#ifdef Py_TPFLAGS_HAVE_WEAKREFS
+ inst->in_weakreflist = NULL;
+#endif
+#ifdef Py_TPFLAGS_GC
+ PyObject_GC_Init(inst);
+#endif
+ PyDict_SetItem(inst->in_dict, SWIG_This(), swig_this);
+ return (PyObject *) inst;
+#endif
+#endif
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetSwigThis(PyObject *inst, PyObject *swig_this)
+{
+ PyObject *dict;
+#if (PY_VERSION_HEX >= 0x02020000) && !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ }
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ return;
+ }
+#endif
+ dict = PyObject_GetAttrString(inst, (char*)"__dict__");
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ Py_DECREF(dict);
+}
+
+
+SWIGINTERN PyObject *
+SWIG_Python_InitShadowInstance(PyObject *args) {
+ PyObject *obj[2];
+ if (!SWIG_Python_UnpackTuple(args,(char*)"swiginit", 2, 2, obj)) {
+ return NULL;
+ } else {
+ PySwigObject *sthis = SWIG_Python_GetSwigThis(obj[0]);
+ if (sthis) {
+ PySwigObject_append((PyObject*) sthis, obj[1]);
+ } else {
+ SWIG_Python_SetSwigThis(obj[0], obj[1]);
+ }
+ return SWIG_Py_Void();
+ }
+}
+
+/* Create a new pointer object */
+
+SWIGRUNTIME PyObject *
+SWIG_Python_NewPointerObj(void *ptr, swig_type_info *type, int flags) {
+ if (!ptr) {
+ return SWIG_Py_Void();
+ } else {
+ int own = (flags & SWIG_POINTER_OWN) ? SWIG_POINTER_OWN : 0;
+ PyObject *robj = PySwigObject_New(ptr, type, own);
+ PySwigClientData *clientdata = type ? (PySwigClientData *)(type->clientdata) : 0;
+ if (clientdata && !(flags & SWIG_POINTER_NOSHADOW)) {
+ PyObject *inst = SWIG_Python_NewShadowInstance(clientdata, robj);
+ if (inst) {
+ Py_DECREF(robj);
+ robj = inst;
+ }
+ }
+ return robj;
+ }
+}
+
+/* Create a new packed object */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_NewPackedObj(void *ptr, size_t sz, swig_type_info *type) {
+ return ptr ? PySwigPacked_New((void *) ptr, sz, type) : SWIG_Py_Void();
+}
+
+/* -----------------------------------------------------------------------------*
+ * Get type list
+ * -----------------------------------------------------------------------------*/
+
+#ifdef SWIG_LINK_RUNTIME
+void *SWIG_ReturnGlobalTypeList(void *);
+#endif
+
+SWIGRUNTIME swig_module_info *
+SWIG_Python_GetModule(void) {
+ static void *type_pointer = (void *)0;
+ /* first check if module already created */
+ if (!type_pointer) {
+#ifdef SWIG_LINK_RUNTIME
+ type_pointer = SWIG_ReturnGlobalTypeList((void *)0);
+#else
+ type_pointer = PyCObject_Import((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ (char*)"type_pointer" SWIG_TYPE_TABLE_NAME);
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ type_pointer = (void *)0;
+ }
+#endif
+ }
+ return (swig_module_info *) type_pointer;
+}
+
+#if PY_MAJOR_VERSION < 2
+/* PyModule_AddObject function was introduced in Python 2.0. The following function
+ is copied out of Python/modsupport.c in python version 2.3.4 */
+SWIGINTERN int
+PyModule_AddObject(PyObject *m, char *name, PyObject *o)
+{
+ PyObject *dict;
+ if (!PyModule_Check(m)) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs module as first arg");
+ return SWIG_ERROR;
+ }
+ if (!o) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs non-NULL value");
+ return SWIG_ERROR;
+ }
+
+ dict = PyModule_GetDict(m);
+ if (dict == NULL) {
+ /* Internal error -- modules must have a dict! */
+ PyErr_Format(PyExc_SystemError, "module '%s' has no __dict__",
+ PyModule_GetName(m));
+ return SWIG_ERROR;
+ }
+ if (PyDict_SetItemString(dict, name, o))
+ return SWIG_ERROR;
+ Py_DECREF(o);
+ return SWIG_OK;
+}
+#endif
+
+SWIGRUNTIME void
+SWIG_Python_DestroyModule(void *vptr)
+{
+ swig_module_info *swig_module = (swig_module_info *) vptr;
+ swig_type_info **types = swig_module->types;
+ size_t i;
+ for (i =0; i < swig_module->size; ++i) {
+ swig_type_info *ty = types[i];
+ if (ty->owndata) {
+ PySwigClientData *data = (PySwigClientData *) ty->clientdata;
+ if (data) PySwigClientData_Del(data);
+ }
+ }
+ Py_DECREF(SWIG_This());
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetModule(swig_module_info *swig_module) {
+ static PyMethodDef swig_empty_runtime_method_table[] = { {NULL, NULL, 0, NULL} };/* Sentinel */
+
+ PyObject *module = Py_InitModule((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ swig_empty_runtime_method_table);
+ PyObject *pointer = PyCObject_FromVoidPtr((void *) swig_module, SWIG_Python_DestroyModule);
+ if (pointer && module) {
+ PyModule_AddObject(module, (char*)"type_pointer" SWIG_TYPE_TABLE_NAME, pointer);
+ } else {
+ Py_XDECREF(pointer);
+ }
+}
+
+/* The python cached type query */
+SWIGRUNTIME PyObject *
+SWIG_Python_TypeCache(void) {
+ static PyObject *SWIG_STATIC_POINTER(cache) = PyDict_New();
+ return cache;
+}
+
+SWIGRUNTIME swig_type_info *
+SWIG_Python_TypeQuery(const char *type)
+{
+ PyObject *cache = SWIG_Python_TypeCache();
+ PyObject *key = PyString_FromString(type);
+ PyObject *obj = PyDict_GetItem(cache, key);
+ swig_type_info *descriptor;
+ if (obj) {
+ descriptor = (swig_type_info *) PyCObject_AsVoidPtr(obj);
+ } else {
+ swig_module_info *swig_module = SWIG_Python_GetModule();
+ descriptor = SWIG_TypeQueryModule(swig_module, swig_module, type);
+ if (descriptor) {
+ obj = PyCObject_FromVoidPtr(descriptor, NULL);
+ PyDict_SetItem(cache, key, obj);
+ Py_DECREF(obj);
+ }
+ }
+ Py_DECREF(key);
+ return descriptor;
+}
+
+/*
+ For backward compatibility only
+*/
+#define SWIG_POINTER_EXCEPTION 0
+#define SWIG_arg_fail(arg) SWIG_Python_ArgFail(arg)
+#define SWIG_MustGetPtr(p, type, argnum, flags) SWIG_Python_MustGetPtr(p, type, argnum, flags)
+
+SWIGRUNTIME int
+SWIG_Python_AddErrMesg(const char* mesg, int infront)
+{
+ if (PyErr_Occurred()) {
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+ PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ Py_XINCREF(type);
+ PyErr_Clear();
+ if (infront) {
+ PyErr_Format(type, "%s %s", mesg, PyString_AsString(old_str));
+ } else {
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ }
+ Py_DECREF(old_str);
+ }
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIME int
+SWIG_Python_ArgFail(int argnum)
+{
+ if (PyErr_Occurred()) {
+ /* add information about failing argument */
+ char mesg[256];
+ PyOS_snprintf(mesg, sizeof(mesg), "argument number %d:", argnum);
+ return SWIG_Python_AddErrMesg(mesg, 1);
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIMEINLINE const char *
+PySwigObject_GetDesc(PyObject *self)
+{
+ PySwigObject *v = (PySwigObject *)self;
+ swig_type_info *ty = v ? v->ty : 0;
+ return ty ? ty->str : (char*)"";
+}
+
+SWIGRUNTIME void
+SWIG_Python_TypeError(const char *type, PyObject *obj)
+{
+ if (type) {
+#if defined(SWIG_COBJECT_TYPES)
+ if (obj && PySwigObject_Check(obj)) {
+ const char *otype = (const char *) PySwigObject_GetDesc(obj);
+ if (otype) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, 'PySwigObject(%s)' is received",
+ type, otype);
+ return;
+ }
+ } else
+#endif
+ {
+ const char *otype = (obj ? obj->ob_type->tp_name : 0);
+ if (otype) {
+ PyObject *str = PyObject_Str(obj);
+ const char *cstr = str ? PyString_AsString(str) : 0;
+ if (cstr) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s(%s)' is received",
+ type, otype, cstr);
+ } else {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s' is received",
+ type, otype);
+ }
+ Py_XDECREF(str);
+ return;
+ }
+ }
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected", type);
+ } else {
+ PyErr_Format(PyExc_TypeError, "unexpected type is received");
+ }
+}
+
+
+/* Convert a pointer value, signal an exception on a type mismatch */
+SWIGRUNTIME void *
+SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) {
+ void *result;
+ if (SWIG_Python_ConvertPtr(obj, &result, ty, flags) == -1) {
+ PyErr_Clear();
+ if (flags & SWIG_POINTER_EXCEPTION) {
+ SWIG_Python_TypeError(SWIG_TypePrettyName(ty), obj);
+ SWIG_Python_ArgFail(argnum);
+ }
+ }
+ return result;
+}
+
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+
+#define SWIG_exception_fail(code, msg) do { SWIG_Error(code, msg); SWIG_fail; } while(0)
+
+#define SWIG_contract_assert(expr, msg) if (!(expr)) { SWIG_Error(SWIG_RuntimeError, msg); SWIG_fail; } else
+
+
+
+/* -------- TYPES TABLE (BEGIN) -------- */
+
+#define SWIGTYPE_p_char swig_types[0]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_bool_p_void__int swig_types[1]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_fcontext_p_void__int swig_types[2]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_iface_p_void__int swig_types[3]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_node_p_void__int swig_types[4]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_port_p_void__int swig_types[5]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_seuser_p_void__int swig_types[6]
+#define SWIGTYPE_p_f_p_q_const__struct_semanage_user_p_void__int swig_types[7]
+#define SWIGTYPE_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void swig_types[8]
+#define SWIGTYPE_p_int swig_types[9]
+#define SWIGTYPE_p_p_char swig_types[10]
+#define SWIGTYPE_p_p_p_char swig_types[11]
+#define SWIGTYPE_p_p_p_semanage_bool swig_types[12]
+#define SWIGTYPE_p_p_p_semanage_fcontext swig_types[13]
+#define SWIGTYPE_p_p_p_semanage_iface swig_types[14]
+#define SWIGTYPE_p_p_p_semanage_node swig_types[15]
+#define SWIGTYPE_p_p_p_semanage_port swig_types[16]
+#define SWIGTYPE_p_p_p_semanage_seuser swig_types[17]
+#define SWIGTYPE_p_p_p_semanage_user swig_types[18]
+#define SWIGTYPE_p_p_semanage_bool swig_types[19]
+#define SWIGTYPE_p_p_semanage_bool_key swig_types[20]
+#define SWIGTYPE_p_p_semanage_context swig_types[21]
+#define SWIGTYPE_p_p_semanage_fcontext swig_types[22]
+#define SWIGTYPE_p_p_semanage_fcontext_key swig_types[23]
+#define SWIGTYPE_p_p_semanage_iface swig_types[24]
+#define SWIGTYPE_p_p_semanage_iface_key swig_types[25]
+#define SWIGTYPE_p_p_semanage_module_info swig_types[26]
+#define SWIGTYPE_p_p_semanage_node swig_types[27]
+#define SWIGTYPE_p_p_semanage_node_key swig_types[28]
+#define SWIGTYPE_p_p_semanage_port swig_types[29]
+#define SWIGTYPE_p_p_semanage_port_key swig_types[30]
+#define SWIGTYPE_p_p_semanage_seuser swig_types[31]
+#define SWIGTYPE_p_p_semanage_seuser_key swig_types[32]
+#define SWIGTYPE_p_p_semanage_user swig_types[33]
+#define SWIGTYPE_p_p_semanage_user_key swig_types[34]
+#define SWIGTYPE_p_semanage_bool swig_types[35]
+#define SWIGTYPE_p_semanage_bool_key swig_types[36]
+#define SWIGTYPE_p_semanage_context swig_types[37]
+#define SWIGTYPE_p_semanage_fcontext swig_types[38]
+#define SWIGTYPE_p_semanage_fcontext_key swig_types[39]
+#define SWIGTYPE_p_semanage_handle swig_types[40]
+#define SWIGTYPE_p_semanage_iface swig_types[41]
+#define SWIGTYPE_p_semanage_iface_key swig_types[42]
+#define SWIGTYPE_p_semanage_module_info swig_types[43]
+#define SWIGTYPE_p_semanage_node swig_types[44]
+#define SWIGTYPE_p_semanage_node_key swig_types[45]
+#define SWIGTYPE_p_semanage_port swig_types[46]
+#define SWIGTYPE_p_semanage_port_key swig_types[47]
+#define SWIGTYPE_p_semanage_seuser swig_types[48]
+#define SWIGTYPE_p_semanage_seuser_key swig_types[49]
+#define SWIGTYPE_p_semanage_user swig_types[50]
+#define SWIGTYPE_p_semanage_user_key swig_types[51]
+#define SWIGTYPE_p_size_t swig_types[52]
+#define SWIGTYPE_p_unsigned_int swig_types[53]
+static swig_type_info *swig_types[55];
+static swig_module_info swig_module = {swig_types, 54, 0, 0, 0, 0};
+#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
+#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
+
+/* -------- TYPES TABLE (END) -------- */
+
+#if (PY_VERSION_HEX <= 0x02000000)
+# if !defined(SWIG_PYTHON_CLASSIC)
+# error "This python version requires swig to be run with the '-classic' option"
+# endif
+#endif
+
+/*-----------------------------------------------
+ @(target):= _semanage.so
+ ------------------------------------------------*/
+#define SWIG_init init_semanage
+
+#define SWIG_name "_semanage"
+
+#define SWIGVERSION 0x010333
+#define SWIG_VERSION SWIGVERSION
+
+
+#define SWIG_as_voidptr(a) (void *)((const void *)(a))
+#define SWIG_as_voidptrptr(a) ((void)SWIG_as_voidptr(*a),(void**)(a))
+
+
+ #include <stdlib.h>
+ #include <semanage/semanage.h>
+
+ #define STATUS_SUCCESS 0
+ #define STATUS_ERR -1
+
+
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
+SWIGINTERN swig_type_info*
+SWIG_pchar_descriptor(void)
+{
+ static int init = 0;
+ static swig_type_info* info = 0;
+ if (!init) {
+ info = SWIG_TypeQuery("_p_char");
+ init = 1;
+ }
+ return info;
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtrAndSize(const char* carray, size_t size)
+{
+ if (carray) {
+ if (size > INT_MAX) {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ return pchar_descriptor ?
+ SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void();
+ } else {
+ return PyString_FromStringAndSize(carray, (int)(size));
+ }
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtr(const char *cptr)
+{
+ return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
+}
+
+
+SWIGINTERN int
+SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
+{
+ if (PyString_Check(obj)) {
+ char *cstr; Py_ssize_t len;
+ PyString_AsStringAndSize(obj, &cstr, &len);
+ if (cptr) {
+ if (alloc) {
+ /*
+ In python the user should not be able to modify the inner
+ string representation. To warranty that, if you define
+ SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string
+ buffer is always returned.
+
+ The default behavior is just to return the pointer value,
+ so, be careful.
+ */
+#if defined(SWIG_PYTHON_SAFE_CSTRINGS)
+ if (*alloc != SWIG_OLDOBJ)
+#else
+ if (*alloc == SWIG_NEWOBJ)
+#endif
+ {
+ *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
+ *alloc = SWIG_NEWOBJ;
+ }
+ else {
+ *cptr = cstr;
+ *alloc = SWIG_OLDOBJ;
+ }
+ } else {
+ *cptr = PyString_AsString(obj);
+ }
+ }
+ if (psize) *psize = len + 1;
+ return SWIG_OK;
+ } else {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ if (pchar_descriptor) {
+ void* vptr = 0;
+ if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) {
+ if (cptr) *cptr = (char *) vptr;
+ if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
+ if (alloc) *alloc = SWIG_OLDOBJ;
+ return SWIG_OK;
+ }
+ }
+ }
+ return SWIG_TypeError;
+}
+
+
+
+
+
+#include <limits.h>
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
+#endif
+
+
+SWIGINTERN int
+SWIG_AsVal_double (PyObject *obj, double *val)
+{
+ int res = SWIG_TypeError;
+ if (PyFloat_Check(obj)) {
+ if (val) *val = PyFloat_AsDouble(obj);
+ return SWIG_OK;
+ } else if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ double v = PyLong_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ double d = PyFloat_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = d;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_AddCast(SWIG_OK));
+ } else {
+ PyErr_Clear();
+ }
+ }
+ }
+#endif
+ return res;
+}
+
+
+#include <float.h>
+
+
+#include <math.h>
+
+
+SWIGINTERNINLINE int
+SWIG_CanCastAsInteger(double *d, double min, double max) {
+ double x = *d;
+ if ((min <= x && x <= max)) {
+ double fx = floor(x);
+ double cx = ceil(x);
+ double rd = ((x - fx) < 0.5) ? fx : cx; /* simple rint */
+ if ((errno == EDOM) || (errno == ERANGE)) {
+ errno = 0;
+ } else {
+ double summ, reps, diff;
+ if (rd < x) {
+ diff = x - rd;
+ } else if (rd > x) {
+ diff = rd - x;
+ } else {
+ return 1;
+ }
+ summ = rd + x;
+ reps = diff/summ;
+ if (reps < 8*DBL_EPSILON) {
+ *d = rd;
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_long (PyObject *obj, long* val)
+{
+ if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ long v = PyInt_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) {
+ if (val) *val = (long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_int (PyObject * obj, int *val)
+{
+ long v;
+ int res = SWIG_AsVal_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v < INT_MIN || v > INT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (int)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
+{
+ if (PyInt_Check(obj)) {
+ long v = PyInt_AsLong(obj);
+ if (v >= 0) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ return SWIG_OverflowError;
+ }
+ } else if (PyLong_Check(obj)) {
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) {
+ if (val) *val = (unsigned long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERNINLINE int
+SWIG_AsVal_size_t (PyObject * obj, size_t *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, val ? &v : 0);
+ if (SWIG_IsOK(res) && val) *val = (size_t)(v);
+ return res;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v > UINT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (unsigned int)(v);
+ }
+ }
+ return res;
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+ /* There are two ways to call this function:
+ * One is with a valid swig_type and destructor.
+ * Two is with a NULL swig_type and NULL destructor.
+ *
+ * In the first mode, the function converts
+ * an array of *cloned* objects [of the given pointer swig type]
+ * into a PyList, and destroys the array in the process
+ * (the objects pointers are preserved).
+ *
+ * In the second mode, the function converts
+ * an array of *constant* strings into a PyList, and destroys
+ * the array in the process
+ * (the strings are copied, originals not freed). */
+
+ static int semanage_array2plist(
+ semanage_handle_t* handle,
+ void** arr,
+ unsigned int asize,
+ swig_type_info* swig_type,
+ void (*destructor) (void*),
+ PyObject** result) {
+
+ PyObject* plist = PyList_New(0);
+ unsigned int i;
+
+ if (!plist)
+ goto err;
+
+ for (i = 0; i < asize; i++) {
+
+ PyObject* obj = NULL;
+
+ /* NULL indicates string conversion,
+ * otherwise create an opaque pointer */
+ if (!swig_type)
+ obj = SWIG_FromCharPtr(arr[i]);
+ else
+ obj = SWIG_NewPointerObj(arr[i], swig_type, 0);
+
+ if (!obj)
+ goto err;
+
+ if (PyList_Append(plist, obj) < 0)
+ goto err;
+ }
+
+ free(arr);
+
+ *result = plist;
+ return STATUS_SUCCESS;
+
+ err:
+ for (i = 0; i < asize; i++)
+ if (destructor)
+ destructor(arr[i]);
+ free(arr);
+ return STATUS_ERR;
+ }
+
+SWIGINTERN PyObject *_wrap_semanage_msg_get_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_msg_get_level",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_msg_get_level" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_msg_get_level(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_msg_get_channel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_msg_get_channel",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_msg_get_channel" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (char *)semanage_msg_get_channel(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_msg_get_fname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_msg_get_fname",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_msg_get_fname" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (char *)semanage_msg_get_fname(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_msg_set_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ void (*arg2)(void *,semanage_handle_t *,char const *,...) = (void (*)(void *,semanage_handle_t *,char const *,...)) 0 ;
+ void *arg3 = (void *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_msg_set_callback",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_msg_set_callback" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_msg_set_callback" "', argument " "2"" of type '" "void (*)(void *,semanage_handle_t *,char const *,...)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_msg_set_callback" "', argument " "3"" of type '" "void *""'");
+ }
+ semanage_msg_set_callback(arg1,arg2,arg3);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_handle_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":semanage_handle_create")) SWIG_fail;
+ result = (semanage_handle_t *)semanage_handle_create();
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_handle, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_handle_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_handle_destroy",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_handle_destroy" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ semanage_handle_destroy(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_select_store(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ enum semanage_connect_type arg3 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_select_store",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_select_store" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_select_store" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_select_store" "', argument " "3"" of type '" "enum semanage_connect_type""'");
+ }
+ arg3 = (enum semanage_connect_type)(val3);
+ semanage_select_store(arg1,arg2,arg3);
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_reload_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_reload_policy",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_reload_policy" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_reload_policy(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_set_reload(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_set_reload",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_set_reload" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_set_reload" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_set_reload(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_set_rebuild(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_set_rebuild",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_set_rebuild" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_set_rebuild" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_set_rebuild(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_set_create_store(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_set_create_store",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_set_create_store" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_set_create_store" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_set_create_store(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_set_disable_dontaudit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_set_disable_dontaudit",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_set_disable_dontaudit" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_set_disable_dontaudit" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_set_disable_dontaudit(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_is_managed(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_is_managed",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_is_managed" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_is_managed(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_connect(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_connect",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_connect" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_connect(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_disconnect(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_disconnect",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_disconnect" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_disconnect(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_begin_transaction(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_begin_transaction",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_begin_transaction" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_begin_transaction(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_commit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_commit",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_commit" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_commit(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_access_check(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_access_check",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_access_check" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_access_check(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_is_connected(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_is_connected",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_is_connected" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_is_connected(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_install(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ size_t arg3 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ size_t val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_module_install",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_install" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_install" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ ecode3 = SWIG_AsVal_size_t(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_module_install" "', argument " "3"" of type '" "size_t""'");
+ }
+ arg3 = (size_t)(val3);
+ result = (int)semanage_module_install(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_upgrade(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ size_t arg3 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ size_t val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_module_upgrade",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_upgrade" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_upgrade" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ ecode3 = SWIG_AsVal_size_t(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_module_upgrade" "', argument " "3"" of type '" "size_t""'");
+ }
+ arg3 = (size_t)(val3);
+ result = (int)semanage_module_upgrade(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_install_base(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ size_t arg3 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ size_t val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_module_install_base",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_install_base" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_install_base" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ ecode3 = SWIG_AsVal_size_t(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_module_install_base" "', argument " "3"" of type '" "size_t""'");
+ }
+ arg3 = (size_t)(val3);
+ result = (int)semanage_module_install_base(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_remove(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_module_remove",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_remove" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_module_remove" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_module_remove(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_module_info_t **arg2 = (semanage_module_info_t **) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_module_info_t *temp2 = NULL ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_module_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_module_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_module_info, 0));
+ }
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_info_datum_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_module_info_t *arg1 = (semanage_module_info_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_module_info_datum_destroy",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_info_datum_destroy" "', argument " "1"" of type '" "semanage_module_info_t *""'");
+ }
+ arg1 = (semanage_module_info_t *)(argp1);
+ semanage_module_info_datum_destroy(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_list_nth(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_module_info_t *arg1 = (semanage_module_info_t *) 0 ;
+ int arg2 ;
+ semanage_module_info_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_module_list_nth",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_list_nth" "', argument " "1"" of type '" "semanage_module_info_t *""'");
+ }
+ arg1 = (semanage_module_info_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_module_list_nth" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ result = (semanage_module_info_t *)semanage_module_list_nth(arg1,arg2);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_get_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_module_info_t *arg1 = (semanage_module_info_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_module_get_name",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_get_name" "', argument " "1"" of type '" "semanage_module_info_t *""'");
+ }
+ arg1 = (semanage_module_info_t *)(argp1);
+ result = (char *)semanage_module_get_name(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_module_get_version(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_module_info_t *arg1 = (semanage_module_info_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_module_get_version",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_module_info, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_module_get_version" "', argument " "1"" of type '" "semanage_module_info_t *""'");
+ }
+ arg1 = (semanage_module_info_t *)(argp1);
+ result = (char *)semanage_module_get_version(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_get_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_context_t *arg1 = (semanage_context_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_get_user",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_get_user" "', argument " "1"" of type '" "semanage_context_t const *""'");
+ }
+ arg1 = (semanage_context_t *)(argp1);
+ result = (char *)semanage_context_get_user((struct semanage_context const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_set_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_context_set_user",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_set_user" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_set_user" "', argument " "2"" of type '" "semanage_context_t *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_context_set_user" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_context_set_user(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_get_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_context_t *arg1 = (semanage_context_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_get_role",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_get_role" "', argument " "1"" of type '" "semanage_context_t const *""'");
+ }
+ arg1 = (semanage_context_t *)(argp1);
+ result = (char *)semanage_context_get_role((struct semanage_context const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_set_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_context_set_role",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_set_role" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_set_role" "', argument " "2"" of type '" "semanage_context_t *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_context_set_role" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_context_set_role(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_get_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_context_t *arg1 = (semanage_context_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_get_type",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_get_type" "', argument " "1"" of type '" "semanage_context_t const *""'");
+ }
+ arg1 = (semanage_context_t *)(argp1);
+ result = (char *)semanage_context_get_type((struct semanage_context const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_set_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_context_set_type",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_set_type" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_set_type" "', argument " "2"" of type '" "semanage_context_t *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_context_set_type" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_context_set_type(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_get_mls(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_context_t *arg1 = (semanage_context_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_get_mls",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_get_mls" "', argument " "1"" of type '" "semanage_context_t const *""'");
+ }
+ arg1 = (semanage_context_t *)(argp1);
+ result = (char *)semanage_context_get_mls((struct semanage_context const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_set_mls(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_context_set_mls",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_set_mls" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_set_mls" "', argument " "2"" of type '" "semanage_context_t *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_context_set_mls" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_context_set_mls(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t **arg2 = (semanage_context_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_context_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_context_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_context, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ semanage_context_t **arg3 = (semanage_context_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_context_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_context_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_clone" "', argument " "2"" of type '" "semanage_context_t const *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ result = (int)semanage_context_clone(arg1,(struct semanage_context const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_context, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_context_t *arg1 = (semanage_context_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_context_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_free" "', argument " "1"" of type '" "semanage_context_t *""'");
+ }
+ arg1 = (semanage_context_t *)(argp1);
+ semanage_context_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_from_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ semanage_context_t **arg3 = (semanage_context_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ semanage_context_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_context_from_string",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_from_string" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_from_string" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_context_from_string(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_context, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_context_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_context_t *arg2 = (semanage_context_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_context_to_string",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_context_to_string" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_context_to_string" "', argument " "2"" of type '" "semanage_context_t const *""'");
+ }
+ arg2 = (semanage_context_t *)(argp2);
+ result = (int)semanage_context_to_string(arg1,(struct semanage_context const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ semanage_bool_key_t **arg3 = (semanage_bool_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ semanage_bool_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_key_create",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_bool_key_create(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t *arg2 = (semanage_bool_t *) 0 ;
+ semanage_bool_key_t **arg3 = (semanage_bool_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_bool_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_key_extract" "', argument " "2"" of type '" "semanage_bool_t const *""'");
+ }
+ arg2 = (semanage_bool_t *)(argp2);
+ result = (int)semanage_bool_key_extract(arg1,(struct semanage_bool const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_key_t *arg1 = (semanage_bool_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_key_free" "', argument " "1"" of type '" "semanage_bool_key_t *""'");
+ }
+ arg1 = (semanage_bool_key_t *)(argp1);
+ semanage_bool_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_compare" "', argument " "1"" of type '" "semanage_bool_t const *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_compare" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_compare((struct semanage_bool const *)arg1,(struct semanage_bool_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ semanage_bool_t *arg2 = (semanage_bool_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_compare2" "', argument " "1"" of type '" "semanage_bool_t const *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_compare2" "', argument " "2"" of type '" "semanage_bool_t const *""'");
+ }
+ arg2 = (semanage_bool_t *)(argp2);
+ result = (int)semanage_bool_compare2((struct semanage_bool const *)arg1,(struct semanage_bool const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_get_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_get_name",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_get_name" "', argument " "1"" of type '" "semanage_bool_t const *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ result = (char *)semanage_bool_get_name((struct semanage_bool const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_set_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t *arg2 = (semanage_bool_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_set_name",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_set_name" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_set_name" "', argument " "2"" of type '" "semanage_bool_t *""'");
+ }
+ arg2 = (semanage_bool_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_set_name" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_bool_set_name(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_get_value(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_get_value",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_get_value" "', argument " "1"" of type '" "semanage_bool_t const *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ result = (int)semanage_bool_get_value((struct semanage_bool const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_set_value(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_set_value",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_set_value" "', argument " "1"" of type '" "semanage_bool_t *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_bool_set_value" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_bool_set_value(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t **arg2 = (semanage_bool_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_bool_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_bool, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t *arg2 = (semanage_bool_t *) 0 ;
+ semanage_bool_t **arg3 = (semanage_bool_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_bool_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_clone" "', argument " "2"" of type '" "semanage_bool_t const *""'");
+ }
+ arg2 = (semanage_bool_t *)(argp2);
+ result = (int)semanage_bool_clone(arg1,(struct semanage_bool const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_bool_t *arg1 = (semanage_bool_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_free" "', argument " "1"" of type '" "semanage_bool_t *""'");
+ }
+ arg1 = (semanage_bool_t *)(argp1);
+ semanage_bool_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ semanage_bool_t **arg3 = (semanage_bool_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_bool_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_query" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_query(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_exists" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_exists(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_bool_t const *,void *) = (int (*)(semanage_bool_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_bool_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_bool_iterate" "', argument " "2"" of type '" "int (*)(semanage_bool_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_bool_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t ***arg2 = (semanage_bool_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_bool_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_bool,
+ (void (*) (void*)) &semanage_bool_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ semanage_bool_t *arg3 = (semanage_bool_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_modify_local" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_modify_local" "', argument " "3"" of type '" "semanage_bool_t const *""'");
+ }
+ arg3 = (semanage_bool_t *)(argp3);
+ result = (int)semanage_bool_modify_local(arg1,(struct semanage_bool_key const *)arg2,(struct semanage_bool const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_del_local" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_del_local(arg1,(struct semanage_bool_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ semanage_bool_t **arg3 = (semanage_bool_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_bool_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_query_local" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_query_local(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_exists_local" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_exists_local(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_bool_t const *,void *) = (int (*)(semanage_bool_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_bool_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_bool_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_bool_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_bool_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t ***arg2 = (semanage_bool_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_bool_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_bool,
+ (void (*) (void*)) &semanage_bool_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_set_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ semanage_bool_t *arg3 = (semanage_bool_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_set_active",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_set_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_set_active" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_bool, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_set_active" "', argument " "3"" of type '" "semanage_bool_t const *""'");
+ }
+ arg3 = (semanage_bool_t *)(argp3);
+ result = (int)semanage_bool_set_active(arg1,(struct semanage_bool_key const *)arg2,(struct semanage_bool const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_query_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ semanage_bool_t **arg3 = (semanage_bool_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_bool_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_query_active",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_query_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_query_active" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_query_active(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_bool, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_exists_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_key_t *arg2 = (semanage_bool_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_bool_exists_active",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_exists_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_bool_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_bool_exists_active" "', argument " "2"" of type '" "semanage_bool_key_t const *""'");
+ }
+ arg2 = (semanage_bool_key_t *)(argp2);
+ result = (int)semanage_bool_exists_active(arg1,(struct semanage_bool_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_count_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_count_active",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_count_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_count_active(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_iterate_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_bool_t const *,void *) = (int (*)(semanage_bool_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_bool_iterate_active",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_iterate_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_bool_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_bool_iterate_active" "', argument " "2"" of type '" "int (*)(semanage_bool_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_bool_iterate_active" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_bool_iterate_active(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_bool_list_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_bool_t ***arg2 = (semanage_bool_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_bool_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_bool_list_active",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_bool_list_active" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_bool_list_active(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_bool,
+ (void (*) (void*)) &semanage_bool_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_compare" "', argument " "1"" of type '" "semanage_iface_t const *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_compare" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_compare((struct semanage_iface const *)arg1,(struct semanage_iface_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_compare2" "', argument " "1"" of type '" "semanage_iface_t const *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_compare2" "', argument " "2"" of type '" "semanage_iface_t const *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ result = (int)semanage_iface_compare2((struct semanage_iface const *)arg1,(struct semanage_iface const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ semanage_iface_key_t **arg3 = (semanage_iface_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ semanage_iface_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_key_create",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_iface_key_create(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_iface_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ semanage_iface_key_t **arg3 = (semanage_iface_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_iface_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_key_extract" "', argument " "2"" of type '" "semanage_iface_t const *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ result = (int)semanage_iface_key_extract(arg1,(struct semanage_iface const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_iface_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_key_t *arg1 = (semanage_iface_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_key_free" "', argument " "1"" of type '" "semanage_iface_key_t *""'");
+ }
+ arg1 = (semanage_iface_key_t *)(argp1);
+ semanage_iface_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_get_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_get_name",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_get_name" "', argument " "1"" of type '" "semanage_iface_t const *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ result = (char *)semanage_iface_get_name((struct semanage_iface const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_set_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_set_name",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_set_name" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_set_name" "', argument " "2"" of type '" "semanage_iface_t *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_set_name" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_iface_set_name(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_get_ifcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ semanage_context_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_get_ifcon",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_get_ifcon" "', argument " "1"" of type '" "semanage_iface_t const *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ result = (semanage_context_t *)semanage_iface_get_ifcon((struct semanage_iface const *)arg1);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_context, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_set_ifcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ semanage_context_t *arg3 = (semanage_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_set_ifcon",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_set_ifcon" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_set_ifcon" "', argument " "2"" of type '" "semanage_iface_t *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_set_ifcon" "', argument " "3"" of type '" "semanage_context_t *""'");
+ }
+ arg3 = (semanage_context_t *)(argp3);
+ result = (int)semanage_iface_set_ifcon(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_get_msgcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ semanage_context_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_get_msgcon",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_get_msgcon" "', argument " "1"" of type '" "semanage_iface_t const *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ result = (semanage_context_t *)semanage_iface_get_msgcon((struct semanage_iface const *)arg1);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_context, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_set_msgcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ semanage_context_t *arg3 = (semanage_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_set_msgcon",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_set_msgcon" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_set_msgcon" "', argument " "2"" of type '" "semanage_iface_t *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_set_msgcon" "', argument " "3"" of type '" "semanage_context_t *""'");
+ }
+ arg3 = (semanage_context_t *)(argp3);
+ result = (int)semanage_iface_set_msgcon(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t **arg2 = (semanage_iface_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_iface_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_iface_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_iface, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t *arg2 = (semanage_iface_t *) 0 ;
+ semanage_iface_t **arg3 = (semanage_iface_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_iface_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_clone" "', argument " "2"" of type '" "semanage_iface_t const *""'");
+ }
+ arg2 = (semanage_iface_t *)(argp2);
+ result = (int)semanage_iface_clone(arg1,(struct semanage_iface const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_iface, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_iface_t *arg1 = (semanage_iface_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_free" "', argument " "1"" of type '" "semanage_iface_t *""'");
+ }
+ arg1 = (semanage_iface_t *)(argp1);
+ semanage_iface_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ semanage_iface_t *arg3 = (semanage_iface_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_modify_local" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_iface, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_modify_local" "', argument " "3"" of type '" "semanage_iface_t const *""'");
+ }
+ arg3 = (semanage_iface_t *)(argp3);
+ result = (int)semanage_iface_modify_local(arg1,(struct semanage_iface_key const *)arg2,(struct semanage_iface const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_del_local" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_del_local(arg1,(struct semanage_iface_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ semanage_iface_t **arg3 = (semanage_iface_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_iface_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_query_local" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_query_local(arg1,(struct semanage_iface_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_iface, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_exists_local" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_exists_local(arg1,(struct semanage_iface_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_iface_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_iface_t const *,void *) = (int (*)(semanage_iface_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_iface_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_iface_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_iface_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_iface_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t ***arg2 = (semanage_iface_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_iface_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_iface_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_iface,
+ (void (*) (void*)) &semanage_iface_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ semanage_iface_t **arg3 = (semanage_iface_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_iface_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_query" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_query(arg1,(struct semanage_iface_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_iface, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_key_t *arg2 = (semanage_iface_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_iface_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_iface_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_iface_exists" "', argument " "2"" of type '" "semanage_iface_key_t const *""'");
+ }
+ arg2 = (semanage_iface_key_t *)(argp2);
+ result = (int)semanage_iface_exists(arg1,(struct semanage_iface_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_iface_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_iface_t const *,void *) = (int (*)(semanage_iface_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_iface_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_iface_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_iface_iterate" "', argument " "2"" of type '" "int (*)(semanage_iface_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_iface_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_iface_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_iface_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_iface_t ***arg2 = (semanage_iface_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_iface_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_iface_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_iface_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_iface_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_iface,
+ (void (*) (void*)) &semanage_iface_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ semanage_user_key_t **arg3 = (semanage_user_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ semanage_user_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_key_create",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_user_key_create(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_user_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ semanage_user_key_t **arg3 = (semanage_user_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_user_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_key_extract" "', argument " "2"" of type '" "semanage_user_t const *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ result = (int)semanage_user_key_extract(arg1,(struct semanage_user const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_user_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_key_t *arg1 = (semanage_user_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_key_free" "', argument " "1"" of type '" "semanage_user_key_t *""'");
+ }
+ arg1 = (semanage_user_key_t *)(argp1);
+ semanage_user_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_compare" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_compare" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_compare((struct semanage_user const *)arg1,(struct semanage_user_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_compare2" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_compare2" "', argument " "2"" of type '" "semanage_user_t const *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ result = (int)semanage_user_compare2((struct semanage_user const *)arg1,(struct semanage_user const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_get_name",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_name" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ result = (char *)semanage_user_get_name((struct semanage_user const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_set_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_set_name",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_set_name" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_set_name" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_set_name" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_user_set_name(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_get_prefix",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_prefix" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ result = (char *)semanage_user_get_prefix((struct semanage_user const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_set_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_set_prefix",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_set_prefix" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_set_prefix" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_set_prefix" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_user_set_prefix(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_mlslevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_get_mlslevel",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_mlslevel" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ result = (char *)semanage_user_get_mlslevel((struct semanage_user const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_set_mlslevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_set_mlslevel",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_set_mlslevel" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_set_mlslevel" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_set_mlslevel" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_user_set_mlslevel(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_mlsrange(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_get_mlsrange",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_mlsrange" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ result = (char *)semanage_user_get_mlsrange((struct semanage_user const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_set_mlsrange(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_set_mlsrange",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_set_mlsrange" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_set_mlsrange" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_set_mlsrange" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_user_set_mlsrange(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_num_roles(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_get_num_roles",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_num_roles" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ result = (int)semanage_user_get_num_roles((struct semanage_user const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_add_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_add_role",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_add_role" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_add_role" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_add_role" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_user_add_role(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_del_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_del_role",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_del_role" "', argument " "1"" of type '" "semanage_user_t *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_del_role" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ semanage_user_del_role(arg1,(char const *)arg2);
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_has_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_has_role",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_has_role" "', argument " "1"" of type '" "semanage_user_t const *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_has_role" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_user_has_role((struct semanage_user const *)arg1,(char const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_get_roles(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char ***arg3 = (char ***) 0 ;
+ unsigned int *arg4 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char **temp3 = NULL ;
+ unsigned int temp4 ;
+ int res4 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_get_roles",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_get_roles" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_get_roles" "', argument " "2"" of type '" "semanage_user_t const *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ result = (int)semanage_user_get_roles(arg1,(struct semanage_user const *)arg2,(char const ***)arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg3, *arg4,
+ NULL, NULL, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_set_roles(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ unsigned int arg4 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_set_roles",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_set_roles" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_set_roles" "', argument " "2"" of type '" "semanage_user_t *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj2, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "semanage_user_set_roles" "', argument " "4"" of type '" "unsigned int""'");
+ }
+ arg4 = (unsigned int)(val4);
+ result = (int)semanage_user_set_roles(arg1,arg2,(char const **)arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t **arg2 = (semanage_user_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_user_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_user_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_user, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t *arg2 = (semanage_user_t *) 0 ;
+ semanage_user_t **arg3 = (semanage_user_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_user_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_clone" "', argument " "2"" of type '" "semanage_user_t const *""'");
+ }
+ arg2 = (semanage_user_t *)(argp2);
+ result = (int)semanage_user_clone(arg1,(struct semanage_user const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_user, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_user_t *arg1 = (semanage_user_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_free" "', argument " "1"" of type '" "semanage_user_t *""'");
+ }
+ arg1 = (semanage_user_t *)(argp1);
+ semanage_user_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ semanage_user_t *arg3 = (semanage_user_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_modify_local" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_user, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_modify_local" "', argument " "3"" of type '" "semanage_user_t const *""'");
+ }
+ arg3 = (semanage_user_t *)(argp3);
+ result = (int)semanage_user_modify_local(arg1,(struct semanage_user_key const *)arg2,(struct semanage_user const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_del_local" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_del_local(arg1,(struct semanage_user_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ semanage_user_t **arg3 = (semanage_user_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_user_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_query_local" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_query_local(arg1,(struct semanage_user_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_user, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_exists_local" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_exists_local(arg1,(struct semanage_user_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_user_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_user_t const *,void *) = (int (*)(semanage_user_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_user_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_user_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_user_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_user_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t ***arg2 = (semanage_user_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_user_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_user_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_user,
+ (void (*) (void*)) &semanage_user_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ semanage_user_t **arg3 = (semanage_user_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_user_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_query" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_query(arg1,(struct semanage_user_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_user, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_key_t *arg2 = (semanage_user_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_user_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_user_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_user_exists" "', argument " "2"" of type '" "semanage_user_key_t const *""'");
+ }
+ arg2 = (semanage_user_key_t *)(argp2);
+ result = (int)semanage_user_exists(arg1,(struct semanage_user_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_user_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_user_t const *,void *) = (int (*)(semanage_user_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_user_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_user_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_user_iterate" "', argument " "2"" of type '" "int (*)(semanage_user_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_user_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_user_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_user_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_user_t ***arg2 = (semanage_user_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_user_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_user_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_user_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_user_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_user,
+ (void (*) (void*)) &semanage_user_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_compare" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_compare" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_compare((struct semanage_port const *)arg1,(struct semanage_port_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ semanage_port_t *arg2 = (semanage_port_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_compare2" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_compare2" "', argument " "2"" of type '" "semanage_port_t const *""'");
+ }
+ arg2 = (semanage_port_t *)(argp2);
+ result = (int)semanage_port_compare2((struct semanage_port const *)arg1,(struct semanage_port const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int arg2 ;
+ int arg3 ;
+ int arg4 ;
+ semanage_port_key_t **arg5 = (semanage_port_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ int val4 ;
+ int ecode4 = 0 ;
+ semanage_port_key_t *temp5 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ {
+ arg5 = &temp5;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_port_key_create",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_port_key_create" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_port_key_create" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ ecode4 = SWIG_AsVal_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "semanage_port_key_create" "', argument " "4"" of type '" "int""'");
+ }
+ arg4 = (int)(val4);
+ result = (int)semanage_port_key_create(arg1,arg2,arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg5, SWIGTYPE_p_semanage_port_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t *arg2 = (semanage_port_t *) 0 ;
+ semanage_port_key_t **arg3 = (semanage_port_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_port_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_key_extract" "', argument " "2"" of type '" "semanage_port_t const *""'");
+ }
+ arg2 = (semanage_port_t *)(argp2);
+ result = (int)semanage_port_key_extract(arg1,(struct semanage_port const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_port_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_key_t *arg1 = (semanage_port_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_key_free" "', argument " "1"" of type '" "semanage_port_key_t *""'");
+ }
+ arg1 = (semanage_port_key_t *)(argp1);
+ semanage_port_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_get_proto(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_get_proto",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_get_proto" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ result = (int)semanage_port_get_proto((struct semanage_port const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_set_proto(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_set_proto",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_set_proto" "', argument " "1"" of type '" "semanage_port_t *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_port_set_proto" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_port_set_proto(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_get_proto_str(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ char *result = 0 ;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_get_proto_str",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "semanage_port_get_proto_str" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (char *)semanage_port_get_proto_str(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_get_low(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_get_low",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_get_low" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ result = (int)semanage_port_get_low((struct semanage_port const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_get_high(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_get_high",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_get_high" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ result = (int)semanage_port_get_high((struct semanage_port const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_set_port(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_set_port",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_set_port" "', argument " "1"" of type '" "semanage_port_t *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_port_set_port" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_port_set_port(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_set_range(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ int arg2 ;
+ int arg3 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_port_set_range",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_set_range" "', argument " "1"" of type '" "semanage_port_t *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_port_set_range" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_port_set_range" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ semanage_port_set_range(arg1,arg2,arg3);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_get_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ semanage_context_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_get_con",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_get_con" "', argument " "1"" of type '" "semanage_port_t const *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ result = (semanage_context_t *)semanage_port_get_con((struct semanage_port const *)arg1);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_context, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_set_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t *arg2 = (semanage_port_t *) 0 ;
+ semanage_context_t *arg3 = (semanage_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_port_set_con",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_set_con" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_set_con" "', argument " "2"" of type '" "semanage_port_t *""'");
+ }
+ arg2 = (semanage_port_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_port_set_con" "', argument " "3"" of type '" "semanage_context_t *""'");
+ }
+ arg3 = (semanage_context_t *)(argp3);
+ result = (int)semanage_port_set_con(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t **arg2 = (semanage_port_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_port_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_port_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_port, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t *arg2 = (semanage_port_t *) 0 ;
+ semanage_port_t **arg3 = (semanage_port_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_port_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_clone" "', argument " "2"" of type '" "semanage_port_t const *""'");
+ }
+ arg2 = (semanage_port_t *)(argp2);
+ result = (int)semanage_port_clone(arg1,(struct semanage_port const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_port, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_port_t *arg1 = (semanage_port_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_free" "', argument " "1"" of type '" "semanage_port_t *""'");
+ }
+ arg1 = (semanage_port_t *)(argp1);
+ semanage_port_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ semanage_port_t *arg3 = (semanage_port_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_port_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_modify_local" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_port, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_port_modify_local" "', argument " "3"" of type '" "semanage_port_t const *""'");
+ }
+ arg3 = (semanage_port_t *)(argp3);
+ result = (int)semanage_port_modify_local(arg1,(struct semanage_port_key const *)arg2,(struct semanage_port const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_del_local" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_del_local(arg1,(struct semanage_port_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ semanage_port_t **arg3 = (semanage_port_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_port_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_query_local" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_query_local(arg1,(struct semanage_port_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_port, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_exists_local" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_exists_local(arg1,(struct semanage_port_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_port_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_port_t const *,void *) = (int (*)(semanage_port_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_port_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_port_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_port_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_port_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_port_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_port_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t ***arg2 = (semanage_port_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_port_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_port_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_port,
+ (void (*) (void*)) &semanage_port_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ semanage_port_t **arg3 = (semanage_port_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_port_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_query" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_query(arg1,(struct semanage_port_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_port, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_key_t *arg2 = (semanage_port_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_port_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_port_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_port_exists" "', argument " "2"" of type '" "semanage_port_key_t const *""'");
+ }
+ arg2 = (semanage_port_key_t *)(argp2);
+ result = (int)semanage_port_exists(arg1,(struct semanage_port_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_port_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_port_t const *,void *) = (int (*)(semanage_port_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_port_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_port_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_port_iterate" "', argument " "2"" of type '" "int (*)(semanage_port_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_port_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_port_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_port_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_port_t ***arg2 = (semanage_port_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_port_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_port_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_port_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_port_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_port,
+ (void (*) (void*)) &semanage_port_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_compare" "', argument " "1"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_compare" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_compare((struct semanage_fcontext const *)arg1,(struct semanage_fcontext_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ semanage_fcontext_t *arg2 = (semanage_fcontext_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_compare2" "', argument " "1"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_compare2" "', argument " "2"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg2 = (semanage_fcontext_t *)(argp2);
+ result = (int)semanage_fcontext_compare2((struct semanage_fcontext const *)arg1,(struct semanage_fcontext const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int arg3 ;
+ semanage_fcontext_key_t **arg4 = (semanage_fcontext_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ semanage_fcontext_key_t *temp4 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_key_create",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_fcontext_key_create" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ result = (int)semanage_fcontext_key_create(arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg4, SWIGTYPE_p_semanage_fcontext_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t *arg2 = (semanage_fcontext_t *) 0 ;
+ semanage_fcontext_key_t **arg3 = (semanage_fcontext_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_fcontext_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_key_extract" "', argument " "2"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg2 = (semanage_fcontext_t *)(argp2);
+ result = (int)semanage_fcontext_key_extract(arg1,(struct semanage_fcontext const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_fcontext_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_key_t *arg1 = (semanage_fcontext_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_key_free" "', argument " "1"" of type '" "semanage_fcontext_key_t *""'");
+ }
+ arg1 = (semanage_fcontext_key_t *)(argp1);
+ semanage_fcontext_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_get_expr(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_get_expr",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_get_expr" "', argument " "1"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ result = (char *)semanage_fcontext_get_expr((struct semanage_fcontext const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_set_expr(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t *arg2 = (semanage_fcontext_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_set_expr",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_set_expr" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_set_expr" "', argument " "2"" of type '" "semanage_fcontext_t *""'");
+ }
+ arg2 = (semanage_fcontext_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_fcontext_set_expr" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_fcontext_set_expr(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_get_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_get_type",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_get_type" "', argument " "1"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ result = (int)semanage_fcontext_get_type((struct semanage_fcontext const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_get_type_str(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ char *result = 0 ;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_get_type_str",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "semanage_fcontext_get_type_str" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (char *)semanage_fcontext_get_type_str(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_set_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_set_type",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_set_type" "', argument " "1"" of type '" "semanage_fcontext_t *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_fcontext_set_type" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_fcontext_set_type(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_get_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ semanage_context_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_get_con",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_get_con" "', argument " "1"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ result = (semanage_context_t *)semanage_fcontext_get_con((struct semanage_fcontext const *)arg1);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_context, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_set_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t *arg2 = (semanage_fcontext_t *) 0 ;
+ semanage_context_t *arg3 = (semanage_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_set_con",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_set_con" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_set_con" "', argument " "2"" of type '" "semanage_fcontext_t *""'");
+ }
+ arg2 = (semanage_fcontext_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_fcontext_set_con" "', argument " "3"" of type '" "semanage_context_t *""'");
+ }
+ arg3 = (semanage_context_t *)(argp3);
+ result = (int)semanage_fcontext_set_con(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t **arg2 = (semanage_fcontext_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_fcontext_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_fcontext_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_fcontext, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t *arg2 = (semanage_fcontext_t *) 0 ;
+ semanage_fcontext_t **arg3 = (semanage_fcontext_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_fcontext_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_clone" "', argument " "2"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg2 = (semanage_fcontext_t *)(argp2);
+ result = (int)semanage_fcontext_clone(arg1,(struct semanage_fcontext const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_fcontext, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_fcontext_t *arg1 = (semanage_fcontext_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_free" "', argument " "1"" of type '" "semanage_fcontext_t *""'");
+ }
+ arg1 = (semanage_fcontext_t *)(argp1);
+ semanage_fcontext_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ semanage_fcontext_t *arg3 = (semanage_fcontext_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_modify_local" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_fcontext, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_fcontext_modify_local" "', argument " "3"" of type '" "semanage_fcontext_t const *""'");
+ }
+ arg3 = (semanage_fcontext_t *)(argp3);
+ result = (int)semanage_fcontext_modify_local(arg1,(struct semanage_fcontext_key const *)arg2,(struct semanage_fcontext const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_del_local" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_del_local(arg1,(struct semanage_fcontext_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ semanage_fcontext_t **arg3 = (semanage_fcontext_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_fcontext_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_query_local" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_query_local(arg1,(struct semanage_fcontext_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_fcontext, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_exists_local" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_exists_local(arg1,(struct semanage_fcontext_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_fcontext_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_fcontext_t const *,void *) = (int (*)(semanage_fcontext_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_fcontext_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_fcontext_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_fcontext_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_fcontext_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_fcontext_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t ***arg2 = (semanage_fcontext_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_fcontext_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_fcontext_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_fcontext,
+ (void (*) (void*)) &semanage_fcontext_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ semanage_fcontext_t **arg3 = (semanage_fcontext_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_fcontext_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_query" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_query(arg1,(struct semanage_fcontext_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_fcontext, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_key_t *arg2 = (semanage_fcontext_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_fcontext_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_fcontext_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_fcontext_exists" "', argument " "2"" of type '" "semanage_fcontext_key_t const *""'");
+ }
+ arg2 = (semanage_fcontext_key_t *)(argp2);
+ result = (int)semanage_fcontext_exists(arg1,(struct semanage_fcontext_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_fcontext_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_fcontext_t const *,void *) = (int (*)(semanage_fcontext_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_fcontext_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_fcontext_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_fcontext_iterate" "', argument " "2"" of type '" "int (*)(semanage_fcontext_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_fcontext_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_fcontext_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_fcontext_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_fcontext_t ***arg2 = (semanage_fcontext_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_fcontext_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_fcontext_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_fcontext_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_fcontext_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_fcontext,
+ (void (*) (void*)) &semanage_fcontext_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ semanage_seuser_key_t **arg3 = (semanage_seuser_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ semanage_seuser_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_key_create",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)semanage_seuser_key_create(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_seuser_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ semanage_seuser_key_t **arg3 = (semanage_seuser_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_seuser_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_key_extract" "', argument " "2"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ result = (int)semanage_seuser_key_extract(arg1,(struct semanage_seuser const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_seuser_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_key_t *arg1 = (semanage_seuser_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_key_free" "', argument " "1"" of type '" "semanage_seuser_key_t *""'");
+ }
+ arg1 = (semanage_seuser_key_t *)(argp1);
+ semanage_seuser_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_compare" "', argument " "1"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_compare" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_compare((struct semanage_seuser const *)arg1,(struct semanage_seuser_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_compare2" "', argument " "1"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_compare2" "', argument " "2"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ result = (int)semanage_seuser_compare2((struct semanage_seuser const *)arg1,(struct semanage_seuser const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_get_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_get_name",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_get_name" "', argument " "1"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ result = (char *)semanage_seuser_get_name((struct semanage_seuser const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_set_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_set_name",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_set_name" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_set_name" "', argument " "2"" of type '" "semanage_seuser_t *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_set_name" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_seuser_set_name(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_get_sename(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_get_sename",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_get_sename" "', argument " "1"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ result = (char *)semanage_seuser_get_sename((struct semanage_seuser const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_set_sename(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_set_sename",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_set_sename" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_set_sename" "', argument " "2"" of type '" "semanage_seuser_t *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_set_sename" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_seuser_set_sename(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_get_mlsrange(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_get_mlsrange",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_get_mlsrange" "', argument " "1"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ result = (char *)semanage_seuser_get_mlsrange((struct semanage_seuser const *)arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_set_mlsrange(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_set_mlsrange",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_set_mlsrange" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_set_mlsrange" "', argument " "2"" of type '" "semanage_seuser_t *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_set_mlsrange" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)semanage_seuser_set_mlsrange(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t **arg2 = (semanage_seuser_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_seuser_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_seuser_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_seuser, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t *arg2 = (semanage_seuser_t *) 0 ;
+ semanage_seuser_t **arg3 = (semanage_seuser_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_seuser_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_clone" "', argument " "2"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg2 = (semanage_seuser_t *)(argp2);
+ result = (int)semanage_seuser_clone(arg1,(struct semanage_seuser const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_seuser, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_seuser_t *arg1 = (semanage_seuser_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_free" "', argument " "1"" of type '" "semanage_seuser_t *""'");
+ }
+ arg1 = (semanage_seuser_t *)(argp1);
+ semanage_seuser_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ semanage_seuser_t *arg3 = (semanage_seuser_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_modify_local" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_seuser, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_modify_local" "', argument " "3"" of type '" "semanage_seuser_t const *""'");
+ }
+ arg3 = (semanage_seuser_t *)(argp3);
+ result = (int)semanage_seuser_modify_local(arg1,(struct semanage_seuser_key const *)arg2,(struct semanage_seuser const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_del_local" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_del_local(arg1,(struct semanage_seuser_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ semanage_seuser_t **arg3 = (semanage_seuser_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_seuser_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_query_local" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_query_local(arg1,(struct semanage_seuser_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_seuser, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_exists_local" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_exists_local(arg1,(struct semanage_seuser_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_seuser_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_seuser_t const *,void *) = (int (*)(semanage_seuser_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_seuser_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_seuser_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_seuser_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_seuser_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t ***arg2 = (semanage_seuser_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_seuser_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_seuser_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_seuser,
+ (void (*) (void*)) &semanage_seuser_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ semanage_seuser_t **arg3 = (semanage_seuser_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_seuser_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_query" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_query(arg1,(struct semanage_seuser_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_seuser, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_key_t *arg2 = (semanage_seuser_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_seuser_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_seuser_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_seuser_exists" "', argument " "2"" of type '" "semanage_seuser_key_t const *""'");
+ }
+ arg2 = (semanage_seuser_key_t *)(argp2);
+ result = (int)semanage_seuser_exists(arg1,(struct semanage_seuser_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_seuser_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_seuser_t const *,void *) = (int (*)(semanage_seuser_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_seuser_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_seuser_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_seuser_iterate" "', argument " "2"" of type '" "int (*)(semanage_seuser_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_seuser_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_seuser_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_seuser_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_seuser_t ***arg2 = (semanage_seuser_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_seuser_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_seuser_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_seuser_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_seuser_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_seuser,
+ (void (*) (void*)) &semanage_seuser_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_compare(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_compare",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_compare" "', argument " "1"" of type '" "semanage_node_t const *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_compare" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_compare((struct semanage_node const *)arg1,(struct semanage_node_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_compare2(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_compare2",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_compare2" "', argument " "1"" of type '" "semanage_node_t const *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_compare2" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_compare2((struct semanage_node const *)arg1,(struct semanage_node const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_key_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ char *arg2 = (char *) 0 ;
+ char *arg3 = (char *) 0 ;
+ int arg4 ;
+ semanage_node_key_t **arg5 = (semanage_node_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ int val4 ;
+ int ecode4 = 0 ;
+ semanage_node_key_t *temp5 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ {
+ arg5 = &temp5;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_node_key_create",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_key_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_key_create" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_key_create" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ ecode4 = SWIG_AsVal_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "semanage_node_key_create" "', argument " "4"" of type '" "int""'");
+ }
+ arg4 = (int)(val4);
+ result = (int)semanage_node_key_create(arg1,(char const *)arg2,(char const *)arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg5, SWIGTYPE_p_semanage_node_key, 0));
+ }
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_key_extract(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ semanage_node_key_t **arg3 = (semanage_node_key_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_node_key_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_key_extract",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_key_extract" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_key_extract" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_key_extract(arg1,(struct semanage_node const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_node_key, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_key_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_key_t *arg1 = (semanage_node_key_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_key_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_key_free" "', argument " "1"" of type '" "semanage_node_key_t *""'");
+ }
+ arg1 = (semanage_node_key_t *)(argp1);
+ semanage_node_key_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_addr(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_get_addr",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_addr" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_get_addr" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_get_addr(arg1,(struct semanage_node const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_addr_bytes(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ size_t *arg4 = (size_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ size_t temp4 ;
+ int res4 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_get_addr_bytes",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_addr_bytes" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_get_addr_bytes" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_get_addr_bytes(arg1,(struct semanage_node const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ if (SWIG_IsTmpObj(res4)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_size_t, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_addr(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ int arg3 ;
+ char *arg4 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ int res4 ;
+ char *buf4 = 0 ;
+ int alloc4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_node_set_addr",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_addr" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_set_addr" "', argument " "2"" of type '" "semanage_node_t *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_node_set_addr" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ res4 = SWIG_AsCharPtrAndSize(obj3, &buf4, NULL, &alloc4);
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "semanage_node_set_addr" "', argument " "4"" of type '" "char const *""'");
+ }
+ arg4 = (char *)(buf4);
+ result = (int)semanage_node_set_addr(arg1,arg2,arg3,(char const *)arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return resultobj;
+fail:
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_addr_bytes(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ size_t arg4 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ size_t val4 ;
+ int ecode4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_node_set_addr_bytes",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_addr_bytes" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_set_addr_bytes" "', argument " "2"" of type '" "semanage_node_t *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_set_addr_bytes" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ ecode4 = SWIG_AsVal_size_t(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "semanage_node_set_addr_bytes" "', argument " "4"" of type '" "size_t""'");
+ }
+ arg4 = (size_t)(val4);
+ result = (int)semanage_node_set_addr_bytes(arg1,arg2,(char const *)arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_mask(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_get_mask",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_mask" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_get_mask" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_get_mask(arg1,(struct semanage_node const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_mask_bytes(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char **arg3 = (char **) 0 ;
+ size_t *arg4 = (size_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ char *temp3 = NULL ;
+ size_t temp4 ;
+ int res4 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_get_mask_bytes",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_mask_bytes" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_get_mask_bytes" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_get_mask_bytes(arg1,(struct semanage_node const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ if (SWIG_IsTmpObj(res4)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_size_t, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_mask(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ int arg3 ;
+ char *arg4 = (char *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ int res4 ;
+ char *buf4 = 0 ;
+ int alloc4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_node_set_mask",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_mask" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_set_mask" "', argument " "2"" of type '" "semanage_node_t *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "semanage_node_set_mask" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ res4 = SWIG_AsCharPtrAndSize(obj3, &buf4, NULL, &alloc4);
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "semanage_node_set_mask" "', argument " "4"" of type '" "char const *""'");
+ }
+ arg4 = (char *)(buf4);
+ result = (int)semanage_node_set_mask(arg1,arg2,arg3,(char const *)arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return resultobj;
+fail:
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_mask_bytes(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ char *arg3 = (char *) 0 ;
+ size_t arg4 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ size_t val4 ;
+ int ecode4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:semanage_node_set_mask_bytes",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_mask_bytes" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_set_mask_bytes" "', argument " "2"" of type '" "semanage_node_t *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_set_mask_bytes" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ ecode4 = SWIG_AsVal_size_t(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "semanage_node_set_mask_bytes" "', argument " "4"" of type '" "size_t""'");
+ }
+ arg4 = (size_t)(val4);
+ result = (int)semanage_node_set_mask_bytes(arg1,arg2,(char const *)arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_proto(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_get_proto",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_proto" "', argument " "1"" of type '" "semanage_node_t const *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ result = (int)semanage_node_get_proto((struct semanage_node const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_proto(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_set_proto",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_proto" "', argument " "1"" of type '" "semanage_node_t *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "semanage_node_set_proto" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ semanage_node_set_proto(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_proto_str(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ char *result = 0 ;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_get_proto_str",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "semanage_node_get_proto_str" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (char *)semanage_node_get_proto_str(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_get_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ semanage_context_t *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_get_con",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_get_con" "', argument " "1"" of type '" "semanage_node_t const *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ result = (semanage_context_t *)semanage_node_get_con((struct semanage_node const *)arg1);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_semanage_context, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_set_con(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ semanage_context_t *arg3 = (semanage_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_node_set_con",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_set_con" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_set_con" "', argument " "2"" of type '" "semanage_node_t *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_context, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_set_con" "', argument " "3"" of type '" "semanage_context_t *""'");
+ }
+ arg3 = (semanage_context_t *)(argp3);
+ result = (int)semanage_node_set_con(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t **arg2 = (semanage_node_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_node_t *temp2 = NULL ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_create",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_create" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_node_create(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_semanage_node, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t *arg2 = (semanage_node_t *) 0 ;
+ semanage_node_t **arg3 = (semanage_node_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_node_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_clone",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_clone" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_clone" "', argument " "2"" of type '" "semanage_node_t const *""'");
+ }
+ arg2 = (semanage_node_t *)(argp2);
+ result = (int)semanage_node_clone(arg1,(struct semanage_node const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_node, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_node_t *arg1 = (semanage_node_t *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_free",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_free" "', argument " "1"" of type '" "semanage_node_t *""'");
+ }
+ arg1 = (semanage_node_t *)(argp1);
+ semanage_node_free(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_modify_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ semanage_node_t *arg3 = (semanage_node_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_node_modify_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_modify_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_modify_local" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_semanage_node, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_modify_local" "', argument " "3"" of type '" "semanage_node_t const *""'");
+ }
+ arg3 = (semanage_node_t *)(argp3);
+ result = (int)semanage_node_modify_local(arg1,(struct semanage_node_key const *)arg2,(struct semanage_node const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_del_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_del_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_del_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_del_local" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_del_local(arg1,(struct semanage_node_key const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_query_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ semanage_node_t **arg3 = (semanage_node_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_node_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_query_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_query_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_query_local" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_query_local(arg1,(struct semanage_node_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_node, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_exists_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_exists_local",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_exists_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_exists_local" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_exists_local(arg1,(struct semanage_node_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_count_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_count_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_count_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_node_count_local(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_iterate_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_node_t const *,void *) = (int (*)(semanage_node_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_node_iterate_local",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_iterate_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_node_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_node_iterate_local" "', argument " "2"" of type '" "int (*)(semanage_node_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_iterate_local" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_node_iterate_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_list_local(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t ***arg2 = (semanage_node_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_node_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_list_local",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_list_local" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_node_list_local(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_node,
+ (void (*) (void*)) &semanage_node_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_query(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ semanage_node_t **arg3 = (semanage_node_t **) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ semanage_node_t *temp3 = NULL ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_query",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_query" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_query" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_query(arg1,(struct semanage_node_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg3, SWIGTYPE_p_semanage_node, 0));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_exists(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_key_t *arg2 = (semanage_node_key_t *) 0 ;
+ int *arg3 = (int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:semanage_node_exists",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_exists" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_semanage_node_key, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "semanage_node_exists" "', argument " "2"" of type '" "semanage_node_key_t const *""'");
+ }
+ arg2 = (semanage_node_key_t *)(argp2);
+ result = (int)semanage_node_exists(arg1,(struct semanage_node_key const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res3)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_count(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ unsigned int *arg2 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int temp2 ;
+ int res2 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_count",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_count" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_node_count(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res2)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg2)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res2) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg2), SWIGTYPE_p_unsigned_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_iterate(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ int (*arg2)(semanage_node_t const *,void *) = (int (*)(semanage_node_t const *,void *)) 0 ;
+ void *arg3 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:semanage_node_iterate",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_iterate" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__struct_semanage_node_p_void__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "semanage_node_iterate" "', argument " "2"" of type '" "int (*)(semanage_node_t const *,void *)""'");
+ }
+ }
+ res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "semanage_node_iterate" "', argument " "3"" of type '" "void *""'");
+ }
+ result = (int)semanage_node_iterate(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_semanage_node_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ semanage_handle_t *arg1 = (semanage_handle_t *) 0 ;
+ semanage_node_t ***arg2 = (semanage_node_t ***) 0 ;
+ unsigned int *arg3 = (unsigned int *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ semanage_node_t **temp2 = NULL ;
+ unsigned int temp3 ;
+ int res3 = SWIG_TMPOBJ ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:semanage_node_list",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_semanage_handle, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "semanage_node_list" "', argument " "1"" of type '" "semanage_handle_t *""'");
+ }
+ arg1 = (semanage_handle_t *)(argp1);
+ result = (int)semanage_node_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (resultobj) {
+ int value;
+ SWIG_AsVal_int(resultobj, &value);
+ if (value >= 0) {
+ PyObject* plist = NULL;
+ if (semanage_array2plist(arg1, (void**) *arg2, *arg3, SWIGTYPE_p_semanage_node,
+ (void (*) (void*)) &semanage_node_free, &plist) < 0)
+ resultobj = SWIG_From_int(STATUS_ERR);
+ else
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ }
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+static PyMethodDef SwigMethods[] = {
+ { (char *)"semanage_msg_get_level", _wrap_semanage_msg_get_level, METH_VARARGS, NULL},
+ { (char *)"semanage_msg_get_channel", _wrap_semanage_msg_get_channel, METH_VARARGS, NULL},
+ { (char *)"semanage_msg_get_fname", _wrap_semanage_msg_get_fname, METH_VARARGS, NULL},
+ { (char *)"semanage_msg_set_callback", _wrap_semanage_msg_set_callback, METH_VARARGS, NULL},
+ { (char *)"semanage_handle_create", _wrap_semanage_handle_create, METH_VARARGS, NULL},
+ { (char *)"semanage_handle_destroy", _wrap_semanage_handle_destroy, METH_VARARGS, NULL},
+ { (char *)"semanage_select_store", _wrap_semanage_select_store, METH_VARARGS, NULL},
+ { (char *)"semanage_reload_policy", _wrap_semanage_reload_policy, METH_VARARGS, NULL},
+ { (char *)"semanage_set_reload", _wrap_semanage_set_reload, METH_VARARGS, NULL},
+ { (char *)"semanage_set_rebuild", _wrap_semanage_set_rebuild, METH_VARARGS, NULL},
+ { (char *)"semanage_set_create_store", _wrap_semanage_set_create_store, METH_VARARGS, NULL},
+ { (char *)"semanage_set_disable_dontaudit", _wrap_semanage_set_disable_dontaudit, METH_VARARGS, NULL},
+ { (char *)"semanage_is_managed", _wrap_semanage_is_managed, METH_VARARGS, NULL},
+ { (char *)"semanage_connect", _wrap_semanage_connect, METH_VARARGS, NULL},
+ { (char *)"semanage_disconnect", _wrap_semanage_disconnect, METH_VARARGS, NULL},
+ { (char *)"semanage_begin_transaction", _wrap_semanage_begin_transaction, METH_VARARGS, NULL},
+ { (char *)"semanage_commit", _wrap_semanage_commit, METH_VARARGS, NULL},
+ { (char *)"semanage_access_check", _wrap_semanage_access_check, METH_VARARGS, NULL},
+ { (char *)"semanage_is_connected", _wrap_semanage_is_connected, METH_VARARGS, NULL},
+ { (char *)"semanage_module_install", _wrap_semanage_module_install, METH_VARARGS, NULL},
+ { (char *)"semanage_module_upgrade", _wrap_semanage_module_upgrade, METH_VARARGS, NULL},
+ { (char *)"semanage_module_install_base", _wrap_semanage_module_install_base, METH_VARARGS, NULL},
+ { (char *)"semanage_module_remove", _wrap_semanage_module_remove, METH_VARARGS, NULL},
+ { (char *)"semanage_module_list", _wrap_semanage_module_list, METH_VARARGS, NULL},
+ { (char *)"semanage_module_info_datum_destroy", _wrap_semanage_module_info_datum_destroy, METH_VARARGS, NULL},
+ { (char *)"semanage_module_list_nth", _wrap_semanage_module_list_nth, METH_VARARGS, NULL},
+ { (char *)"semanage_module_get_name", _wrap_semanage_module_get_name, METH_VARARGS, NULL},
+ { (char *)"semanage_module_get_version", _wrap_semanage_module_get_version, METH_VARARGS, NULL},
+ { (char *)"semanage_context_get_user", _wrap_semanage_context_get_user, METH_VARARGS, NULL},
+ { (char *)"semanage_context_set_user", _wrap_semanage_context_set_user, METH_VARARGS, NULL},
+ { (char *)"semanage_context_get_role", _wrap_semanage_context_get_role, METH_VARARGS, NULL},
+ { (char *)"semanage_context_set_role", _wrap_semanage_context_set_role, METH_VARARGS, NULL},
+ { (char *)"semanage_context_get_type", _wrap_semanage_context_get_type, METH_VARARGS, NULL},
+ { (char *)"semanage_context_set_type", _wrap_semanage_context_set_type, METH_VARARGS, NULL},
+ { (char *)"semanage_context_get_mls", _wrap_semanage_context_get_mls, METH_VARARGS, NULL},
+ { (char *)"semanage_context_set_mls", _wrap_semanage_context_set_mls, METH_VARARGS, NULL},
+ { (char *)"semanage_context_create", _wrap_semanage_context_create, METH_VARARGS, NULL},
+ { (char *)"semanage_context_clone", _wrap_semanage_context_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_context_free", _wrap_semanage_context_free, METH_VARARGS, NULL},
+ { (char *)"semanage_context_from_string", _wrap_semanage_context_from_string, METH_VARARGS, NULL},
+ { (char *)"semanage_context_to_string", _wrap_semanage_context_to_string, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_key_create", _wrap_semanage_bool_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_key_extract", _wrap_semanage_bool_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_key_free", _wrap_semanage_bool_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_compare", _wrap_semanage_bool_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_compare2", _wrap_semanage_bool_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_get_name", _wrap_semanage_bool_get_name, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_set_name", _wrap_semanage_bool_set_name, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_get_value", _wrap_semanage_bool_get_value, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_set_value", _wrap_semanage_bool_set_value, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_create", _wrap_semanage_bool_create, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_clone", _wrap_semanage_bool_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_free", _wrap_semanage_bool_free, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_query", _wrap_semanage_bool_query, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_exists", _wrap_semanage_bool_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_count", _wrap_semanage_bool_count, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_iterate", _wrap_semanage_bool_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_list", _wrap_semanage_bool_list, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_modify_local", _wrap_semanage_bool_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_del_local", _wrap_semanage_bool_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_query_local", _wrap_semanage_bool_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_exists_local", _wrap_semanage_bool_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_count_local", _wrap_semanage_bool_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_iterate_local", _wrap_semanage_bool_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_list_local", _wrap_semanage_bool_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_set_active", _wrap_semanage_bool_set_active, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_query_active", _wrap_semanage_bool_query_active, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_exists_active", _wrap_semanage_bool_exists_active, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_count_active", _wrap_semanage_bool_count_active, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_iterate_active", _wrap_semanage_bool_iterate_active, METH_VARARGS, NULL},
+ { (char *)"semanage_bool_list_active", _wrap_semanage_bool_list_active, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_compare", _wrap_semanage_iface_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_compare2", _wrap_semanage_iface_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_key_create", _wrap_semanage_iface_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_key_extract", _wrap_semanage_iface_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_key_free", _wrap_semanage_iface_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_get_name", _wrap_semanage_iface_get_name, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_set_name", _wrap_semanage_iface_set_name, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_get_ifcon", _wrap_semanage_iface_get_ifcon, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_set_ifcon", _wrap_semanage_iface_set_ifcon, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_get_msgcon", _wrap_semanage_iface_get_msgcon, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_set_msgcon", _wrap_semanage_iface_set_msgcon, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_create", _wrap_semanage_iface_create, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_clone", _wrap_semanage_iface_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_free", _wrap_semanage_iface_free, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_modify_local", _wrap_semanage_iface_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_del_local", _wrap_semanage_iface_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_query_local", _wrap_semanage_iface_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_exists_local", _wrap_semanage_iface_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_count_local", _wrap_semanage_iface_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_iterate_local", _wrap_semanage_iface_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_list_local", _wrap_semanage_iface_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_query", _wrap_semanage_iface_query, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_exists", _wrap_semanage_iface_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_count", _wrap_semanage_iface_count, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_iterate", _wrap_semanage_iface_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_iface_list", _wrap_semanage_iface_list, METH_VARARGS, NULL},
+ { (char *)"semanage_user_key_create", _wrap_semanage_user_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_user_key_extract", _wrap_semanage_user_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_user_key_free", _wrap_semanage_user_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_user_compare", _wrap_semanage_user_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_user_compare2", _wrap_semanage_user_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_name", _wrap_semanage_user_get_name, METH_VARARGS, NULL},
+ { (char *)"semanage_user_set_name", _wrap_semanage_user_set_name, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_prefix", _wrap_semanage_user_get_prefix, METH_VARARGS, NULL},
+ { (char *)"semanage_user_set_prefix", _wrap_semanage_user_set_prefix, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_mlslevel", _wrap_semanage_user_get_mlslevel, METH_VARARGS, NULL},
+ { (char *)"semanage_user_set_mlslevel", _wrap_semanage_user_set_mlslevel, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_mlsrange", _wrap_semanage_user_get_mlsrange, METH_VARARGS, NULL},
+ { (char *)"semanage_user_set_mlsrange", _wrap_semanage_user_set_mlsrange, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_num_roles", _wrap_semanage_user_get_num_roles, METH_VARARGS, NULL},
+ { (char *)"semanage_user_add_role", _wrap_semanage_user_add_role, METH_VARARGS, NULL},
+ { (char *)"semanage_user_del_role", _wrap_semanage_user_del_role, METH_VARARGS, NULL},
+ { (char *)"semanage_user_has_role", _wrap_semanage_user_has_role, METH_VARARGS, NULL},
+ { (char *)"semanage_user_get_roles", _wrap_semanage_user_get_roles, METH_VARARGS, NULL},
+ { (char *)"semanage_user_set_roles", _wrap_semanage_user_set_roles, METH_VARARGS, NULL},
+ { (char *)"semanage_user_create", _wrap_semanage_user_create, METH_VARARGS, NULL},
+ { (char *)"semanage_user_clone", _wrap_semanage_user_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_user_free", _wrap_semanage_user_free, METH_VARARGS, NULL},
+ { (char *)"semanage_user_modify_local", _wrap_semanage_user_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_del_local", _wrap_semanage_user_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_query_local", _wrap_semanage_user_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_exists_local", _wrap_semanage_user_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_count_local", _wrap_semanage_user_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_iterate_local", _wrap_semanage_user_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_list_local", _wrap_semanage_user_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_user_query", _wrap_semanage_user_query, METH_VARARGS, NULL},
+ { (char *)"semanage_user_exists", _wrap_semanage_user_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_user_count", _wrap_semanage_user_count, METH_VARARGS, NULL},
+ { (char *)"semanage_user_iterate", _wrap_semanage_user_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_user_list", _wrap_semanage_user_list, METH_VARARGS, NULL},
+ { (char *)"semanage_port_compare", _wrap_semanage_port_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_port_compare2", _wrap_semanage_port_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_port_key_create", _wrap_semanage_port_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_port_key_extract", _wrap_semanage_port_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_port_key_free", _wrap_semanage_port_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_port_get_proto", _wrap_semanage_port_get_proto, METH_VARARGS, NULL},
+ { (char *)"semanage_port_set_proto", _wrap_semanage_port_set_proto, METH_VARARGS, NULL},
+ { (char *)"semanage_port_get_proto_str", _wrap_semanage_port_get_proto_str, METH_VARARGS, NULL},
+ { (char *)"semanage_port_get_low", _wrap_semanage_port_get_low, METH_VARARGS, NULL},
+ { (char *)"semanage_port_get_high", _wrap_semanage_port_get_high, METH_VARARGS, NULL},
+ { (char *)"semanage_port_set_port", _wrap_semanage_port_set_port, METH_VARARGS, NULL},
+ { (char *)"semanage_port_set_range", _wrap_semanage_port_set_range, METH_VARARGS, NULL},
+ { (char *)"semanage_port_get_con", _wrap_semanage_port_get_con, METH_VARARGS, NULL},
+ { (char *)"semanage_port_set_con", _wrap_semanage_port_set_con, METH_VARARGS, NULL},
+ { (char *)"semanage_port_create", _wrap_semanage_port_create, METH_VARARGS, NULL},
+ { (char *)"semanage_port_clone", _wrap_semanage_port_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_port_free", _wrap_semanage_port_free, METH_VARARGS, NULL},
+ { (char *)"semanage_port_modify_local", _wrap_semanage_port_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_del_local", _wrap_semanage_port_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_query_local", _wrap_semanage_port_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_exists_local", _wrap_semanage_port_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_count_local", _wrap_semanage_port_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_iterate_local", _wrap_semanage_port_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_list_local", _wrap_semanage_port_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_port_query", _wrap_semanage_port_query, METH_VARARGS, NULL},
+ { (char *)"semanage_port_exists", _wrap_semanage_port_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_port_count", _wrap_semanage_port_count, METH_VARARGS, NULL},
+ { (char *)"semanage_port_iterate", _wrap_semanage_port_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_port_list", _wrap_semanage_port_list, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_compare", _wrap_semanage_fcontext_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_compare2", _wrap_semanage_fcontext_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_key_create", _wrap_semanage_fcontext_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_key_extract", _wrap_semanage_fcontext_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_key_free", _wrap_semanage_fcontext_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_get_expr", _wrap_semanage_fcontext_get_expr, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_set_expr", _wrap_semanage_fcontext_set_expr, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_get_type", _wrap_semanage_fcontext_get_type, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_get_type_str", _wrap_semanage_fcontext_get_type_str, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_set_type", _wrap_semanage_fcontext_set_type, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_get_con", _wrap_semanage_fcontext_get_con, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_set_con", _wrap_semanage_fcontext_set_con, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_create", _wrap_semanage_fcontext_create, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_clone", _wrap_semanage_fcontext_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_free", _wrap_semanage_fcontext_free, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_modify_local", _wrap_semanage_fcontext_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_del_local", _wrap_semanage_fcontext_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_query_local", _wrap_semanage_fcontext_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_exists_local", _wrap_semanage_fcontext_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_count_local", _wrap_semanage_fcontext_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_iterate_local", _wrap_semanage_fcontext_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_list_local", _wrap_semanage_fcontext_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_query", _wrap_semanage_fcontext_query, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_exists", _wrap_semanage_fcontext_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_count", _wrap_semanage_fcontext_count, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_iterate", _wrap_semanage_fcontext_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_fcontext_list", _wrap_semanage_fcontext_list, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_key_create", _wrap_semanage_seuser_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_key_extract", _wrap_semanage_seuser_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_key_free", _wrap_semanage_seuser_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_compare", _wrap_semanage_seuser_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_compare2", _wrap_semanage_seuser_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_get_name", _wrap_semanage_seuser_get_name, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_set_name", _wrap_semanage_seuser_set_name, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_get_sename", _wrap_semanage_seuser_get_sename, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_set_sename", _wrap_semanage_seuser_set_sename, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_get_mlsrange", _wrap_semanage_seuser_get_mlsrange, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_set_mlsrange", _wrap_semanage_seuser_set_mlsrange, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_create", _wrap_semanage_seuser_create, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_clone", _wrap_semanage_seuser_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_free", _wrap_semanage_seuser_free, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_modify_local", _wrap_semanage_seuser_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_del_local", _wrap_semanage_seuser_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_query_local", _wrap_semanage_seuser_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_exists_local", _wrap_semanage_seuser_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_count_local", _wrap_semanage_seuser_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_iterate_local", _wrap_semanage_seuser_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_list_local", _wrap_semanage_seuser_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_query", _wrap_semanage_seuser_query, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_exists", _wrap_semanage_seuser_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_count", _wrap_semanage_seuser_count, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_iterate", _wrap_semanage_seuser_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_seuser_list", _wrap_semanage_seuser_list, METH_VARARGS, NULL},
+ { (char *)"semanage_node_compare", _wrap_semanage_node_compare, METH_VARARGS, NULL},
+ { (char *)"semanage_node_compare2", _wrap_semanage_node_compare2, METH_VARARGS, NULL},
+ { (char *)"semanage_node_key_create", _wrap_semanage_node_key_create, METH_VARARGS, NULL},
+ { (char *)"semanage_node_key_extract", _wrap_semanage_node_key_extract, METH_VARARGS, NULL},
+ { (char *)"semanage_node_key_free", _wrap_semanage_node_key_free, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_addr", _wrap_semanage_node_get_addr, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_addr_bytes", _wrap_semanage_node_get_addr_bytes, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_addr", _wrap_semanage_node_set_addr, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_addr_bytes", _wrap_semanage_node_set_addr_bytes, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_mask", _wrap_semanage_node_get_mask, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_mask_bytes", _wrap_semanage_node_get_mask_bytes, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_mask", _wrap_semanage_node_set_mask, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_mask_bytes", _wrap_semanage_node_set_mask_bytes, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_proto", _wrap_semanage_node_get_proto, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_proto", _wrap_semanage_node_set_proto, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_proto_str", _wrap_semanage_node_get_proto_str, METH_VARARGS, NULL},
+ { (char *)"semanage_node_get_con", _wrap_semanage_node_get_con, METH_VARARGS, NULL},
+ { (char *)"semanage_node_set_con", _wrap_semanage_node_set_con, METH_VARARGS, NULL},
+ { (char *)"semanage_node_create", _wrap_semanage_node_create, METH_VARARGS, NULL},
+ { (char *)"semanage_node_clone", _wrap_semanage_node_clone, METH_VARARGS, NULL},
+ { (char *)"semanage_node_free", _wrap_semanage_node_free, METH_VARARGS, NULL},
+ { (char *)"semanage_node_modify_local", _wrap_semanage_node_modify_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_del_local", _wrap_semanage_node_del_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_query_local", _wrap_semanage_node_query_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_exists_local", _wrap_semanage_node_exists_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_count_local", _wrap_semanage_node_count_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_iterate_local", _wrap_semanage_node_iterate_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_list_local", _wrap_semanage_node_list_local, METH_VARARGS, NULL},
+ { (char *)"semanage_node_query", _wrap_semanage_node_query, METH_VARARGS, NULL},
+ { (char *)"semanage_node_exists", _wrap_semanage_node_exists, METH_VARARGS, NULL},
+ { (char *)"semanage_node_count", _wrap_semanage_node_count, METH_VARARGS, NULL},
+ { (char *)"semanage_node_iterate", _wrap_semanage_node_iterate, METH_VARARGS, NULL},
+ { (char *)"semanage_node_list", _wrap_semanage_node_list, METH_VARARGS, NULL},
+ { NULL, NULL, 0, NULL }
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
+
+static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_bool_p_void__int = {"_p_f_p_q_const__struct_semanage_bool_p_void__int", "int (*)(struct semanage_bool const *,void *)|int (*)(semanage_bool_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_fcontext_p_void__int = {"_p_f_p_q_const__struct_semanage_fcontext_p_void__int", "int (*)(struct semanage_fcontext const *,void *)|int (*)(semanage_fcontext_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_iface_p_void__int = {"_p_f_p_q_const__struct_semanage_iface_p_void__int", "int (*)(struct semanage_iface const *,void *)|int (*)(semanage_iface_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_node_p_void__int = {"_p_f_p_q_const__struct_semanage_node_p_void__int", "int (*)(struct semanage_node const *,void *)|int (*)(semanage_node_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_port_p_void__int = {"_p_f_p_q_const__struct_semanage_port_p_void__int", "int (*)(struct semanage_port const *,void *)|int (*)(semanage_port_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_seuser_p_void__int = {"_p_f_p_q_const__struct_semanage_seuser_p_void__int", "int (*)(struct semanage_seuser const *,void *)|int (*)(semanage_seuser_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__struct_semanage_user_p_void__int = {"_p_f_p_q_const__struct_semanage_user_p_void__int", "int (*)(struct semanage_user const *,void *)|int (*)(semanage_user_t const *,void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void = {"_p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void", "void (*)(void *,semanage_handle_t *,char const *,...)|void (*)(void *,struct semanage_handle *,char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_bool = {"_p_p_p_semanage_bool", "struct semanage_bool ***|semanage_bool_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_fcontext = {"_p_p_p_semanage_fcontext", "struct semanage_fcontext ***|semanage_fcontext_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_iface = {"_p_p_p_semanage_iface", "struct semanage_iface ***|semanage_iface_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_node = {"_p_p_p_semanage_node", "struct semanage_node ***|semanage_node_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_port = {"_p_p_p_semanage_port", "struct semanage_port ***|semanage_port_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_seuser = {"_p_p_p_semanage_seuser", "struct semanage_seuser ***|semanage_seuser_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_semanage_user = {"_p_p_p_semanage_user", "struct semanage_user ***|semanage_user_t ***", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_bool = {"_p_p_semanage_bool", "struct semanage_bool **|semanage_bool_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_bool_key = {"_p_p_semanage_bool_key", "semanage_bool_key_t **|struct semanage_bool_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_context = {"_p_p_semanage_context", "struct semanage_context **|semanage_context_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_fcontext = {"_p_p_semanage_fcontext", "struct semanage_fcontext **|semanage_fcontext_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_fcontext_key = {"_p_p_semanage_fcontext_key", "semanage_fcontext_key_t **|struct semanage_fcontext_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface = {"_p_p_semanage_iface", "semanage_iface_t **|struct semanage_iface **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_iface_key = {"_p_p_semanage_iface_key", "semanage_iface_key_t **|struct semanage_iface_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_module_info = {"_p_p_semanage_module_info", "struct semanage_module_info **|semanage_module_info_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_node = {"_p_p_semanage_node", "struct semanage_node **|semanage_node_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_node_key = {"_p_p_semanage_node_key", "semanage_node_key_t **|struct semanage_node_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_port = {"_p_p_semanage_port", "struct semanage_port **|semanage_port_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_port_key = {"_p_p_semanage_port_key", "semanage_port_key_t **|struct semanage_port_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser = {"_p_p_semanage_seuser", "semanage_seuser_t **|struct semanage_seuser **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_seuser_key = {"_p_p_semanage_seuser_key", "semanage_seuser_key_t **|struct semanage_seuser_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user = {"_p_p_semanage_user", "semanage_user_t **|struct semanage_user **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_semanage_user_key = {"_p_p_semanage_user_key", "semanage_user_key_t **|struct semanage_user_key **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_bool = {"_p_semanage_bool", "struct semanage_bool *|semanage_bool_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_bool_key = {"_p_semanage_bool_key", "struct semanage_bool_key *|semanage_bool_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_context = {"_p_semanage_context", "struct semanage_context *|semanage_context_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_fcontext = {"_p_semanage_fcontext", "struct semanage_fcontext *|semanage_fcontext_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_fcontext_key = {"_p_semanage_fcontext_key", "struct semanage_fcontext_key *|semanage_fcontext_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_handle = {"_p_semanage_handle", "semanage_handle_t *|struct semanage_handle *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_iface = {"_p_semanage_iface", "struct semanage_iface *|semanage_iface_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_iface_key = {"_p_semanage_iface_key", "struct semanage_iface_key *|semanage_iface_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_module_info = {"_p_semanage_module_info", "struct semanage_module_info *|semanage_module_info_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_node = {"_p_semanage_node", "struct semanage_node *|semanage_node_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_node_key = {"_p_semanage_node_key", "struct semanage_node_key *|semanage_node_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_port = {"_p_semanage_port", "semanage_port_t *|struct semanage_port *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_port_key = {"_p_semanage_port_key", "struct semanage_port_key *|semanage_port_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_seuser = {"_p_semanage_seuser", "struct semanage_seuser *|semanage_seuser_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_seuser_key = {"_p_semanage_seuser_key", "struct semanage_seuser_key *|semanage_seuser_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_user = {"_p_semanage_user", "struct semanage_user *|semanage_user_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_semanage_user_key = {"_p_semanage_user_key", "struct semanage_user_key *|semanage_user_key_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_size_t = {"_p_size_t", "size_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *", 0, 0, (void*)0, 0};
+
+static swig_type_info *swig_type_initial[] = {
+ &_swigt__p_char,
+ &_swigt__p_f_p_q_const__struct_semanage_bool_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_fcontext_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_iface_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_node_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_port_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_seuser_p_void__int,
+ &_swigt__p_f_p_q_const__struct_semanage_user_p_void__int,
+ &_swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void,
+ &_swigt__p_int,
+ &_swigt__p_p_char,
+ &_swigt__p_p_p_char,
+ &_swigt__p_p_p_semanage_bool,
+ &_swigt__p_p_p_semanage_fcontext,
+ &_swigt__p_p_p_semanage_iface,
+ &_swigt__p_p_p_semanage_node,
+ &_swigt__p_p_p_semanage_port,
+ &_swigt__p_p_p_semanage_seuser,
+ &_swigt__p_p_p_semanage_user,
+ &_swigt__p_p_semanage_bool,
+ &_swigt__p_p_semanage_bool_key,
+ &_swigt__p_p_semanage_context,
+ &_swigt__p_p_semanage_fcontext,
+ &_swigt__p_p_semanage_fcontext_key,
+ &_swigt__p_p_semanage_iface,
+ &_swigt__p_p_semanage_iface_key,
+ &_swigt__p_p_semanage_module_info,
+ &_swigt__p_p_semanage_node,
+ &_swigt__p_p_semanage_node_key,
+ &_swigt__p_p_semanage_port,
+ &_swigt__p_p_semanage_port_key,
+ &_swigt__p_p_semanage_seuser,
+ &_swigt__p_p_semanage_seuser_key,
+ &_swigt__p_p_semanage_user,
+ &_swigt__p_p_semanage_user_key,
+ &_swigt__p_semanage_bool,
+ &_swigt__p_semanage_bool_key,
+ &_swigt__p_semanage_context,
+ &_swigt__p_semanage_fcontext,
+ &_swigt__p_semanage_fcontext_key,
+ &_swigt__p_semanage_handle,
+ &_swigt__p_semanage_iface,
+ &_swigt__p_semanage_iface_key,
+ &_swigt__p_semanage_module_info,
+ &_swigt__p_semanage_node,
+ &_swigt__p_semanage_node_key,
+ &_swigt__p_semanage_port,
+ &_swigt__p_semanage_port_key,
+ &_swigt__p_semanage_seuser,
+ &_swigt__p_semanage_seuser_key,
+ &_swigt__p_semanage_user,
+ &_swigt__p_semanage_user_key,
+ &_swigt__p_size_t,
+ &_swigt__p_unsigned_int,
+};
+
+static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_bool_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_bool_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_fcontext_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_fcontext_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_iface_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_iface_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_node_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_node_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_port_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_port_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_seuser_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_seuser_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__struct_semanage_user_p_void__int[] = { {&_swigt__p_f_p_q_const__struct_semanage_user_p_void__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void[] = { {&_swigt__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_bool[] = { {&_swigt__p_p_p_semanage_bool, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_fcontext[] = { {&_swigt__p_p_p_semanage_fcontext, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_iface[] = { {&_swigt__p_p_p_semanage_iface, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_node[] = { {&_swigt__p_p_p_semanage_node, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_port[] = { {&_swigt__p_p_p_semanage_port, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_seuser[] = { {&_swigt__p_p_p_semanage_seuser, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_semanage_user[] = { {&_swigt__p_p_p_semanage_user, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_bool[] = { {&_swigt__p_p_semanage_bool, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_bool_key[] = { {&_swigt__p_p_semanage_bool_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_context[] = { {&_swigt__p_p_semanage_context, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_fcontext[] = { {&_swigt__p_p_semanage_fcontext, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_fcontext_key[] = { {&_swigt__p_p_semanage_fcontext_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_iface[] = { {&_swigt__p_p_semanage_iface, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_iface_key[] = { {&_swigt__p_p_semanage_iface_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_module_info[] = { {&_swigt__p_p_semanage_module_info, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_node[] = { {&_swigt__p_p_semanage_node, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_node_key[] = { {&_swigt__p_p_semanage_node_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_port[] = { {&_swigt__p_p_semanage_port, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_port_key[] = { {&_swigt__p_p_semanage_port_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_seuser[] = { {&_swigt__p_p_semanage_seuser, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_seuser_key[] = { {&_swigt__p_p_semanage_seuser_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_user[] = { {&_swigt__p_p_semanage_user, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_semanage_user_key[] = { {&_swigt__p_p_semanage_user_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_bool[] = { {&_swigt__p_semanage_bool, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_bool_key[] = { {&_swigt__p_semanage_bool_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_context[] = { {&_swigt__p_semanage_context, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_fcontext[] = { {&_swigt__p_semanage_fcontext, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_fcontext_key[] = { {&_swigt__p_semanage_fcontext_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_handle[] = { {&_swigt__p_semanage_handle, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_iface[] = { {&_swigt__p_semanage_iface, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_iface_key[] = { {&_swigt__p_semanage_iface_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_module_info[] = { {&_swigt__p_semanage_module_info, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_node[] = { {&_swigt__p_semanage_node, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_node_key[] = { {&_swigt__p_semanage_node_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_port[] = { {&_swigt__p_semanage_port, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_port_key[] = { {&_swigt__p_semanage_port_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_seuser[] = { {&_swigt__p_semanage_seuser, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_seuser_key[] = { {&_swigt__p_semanage_seuser_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_user[] = { {&_swigt__p_semanage_user, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_semanage_user_key[] = { {&_swigt__p_semanage_user_key, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_size_t[] = { {&_swigt__p_size_t, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
+
+static swig_cast_info *swig_cast_initial[] = {
+ _swigc__p_char,
+ _swigc__p_f_p_q_const__struct_semanage_bool_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_fcontext_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_iface_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_node_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_port_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_seuser_p_void__int,
+ _swigc__p_f_p_q_const__struct_semanage_user_p_void__int,
+ _swigc__p_f_p_void_p_struct_semanage_handle_p_q_const__char_v_______void,
+ _swigc__p_int,
+ _swigc__p_p_char,
+ _swigc__p_p_p_char,
+ _swigc__p_p_p_semanage_bool,
+ _swigc__p_p_p_semanage_fcontext,
+ _swigc__p_p_p_semanage_iface,
+ _swigc__p_p_p_semanage_node,
+ _swigc__p_p_p_semanage_port,
+ _swigc__p_p_p_semanage_seuser,
+ _swigc__p_p_p_semanage_user,
+ _swigc__p_p_semanage_bool,
+ _swigc__p_p_semanage_bool_key,
+ _swigc__p_p_semanage_context,
+ _swigc__p_p_semanage_fcontext,
+ _swigc__p_p_semanage_fcontext_key,
+ _swigc__p_p_semanage_iface,
+ _swigc__p_p_semanage_iface_key,
+ _swigc__p_p_semanage_module_info,
+ _swigc__p_p_semanage_node,
+ _swigc__p_p_semanage_node_key,
+ _swigc__p_p_semanage_port,
+ _swigc__p_p_semanage_port_key,
+ _swigc__p_p_semanage_seuser,
+ _swigc__p_p_semanage_seuser_key,
+ _swigc__p_p_semanage_user,
+ _swigc__p_p_semanage_user_key,
+ _swigc__p_semanage_bool,
+ _swigc__p_semanage_bool_key,
+ _swigc__p_semanage_context,
+ _swigc__p_semanage_fcontext,
+ _swigc__p_semanage_fcontext_key,
+ _swigc__p_semanage_handle,
+ _swigc__p_semanage_iface,
+ _swigc__p_semanage_iface_key,
+ _swigc__p_semanage_module_info,
+ _swigc__p_semanage_node,
+ _swigc__p_semanage_node_key,
+ _swigc__p_semanage_port,
+ _swigc__p_semanage_port_key,
+ _swigc__p_semanage_seuser,
+ _swigc__p_semanage_seuser_key,
+ _swigc__p_semanage_user,
+ _swigc__p_semanage_user_key,
+ _swigc__p_size_t,
+ _swigc__p_unsigned_int,
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (END) -------- */
+
+static swig_const_info swig_const_table[] = {
+{0, 0, 0, 0.0, 0, 0}};
+
+#ifdef __cplusplus
+}
+#endif
+/* -----------------------------------------------------------------------------
+ * Type initialization:
+ * This problem is tough by the requirement that no dynamic
+ * memory is used. Also, since swig_type_info structures store pointers to
+ * swig_cast_info structures and swig_cast_info structures store pointers back
+ * to swig_type_info structures, we need some lookup code at initialization.
+ * The idea is that swig generates all the structures that are needed.
+ * The runtime then collects these partially filled structures.
+ * The SWIG_InitializeModule function takes these initial arrays out of
+ * swig_module, and does all the lookup, filling in the swig_module.types
+ * array with the correct data and linking the correct swig_cast_info
+ * structures together.
+ *
+ * The generated swig_type_info structures are assigned staticly to an initial
+ * array. We just loop through that array, and handle each type individually.
+ * First we lookup if this type has been already loaded, and if so, use the
+ * loaded structure instead of the generated one. Then we have to fill in the
+ * cast linked list. The cast data is initially stored in something like a
+ * two-dimensional array. Each row corresponds to a type (there are the same
+ * number of rows as there are in the swig_type_initial array). Each entry in
+ * a column is one of the swig_cast_info structures for that type.
+ * The cast_initial array is actually an array of arrays, because each row has
+ * a variable number of columns. So to actually build the cast linked list,
+ * we find the array of casts associated with the type, and loop through it
+ * adding the casts to the list. The one last trick we need to do is making
+ * sure the type pointer in the swig_cast_info struct is correct.
+ *
+ * First off, we lookup the cast->type name to see if it is already loaded.
+ * There are three cases to handle:
+ * 1) If the cast->type has already been loaded AND the type we are adding
+ * casting info to has not been loaded (it is in this module), THEN we
+ * replace the cast->type pointer with the type pointer that has already
+ * been loaded.
+ * 2) If BOTH types (the one we are adding casting info to, and the
+ * cast->type) are loaded, THEN the cast info has already been loaded by
+ * the previous module so we just ignore it.
+ * 3) Finally, if cast->type has not already been loaded, then we add that
+ * swig_cast_info to the linked list (because the cast->type) pointer will
+ * be correct.
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* c-mode */
+#endif
+#endif
+
+#if 0
+#define SWIGRUNTIME_DEBUG
+#endif
+
+
+SWIGRUNTIME void
+SWIG_InitializeModule(void *clientdata) {
+ size_t i;
+ swig_module_info *module_head, *iter;
+ int found;
+
+ clientdata = clientdata;
+
+ /* check to see if the circular list has been setup, if not, set it up */
+ if (swig_module.next==0) {
+ /* Initialize the swig_module */
+ swig_module.type_initial = swig_type_initial;
+ swig_module.cast_initial = swig_cast_initial;
+ swig_module.next = &swig_module;
+ }
+
+ /* Try and load any already created modules */
+ module_head = SWIG_GetModule(clientdata);
+ if (!module_head) {
+ /* This is the first module loaded for this interpreter */
+ /* so set the swig module into the interpreter */
+ SWIG_SetModule(clientdata, &swig_module);
+ module_head = &swig_module;
+ } else {
+ /* the interpreter has loaded a SWIG module, but has it loaded this one? */
+ found=0;
+ iter=module_head;
+ do {
+ if (iter==&swig_module) {
+ found=1;
+ break;
+ }
+ iter=iter->next;
+ } while (iter!= module_head);
+
+ /* if the is found in the list, then all is done and we may leave */
+ if (found) return;
+ /* otherwise we must add out module into the list */
+ swig_module.next = module_head->next;
+ module_head->next = &swig_module;
+ }
+
+ /* Now work on filling in swig_module.types */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: size %d\n", swig_module.size);
+#endif
+ for (i = 0; i < swig_module.size; ++i) {
+ swig_type_info *type = 0;
+ swig_type_info *ret;
+ swig_cast_info *cast;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+#endif
+
+ /* if there is another module already loaded */
+ if (swig_module.next != &swig_module) {
+ type = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, swig_module.type_initial[i]->name);
+ }
+ if (type) {
+ /* Overwrite clientdata field */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found type %s\n", type->name);
+#endif
+ if (swig_module.type_initial[i]->clientdata) {
+ type->clientdata = swig_module.type_initial[i]->clientdata;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found and overwrite type %s \n", type->name);
+#endif
+ }
+ } else {
+ type = swig_module.type_initial[i];
+ }
+
+ /* Insert casting types */
+ cast = swig_module.cast_initial[i];
+ while (cast->type) {
+ /* Don't need to add information already in the list */
+ ret = 0;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: look cast %s\n", cast->type->name);
+#endif
+ if (swig_module.next != &swig_module) {
+ ret = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, cast->type->name);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ret) printf("SWIG_InitializeModule: found cast %s\n", ret->name);
+#endif
+ }
+ if (ret) {
+ if (type == swig_module.type_initial[i]) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: skip old type %s\n", ret->name);
+#endif
+ cast->type = ret;
+ ret = 0;
+ } else {
+ /* Check for casting already in the list */
+ swig_cast_info *ocast = SWIG_TypeCheck(ret->name, type);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ocast) printf("SWIG_InitializeModule: skip old cast %s\n", ret->name);
+#endif
+ if (!ocast) ret = 0;
+ }
+ }
+
+ if (!ret) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: adding cast %s\n", cast->type->name);
+#endif
+ if (type->cast) {
+ type->cast->prev = cast;
+ cast->next = type->cast;
+ }
+ type->cast = cast;
+ }
+ cast++;
+ }
+ /* Set entry in modules->types array equal to the type */
+ swig_module.types[i] = type;
+ }
+ swig_module.types[i] = 0;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+ for (i = 0; i < swig_module.size; ++i) {
+ int j = 0;
+ swig_cast_info *cast = swig_module.cast_initial[i];
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+ while (cast->type) {
+ printf("SWIG_InitializeModule: cast type %s\n", cast->type->name);
+ cast++;
+ ++j;
+ }
+ printf("---- Total casts: %d\n",j);
+ }
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+#endif
+}
+
+/* This function will propagate the clientdata field of type to
+* any new swig_type_info structures that have been added into the list
+* of equivalent types. It is like calling
+* SWIG_TypeClientData(type, clientdata) a second time.
+*/
+SWIGRUNTIME void
+SWIG_PropagateClientData(void) {
+ size_t i;
+ swig_cast_info *equiv;
+ static int init_run = 0;
+
+ if (init_run) return;
+ init_run = 1;
+
+ for (i = 0; i < swig_module.size; i++) {
+ if (swig_module.types[i]->clientdata) {
+ equiv = swig_module.types[i]->cast;
+ while (equiv) {
+ if (!equiv->converter) {
+ if (equiv->type && !equiv->type->clientdata)
+ SWIG_TypeClientData(equiv->type, swig_module.types[i]->clientdata);
+ }
+ equiv = equiv->next;
+ }
+ }
+ }
+}
+
+#ifdef __cplusplus
+#if 0
+{
+ /* c-mode */
+#endif
+}
+#endif
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ /* Python-specific SWIG API */
+#define SWIG_newvarlink() SWIG_Python_newvarlink()
+#define SWIG_addvarlink(p, name, get_attr, set_attr) SWIG_Python_addvarlink(p, name, get_attr, set_attr)
+#define SWIG_InstallConstants(d, constants) SWIG_Python_InstallConstants(d, constants)
+
+ /* -----------------------------------------------------------------------------
+ * global variable support code.
+ * ----------------------------------------------------------------------------- */
+
+ typedef struct swig_globalvar {
+ char *name; /* Name of global variable */
+ PyObject *(*get_attr)(void); /* Return the current value */
+ int (*set_attr)(PyObject *); /* Set the value */
+ struct swig_globalvar *next;
+ } swig_globalvar;
+
+ typedef struct swig_varlinkobject {
+ PyObject_HEAD
+ swig_globalvar *vars;
+ } swig_varlinkobject;
+
+ SWIGINTERN PyObject *
+ swig_varlink_repr(swig_varlinkobject *SWIGUNUSEDPARM(v)) {
+ return PyString_FromString("<Swig global variables>");
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_str(swig_varlinkobject *v) {
+ PyObject *str = PyString_FromString("(");
+ swig_globalvar *var;
+ for (var = v->vars; var; var=var->next) {
+ PyString_ConcatAndDel(&str,PyString_FromString(var->name));
+ if (var->next) PyString_ConcatAndDel(&str,PyString_FromString(", "));
+ }
+ PyString_ConcatAndDel(&str,PyString_FromString(")"));
+ return str;
+ }
+
+ SWIGINTERN int
+ swig_varlink_print(swig_varlinkobject *v, FILE *fp, int SWIGUNUSEDPARM(flags)) {
+ PyObject *str = swig_varlink_str(v);
+ fprintf(fp,"Swig global variables ");
+ fprintf(fp,"%s\n", PyString_AsString(str));
+ Py_DECREF(str);
+ return 0;
+ }
+
+ SWIGINTERN void
+ swig_varlink_dealloc(swig_varlinkobject *v) {
+ swig_globalvar *var = v->vars;
+ while (var) {
+ swig_globalvar *n = var->next;
+ free(var->name);
+ free(var);
+ var = n;
+ }
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_getattr(swig_varlinkobject *v, char *n) {
+ PyObject *res = NULL;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->get_attr)();
+ break;
+ }
+ var = var->next;
+ }
+ if (res == NULL && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN int
+ swig_varlink_setattr(swig_varlinkobject *v, char *n, PyObject *p) {
+ int res = 1;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->set_attr)(p);
+ break;
+ }
+ var = var->next;
+ }
+ if (res == 1 && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN PyTypeObject*
+ swig_varlink_type(void) {
+ static char varlink__doc__[] = "Swig var link object";
+ static PyTypeObject varlink_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* Number of items in variable part (ob_size) */
+ (char *)"swigvarlink", /* Type name (tp_name) */
+ sizeof(swig_varlinkobject), /* Basic size (tp_basicsize) */
+ 0, /* Itemsize (tp_itemsize) */
+ (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */
+ (printfunc) swig_varlink_print, /* Print (tp_print) */
+ (getattrfunc) swig_varlink_getattr, /* get attr (tp_getattr) */
+ (setattrfunc) swig_varlink_setattr, /* Set attr (tp_setattr) */
+ 0, /* tp_compare */
+ (reprfunc) swig_varlink_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ 0, /* tp_hash */
+ 0, /* tp_call */
+ (reprfunc)swig_varlink_str, /* tp_str */
+ 0, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ 0, /* tp_flags */
+ varlink__doc__, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, /* tp_iter -> tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ varlink_type = tmp;
+ varlink_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &varlink_type;
+ }
+
+ /* Create a variable linking object for use later */
+ SWIGINTERN PyObject *
+ SWIG_Python_newvarlink(void) {
+ swig_varlinkobject *result = PyObject_NEW(swig_varlinkobject, swig_varlink_type());
+ if (result) {
+ result->vars = 0;
+ }
+ return ((PyObject*) result);
+ }
+
+ SWIGINTERN void
+ SWIG_Python_addvarlink(PyObject *p, char *name, PyObject *(*get_attr)(void), int (*set_attr)(PyObject *p)) {
+ swig_varlinkobject *v = (swig_varlinkobject *) p;
+ swig_globalvar *gv = (swig_globalvar *) malloc(sizeof(swig_globalvar));
+ if (gv) {
+ size_t size = strlen(name)+1;
+ gv->name = (char *)malloc(size);
+ if (gv->name) {
+ strncpy(gv->name,name,size);
+ gv->get_attr = get_attr;
+ gv->set_attr = set_attr;
+ gv->next = v->vars;
+ }
+ }
+ v->vars = gv;
+ }
+
+ SWIGINTERN PyObject *
+ SWIG_globals(void) {
+ static PyObject *_SWIG_globals = 0;
+ if (!_SWIG_globals) _SWIG_globals = SWIG_newvarlink();
+ return _SWIG_globals;
+ }
+
+ /* -----------------------------------------------------------------------------
+ * constants/methods manipulation
+ * ----------------------------------------------------------------------------- */
+
+ /* Install Constants */
+ SWIGINTERN void
+ SWIG_Python_InstallConstants(PyObject *d, swig_const_info constants[]) {
+ PyObject *obj = 0;
+ size_t i;
+ for (i = 0; constants[i].type; ++i) {
+ switch(constants[i].type) {
+ case SWIG_PY_POINTER:
+ obj = SWIG_NewPointerObj(constants[i].pvalue, *(constants[i]).ptype,0);
+ break;
+ case SWIG_PY_BINARY:
+ obj = SWIG_NewPackedObj(constants[i].pvalue, constants[i].lvalue, *(constants[i].ptype));
+ break;
+ default:
+ obj = 0;
+ break;
+ }
+ if (obj) {
+ PyDict_SetItemString(d, constants[i].name, obj);
+ Py_DECREF(obj);
+ }
+ }
+ }
+
+ /* -----------------------------------------------------------------------------*/
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ /* -----------------------------------------------------------------------------*/
+
+ SWIGINTERN void
+ SWIG_Python_FixMethods(PyMethodDef *methods,
+ swig_const_info *const_table,
+ swig_type_info **types,
+ swig_type_info **types_initial) {
+ size_t i;
+ for (i = 0; methods[i].ml_name; ++i) {
+ const char *c = methods[i].ml_doc;
+ if (c && (c = strstr(c, "swig_ptr: "))) {
+ int j;
+ swig_const_info *ci = 0;
+ const char *name = c + 10;
+ for (j = 0; const_table[j].type; ++j) {
+ if (strncmp(const_table[j].name, name,
+ strlen(const_table[j].name)) == 0) {
+ ci = &(const_table[j]);
+ break;
+ }
+ }
+ if (ci) {
+ size_t shift = (ci->ptype) - types;
+ swig_type_info *ty = types_initial[shift];
+ size_t ldoc = (c - methods[i].ml_doc);
+ size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
+ char *ndoc = (char*)malloc(ldoc + lptr + 10);
+ if (ndoc) {
+ char *buff = ndoc;
+ void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
+ if (ptr) {
+ strncpy(buff, methods[i].ml_doc, ldoc);
+ buff += ldoc;
+ strncpy(buff, "swig_ptr: ", 10);
+ buff += 10;
+ SWIG_PackVoidPtr(buff, ptr, ty->name, lptr);
+ methods[i].ml_doc = ndoc;
+ }
+ }
+ }
+ }
+ }
+ }
+
+#ifdef __cplusplus
+}
+#endif
+
+/* -----------------------------------------------------------------------------*
+ * Partial Init method
+ * -----------------------------------------------------------------------------*/
+
+#ifdef __cplusplus
+extern "C"
+#endif
+SWIGEXPORT void SWIG_init(void) {
+ PyObject *m, *d;
+
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ SWIG_Python_FixMethods(SwigMethods, swig_const_table, swig_types, swig_type_initial);
+
+ m = Py_InitModule((char *) SWIG_name, SwigMethods);
+ d = PyModule_GetDict(m);
+
+ SWIG_InitializeModule(0);
+ SWIG_InstallConstants(d,swig_const_table);
+
+
+ SWIG_Python_SetConstant(d, "SEMANAGE_MSG_ERR",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_MSG_WARN",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_MSG_INFO",SWIG_From_int((int)(3)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CON_INVALID",SWIG_From_int((int)(SEMANAGE_CON_INVALID)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CON_DIRECT",SWIG_From_int((int)(SEMANAGE_CON_DIRECT)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CON_POLSERV_LOCAL",SWIG_From_int((int)(SEMANAGE_CON_POLSERV_LOCAL)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CON_POLSERV_REMOTE",SWIG_From_int((int)(SEMANAGE_CON_POLSERV_REMOTE)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CAN_READ",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_CAN_WRITE",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_PROTO_UDP",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_PROTO_TCP",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_ALL",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_REG",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_DIR",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_CHAR",SWIG_From_int((int)(3)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_BLOCK",SWIG_From_int((int)(4)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_SOCK",SWIG_From_int((int)(5)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_LINK",SWIG_From_int((int)(6)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_FCONTEXT_PIPE",SWIG_From_int((int)(7)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_PROTO_IP4",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SEMANAGE_PROTO_IP6",SWIG_From_int((int)(1)));
+}
+
diff --git a/libsemanage/src/seuser_internal.h b/libsemanage/src/seuser_internal.h
new file mode 100644
index 0000000..e6f2972
--- /dev/null
+++ b/libsemanage/src/seuser_internal.h
@@ -0,0 +1,41 @@
+#ifndef _SEMANAGE_SEUSER_INTERNAL_H_
+#define _SEMANAGE_SEUSER_INTERNAL_H_
+
+#include <semanage/seuser_record.h>
+#include <semanage/seusers_local.h>
+#include <semanage/seusers_policy.h>
+#include <sepol/policydb.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_seuser_clone)
+ hidden_proto(semanage_seuser_compare)
+ hidden_proto(semanage_seuser_compare2)
+ hidden_proto(semanage_seuser_create)
+ hidden_proto(semanage_seuser_free)
+ hidden_proto(semanage_seuser_get_mlsrange)
+ hidden_proto(semanage_seuser_get_name)
+ hidden_proto(semanage_seuser_get_sename)
+ hidden_proto(semanage_seuser_key_create)
+ hidden_proto(semanage_seuser_key_extract)
+ hidden_proto(semanage_seuser_key_free)
+ hidden_proto(semanage_seuser_set_mlsrange)
+ hidden_proto(semanage_seuser_set_name)
+ hidden_proto(semanage_seuser_set_sename)
+ hidden_proto(semanage_seuser_iterate)
+ hidden_proto(semanage_seuser_iterate_local)
+
+/* SEUSER RECORD: method table */
+extern record_table_t SEMANAGE_SEUSER_RTABLE;
+
+extern int seuser_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig);
+
+extern void seuser_file_dbase_release(dbase_config_t * dconfig);
+
+extern int hidden semanage_seuser_validate_local(semanage_handle_t * handle,
+ const sepol_policydb_t *
+ policydb);
+
+#endif
diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
new file mode 100644
index 0000000..8823b1e
--- /dev/null
+++ b/libsemanage/src/seuser_record.c
@@ -0,0 +1,267 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_seuser_t (Unix User)
+ * Object: semanage_seuser_key_t (Unix User Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+struct semanage_seuser;
+struct semanage_seuser_key;
+typedef struct semanage_seuser record_t;
+typedef struct semanage_seuser_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include <string.h>
+#include "seuser_internal.h"
+#include "debug.h"
+#include <semanage/handle.h>
+#include "database.h"
+
+struct semanage_seuser {
+ /* This user's name */
+ char *name;
+
+ /* This user's corresponding
+ * seuser ("role set") */
+ char *sename;
+
+ /* This user's mls range (only required for mls) */
+ char *mls_range;
+};
+
+struct semanage_seuser_key {
+ /* This user's name */
+ const char *name;
+};
+
+int semanage_seuser_key_create(semanage_handle_t * handle,
+ const char *name,
+ semanage_seuser_key_t ** key_ptr)
+{
+
+ semanage_seuser_key_t *tmp_key = (semanage_seuser_key_t *)
+ malloc(sizeof(semanage_seuser_key_t));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, could not create seuser key");
+ return STATUS_ERR;
+ }
+ tmp_key->name = name;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_seuser_key_create)
+
+int semanage_seuser_key_extract(semanage_handle_t * handle,
+ const semanage_seuser_t * seuser,
+ semanage_seuser_key_t ** key_ptr)
+{
+
+ if (semanage_seuser_key_create(handle, seuser->name, key_ptr) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not extract seuser key from record");
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_seuser_key_extract)
+
+void semanage_seuser_key_free(semanage_seuser_key_t * key)
+{
+
+ free(key);
+}
+
+hidden_def(semanage_seuser_key_free)
+
+int semanage_seuser_compare(const semanage_seuser_t * seuser,
+ const semanage_seuser_key_t * key)
+{
+
+ return strcmp(seuser->name, key->name);
+}
+
+hidden_def(semanage_seuser_compare)
+
+int semanage_seuser_compare2(const semanage_seuser_t * seuser,
+ const semanage_seuser_t * seuser2)
+{
+
+ return strcmp(seuser->name, seuser2->name);
+}
+
+hidden_def(semanage_seuser_compare2)
+
+static int semanage_seuser_compare2_qsort(const semanage_seuser_t ** seuser,
+ const semanage_seuser_t ** seuser2)
+{
+
+ return strcmp((*seuser)->name, (*seuser2)->name);
+}
+
+/* Name */
+const char *semanage_seuser_get_name(const semanage_seuser_t * seuser)
+{
+
+ return seuser->name;
+}
+
+hidden_def(semanage_seuser_get_name)
+
+int semanage_seuser_set_name(semanage_handle_t * handle,
+ semanage_seuser_t * seuser, const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name) {
+ ERR(handle, "out of memory, could not set seuser (Unix) name");
+ return STATUS_ERR;
+ }
+ free(seuser->name);
+ seuser->name = tmp_name;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_seuser_set_name)
+
+/* Selinux Name */
+const char *semanage_seuser_get_sename(const semanage_seuser_t * seuser)
+{
+
+ return seuser->sename;
+}
+
+hidden_def(semanage_seuser_get_sename)
+
+int semanage_seuser_set_sename(semanage_handle_t * handle,
+ semanage_seuser_t * seuser, const char *sename)
+{
+
+ char *tmp_sename = strdup(sename);
+ if (!tmp_sename) {
+ ERR(handle,
+ "out of memory, could not set seuser (SELinux) name");
+ return STATUS_ERR;
+ }
+ free(seuser->sename);
+ seuser->sename = tmp_sename;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_seuser_set_sename)
+
+/* MLS Range */
+const char *semanage_seuser_get_mlsrange(const semanage_seuser_t * seuser)
+{
+
+ return seuser->mls_range;
+}
+
+hidden_def(semanage_seuser_get_mlsrange)
+
+int semanage_seuser_set_mlsrange(semanage_handle_t * handle,
+ semanage_seuser_t * seuser,
+ const char *mls_range)
+{
+
+ char *tmp_mls_range = strdup(mls_range);
+ if (!tmp_mls_range) {
+ ERR(handle, "out of memory, could not set seuser MLS range");
+ return STATUS_ERR;
+ }
+ free(seuser->mls_range);
+ seuser->mls_range = tmp_mls_range;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_seuser_set_mlsrange)
+
+/* Create */
+int semanage_seuser_create(semanage_handle_t * handle,
+ semanage_seuser_t ** seuser_ptr)
+{
+
+ semanage_seuser_t *seuser =
+ (semanage_seuser_t *) malloc(sizeof(semanage_seuser_t));
+
+ if (!seuser) {
+ ERR(handle, "out of memory, could not create seuser");
+ return STATUS_ERR;
+ }
+
+ seuser->name = NULL;
+ seuser->sename = NULL;
+ seuser->mls_range = NULL;
+
+ *seuser_ptr = seuser;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(semanage_seuser_create)
+
+/* Deep copy clone */
+int semanage_seuser_clone(semanage_handle_t * handle,
+ const semanage_seuser_t * seuser,
+ semanage_seuser_t ** seuser_ptr)
+{
+
+ semanage_seuser_t *new_seuser = NULL;
+
+ if (semanage_seuser_create(handle, &new_seuser) < 0)
+ goto err;
+
+ if (semanage_seuser_set_name(handle, new_seuser, seuser->name) < 0)
+ goto err;
+
+ if (semanage_seuser_set_sename(handle, new_seuser, seuser->sename) < 0)
+ goto err;
+
+ if (seuser->mls_range &&
+ (semanage_seuser_set_mlsrange(handle, new_seuser, seuser->mls_range)
+ < 0))
+ goto err;
+
+ *seuser_ptr = new_seuser;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone seuser");
+ semanage_seuser_free(new_seuser);
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_seuser_clone)
+
+/* Destroy */
+void semanage_seuser_free(semanage_seuser_t * seuser)
+{
+
+ if (!seuser)
+ return;
+
+ free(seuser->name);
+ free(seuser->sename);
+ free(seuser->mls_range);
+ free(seuser);
+}
+
+hidden_def(semanage_seuser_free)
+
+/* Record base functions */
+record_table_t SEMANAGE_SEUSER_RTABLE = {
+ .create = semanage_seuser_create,
+ .key_extract = semanage_seuser_key_extract,
+ .key_free = semanage_seuser_key_free,
+ .clone = semanage_seuser_clone,
+ .compare = semanage_seuser_compare,
+ .compare2 = semanage_seuser_compare2,
+ .compare2_qsort = semanage_seuser_compare2_qsort,
+ .free = semanage_seuser_free,
+};
diff --git a/libsemanage/src/seusers_file.c b/libsemanage/src/seusers_file.c
new file mode 100644
index 0000000..b5c8075
--- /dev/null
+++ b/libsemanage/src/seusers_file.c
@@ -0,0 +1,135 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_seuser;
+struct semanage_seuser_key;
+typedef struct semanage_seuser record_t;
+typedef struct semanage_seuser_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "seuser_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+#include "handle.h"
+
+static int seuser_print(semanage_handle_t * handle,
+ semanage_seuser_t * seuser, FILE * str)
+{
+
+ const char *name = semanage_seuser_get_name(seuser);
+ const char *sename = semanage_seuser_get_sename(seuser);
+ const char *mls = semanage_seuser_get_mlsrange(seuser);
+
+ if (fprintf(str, "%s:%s", name, sename) < 0)
+ goto err;
+
+ if (mls != NULL && fprintf(str, ":%s", mls) < 0)
+ goto err;
+
+ fprintf(str, "\n");
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not print seuser %s to stream", name);
+ return STATUS_ERR;
+}
+
+static int seuser_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_seuser_t * seuser)
+{
+
+ char *str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Extract name */
+ if (parse_fetch_string(handle, info, &str, ':') < 0)
+ goto err;
+ if (semanage_seuser_set_name(handle, seuser, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_ch(handle, info, ':') < 0)
+ goto err;
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+
+ /* Extract sename */
+ if (parse_fetch_string(handle, info, &str, ':') < 0)
+ goto err;
+ if (semanage_seuser_set_sename(handle, seuser, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_optional_ch(info, ':') == STATUS_NODATA)
+ goto out;
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+
+ /* NOTE: does not allow spaces/multiline */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+
+ if (semanage_seuser_set_mlsrange(handle, seuser, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ out:
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse seuser record");
+ free(str);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* SEUSER RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_SEUSER_FILE_RTABLE = {
+ .parse = seuser_parse,
+ .print = seuser_print,
+};
+
+int seuser_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_SEUSER_RTABLE,
+ &SEMANAGE_SEUSER_FILE_RTABLE, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void seuser_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
new file mode 100644
index 0000000..e7cf12c
--- /dev/null
+++ b/libsemanage/src/seusers_local.c
@@ -0,0 +1,175 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_seuser;
+struct semanage_seuser_key;
+typedef struct semanage_seuser_key record_key_t;
+typedef struct semanage_seuser record_t;
+#define DBASE_RECORD_DEFINED
+
+#include <sepol/policydb.h>
+#include <sepol/context.h>
+#include "user_internal.h"
+#include "seuser_internal.h"
+#include "handle.h"
+#include "database.h"
+#include "debug.h"
+
+int semanage_seuser_modify_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ const semanage_seuser_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_seuser_del_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_seuser_query_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ semanage_seuser_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_seuser_exists_local(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ int *response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_seuser_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_seuser_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_seuser_t *
+ record, void *varg),
+ void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+hidden_def(semanage_seuser_iterate_local)
+
+int semanage_seuser_list_local(semanage_handle_t * handle,
+ semanage_seuser_t *** records,
+ unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
+
+struct validate_handler_arg {
+ semanage_handle_t *handle;
+ const sepol_policydb_t *policydb;
+};
+
+static int validate_handler(const semanage_seuser_t * seuser, void *varg)
+{
+
+ semanage_user_t *user = NULL;
+ semanage_user_key_t *key = NULL;
+ int exists, mls_ok;
+
+ /* Unpack varg */
+ struct validate_handler_arg *arg = (struct validate_handler_arg *)varg;
+ semanage_handle_t *handle = arg->handle;
+ const sepol_policydb_t *policydb = arg->policydb;
+
+ /* Unpack seuser */
+ const char *name = semanage_seuser_get_name(seuser);
+ const char *sename = semanage_seuser_get_sename(seuser);
+ const char *mls_range = semanage_seuser_get_mlsrange(seuser);
+ const char *user_mls_range;
+
+ /* Make sure the (SElinux) user exists */
+ if (semanage_user_key_create(handle, sename, &key) < 0)
+ goto err;
+ if (semanage_user_exists(handle, key, &exists) < 0)
+ goto err;
+ if (!exists) {
+ ERR(handle, "selinux user %s does not exist", sename);
+ goto invalid;
+ }
+
+ /* Verify that the mls range is valid, and that it's contained
+ * within the (SELinux) user mls range. This range is optional */
+ if (mls_range && sepol_policydb_mls_enabled(policydb)) {
+
+ if (semanage_user_query(handle, key, &user) < 0)
+ goto err;
+ user_mls_range = semanage_user_get_mlsrange(user);
+
+ if (sepol_mls_check(handle->sepolh, policydb, mls_range) < 0)
+ goto invalid;
+ if (sepol_mls_contains(handle->sepolh, policydb,
+ user_mls_range, mls_range, &mls_ok) < 0)
+ goto err;
+
+ if (!mls_ok) {
+ ERR(handle, "MLS range %s for Unix user %s "
+ "exceeds allowed range %s for SELinux user %s",
+ mls_range, name, user_mls_range, sename);
+ goto invalid;
+ }
+
+ } else if (mls_range) {
+ ERR(handle, "MLS is disabled, but MLS range %s "
+ "was found for Unix user %s", mls_range, name);
+ goto invalid;
+ }
+
+ semanage_user_key_free(key);
+ semanage_user_free(user);
+ return 0;
+
+ err:
+ ERR(handle, "could not check if seuser mapping for %s is valid", name);
+ semanage_user_key_free(key);
+ semanage_user_free(user);
+ return -1;
+
+ invalid:
+ if (mls_range)
+ ERR(handle, "seuser mapping [%s -> (%s, %s)] is invalid",
+ name, sename, mls_range);
+ else
+ ERR(handle, "seuser mapping [%s -> %s] is invalid",
+ name, sename);
+ semanage_user_key_free(key);
+ semanage_user_free(user);
+ return -1;
+}
+
+/* This function may not be called outside a transaction, or
+ * it will (1) deadlock, because iterate is not reentrant outside
+ * a transaction, and (2) be racy, because it makes multiple dbase calls */
+
+int hidden semanage_seuser_validate_local(semanage_handle_t * handle,
+ const sepol_policydb_t * policydb)
+{
+
+ struct validate_handler_arg arg;
+ arg.handle = handle;
+ arg.policydb = policydb;
+ return semanage_seuser_iterate_local(handle, validate_handler, &arg);
+}
diff --git a/libsemanage/src/seusers_policy.c b/libsemanage/src/seusers_policy.c
new file mode 100644
index 0000000..89fb4d8
--- /dev/null
+++ b/libsemanage/src/seusers_policy.c
@@ -0,0 +1,58 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_seuser;
+struct semanage_seuser_key;
+typedef struct semanage_seuser_key record_key_t;
+typedef struct semanage_seuser record_t;
+#define DBASE_RECORD_DEFINED
+
+#include <sepol/policydb.h>
+#include <sepol/context.h>
+#include "user_internal.h"
+#include "seuser_internal.h"
+#include "handle.h"
+#include "database.h"
+#include "debug.h"
+
+int semanage_seuser_query(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key,
+ semanage_seuser_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_seuser_exists(semanage_handle_t * handle,
+ const semanage_seuser_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_seuser_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_seuser_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_seuser_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+hidden_def(semanage_seuser_iterate)
+
+int semanage_seuser_list(semanage_handle_t * handle,
+ semanage_seuser_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_seuser_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/user_base_record.c b/libsemanage/src/user_base_record.c
new file mode 100644
index 0000000..7dfa8c6
--- /dev/null
+++ b/libsemanage/src/user_base_record.c
@@ -0,0 +1,184 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_user_base_t (SELinux User/Class Policy Object)
+ * Object: semanage_user_key_t (SELinux User/Class Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/user_record.h>
+
+typedef sepol_user_key_t semanage_user_key_t;
+#define _SEMANAGE_USER_KEY_DEFINED_
+
+typedef sepol_user_t semanage_user_base_t;
+#define _SEMANAGE_USER_BASE_DEFINED_
+
+typedef semanage_user_base_t record_t;
+typedef semanage_user_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include "user_internal.h"
+#include "handle.h"
+#include "database.h"
+#include "debug.h"
+
+/* Key */
+hidden int semanage_user_base_key_extract(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ semanage_user_key_t ** key)
+{
+
+ return sepol_user_key_extract(handle->sepolh, user, key);
+}
+
+static int semanage_user_base_compare(const semanage_user_base_t * user,
+ const semanage_user_key_t * key)
+{
+
+ return sepol_user_compare(user, key);
+}
+
+static int semanage_user_base_compare2(const semanage_user_base_t * user,
+ const semanage_user_base_t * user2)
+{
+
+ return sepol_user_compare2(user, user2);
+}
+
+static int semanage_user_base_compare2_qsort(const semanage_user_base_t ** user,
+ const semanage_user_base_t **
+ user2)
+{
+
+ return sepol_user_compare2(*user, *user2);
+}
+
+/* Name */
+hidden const char *semanage_user_base_get_name(const semanage_user_base_t *
+ user)
+{
+
+ return sepol_user_get_name(user);
+}
+
+hidden int semanage_user_base_set_name(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *name)
+{
+
+ return sepol_user_set_name(handle->sepolh, user, name);
+}
+
+/* MLS */
+hidden const char *semanage_user_base_get_mlslevel(const semanage_user_base_t *
+ user)
+{
+
+ return sepol_user_get_mlslevel(user);
+}
+
+hidden int semanage_user_base_set_mlslevel(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *mls_level)
+{
+
+ return sepol_user_set_mlslevel(handle->sepolh, user, mls_level);
+}
+
+hidden const char *semanage_user_base_get_mlsrange(const semanage_user_base_t *
+ user)
+{
+
+ return sepol_user_get_mlsrange(user);
+}
+
+hidden int semanage_user_base_set_mlsrange(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *mls_range)
+{
+
+ return sepol_user_set_mlsrange(handle->sepolh, user, mls_range);
+}
+
+/* Role management */
+hidden int semanage_user_base_get_num_roles(const semanage_user_base_t * user)
+{
+
+ return sepol_user_get_num_roles(user);
+}
+
+hidden int semanage_user_base_add_role(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *role)
+{
+
+ return sepol_user_add_role(handle->sepolh, user, role);
+}
+
+hidden void semanage_user_base_del_role(semanage_user_base_t * user,
+ const char *role)
+{
+
+ sepol_user_del_role(user, role);
+}
+
+hidden int semanage_user_base_has_role(const semanage_user_base_t * user,
+ const char *role)
+{
+
+ return sepol_user_has_role(user, role);
+}
+
+hidden int semanage_user_base_get_roles(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ const char ***roles_arr,
+ unsigned int *num_roles)
+{
+
+ return sepol_user_get_roles(handle->sepolh, user, roles_arr, num_roles);
+}
+
+hidden int semanage_user_base_set_roles(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char **roles_arr,
+ unsigned int num_roles)
+{
+
+ return sepol_user_set_roles(handle->sepolh, user, roles_arr, num_roles);
+}
+
+/* Create/Clone/Destroy */
+hidden int semanage_user_base_create(semanage_handle_t * handle,
+ semanage_user_base_t ** user_ptr)
+{
+
+ return sepol_user_create(handle->sepolh, user_ptr);
+}
+
+hidden int semanage_user_base_clone(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ semanage_user_base_t ** user_ptr)
+{
+
+ return sepol_user_clone(handle->sepolh, user, user_ptr);
+}
+
+hidden void semanage_user_base_free(semanage_user_base_t * user)
+{
+
+ sepol_user_free(user);
+}
+
+/* Record base functions */
+record_table_t SEMANAGE_USER_BASE_RTABLE = {
+ .create = semanage_user_base_create,
+ .key_extract = semanage_user_base_key_extract,
+ .key_free = semanage_user_key_free,
+ .clone = semanage_user_base_clone,
+ .compare = semanage_user_base_compare,
+ .compare2 = semanage_user_base_compare2,
+ .compare2_qsort = semanage_user_base_compare2_qsort,
+ .free = semanage_user_base_free,
+};
diff --git a/libsemanage/src/user_extra_record.c b/libsemanage/src/user_extra_record.c
new file mode 100644
index 0000000..efb9c5b
--- /dev/null
+++ b/libsemanage/src/user_extra_record.c
@@ -0,0 +1,197 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_user_extra_t (SELinux User/Class Extra Data)
+ * Object: semanage_user_extra_key_t (SELinux User/Class Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/user_record.h>
+
+typedef sepol_user_key_t semanage_user_key_t;
+#define _SEMANAGE_USER_KEY_DEFINED_
+
+struct semanage_user_extra;
+typedef struct semanage_user_extra record_t;
+typedef semanage_user_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include <semanage/handle.h>
+#include <stdlib.h>
+#include <string.h>
+#include "user_internal.h"
+#include "debug.h"
+#include "database.h"
+
+struct semanage_user_extra {
+ /* This user's name */
+ char *name;
+
+ /* Labeling prefix */
+ char *prefix;
+};
+
+static int semanage_user_extra_key_extract(semanage_handle_t * handle,
+ const semanage_user_extra_t *
+ user_extra,
+ semanage_user_key_t ** key_ptr)
+{
+
+ if (semanage_user_key_create(handle, user_extra->name, key_ptr) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not extract key from user extra record");
+ return STATUS_ERR;
+}
+
+static int semanage_user_extra_compare(const semanage_user_extra_t * user_extra,
+ const semanage_user_key_t * key)
+{
+
+ const char *name;
+ semanage_user_key_unpack(key, &name);
+
+ return strcmp(user_extra->name, name);
+}
+
+static int semanage_user_extra_compare2(const semanage_user_extra_t *
+ user_extra,
+ const semanage_user_extra_t *
+ user_extra2)
+{
+
+ return strcmp(user_extra->name, user_extra2->name);
+}
+
+static int semanage_user_extra_compare2_qsort(const semanage_user_extra_t **
+ user_extra,
+ const semanage_user_extra_t **
+ user_extra2)
+{
+
+ return strcmp((*user_extra)->name, (*user_extra2)->name);
+}
+
+/* Name */
+hidden const char *semanage_user_extra_get_name(const semanage_user_extra_t *
+ user_extra)
+{
+
+ return user_extra->name;
+}
+
+hidden int semanage_user_extra_set_name(semanage_handle_t * handle,
+ semanage_user_extra_t * user_extra,
+ const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name) {
+ ERR(handle, "out of memory, could not set name %s "
+ "for user extra data", name);
+ return STATUS_ERR;
+ }
+ free(user_extra->name);
+ user_extra->name = tmp_name;
+ return STATUS_SUCCESS;
+}
+
+/* Labeling prefix */
+hidden const char *semanage_user_extra_get_prefix(const semanage_user_extra_t *
+ user_extra)
+{
+
+ return user_extra->prefix;
+}
+
+hidden int semanage_user_extra_set_prefix(semanage_handle_t * handle,
+ semanage_user_extra_t * user_extra,
+ const char *prefix)
+{
+
+ char *tmp_prefix = strdup(prefix);
+ if (!tmp_prefix) {
+ ERR(handle, "out of memory, could not set prefix %s "
+ "for user %s", prefix, user_extra->name);
+ return STATUS_ERR;
+ }
+ free(user_extra->prefix);
+ user_extra->prefix = tmp_prefix;
+ return STATUS_SUCCESS;
+}
+
+/* Create */
+hidden int semanage_user_extra_create(semanage_handle_t * handle,
+ semanage_user_extra_t ** user_extra_ptr)
+{
+
+ semanage_user_extra_t *user_extra =
+ (semanage_user_extra_t *) malloc(sizeof(semanage_user_extra_t));
+
+ if (!user_extra) {
+ ERR(handle, "out of memory, could not "
+ "create user extra data record");
+ return STATUS_ERR;
+ }
+
+ user_extra->name = NULL;
+ user_extra->prefix = NULL;
+
+ *user_extra_ptr = user_extra;
+ return STATUS_SUCCESS;
+}
+
+/* Destroy */
+hidden void semanage_user_extra_free(semanage_user_extra_t * user_extra)
+{
+
+ if (!user_extra)
+ return;
+
+ free(user_extra->name);
+ free(user_extra->prefix);
+ free(user_extra);
+}
+
+/* Deep copy clone */
+hidden int semanage_user_extra_clone(semanage_handle_t * handle,
+ const semanage_user_extra_t * user_extra,
+ semanage_user_extra_t ** user_extra_ptr)
+{
+
+ semanage_user_extra_t *new_user_extra = NULL;
+
+ if (semanage_user_extra_create(handle, &new_user_extra) < 0)
+ goto err;
+
+ if (semanage_user_extra_set_name
+ (handle, new_user_extra, user_extra->name) < 0)
+ goto err;
+
+ if (semanage_user_extra_set_prefix
+ (handle, new_user_extra, user_extra->prefix) < 0)
+ goto err;
+
+ *user_extra_ptr = new_user_extra;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone extra data for user %s", user_extra->name);
+ semanage_user_extra_free(new_user_extra);
+ return STATUS_ERR;
+}
+
+/* Record base functions */
+record_table_t SEMANAGE_USER_EXTRA_RTABLE = {
+ .create = semanage_user_extra_create,
+ .key_extract = semanage_user_extra_key_extract,
+ .key_free = semanage_user_key_free,
+ .clone = semanage_user_extra_clone,
+ .compare = semanage_user_extra_compare,
+ .compare2 = semanage_user_extra_compare2,
+ .compare2_qsort = semanage_user_extra_compare2_qsort,
+ .free = semanage_user_extra_free,
+};
diff --git a/libsemanage/src/user_internal.h b/libsemanage/src/user_internal.h
new file mode 100644
index 0000000..5c86418
--- /dev/null
+++ b/libsemanage/src/user_internal.h
@@ -0,0 +1,175 @@
+#ifndef _SEMANAGE_USER_INTERNAL_H_
+#define _SEMANAGE_USER_INTERNAL_H_
+
+#include <sepol/user_record.h>
+#include <semanage/user_record.h>
+#include <semanage/users_local.h>
+#include <semanage/users_policy.h>
+#include "database.h"
+#include "handle.h"
+#include "dso.h"
+
+hidden_proto(semanage_user_add_role)
+ hidden_proto(semanage_user_clone)
+ hidden_proto(semanage_user_compare)
+ hidden_proto(semanage_user_compare2)
+ hidden_proto(semanage_user_create)
+ hidden_proto(semanage_user_free)
+ hidden_proto(semanage_user_get_mlslevel)
+ hidden_proto(semanage_user_get_mlsrange)
+ hidden_proto(semanage_user_get_name)
+ hidden_proto(semanage_user_get_roles)
+ hidden_proto(semanage_user_key_create)
+ hidden_proto(semanage_user_key_extract)
+ hidden_proto(semanage_user_key_free)
+ hidden_proto(semanage_user_set_mlslevel)
+ hidden_proto(semanage_user_set_mlsrange)
+ hidden_proto(semanage_user_set_name)
+ hidden_proto(semanage_user_exists)
+ hidden_proto(semanage_user_query)
+
+/* USER record: metod table */
+extern record_table_t SEMANAGE_USER_RTABLE;
+
+/* USER BASE record: method table */
+extern record_table_t SEMANAGE_USER_BASE_RTABLE;
+
+/* USER EXTRA record: method table */
+extern record_table_t SEMANAGE_USER_EXTRA_RTABLE;
+
+/* ============ Init/Release functions ========== */
+
+/* USER BASE record, FILE backend */
+extern int user_base_file_dbase_init(semanage_handle_t * handle,
+ const char *fname,
+ dbase_config_t * dconfig);
+
+extern void user_base_file_dbase_release(dbase_config_t * dconfig);
+
+/* USER EXTRA record, FILE backend */
+extern int user_extra_file_dbase_init(semanage_handle_t * handle,
+ const char *fname,
+ dbase_config_t * dconfig);
+
+extern void user_extra_file_dbase_release(dbase_config_t * dconfig);
+
+/* USER BASE record, POLICYDB backend */
+extern int user_base_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig);
+
+extern void user_base_policydb_dbase_release(dbase_config_t * dconfig);
+
+/* USER record, JOIN backend */
+extern int user_join_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * join1,
+ dbase_config_t * join2,
+ dbase_config_t * dconfig);
+
+extern void user_join_dbase_release(dbase_config_t * dconfig);
+
+/*======= Internal API: Base (Policy) User record ====== */
+
+#ifndef _SEMANAGE_USER_BASE_DEFINED_
+struct semanage_user_base;
+typedef struct semanage_user_base semanage_user_base_t;
+#define _SEMANAGE_USER_BASE_DEFINED_
+#endif
+
+hidden int semanage_user_base_create(semanage_handle_t * handle,
+ semanage_user_base_t ** user_ptr);
+
+hidden int semanage_user_base_clone(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ semanage_user_base_t ** user_ptr);
+
+hidden int semanage_user_base_key_extract(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ semanage_user_key_t ** key);
+
+hidden const char *semanage_user_base_get_name(const semanage_user_base_t *
+ user);
+
+hidden int semanage_user_base_set_name(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *name);
+
+hidden const char *semanage_user_base_get_mlslevel(const semanage_user_base_t *
+ user);
+
+hidden int semanage_user_base_set_mlslevel(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *mls_level);
+
+hidden const char *semanage_user_base_get_mlsrange(const semanage_user_base_t *
+ user);
+
+hidden int semanage_user_base_set_mlsrange(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *mls_range);
+
+hidden int semanage_user_base_get_num_roles(const semanage_user_base_t * user);
+
+hidden int semanage_user_base_add_role(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char *role);
+
+hidden void semanage_user_base_del_role(semanage_user_base_t * user,
+ const char *role);
+
+hidden int semanage_user_base_has_role(const semanage_user_base_t * user,
+ const char *role);
+
+hidden int semanage_user_base_get_roles(semanage_handle_t * handle,
+ const semanage_user_base_t * user,
+ const char ***roles_arr,
+ unsigned int *num_roles);
+
+hidden int semanage_user_base_set_roles(semanage_handle_t * handle,
+ semanage_user_base_t * user,
+ const char **roles_arr,
+ unsigned int num_roles);
+
+hidden void semanage_user_base_free(semanage_user_base_t * user);
+
+/*=========== Internal API: Extra User record ==========*/
+struct semanage_user_extra;
+typedef struct semanage_user_extra semanage_user_extra_t;
+
+hidden int semanage_user_extra_create(semanage_handle_t * handle,
+ semanage_user_extra_t ** user_extra_ptr);
+
+hidden int semanage_user_extra_clone(semanage_handle_t * handle,
+ const semanage_user_extra_t * user_extra,
+ semanage_user_extra_t ** user_extra_ptr);
+
+hidden const char *semanage_user_extra_get_name(const semanage_user_extra_t *
+ user_extra);
+
+hidden int semanage_user_extra_set_name(semanage_handle_t * handle,
+ semanage_user_extra_t * user_extra,
+ const char *name);
+
+hidden const char *semanage_user_extra_get_prefix(const semanage_user_extra_t *
+ user_extra);
+
+hidden int semanage_user_extra_set_prefix(semanage_handle_t * handle,
+ semanage_user_extra_t * user_extra,
+ const char *prefix);
+
+hidden void semanage_user_extra_free(semanage_user_extra_t * user_extra);
+
+/*======== Internal API: Join record ========== */
+hidden void semanage_user_key_unpack(const semanage_user_key_t * key,
+ const char **name);
+
+hidden int semanage_user_join(semanage_handle_t * handle,
+ const semanage_user_base_t * record1,
+ const semanage_user_extra_t * record2,
+ semanage_user_t ** result);
+
+hidden int semanage_user_split(semanage_handle_t * handle,
+ const semanage_user_t * record,
+ semanage_user_base_t ** split1,
+ semanage_user_extra_t ** split2);
+
+#endif
diff --git a/libsemanage/src/user_record.c b/libsemanage/src/user_record.c
new file mode 100644
index 0000000..4523925
--- /dev/null
+++ b/libsemanage/src/user_record.c
@@ -0,0 +1,410 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+/* Object: semanage_user_t (SELinux User/Class)
+ * Object: semanage_user_key_t (SELinux User/Class Key)
+ * Implements: record_t (Database Record)
+ * Implements: record_key_t (Database Record Key)
+ */
+
+#include <sepol/user_record.h>
+
+typedef sepol_user_key_t semanage_user_key_t;
+#define _SEMANAGE_USER_KEY_DEFINED_
+
+struct semanage_user;
+typedef struct semanage_user record_t;
+typedef semanage_user_key_t record_key_t;
+#define DBASE_RECORD_DEFINED
+
+#include <stdlib.h>
+#include <string.h>
+#include "user_internal.h"
+#include "handle.h"
+#include "database.h"
+#include "debug.h"
+
+struct semanage_user {
+ char *name;
+ semanage_user_base_t *base;
+ semanage_user_extra_t *extra;
+};
+
+/* Key */
+int semanage_user_key_create(semanage_handle_t * handle,
+ const char *name, semanage_user_key_t ** key)
+{
+
+ return sepol_user_key_create(handle->sepolh, name, key);
+}
+
+hidden_def(semanage_user_key_create)
+
+int semanage_user_key_extract(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ semanage_user_key_t ** key)
+{
+
+ return semanage_user_base_key_extract(handle, user->base, key);
+}
+
+hidden_def(semanage_user_key_extract)
+
+void semanage_user_key_free(semanage_user_key_t * key)
+{
+
+ sepol_user_key_free(key);
+}
+
+hidden_def(semanage_user_key_free)
+
+hidden void semanage_user_key_unpack(const semanage_user_key_t * key,
+ const char **name)
+{
+
+ sepol_user_key_unpack(key, name);
+}
+
+int semanage_user_compare(const semanage_user_t * user,
+ const semanage_user_key_t * key)
+{
+
+ const char *name;
+ sepol_user_key_unpack(key, &name);
+ return strcmp(user->name, name);
+}
+
+hidden_def(semanage_user_compare)
+
+int semanage_user_compare2(const semanage_user_t * user,
+ const semanage_user_t * user2)
+{
+
+ return strcmp(user->name, user2->name);
+}
+
+hidden_def(semanage_user_compare2)
+
+static int semanage_user_compare2_qsort(const semanage_user_t ** user,
+ const semanage_user_t ** user2)
+{
+
+ return strcmp((*user)->name, (*user2)->name);
+}
+
+/* Name */
+const char *semanage_user_get_name(const semanage_user_t * user)
+{
+ return user->name;
+}
+
+hidden_def(semanage_user_get_name)
+
+int semanage_user_set_name(semanage_handle_t * handle,
+ semanage_user_t * user, const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name)
+ goto omem;
+
+ if (semanage_user_base_set_name(handle, user->base, name) < 0)
+ goto err;
+
+ if (semanage_user_extra_set_name(handle, user->extra, name) < 0)
+ goto err;
+
+ free(user->name);
+ user->name = tmp_name;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not set user name to %s", name);
+ free(tmp_name);
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_user_set_name)
+
+/* Labeling prefix */
+const char *semanage_user_get_prefix(const semanage_user_t * user)
+{
+
+ return semanage_user_extra_get_prefix(user->extra);
+}
+
+int semanage_user_set_prefix(semanage_handle_t * handle,
+ semanage_user_t * user, const char *name)
+{
+
+ return semanage_user_extra_set_prefix(handle, user->extra, name);
+}
+
+/* MLS */
+const char *semanage_user_get_mlslevel(const semanage_user_t * user)
+{
+
+ return semanage_user_base_get_mlslevel(user->base);
+}
+
+hidden_def(semanage_user_get_mlslevel)
+
+int semanage_user_set_mlslevel(semanage_handle_t * handle,
+ semanage_user_t * user, const char *mls_level)
+{
+
+ return semanage_user_base_set_mlslevel(handle, user->base, mls_level);
+}
+
+hidden_def(semanage_user_set_mlslevel)
+
+const char *semanage_user_get_mlsrange(const semanage_user_t * user)
+{
+
+ return semanage_user_base_get_mlsrange(user->base);
+}
+
+hidden_def(semanage_user_get_mlsrange)
+
+int semanage_user_set_mlsrange(semanage_handle_t * handle,
+ semanage_user_t * user, const char *mls_range)
+{
+
+ return semanage_user_base_set_mlsrange(handle, user->base, mls_range);
+}
+
+hidden_def(semanage_user_set_mlsrange)
+
+/* Role management */
+int semanage_user_get_num_roles(const semanage_user_t * user)
+{
+
+ return semanage_user_base_get_num_roles(user->base);
+}
+
+int semanage_user_add_role(semanage_handle_t * handle,
+ semanage_user_t * user, const char *role)
+{
+
+ return semanage_user_base_add_role(handle, user->base, role);
+}
+
+hidden_def(semanage_user_add_role)
+
+void semanage_user_del_role(semanage_user_t * user, const char *role)
+{
+
+ semanage_user_base_del_role(user->base, role);
+}
+
+int semanage_user_has_role(const semanage_user_t * user, const char *role)
+{
+
+ return semanage_user_base_has_role(user->base, role);
+}
+
+int semanage_user_get_roles(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ const char ***roles_arr, unsigned int *num_roles)
+{
+
+ return semanage_user_base_get_roles(handle, user->base, roles_arr,
+ num_roles);
+}
+
+hidden_def(semanage_user_get_roles)
+
+int semanage_user_set_roles(semanage_handle_t * handle,
+ semanage_user_t * user,
+ const char **roles_arr, unsigned int num_roles)
+{
+
+ return semanage_user_base_set_roles(handle, user->base, roles_arr,
+ num_roles);
+}
+
+/* Create/Clone/Destroy */
+int semanage_user_create(semanage_handle_t * handle,
+ semanage_user_t ** user_ptr)
+{
+
+ semanage_user_t *tmp_user = calloc(1, sizeof(semanage_user_t));
+ if (!tmp_user)
+ goto omem;
+
+ if (semanage_user_base_create(handle, &tmp_user->base) < 0)
+ goto err;
+ if (semanage_user_extra_create(handle, &tmp_user->extra) < 0)
+ goto err;
+
+ /* Initialize the prefix for migration purposes */
+ if (semanage_user_extra_set_prefix(handle, tmp_user->extra, "user") < 0)
+ goto err;
+
+ *user_ptr = tmp_user;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not create user record");
+ semanage_user_free(tmp_user);
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_user_create)
+
+int semanage_user_clone(semanage_handle_t * handle,
+ const semanage_user_t * user,
+ semanage_user_t ** user_ptr)
+{
+
+ semanage_user_t *tmp_user = calloc(1, sizeof(semanage_user_t));
+ if (!tmp_user)
+ goto omem;
+
+ /* Clone base and extra records */
+ if (semanage_user_base_clone(handle, user->base, &tmp_user->base) < 0)
+ goto err;
+ if (semanage_user_extra_clone(handle, user->extra, &tmp_user->extra) <
+ 0)
+ goto err;
+
+ /* Set the shared name */
+ if (semanage_user_set_name(handle, tmp_user, user->name) < 0)
+ goto err;
+
+ *user_ptr = tmp_user;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not clone user record");
+ semanage_user_free(tmp_user);
+ return STATUS_ERR;
+}
+
+hidden_def(semanage_user_clone)
+
+void semanage_user_free(semanage_user_t * user)
+{
+
+ if (!user)
+ return;
+
+ semanage_user_base_free(user->base);
+ semanage_user_extra_free(user->extra);
+ free(user->name);
+ free(user);
+}
+
+hidden_def(semanage_user_free)
+
+/* Join properties */
+hidden int semanage_user_join(semanage_handle_t * handle,
+ const semanage_user_base_t * record1,
+ const semanage_user_extra_t * record2,
+ semanage_user_t ** result)
+{
+
+ const char *name;
+ semanage_user_t *tmp_user = calloc(1, sizeof(semanage_user_t));
+ if (!tmp_user)
+ goto omem;
+
+ /* Set the shared name from one of the records
+ * (at least one is available) */
+ if (record1 == NULL)
+ name = semanage_user_extra_get_name(record2);
+ else
+ name = semanage_user_base_get_name(record1);
+
+ /* Join base record if it exists, create a blank one otherwise */
+ if (record1) {
+ if (semanage_user_base_clone(handle, record1, &tmp_user->base) <
+ 0)
+ goto err;
+ } else {
+ if (semanage_user_base_create(handle, &tmp_user->base) < 0)
+ goto err;
+ if (semanage_user_base_set_name(handle, tmp_user->base, name) <
+ 0)
+ goto err;
+ }
+
+ /* Join extra record if it exists, create a blank one otherwise */
+ if (record2) {
+ if (semanage_user_extra_clone(handle, record2, &tmp_user->extra)
+ < 0)
+ goto err;
+ } else {
+ if (semanage_user_extra_create(handle, &tmp_user->extra) < 0)
+ goto err;
+ if (semanage_user_extra_set_name(handle, tmp_user->extra, name)
+ < 0)
+ goto err;
+ if (semanage_user_extra_set_prefix
+ (handle, tmp_user->extra, "user") < 0)
+ goto err;
+ }
+
+ if (semanage_user_set_name(handle, tmp_user, name) < 0)
+ goto err;
+
+ *result = tmp_user;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not join data records for user %s",
+ semanage_user_base_get_name(record1));
+ semanage_user_free(tmp_user);
+ return STATUS_ERR;
+}
+
+hidden int semanage_user_split(semanage_handle_t * handle,
+ const semanage_user_t * record,
+ semanage_user_base_t ** split1,
+ semanage_user_extra_t ** split2)
+{
+
+ semanage_user_base_t *tmp_base_user = NULL;
+ semanage_user_extra_t *tmp_extra_user = NULL;
+
+ if (semanage_user_base_clone(handle, record->base, &tmp_base_user) < 0)
+ goto err;
+
+ if (semanage_user_extra_clone(handle, record->extra, &tmp_extra_user) <
+ 0)
+ goto err;
+
+ *split1 = tmp_base_user;
+ *split2 = tmp_extra_user;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not split data records for user %s",
+ semanage_user_get_name(record));
+ semanage_user_base_free(tmp_base_user);
+ semanage_user_extra_free(tmp_extra_user);
+ return STATUS_ERR;
+}
+
+/* Record base functions */
+record_table_t SEMANAGE_USER_RTABLE = {
+ .create = semanage_user_create,
+ .key_extract = semanage_user_key_extract,
+ .key_free = semanage_user_key_free,
+ .clone = semanage_user_clone,
+ .compare = semanage_user_compare,
+ .compare2 = semanage_user_compare2,
+ .compare2_qsort = semanage_user_compare2_qsort,
+ .free = semanage_user_free,
+};
diff --git a/libsemanage/src/users_base_file.c b/libsemanage/src/users_base_file.c
new file mode 100644
index 0000000..affde51
--- /dev/null
+++ b/libsemanage/src/users_base_file.c
@@ -0,0 +1,223 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user_base;
+struct semanage_user_key;
+typedef struct semanage_user_base record_t;
+typedef struct semanage_user_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <semanage/handle.h>
+#include "user_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+
+static int user_base_print(semanage_handle_t * handle,
+ semanage_user_base_t * user, FILE * str)
+{
+
+ const char **roles = NULL;
+ unsigned int i, nroles;
+
+ const char *name = semanage_user_base_get_name(user);
+ const char *mls_level = semanage_user_base_get_mlslevel(user);
+ const char *mls_range = semanage_user_base_get_mlsrange(user);
+
+ if (fprintf(str, "user %s roles { ", name) < 0)
+ goto err;
+
+ if (semanage_user_base_get_roles(handle, user, &roles, &nroles) < 0)
+ goto err;
+
+ for (i = 0; i < nroles; i++) {
+ if (fprintf(str, "%s ", roles[i]) < 0)
+ goto err;
+ }
+
+ if (fprintf(str, "} ") < 0)
+ goto err;
+
+ /* MLS */
+ if (mls_level != NULL && mls_range != NULL)
+ if (fprintf(str, "level %s range %s", mls_level, mls_range) < 0)
+ goto err;
+
+ if (fprintf(str, ";\n") < 0)
+ goto err;
+
+ free(roles);
+ return STATUS_SUCCESS;
+
+ err:
+ free(roles);
+ ERR(handle, "could not print user %s to stream", name);
+ return STATUS_ERR;
+}
+
+static int user_base_parse(semanage_handle_t * handle,
+ parse_info_t * info, semanage_user_base_t * user)
+{
+
+ int islist = 0;
+ char *str = NULL;
+ char *start;
+ char *name_str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* Parse user header */
+ if (parse_assert_str(handle, info, "user") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Parse user name */
+ if (parse_fetch_string(handle, info, &name_str, ' ') < 0)
+ goto err;
+
+ if (semanage_user_base_set_name(handle, user, name_str) < 0) {
+ free(name_str);
+ goto err;
+ }
+ free(name_str);
+
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_str(handle, info, "roles") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ islist = (parse_optional_ch(info, '{') != STATUS_NODATA);
+
+ /* For each role, loop */
+ do {
+ char delim;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_noeof(handle, info) < 0)
+ goto err;
+
+ start = info->ptr;
+ while (*(info->ptr) &&
+ *(info->ptr) != ';' &&
+ *(info->ptr) != '}' && !isspace(*(info->ptr)))
+ info->ptr++;
+
+ delim = *(info->ptr);
+ *(info->ptr)++ = '\0';
+
+ if (semanage_user_base_add_role(handle, user, start) < 0)
+ goto err;
+
+ if (delim && !isspace(delim)) {
+ if (islist && delim == '}')
+ break;
+ else if (!islist && delim == ';')
+ goto skip_semicolon;
+ else
+ goto err;
+ }
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_optional_ch(info, ';') != STATUS_NODATA)
+ goto skip_semicolon;
+ if (parse_optional_ch(info, '}') != STATUS_NODATA)
+ islist = 0;
+
+ } while (islist);
+
+ /* Handle mls */
+ /* Parse level header */
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_optional_str(info, "level") == STATUS_NODATA)
+ goto semicolon;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* NOTE: does not allow spaces/multiline */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_user_base_set_mlslevel(handle, user, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Parse range header */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_str(handle, info, "range") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* NOTE: does not allow spaces/multiline */
+ if (parse_fetch_string(handle, info, &str, ';') < 0)
+ goto err;
+ if (semanage_user_base_set_mlsrange(handle, user, str) < 0)
+ goto err;
+
+ free(str);
+ str = NULL;
+
+ /* Check for semicolon */
+ semicolon:
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_ch(handle, info, ';') < 0)
+ goto err;
+
+ skip_semicolon:
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse user record");
+ free(str);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* USER BASE record: FILE extension: method table */
+record_file_table_t SEMANAGE_USER_BASE_FILE_RTABLE = {
+ .parse = user_base_parse,
+ .print = user_base_print,
+};
+
+int user_base_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_USER_BASE_RTABLE,
+ &SEMANAGE_USER_BASE_FILE_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void user_base_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c
new file mode 100644
index 0000000..6bf6bb0
--- /dev/null
+++ b/libsemanage/src/users_base_policydb.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user_base;
+struct semanage_user_key;
+typedef struct semanage_user_base record_t;
+typedef struct semanage_user_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
+#include <sepol/users.h>
+#include <semanage/handle.h>
+#include "user_internal.h"
+#include "debug.h"
+#include "database_policydb.h"
+
+/* USER BASE record: POLICYDB extension: method table */
+record_policydb_table_t SEMANAGE_USER_BASE_POLICYDB_RTABLE = {
+ .add = NULL,
+ .modify = (record_policydb_table_modify_t) sepol_user_modify,
+ .set = NULL,
+ .query = (record_policydb_table_query_t) sepol_user_query,
+ .count = (record_policydb_table_count_t) sepol_user_count,
+ .exists = (record_policydb_table_exists_t) sepol_user_exists,
+ .iterate = (record_policydb_table_iterate_t) sepol_user_iterate,
+};
+
+int user_base_policydb_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * dconfig)
+{
+
+ if (dbase_policydb_init(handle,
+ "policy.kern",
+ &SEMANAGE_USER_BASE_RTABLE,
+ &SEMANAGE_USER_BASE_POLICYDB_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void user_base_policydb_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_policydb_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/users_extra_file.c b/libsemanage/src/users_extra_file.c
new file mode 100644
index 0000000..5f7eb1a
--- /dev/null
+++ b/libsemanage/src/users_extra_file.c
@@ -0,0 +1,127 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user_extra;
+struct semanage_user_key;
+typedef struct semanage_user_extra record_t;
+typedef struct semanage_user_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct dbase_file;
+typedef struct dbase_file dbase_t;
+#define DBASE_DEFINED
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <strings.h>
+
+#include "user_internal.h"
+#include "database_file.h"
+#include "parse_utils.h"
+#include "debug.h"
+#include "handle.h"
+
+static int user_extra_print(semanage_handle_t * handle,
+ semanage_user_extra_t * user_extra, FILE * str)
+{
+
+ const char *name = semanage_user_extra_get_name(user_extra);
+ const char *prefix = semanage_user_extra_get_prefix(user_extra);
+
+ if (fprintf(str, "user %s prefix %s;\n", name, prefix) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not print user extra data "
+ "for %s to stream", name);
+ return STATUS_ERR;
+}
+
+static int user_extra_parse(semanage_handle_t * handle,
+ parse_info_t * info,
+ semanage_user_extra_t * user_extra)
+{
+
+ char *str = NULL;
+
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (!info->ptr)
+ goto last;
+
+ /* User string */
+ if (parse_assert_str(handle, info, "user") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Extract name */
+ if (parse_fetch_string(handle, info, &str, ' ') < 0)
+ goto err;
+ if (semanage_user_extra_set_name(handle, user_extra, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Prefix string */
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_str(handle, info, "prefix") < 0)
+ goto err;
+ if (parse_assert_space(handle, info) < 0)
+ goto err;
+
+ /* Extract prefix */
+ if (parse_fetch_string(handle, info, &str, ';') < 0)
+ goto err;
+ if (semanage_user_extra_set_prefix(handle, user_extra, str) < 0)
+ goto err;
+ free(str);
+ str = NULL;
+
+ /* Semicolon */
+ if (parse_skip_space(handle, info) < 0)
+ goto err;
+ if (parse_assert_ch(handle, info, ';') < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ last:
+ parse_dispose_line(info);
+ return STATUS_NODATA;
+
+ err:
+ ERR(handle, "could not parse user extra data");
+ free(str);
+ parse_dispose_line(info);
+ return STATUS_ERR;
+}
+
+/* USER EXTRA RECORD: FILE extension: method table */
+record_file_table_t SEMANAGE_USER_EXTRA_FILE_RTABLE = {
+ .parse = user_extra_parse,
+ .print = user_extra_print,
+};
+
+int user_extra_file_dbase_init(semanage_handle_t * handle,
+ const char *fname, dbase_config_t * dconfig)
+{
+
+ if (dbase_file_init(handle,
+ fname,
+ &SEMANAGE_USER_EXTRA_RTABLE,
+ &SEMANAGE_USER_EXTRA_FILE_RTABLE,
+ &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void user_extra_file_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_file_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/users_join.c b/libsemanage/src/users_join.c
new file mode 100644
index 0000000..b598209
--- /dev/null
+++ b/libsemanage/src/users_join.c
@@ -0,0 +1,49 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user;
+struct semanage_user_key;
+typedef struct semanage_user record_t;
+typedef struct semanage_user_key record_key_t;
+#define DBASE_RECORD_DEFINED
+
+struct semanage_user_base;
+struct semanage_user_extra;
+typedef struct semanage_user_base record1_t;
+typedef struct semanage_user_extra record2_t;
+#define DBASE_RECORD_JOIN_DEFINED
+
+struct dbase_join;
+typedef struct dbase_join dbase_t;
+#define DBASE_DEFINED
+
+#include <semanage/handle.h>
+#include "user_internal.h"
+#include "database_join.h"
+#include "debug.h"
+
+/* USER record: JOIN extension: method table */
+record_join_table_t SEMANAGE_USER_JOIN_RTABLE = {
+ .join = semanage_user_join,
+ .split = semanage_user_split,
+};
+
+int user_join_dbase_init(semanage_handle_t * handle,
+ dbase_config_t * join1,
+ dbase_config_t * join2, dbase_config_t * dconfig)
+{
+
+ if (dbase_join_init(handle,
+ &SEMANAGE_USER_RTABLE,
+ &SEMANAGE_USER_JOIN_RTABLE,
+ join1, join2, &dconfig->dbase) < 0)
+ return STATUS_ERR;
+
+ dconfig->dtable = &SEMANAGE_JOIN_DTABLE;
+ return STATUS_SUCCESS;
+}
+
+void user_join_dbase_release(dbase_config_t * dconfig)
+{
+
+ dbase_join_release(dconfig->dbase);
+}
diff --git a/libsemanage/src/users_local.c b/libsemanage/src/users_local.c
new file mode 100644
index 0000000..8742ca1
--- /dev/null
+++ b/libsemanage/src/users_local.c
@@ -0,0 +1,70 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user;
+struct semanage_user_key;
+typedef struct semanage_user_key record_key_t;
+typedef struct semanage_user record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "user_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_user_modify_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ const semanage_user_t * data)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_modify(handle, dconfig, key, data);
+}
+
+int semanage_user_del_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_del(handle, dconfig, key);
+}
+
+int semanage_user_query_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ semanage_user_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+int semanage_user_exists_local(semanage_handle_t * handle,
+ const semanage_user_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+int semanage_user_count_local(semanage_handle_t * handle,
+ unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_user_iterate_local(semanage_handle_t * handle,
+ int (*handler) (const semanage_user_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_user_list_local(semanage_handle_t * handle,
+ semanage_user_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_local(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/users_policy.c b/libsemanage/src/users_policy.c
new file mode 100644
index 0000000..74f59dc
--- /dev/null
+++ b/libsemanage/src/users_policy.c
@@ -0,0 +1,56 @@
+/* Copyright (C) 2005 Red Hat, Inc. */
+
+struct semanage_user;
+struct semanage_user_key;
+typedef struct semanage_user_key record_key_t;
+typedef struct semanage_user record_t;
+#define DBASE_RECORD_DEFINED
+
+#include "user_internal.h"
+#include "handle.h"
+#include "database.h"
+
+int semanage_user_query(semanage_handle_t * handle,
+ const semanage_user_key_t * key,
+ semanage_user_t ** response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_policy(handle);
+ return dbase_query(handle, dconfig, key, response);
+}
+
+hidden_def(semanage_user_query)
+
+int semanage_user_exists(semanage_handle_t * handle,
+ const semanage_user_key_t * key, int *response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_policy(handle);
+ return dbase_exists(handle, dconfig, key, response);
+}
+
+hidden_def(semanage_user_exists)
+
+int semanage_user_count(semanage_handle_t * handle, unsigned int *response)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_policy(handle);
+ return dbase_count(handle, dconfig, response);
+}
+
+int semanage_user_iterate(semanage_handle_t * handle,
+ int (*handler) (const semanage_user_t * record,
+ void *varg), void *handler_arg)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_policy(handle);
+ return dbase_iterate(handle, dconfig, handler, handler_arg);
+}
+
+int semanage_user_list(semanage_handle_t * handle,
+ semanage_user_t *** records, unsigned int *count)
+{
+
+ dbase_config_t *dconfig = semanage_user_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+}
diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
new file mode 100644
index 0000000..349a4be
--- /dev/null
+++ b/libsemanage/src/utilities.c
@@ -0,0 +1,304 @@
+/* Author: Mark Goldman <mgoldman@tresys.com>
+ * Paul Rosenfeld <prosenfeld@tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include "utilities.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <sys/types.h>
+#include <assert.h>
+#include <ustr.h>
+
+#define TRUE 1
+#define FALSE 0
+
+char *semanage_findval(char *file, char *var, char *delim)
+{
+ FILE *fd;
+ char *buff = NULL;
+ char *retval = NULL;
+ size_t buff_len = 0;
+
+ assert(file);
+ assert(var);
+
+ if ((fd = fopen(file, "r")) == NULL)
+ return NULL;
+
+ while (getline(&buff, &buff_len, fd) > 0) {
+ if (semanage_is_prefix(buff, var)) {
+ retval = semanage_split(buff, delim);
+ if (retval)
+ semanage_rtrim(retval, '\n');
+ break;
+ }
+ }
+ free(buff);
+ fclose(fd);
+
+ return retval;
+}
+
+int semanage_is_prefix(const char *str, const char *prefix)
+{
+ if (!str) {
+ return FALSE;
+ }
+ if (!prefix) {
+ return TRUE;
+ }
+
+ return strncmp(str, prefix, strlen(prefix)) == 0;
+}
+
+char *semanage_split_on_space(const char *str)
+{
+ /* as per the man page, these are the isspace() chars */
+ const char *seps = "\f\n\r\t\v ";
+ size_t slen = strlen(seps);
+ size_t off = 0, rside_len = 0;
+ char *retval = NULL;
+ Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
+
+ if (!str)
+ goto done;
+ if (!(ustr = ustr_dup_cstr(str)))
+ goto done;
+ temp =
+ ustr_split_spn_chrs(ustr, &off, seps, slen, USTR_NULL,
+ USTR_FLAG_SPLIT_DEF);
+ if (!temp)
+ goto done;
+ /* throw away the left hand side */
+ ustr_sc_free(&temp);
+
+ rside_len = ustr_len(ustr) - off;
+ temp = ustr_dup_subustr(ustr, off + 1, rside_len);
+ if (!temp)
+ goto done;
+ retval = strdup(ustr_cstr(temp));
+ ustr_sc_free(&temp);
+
+ done:
+ ustr_sc_free(&ustr);
+ return retval;
+}
+
+char *semanage_split(const char *str, const char *delim)
+{
+ Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
+ size_t off = 0, rside_len = 0;
+ char *retval = NULL;
+
+ if (!str)
+ goto done;
+ if (!delim || !(*delim))
+ return semanage_split_on_space(str);
+ ustr = ustr_dup_cstr(str);
+ temp =
+ ustr_split_cstr(ustr, &off, delim, USTR_NULL, USTR_FLAG_SPLIT_DEF);
+ if (!temp)
+ goto done;
+ /* throw away the left hand side */
+ ustr_sc_free(&temp);
+
+ rside_len = ustr_len(ustr) - off;
+
+ temp = ustr_dup_subustr(ustr, off + 1, rside_len);
+ if (!temp)
+ goto done;
+ retval = strdup(ustr_cstr(temp));
+ ustr_sc_free(&temp);
+
+ done:
+ ustr_sc_free(&ustr);
+ return retval;
+}
+
+int semanage_list_push(semanage_list_t ** list, char *data)
+{
+ semanage_list_t *temp = NULL;
+
+ if (!data)
+ return EINVAL;
+ if (!(temp = malloc(sizeof(semanage_list_t))))
+ return ENOMEM;
+
+ if (!(temp->data = strdup(data))) {
+ free(temp);
+ return ENOMEM;
+ }
+ temp->next = *list;
+ *list = temp;
+
+ return 0;
+}
+
+char *semanage_list_pop(semanage_list_t ** list)
+{
+ semanage_list_t *node = NULL;
+ char *data = NULL;
+
+ if (!list || !(*list))
+ return NULL;
+
+ node = (*list);
+ data = node->data;
+
+ (*list) = node->next;
+ free(node);
+
+ return data;
+}
+
+void semanage_list_destroy(semanage_list_t ** list)
+{
+ semanage_list_t *temp;
+
+ while ((temp = (*list))) {
+ free(temp->data);
+ (*list) = temp->next;
+ free(temp);
+ }
+}
+
+semanage_list_t *semanage_list_find(semanage_list_t * l, char *data)
+{
+ if (!data)
+ return NULL;
+ while (l && strcmp(l->data, data))
+ l = l->next;
+
+ return l;
+}
+
+int semanage_list_sort(semanage_list_t ** l)
+{
+ semanage_list_t **array = NULL;
+ semanage_list_t *temp = NULL;
+ size_t count = 0;
+ size_t i = 0;
+
+ if (!l)
+ return 0;
+
+ for (temp = *l; temp; temp = temp->next)
+ ++count;
+
+ array = malloc(sizeof(semanage_list_t *) * count);
+ if (!array)
+ return ENOMEM; /* couldn't allocate memory for sort */
+ for (temp = *l; temp; temp = temp->next) {
+ array[i++] = temp;
+ }
+
+ qsort(array, count, sizeof(semanage_list_t *),
+ (int (*)(const void *, const void *))&semanage_cmp_plist_t);
+ for (i = 0; i < (count - 1); ++i) {
+ array[i]->next = array[i + 1];
+ }
+ array[i]->next = NULL;
+ (*l) = array[0];
+ free(array);
+
+ return 0;
+}
+
+int semanage_cmp_plist_t(const semanage_list_t ** x, const semanage_list_t ** y)
+{
+ return strcmp((*x)->data, (*y)->data);
+}
+
+int semanage_str_count(char *data, char what)
+{
+ int count = 0;
+
+ if (!data)
+ return 0;
+ while (*data) {
+ if (*data == what)
+ ++count;
+ ++data;
+ }
+
+ return count;
+}
+
+void semanage_rtrim(char *str, char trim_to)
+{
+ int len = 0;
+
+ if (!str)
+ return;
+ len = strlen(str);
+
+ while (len > 0) {
+ if (str[--len] == trim_to) {
+ str[len] = '\0';
+ return;
+ }
+ }
+}
+
+/* list_addafter_controlmem does *NOT* duplicate the data argument
+ * use at your own risk, I am building a list out of malloc'd memory and
+ * it is only going to get stored into this list, thus when I destroy it
+ * later I won't free a ptr twice.
+ *
+ * returns the newly created node or NULL on error
+ */
+semanage_list_t *list_addafter_controlmem(semanage_list_t * item, char *data)
+{
+ semanage_list_t *temp = malloc(sizeof(semanage_list_t));
+
+ if (!temp)
+ return NULL;
+ temp->data = data;
+ temp->next = item->next;
+ item->next = temp;
+
+ return temp;
+}
+
+semanage_list_t *semanage_slurp_file_filter(FILE * file,
+ int (*pred) (const char *))
+{
+ semanage_list_t head;
+ semanage_list_t *current = &head;
+ char *line = NULL;
+ size_t buff_len = 0;
+
+ head.next = NULL; /* initialize head, we aren't going to use the data */
+ while (getline(&line, &buff_len, file) >= 0) {
+ if (pred(line)) {
+ semanage_rtrim(line, '\n');
+ current = list_addafter_controlmem(current, line);
+ if (!current)
+ break;
+ line = NULL;
+ buff_len = 0;
+ }
+ }
+ free(line);
+
+ return head.next;
+}
diff --git a/libsemanage/src/utilities.h b/libsemanage/src/utilities.h
new file mode 100644
index 0000000..b81e54e
--- /dev/null
+++ b/libsemanage/src/utilities.h
@@ -0,0 +1,137 @@
+/* Author: Mark Goldman <mgoldman@tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This file contains helper functions that are loosely based off of what is
+ * available from the python script genhomedircon. Also this file contains
+ * c implementations of a couple of python functions so that genhomedircon will
+ * look/act like the python script.
+ */
+#ifndef _SEMANAGE_UTILITIES_H_
+#define _SEMANAGE_UTILITIES_H_
+
+#include <stdio.h>
+
+#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
+#define WARN_UNUSED \
+ __attribute__ ((__warn_unused_result__))
+#else
+# define WARN_UNUSED /* nothing */
+#endif
+
+typedef struct list {
+ char *data;
+ struct list *next;
+} semanage_list_t;
+
+/**
+ * @param file the path to the file to look for a variable in
+ * @param var the variable that you want the value of
+ * @param delim the value that separates the part you care about from the part
+ * that you don't.
+ * @return for the first instance of var in the file, returns everything after
+ * delim.
+ * returns "" if not found IE if(*(semanage_findval(f,v,d)) == '\0'){
+ * printf("%s not found in file", v);
+ * }
+ *
+ * NULL for error (out of memory, etc)
+ */
+char *semanage_findval(char *file, char *var, char *delim) WARN_UNUSED;
+
+/**
+ * @param str string to test
+ * @param val prefix
+ * @return 1 if val is the prefix of str
+ * 0 if val is not the prefix of str
+ *
+ * note: if str == NULL, returns false
+ * if val == NULL, returns true --nothing can always be the prefix of
+ * something
+ * if (*val) == "" returns true same as above.
+ */
+int semanage_is_prefix(const char *str, const char *val) WARN_UNUSED;
+
+/**
+ * @param str the string to semanage_split
+ * @return malloc'd string after the first run of charachters that aren't whitespace
+ */
+char *semanage_split_on_space(const char *str) WARN_UNUSED;
+
+/**
+ * @param str the string to semanage_split
+ * @param delim the string delimiter. NOT a set of charachters that can be
+ * a delimiter.
+ * if *delim == '\0' behaves as semanage_splitOnSpace()
+ * @return a ptr to the first charachter past the delimiter.
+ * if delim doesn't appear in the string, returns a ptr to the
+ * trailing null in the string
+ */
+char *semanage_split(const char *str, const char *delim) WARN_UNUSED;
+
+/* linked list string functions
+ * Functions allocate memory. Must be free'd with
+ * either semanage_list_pop until list == NULL or semanage_list_destroy()
+ */
+int semanage_list_push(semanage_list_t ** list, char *data) WARN_UNUSED;
+char *semanage_list_pop(semanage_list_t ** list);
+void semanage_list_destroy(semanage_list_t ** list);
+semanage_list_t *semanage_list_find(semanage_list_t * l,
+ char *data) WARN_UNUSED;
+int semanage_list_sort(semanage_list_t ** l) WARN_UNUSED;
+/* function to compare 2 semanage_list_t nodes,
+ * returns strcmp(x->data, y->data)
+ * used internally by semanage_list_sort()
+ */
+int semanage_cmp_plist_t(const semanage_list_t ** x,
+ const semanage_list_t ** y);
+/**
+ * @param data a target string
+ * @param what a charachter
+ * @returns the number of times the char appears in the string
+ */
+int semanage_str_count(char *data, char what);
+/**
+ * @param - a string
+ * @param the charachter to trim to
+ * @return - mangles the string, converting the first
+ * occurrance of the charachter to a '\0' from
+ * the end of the string.
+ */
+void semanage_rtrim(char *str, char trim_to);
+
+/**
+ * @param data some string
+ * @return modifies the string such that the first whitespace char becomes
+ * '\0', ending the string.
+ */
+void semanage_keep_until_space(char *data);
+
+/**
+ * @param file - an open FILE to read from
+ * @param pred - a function taking a string that
+ * returns 1 if the string should be
+ * kept and 0 otherwise
+ * @return a list of lines from the file (empty lines become
+ * empty strings) in the file order where pred(line)
+ * returns > 0
+ */
+semanage_list_t *semanage_slurp_file_filter(FILE * file,
+ int (*pred) (const char *))
+ WARN_UNUSED;
+#endif
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
new file mode 100644
index 0000000..3e93f50
--- /dev/null
+++ b/libsemanage/tests/Makefile
@@ -0,0 +1,32 @@
+# Add your test source files here:
+SOURCES = $(wildcard *.c)
+
+# Point this variable to the libsemanage source directory you want to test:
+TESTSRC=../src
+
+# Add the required external object files here:
+LIBS = ../src/libsemanage.a ../../libselinux/src/libselinux.a ../../libsepol/src/libsepol.a
+
+###########################################################################
+
+EXECUTABLE = libsemanage-tests
+CC = gcc
+CFLAGS = -c -g -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include/semanage
+LDFLAGS = -lcunit -lustr
+OBJECTS = $(SOURCES:.c=.o)
+
+all: $(EXECUTABLE)
+
+$(EXECUTABLE): $(OBJECTS)
+ $(CC) $(OBJECTS) $(LIBS) $(LDFLAGS) -o $@
+
+%.o: %.c
+ $(CC) $(CFLAGS) $(INCLUDE) $*.c -o $*.o
+
+clean distclean:
+ rm -rf $(OBJECTS) $(EXECUTABLE)
+
+test: all
+ ./$(EXECUTABLE)
+
diff --git a/libsemanage/tests/README b/libsemanage/tests/README
new file mode 100644
index 0000000..424970c
--- /dev/null
+++ b/libsemanage/tests/README
@@ -0,0 +1,64 @@
+Notes on tests
+============================
+The semanage_access_check test in the semanage_store suite simulates a
+read-only filesystem by using DAC permissions. Consequently, these tests
+will fail if run as root, as root can override DAC permissions.
+
+
+How to add and use unit tests
+=============================
+
+We are using the CUnit unit testing framework. This framework--and the
+official documentation of the framework--may be found here:
+
+http://cunit.sourceforge.net/
+
+If you have not yet installed CUnit, first do that. (There is an RPM,
+or you can compile from source.) Once installed, follow these steps to
+add unit tests for your code:
+
+1. Create a .h and .c file corresponding to the .c file you want to test.
+ For example, test_semanage_store.c provides tests of the functions in
+ semanage_store.c. Your new .h/.c files represent a suite of related
+ tests.
+
+2. Write or add new tests to a suite. Tests are simply functions that
+ take the form:
+
+ void test_my_function(void)
+
+ These tests are where you will make calls to the CUnit assertions.
+
+ If you are making a new test suite, also add the suite init/cleanup
+ functions. These take the form:
+
+ int <suite_name>_test_init(void)
+ int <suite_name>_cleanup(void)
+
+ These functions will be called before and after the test functions
+ in your suite, respectively. They return 0 on success, 1 on failure.
+
+3. Update libsemanage-tests.c to add your new suite and/or your new tests
+ using the DECLARE_SUITE macro in do_tests().
+
+4. Update the Makefile:
+ + Make sure that the TESTSRC variable is set to the location
+ of the libsemanage source code you want to test.
+
+5. Compile the libsemanage source code you will be testing, to ensure
+ the object files are available and up to date.
+
+6. Run your tests. Rejoice or despair, as appropriate.
+
+
+A note on the the utilities.c: Add functions that can be commonly used
+here. For example, it is handy to have a dummy message callback
+function to silence error messages produced by libsemanage and keep
+your output pretty. To do this, include utilities.h and specify the
+callback like so:
+
+ semanage_handle_t *sh;
+ sh = semanage_handle_create();
+ sh->msg_callback = test_msg_handler;
+
+Feel free to add other such functions here as well.
diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c
new file mode 100644
index 0000000..735d36f
--- /dev/null
+++ b/libsemanage/tests/libsemanage-tests.c
@@ -0,0 +1,108 @@
+/* Authors: Christopher Ashworth <cashworth@tresys.com>
+ * Caleb Case <ccase@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test_semanage_store.h"
+#include "test_utilities.h"
+
+#include <CUnit/Basic.h>
+#include <CUnit/Console.h>
+#include <CUnit/TestDB.h>
+
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+
+#define DECLARE_SUITE(name) \
+ suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
+ if (NULL == suite) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); } \
+ if (name##_add_tests(suite)) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); }
+
+static void usage(char *progname)
+{
+ printf("usage: %s [options]\n", progname);
+ printf("options:\n");
+ printf("\t-v, --verbose\t\t\tverbose output\n");
+ printf("\t-i, --interactive\t\tinteractive console\n");
+}
+
+static int do_tests(int interactive, int verbose)
+{
+ CU_pSuite suite = NULL;
+
+ /* Initialize the CUnit test registry. */
+ if (CUE_SUCCESS != CU_initialize_registry())
+ return CU_get_error();
+
+ DECLARE_SUITE(semanage_store);
+ DECLARE_SUITE(semanage_utilities);
+
+ if (verbose)
+ CU_basic_set_mode(CU_BRM_VERBOSE);
+ else
+ CU_basic_set_mode(CU_BRM_NORMAL);
+
+ if (interactive)
+ CU_console_run_tests();
+ else
+ CU_basic_run_tests();
+ CU_cleanup_registry();
+ return CU_get_error();
+
+}
+
+/* The main function for setting up and running the libsemanage unit tests.
+ * Returns a CUE_SUCCESS on success, or a CUnit error code on failure.
+ */
+int main(int argc, char **argv)
+{
+ int i, verbose = 1, interactive = 0;
+
+ struct option opts[] = {
+ {"verbose", 0, NULL, 'v'},
+ {"interactive", 0, NULL, 'i'},
+ {NULL, 0, NULL, 0}
+ };
+
+ while ((i = getopt_long(argc, argv, "vi", opts, NULL)) != -1) {
+ switch (i) {
+ case 'v':
+ verbose = 1;
+ break;
+ case 'i':
+ interactive = 1;
+ break;
+ case 'h':
+ default:{
+ usage(argv[0]);
+ exit(1);
+ }
+ }
+ }
+
+ if (do_tests(interactive, verbose))
+ return -1;
+
+ return 0;
+}
diff --git a/libsemanage/tests/nc_sort_malformed b/libsemanage/tests/nc_sort_malformed
new file mode 100644
index 0000000..85a2d46
--- /dev/null
+++ b/libsemanage/tests/nc_sort_malformed
@@ -0,0 +1,25 @@
+pre *mangle
+pre :PREROUTING ACCEPT [0:0]
+pre :INPUT ACCEPT [0:0]
+pre :FORWARD ACCEPT [0:0]
+pre :OUTPUT ACCEPT [0:0]
+pre :POSTROUTING ACCEPT [0:0]
+pre :selinux_input - [0:0]
+pre :selinux_output - [0:0]
+pre :selinux_new_input - [0:0]
+pre :selinux_new_output - [0:0]
+pre -A INPUT -j selinux_input
+pre -A OUTPUT -j selinux_output
+pre -A selinux_input -m state --state NEW -j selinux_new_input
+pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+pre -A selinux_output -m state --state NEW -j selinux_new_output
+pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+pre -A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t
+base -A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t
+-A selinux_new_input -j CONNSECMARK --save
+post -A selinux_new_input -j RETURN
+pre -A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t
+module -A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t
+post -A selinux_new_output -j CONNSECMARK --save
+post -A selinux_new_output -j RETURN
+post COMMIT
diff --git a/libsemanage/tests/nc_sort_sorted b/libsemanage/tests/nc_sort_sorted
new file mode 100644
index 0000000..5317a93
--- /dev/null
+++ b/libsemanage/tests/nc_sort_sorted
@@ -0,0 +1,25 @@
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:selinux_input - [0:0]
+:selinux_output - [0:0]
+:selinux_new_input - [0:0]
+:selinux_new_output - [0:0]
+-A INPUT -j selinux_input
+-A OUTPUT -j selinux_output
+-A selinux_input -m state --state NEW -j selinux_new_input
+-A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+-A selinux_output -m state --state NEW -j selinux_new_output
+-A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+-A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t
+-A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t
+-A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t
+-A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t
+-A selinux_new_input -j CONNSECMARK --save
+-A selinux_new_input -j RETURN
+-A selinux_new_output -j CONNSECMARK --save
+-A selinux_new_output -j RETURN
+COMMIT
diff --git a/libsemanage/tests/nc_sort_unsorted b/libsemanage/tests/nc_sort_unsorted
new file mode 100644
index 0000000..b399753
--- /dev/null
+++ b/libsemanage/tests/nc_sort_unsorted
@@ -0,0 +1,27 @@
+pre *mangle
+pre :PREROUTING ACCEPT [0:0]
+pre :INPUT ACCEPT [0:0]
+pre :FORWARD ACCEPT [0:0]
+pre :OUTPUT ACCEPT [0:0]
+pre :POSTROUTING ACCEPT [0:0]
+pre :selinux_input - [0:0]
+pre :selinux_output - [0:0]
+pre :selinux_new_input - [0:0]
+pre :selinux_new_output - [0:0]
+# a comment
+pre -A INPUT -j selinux_input
+pre -A OUTPUT -j selinux_output
+pre -A selinux_input -m state --state NEW -j selinux_new_input
+pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+pre -A selinux_output -m state --state NEW -j selinux_new_output
+ # another comment
+pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore
+base-A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t
+module -A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t
+post -A selinux_new_input -j CONNSECMARK --save
+post -A selinux_new_input -j RETURN
+base -A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t
+module -A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t
+post -A selinux_new_output -j CONNSECMARK --save
+post -A selinux_new_output -j RETURN
+post COMMIT
diff --git a/libsemanage/tests/test_semanage_store.c b/libsemanage/tests/test_semanage_store.c
new file mode 100644
index 0000000..e6814e8
--- /dev/null
+++ b/libsemanage/tests/test_semanage_store.c
@@ -0,0 +1,375 @@
+/* Authors: Christopher Ashworth <cashworth@tresys.com>
+ * Caleb Case <ccase@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* The purpose of this file is to provide unit tests of the functions in:
+ *
+ * libsemanage/src/semanage_store.c
+ *
+ */
+
+#include "handle.h"
+#include "semanage_store.h"
+
+#include "utilities.h"
+#include "test_semanage_store.h"
+
+#include <libgen.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <CUnit/Basic.h>
+
+semanage_handle_t *sh = NULL;
+const char *polpath = "./test-policy";
+const char *lockpath = "./test-policy/modules";
+const char *readlockpath = "./test-policy/modules/semanage.read.LOCK";
+const char *translockpath = "./test-policy/modules/semanage.trans.LOCK";
+const char *actpath = "./test-policy/modules/active";
+const char *modpath = "./test-policy/modules/active/modules";
+
+/* The suite initialization function.
+ * Returns zero on success, non-zero otherwise.
+ */
+int semanage_store_test_init(void)
+{
+ int err;
+
+ /* create directories */
+ err = mkdir(polpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ if (err != 0)
+ return -1;
+
+ err = mkdir(lockpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ if (err != 0)
+ return -1;
+
+ err = mkdir(actpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ if (err != 0)
+ return -1;
+
+ err = mkdir(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ if (err != 0)
+ return -1;
+
+ /* initialize the handle */
+ sh = semanage_handle_create();
+ if (sh == NULL)
+ return -1;
+
+ /* hide error messages */
+ sh->msg_callback = test_msg_handler;
+
+ /* initialize paths */
+ err = semanage_check_init(polpath);
+ if (err != 0)
+ return -1;
+
+ return 0;
+}
+
+/* The suite cleanup function.
+ * Returns zero on success, non-zero otherwise.
+ */
+int semanage_store_test_cleanup(void)
+{
+ int err;
+
+ /* remove the test policy directories */
+ err = rmdir(modpath);
+ if (err != 0)
+ return -1;
+
+ err = rmdir(actpath);
+ if (err != 0)
+ return -1;
+
+ err = rmdir(lockpath);
+ if (err != 0)
+ return -1;
+
+ err = rmdir(polpath);
+ if (err != 0)
+ return -1;
+
+ /* cleanup the handle */
+ semanage_handle_destroy(sh);
+ return 0;
+}
+
+/* Adds all the tests needed for this suite.
+ */
+int semanage_store_add_tests(CU_pSuite suite)
+{
+ if (NULL ==
+ CU_add_test(suite, "semanage_store_access_check",
+ test_semanage_store_access_check)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+
+ if (NULL ==
+ CU_add_test(suite, "semanage_get_lock", test_semanage_get_lock)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+
+ if (NULL ==
+ CU_add_test(suite, "semanage_nc_sort", test_semanage_nc_sort)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+
+ return 0;
+}
+
+/* Tests the semanage_store_access_check function in semanage_store.c
+ */
+void test_semanage_store_access_check(void)
+{
+ int err;
+
+ /* create lock file */
+ err = mknod(readlockpath, S_IRUSR | S_IWUSR, S_IFREG);
+
+ /* check with permissions 000 */
+ err = chmod(modpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(readlockpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(polpath, 0);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == -1);
+
+ /* check with permissions 500 */
+ err = chmod(polpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(readlockpath, S_IRUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == SEMANAGE_CAN_READ);
+
+ /* check with permissions 700 */
+ err = chmod(polpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(readlockpath, S_IRUSR | S_IWUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == SEMANAGE_CAN_WRITE);
+
+ /* check with lock file 000 and others 500 */
+ err = chmod(polpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(readlockpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == 0);
+
+ /* check with lock file 000 and others 700 */
+ err = chmod(polpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(readlockpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == 0);
+
+ /* remove lock file */
+ err = remove(readlockpath);
+ CU_ASSERT(err == 0);
+
+ /* check with no lock file and 000 */
+ err = chmod(modpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(lockpath, 0);
+ CU_ASSERT(err == 0);
+ err = chmod(polpath, 0);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == -1);
+
+ /* check with no lock file and 500 */
+ err = chmod(polpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(lockpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == 0);
+
+ /* check with no lock file but write in lockpath */
+ err = chmod(lockpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == SEMANAGE_CAN_READ);
+
+ /* check with no lock file and 700 */
+ err = chmod(polpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+ err = chmod(modpath, S_IRUSR | S_IWUSR | S_IXUSR);
+ CU_ASSERT(err == 0);
+
+ err = semanage_store_access_check(sh);
+ CU_ASSERT(err == SEMANAGE_CAN_WRITE);
+}
+
+/* Tests the semanage_get_lock functions in semanage_store.c
+ */
+void test_semanage_get_lock(void)
+{
+ int err;
+
+ /* attempt to get an active lock */
+ err = semanage_get_active_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to get the lock again */
+ err = semanage_get_active_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to release the active lock */
+ semanage_release_active_lock(sh);
+
+ /* attempt to get an active lock */
+ err = semanage_get_active_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to release the active lock */
+ semanage_release_active_lock(sh);
+
+ /* attempt to get a trans lock */
+ err = semanage_get_trans_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to get the lock again */
+ err = semanage_get_trans_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to release the trans lock */
+ semanage_release_trans_lock(sh);
+
+ /* attempt to get a trans lock */
+ err = semanage_get_trans_lock(sh);
+ CU_ASSERT(err == 0);
+
+ /* attempt to release the trans lock */
+ semanage_release_trans_lock(sh);
+
+ /* remove the lock files */
+ err = remove(readlockpath);
+ CU_ASSERT(err == 0);
+ err = remove(translockpath);
+ CU_ASSERT(err == 0);
+}
+
+/* Tests the semanage_nc_sort function in semanage_store.c
+ */
+void test_semanage_nc_sort(void)
+{
+ char *source_buf, *sorted_buf = NULL, *good_buf, *bad_buf;
+ size_t source_buf_len, sorted_buf_len, good_buf_len, bad_buf_len;
+ int sourcefd, goodfd, badfd, err;
+ struct stat sb;
+
+ /* open source file */
+ sourcefd = open("nc_sort_unsorted", O_RDONLY);
+ if (sourcefd < 0) {
+ CU_FAIL("Missing nc_sort_unsorted test file.");
+ return;
+ }
+ fstat(sourcefd, &sb);
+ source_buf_len = sb.st_size;
+ source_buf =
+ (char *)mmap(NULL, source_buf_len, PROT_READ, MAP_PRIVATE, sourcefd,
+ 0);
+
+ /* open good result file */
+ goodfd = open("nc_sort_sorted", O_RDONLY);
+ if (goodfd < 0) {
+ CU_FAIL("Missing nc_sort_sorted test file.");
+ goto out2;
+ }
+ fstat(goodfd, &sb);
+ good_buf_len = sb.st_size;
+ good_buf =
+ (char *)mmap(NULL, good_buf_len, PROT_READ, MAP_PRIVATE, goodfd, 0);
+
+ /* open malformed source file (missing priorities) */
+ badfd = open("nc_sort_malformed", O_RDONLY);
+ if (badfd < 0) {
+ CU_FAIL("Missing nc_sort_malformed test file.");
+ goto out1;
+ }
+ fstat(badfd, &sb);
+ bad_buf_len = sb.st_size;
+ bad_buf =
+ (char *)mmap(NULL, bad_buf_len, PROT_READ, MAP_PRIVATE, badfd, 0);
+
+ /* sort test file */
+ err =
+ semanage_nc_sort(sh, source_buf, source_buf_len, &sorted_buf,
+ &sorted_buf_len);
+ CU_ASSERT_FALSE(err);
+ CU_ASSERT_STRING_EQUAL(sorted_buf, good_buf);
+
+ /* reset for reuse in next test */
+ free(sorted_buf);
+ sorted_buf = NULL;
+
+ /* sort malformed source file */
+ err =
+ semanage_nc_sort(sh, bad_buf, bad_buf_len, &sorted_buf,
+ &sorted_buf_len);
+ CU_ASSERT_EQUAL(err, -1);
+
+ free(sorted_buf);
+
+ munmap(bad_buf, bad_buf_len);
+ close(badfd);
+ out1:
+ munmap(good_buf, good_buf_len);
+ close(goodfd);
+ out2:
+ munmap(source_buf, source_buf_len);
+ close(sourcefd);
+}
diff --git a/libsemanage/tests/test_semanage_store.h b/libsemanage/tests/test_semanage_store.h
new file mode 100644
index 0000000..3225497
--- /dev/null
+++ b/libsemanage/tests/test_semanage_store.h
@@ -0,0 +1,34 @@
+/* Authors: Christopher Ashworth <cashworth@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_SEMANAGE_STORE_H__
+#define __TEST_SEMANAGE_STORE_H__
+
+#include <CUnit/Basic.h>
+
+int semanage_store_test_init(void);
+int semanage_store_test_cleanup(void);
+int semanage_store_add_tests(CU_pSuite suite);
+
+void test_semanage_store_access_check(void);
+void test_semanage_get_lock(void);
+void test_semanage_nc_sort(void);
+
+#endif
diff --git a/libsemanage/tests/test_utilities.c b/libsemanage/tests/test_utilities.c
new file mode 100644
index 0000000..4d25b07
--- /dev/null
+++ b/libsemanage/tests/test_utilities.c
@@ -0,0 +1,285 @@
+/* Authors: Mark Goldman <mgoldman@tresys.com>
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* The purpose of this file is to provide unit tests of the functions in:
+ *
+ * libsemanage/src/utilities.c
+ *
+ */
+
+#include <CUnit/Basic.h>
+#include <CUnit/Console.h>
+#include <CUnit/TestDB.h>
+
+#include <utilities.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void test_semanage_is_prefix(void);
+void test_semanage_split_on_space(void);
+void test_semanage_split(void);
+void test_semanage_list(void);
+void test_semanage_str_count(void);
+void test_semanage_rtrim(void);
+void test_semanage_findval(void);
+void test_slurp_file_filter(void);
+
+char fname[] = {
+ 'T', 'E', 'S', 'T', '_', 'T', 'E', 'M', 'P', '_', 'X', 'X', 'X', 'X',
+ 'X', 'X'
+};
+int fd;
+FILE *fptr;
+
+int semanage_utilities_test_init(void)
+{
+ fd = mkstemp(fname);
+
+ if (fd < 0) {
+ perror("test_semanage_findval: ");
+ CU_FAIL_FATAL
+ ("Error opening temporary file, test cannot start.");
+ }
+
+ fptr = fdopen(fd, "w+");
+ if (!fptr) {
+ perror("test_semanage_findval file: ");
+ CU_FAIL_FATAL("Error opening file stream, test cannot start.");
+ }
+
+ fprintf(fptr, "one\ntwo\nthree\nsigma=foo\n#boo\n#bar\n");
+
+ rewind(fptr);
+ return 0;
+}
+
+int semanage_utilities_test_cleanup(void)
+{
+ unlink(fname);
+ return 0;
+}
+
+int semanage_utilities_add_tests(CU_pSuite suite)
+{
+ if (NULL == CU_add_test(suite, "semanage_is_prefix",
+ test_semanage_is_prefix)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_split_on_space",
+ test_semanage_split_on_space)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_split", test_semanage_split)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_list", test_semanage_list)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_str_count",
+ test_semanage_str_count)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_rtrim", test_semanage_rtrim)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "semanage_findval",
+ test_semanage_findval)) {
+ goto err;
+ }
+ if (NULL == CU_add_test(suite, "slurp_file_filter",
+ test_slurp_file_filter)) {
+ goto err;
+ }
+ return 0;
+ err:
+ CU_cleanup_registry();
+ return CU_get_error();
+}
+
+void test_semanage_is_prefix(void)
+{
+ char *str = "some string";
+ char *pre = "some";
+ char *not_pre = "not this";
+
+ CU_ASSERT_TRUE(semanage_is_prefix(str, pre));
+ CU_ASSERT_TRUE(semanage_is_prefix(str, ""));
+ CU_ASSERT_TRUE(semanage_is_prefix(str, NULL));
+ CU_ASSERT_FALSE(semanage_is_prefix(str, not_pre));
+}
+
+void test_semanage_split_on_space(void)
+{
+ char *str = strdup("foo bar baz");
+ char *temp;
+
+ if (!str) {
+ CU_FAIL
+ ("semanage_split_on_space: unable to perform test, no memory");
+ }
+ temp = semanage_split_on_space(str);
+ if (strncmp(temp, "bar", 3)) {
+ CU_FAIL("semanage_split_on_space: token did not match");
+ }
+ temp = semanage_split_on_space(temp);
+ if (strncmp(temp, "baz", 3)) {
+ CU_FAIL("semanage_split_on_space: token did not match");
+ }
+ temp = semanage_split_on_space(temp);
+ if (strcmp(temp, "")) {
+ CU_FAIL("semanage_split_on_space: token did not match");
+ }
+
+ free(str);
+}
+
+void test_semanage_split(void)
+{
+ char *str = strdup("foo1 foo2 foo:bar");
+ char *temp;
+
+ if (!str) {
+ CU_FAIL
+ ("semanage_split_on_space: unable to perform test, no memory");
+ return;
+ }
+ temp = semanage_split(str, NULL);
+ CU_ASSERT_NSTRING_EQUAL(temp, "foo2", 4);
+ temp = semanage_split(temp, "");
+ CU_ASSERT_NSTRING_EQUAL(temp, "foo", 3);
+ temp = semanage_split(temp, ":");
+ CU_ASSERT_NSTRING_EQUAL(temp, "bar", 3);
+
+ free(str);
+}
+
+void test_semanage_list(void)
+{
+ semanage_list_t *list = NULL;
+ semanage_list_t *ptr = NULL;
+ char *temp = NULL;
+ int retval = 0;
+
+ CU_ASSERT_FALSE(semanage_list_push(&list, "foo"));
+ CU_ASSERT_PTR_NOT_NULL(list);
+ CU_ASSERT_FALSE(semanage_list_push(&list, "bar"));
+ CU_ASSERT_FALSE(semanage_list_push(&list, "gonk"));
+ CU_ASSERT_FALSE(semanage_list_push(&list, "zebra"));
+
+ for (ptr = list; ptr; ptr = ptr->next)
+ retval++;
+ CU_ASSERT_EQUAL(retval, 4);
+
+ temp = semanage_list_pop(&list);
+ CU_ASSERT_STRING_EQUAL(temp, "zebra");
+ CU_ASSERT_FALSE(semanage_list_push(&list, temp));
+ free(temp);
+ temp = NULL;
+
+ retval = 0;
+ for (ptr = list; ptr; ptr = ptr->next)
+ retval++;
+ CU_ASSERT_EQUAL(retval, 4);
+
+ retval = semanage_list_sort(&list);
+ if (retval) {
+ CU_FAIL
+ ("semanage_list_sort: error unrelated to sort (memory?)");
+ goto past_sort;
+ }
+ CU_ASSERT_STRING_EQUAL(list->data, "bar");
+ CU_ASSERT_STRING_EQUAL(list->next->data, "foo");
+ CU_ASSERT_STRING_EQUAL(list->next->next->data, "gonk");
+ CU_ASSERT_STRING_EQUAL(list->next->next->next->data, "zebra");
+
+ past_sort:
+ ptr = semanage_list_find(list, "zebra");
+ CU_ASSERT_PTR_NOT_NULL(ptr);
+ ptr = semanage_list_find(list, "bogus");
+ CU_ASSERT_PTR_NULL(ptr);
+
+ semanage_list_destroy(&list);
+ CU_ASSERT_PTR_NULL(list);
+}
+
+void test_semanage_str_count(void)
+{
+ char *test_string = "abaababbaaaba";
+
+ CU_ASSERT_EQUAL(semanage_str_count(test_string, 'z'), 0);
+ CU_ASSERT_EQUAL(semanage_str_count(test_string, 'a'), 8);
+ CU_ASSERT_EQUAL(semanage_str_count(test_string, 'b'), 5);
+}
+
+void test_semanage_rtrim(void)
+{
+ char *str = strdup("/blah/foo/bar/baz/");
+
+ CU_ASSERT_PTR_NOT_NULL_FATAL(str);
+
+ semanage_rtrim(str, 'Q');
+ CU_ASSERT_STRING_EQUAL(str, "/blah/foo/bar/baz/");
+ semanage_rtrim(str, 'a');
+ CU_ASSERT_STRING_EQUAL(str, "/blah/foo/bar/b");
+ semanage_rtrim(str, '/');
+ CU_ASSERT_STRING_EQUAL(str, "/blah/foo/bar");
+}
+
+void test_semanage_findval(void)
+{
+ char *tok;
+ if (!fptr) {
+ CU_FAIL_FATAL("Temporary file was not created, aborting test.");
+ }
+ tok = semanage_findval(fname, "one", NULL);
+ CU_ASSERT_STRING_EQUAL(tok, "");
+ rewind(fptr);
+ tok = semanage_findval(fname, "one", "");
+ CU_ASSERT_STRING_EQUAL(tok, "");
+ free(tok);
+ rewind(fptr);
+ tok = semanage_findval(fname, "sigma", "=");
+ CU_ASSERT_STRING_EQUAL(tok, "foo");
+}
+
+int PREDICATE(const char *str)
+{
+ return semanage_is_prefix(str, "#");
+}
+
+void test_slurp_file_filter(void)
+{
+ semanage_list_t *data, *tmp;
+ int cnt = 0;
+
+ if (!fptr) {
+ CU_FAIL_FATAL("Temporary file was not created, aborting test.");
+ }
+ rewind(fptr);
+ data = semanage_slurp_file_filter(fptr, PREDICATE);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(data);
+ for (tmp = data; tmp; tmp = tmp->next)
+ cnt++;
+ CU_ASSERT_EQUAL(cnt, 2);
+
+ semanage_list_destroy(&data);
+}
diff --git a/libsemanage/tests/test_utilities.h b/libsemanage/tests/test_utilities.h
new file mode 100644
index 0000000..4c95a68
--- /dev/null
+++ b/libsemanage/tests/test_utilities.h
@@ -0,0 +1,5 @@
+#include <CUnit/Basic.h>
+
+int semanage_utilities_test_init(void);
+int semanage_utilities_test_cleanup(void);
+int semanage_utilities_add_tests(CU_pSuite suite);
diff --git a/libsemanage/tests/utilities.c b/libsemanage/tests/utilities.c
new file mode 100644
index 0000000..7cc726c
--- /dev/null
+++ b/libsemanage/tests/utilities.c
@@ -0,0 +1,32 @@
+/* Authors: Christopher Ashworth <cashworth@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* The purpose of this file is to provide some functions commonly needed
+ * by our unit tests.
+ */
+
+#include "utilities.h"
+
+/* Silence any error output caused by our tests
+ * by using this dummy function to catch messages.
+ */
+void test_msg_handler(void *varg,
+ semanage_handle_t * handle, const char *fmt, ...)
+{
+}
diff --git a/libsemanage/tests/utilities.h b/libsemanage/tests/utilities.h
new file mode 100644
index 0000000..781867d
--- /dev/null
+++ b/libsemanage/tests/utilities.h
@@ -0,0 +1,23 @@
+/* Authors: Christopher Ashworth <cashworth@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "handle.h"
+
+void test_msg_handler(void *varg, semanage_handle_t * handle, const char *fmt,
+ ...);
diff --git a/libsepol/COPYING b/libsepol/COPYING
new file mode 100644
index 0000000..8add30a
--- /dev/null
+++ b/libsepol/COPYING
@@ -0,0 +1,504 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+�
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+�
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+�
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+�
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+�
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+�
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+�
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+�
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
+
+
diff --git a/libsepol/ChangeLog b/libsepol/ChangeLog
new file mode 100644
index 0000000..7172cbe
--- /dev/null
+++ b/libsepol/ChangeLog
@@ -0,0 +1,701 @@
+2.0.32 2008-07-07
+ * Allow require then declare in the source policy from Joshua Brindle.
+
+2.0.31 2008-06-13
+ * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
+
+2.0.30 2008-06-06
+ * Fix endianness bug in the handling of network node addresses from Stephen Smalley.
+ Only affects big endian platforms.
+ Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
+
+2.0.29 2008-05-27
+ * Merge user and role mapping support from Joshua Brindle.
+
+2.0.28 2008-05-05
+ * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
+
+2.0.27 2008-04-18
+ * Belatedly merge test for policy downgrade from Todd Miller.
+
+2.0.26 2008-03-24
+ * Add permissive domain support from Eric Paris.
+
+2.0.25 2008-03-04
+ * Drop unused ->buffer field from struct policy_file.
+
+2.0.24 2008-03-04
+ * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
+
+2.0.23 2008-02-28
+ * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
+
+2.0.22 2008-02-28
+ * Add support for open_perms policy capability from Eric Paris.
+
+2.0.21 2008-02-20
+ * Fix invalid memory allocation in policydb_index_others() from Jason Tang.
+
+2.0.20 2008-02-04
+ * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
+
+2.0.19 2008-02-02
+ * Add support for consuming avrule_blocks during expansion to reduce
+ peak memory usage from Joshua Brindle.
+
+2.0.18 2008-01-02
+ * Added support for policy capabilities from Todd Miller.
+
+2.0.17 2007-12-21
+ * Prevent generation of policy.18 with MLS enabled from Todd Miller.
+
+2.0.16 2007-12-07
+ * print module magic number in hex on mismatch, from Todd Miller.
+
+2.0.15 2007-11-29
+ * clarify and reduce neverallow error reporting from Stephen Smalley.
+
+2.0.14 2007-11-05
+ * Reject self aliasing at link time from Stephen Smalley.
+
+2.0.13 2007-11-05
+ * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
+
+2.0.12 2007-10-11
+ * Fixed bug in require checking from Stephen Smalley.
+ * Added user hierarchy checking from Todd Miller.
+
+2.0.11 2007-09-24
+ * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+
+2.0.10 2007-09-18
+ * Merged support for the handle_unknown policydb flag from Eric Paris.
+
+2.0.9 2007-08-29
+ * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
+
+2.0.8 2007-08-28
+ * Fixed module_package_read_offsets bug introduced by the prior patch.
+
+2.0.7 2007-08-23
+ * Eliminate unaligned accesses from policy reading code from Stephen Smalley.
+
+2.0.6 2007-08-16
+ * Allow dontaudits to be turned off during policy expansion from
+ Joshua Brindle.
+
+2.0.5 2007-08-01
+ * Fix sepol_context_clone to handle a NULL context correctly.
+ This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
+ to set the file context entry to "<<none>>".
+
+2.0.4 2007-06-20
+ * Merged error handling patch from Eamon Walsh.
+
+2.0.3 2007-04-13
+ * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
+
+2.0.2 2007-03-30
+ * Merged fix from Karl to remap booleans at expand time to
+ avoid holes in the symbol table.
+
+2.0.1 2007-02-06
+ * Merged libsepol segfault fix from Stephen Smalley for when
+ sensitivities are required but not present in the base.
+
+2.0.0 2007-02-01
+ * Merged patch to add errcodes.h to libsepol by Karl MacMillan.
+
+1.16.0 2007-01-18
+ * Updated version for stable branch.
+
+1.15.3 2006-11-27
+ * Merged patch to compile wit -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offest table
+ limit. Patch changed to include libselinux and libsemanage in
+ addition to libselinux.
+1.15.2 2006-10-31
+ * Merged fix from Karl MacMillan for a segfault when linking
+ non-MLS modules with users in them.
+
+1.15.1 2006-10-24
+ * Merged fix for version comparison that was preventing range
+ transition rules from being written for a version 5 base policy
+ from Darrel Goeddel.
+
+1.14 2006-10-17
+ * Updated version for release.
+
+1.12.28 2006-09-28
+ * Build libsepol's static object files with -fpic
+
+1.12.27 2006-09-28
+ * Merged mls user and range_transition support in modules
+ from Darrel Goeddel
+
+1.12.26 2006-09-05
+ * Merged range transition enhancements and user format changes
+ Darrel Goeddel
+
+1.12.25 2006-08-24
+ * Merged conditionally expand neverallows patch from Jeremy Mowery.
+ * Merged refactor expander patch from Jeremy Mowery.
+
+1.12.24 2006-08-03
+ * Merged libsepol unit tests from Joshua Brindle.
+
+1.12.23 2006-08-03
+ * Merged symtab datum patch from Karl MacMillan.
+
+1.12.22 2006-08-03
+ * Merged netfilter contexts support from Chris PeBenito.
+
+1.12.21 2006-07-28
+ * Merged helpful hierarchy check errors patch from Joshua Brindle.
+
+1.12.20 2006-07-25
+ * Merged semodule_deps patch from Karl MacMillan.
+ This adds source module names to the avrule decls.
+
+1.12.19 2006-06-29
+ * Lindent.
+
+1.12.18 2006-06-26
+ * Merged optionals in base take 2 patch set from Joshua Brindle.
+
+1.12.17 2006-05-30
+ * Revert 1.12.16.
+
+1.12.16 2006-05-30
+ * Merged cleaner fix for bool_ids overflow from Karl MacMillan,
+ replacing the prior patch.
+
+1.12.15 2006-05-30
+ * Merged fixes for several memory leaks in the error paths during
+ policy read from Serge Hallyn.
+
+1.12.14 2006-05-25
+ * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
+ based on bug report and suggested fix by Cedric Roux.
+
+1.12.13 2006-05-24
+ * Merged sens_copy_callback, check_role_hierarchy_callback,
+ and node_from_record fixes from Serge Hallyn.
+
+1.12.12 2006-05-22
+ * Added sepol_policydb_compat_net() interface for testing whether
+ a policy requires the compatibility support for network checks
+ to be enabled in the kernel.
+
+1.12.11 2006-05-17
+ * Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
+ Reworked to use calloc in the first place, and converted some other
+ malloc/memset pairs to calloc calls.
+
+1.12.10 2006-05-08
+ * Merged patch to revert role/user decl upgrade from Karl MacMillan.
+
+1.12.9 2006-05-08
+ * Dropped tests from all Makefile target.
+
+1.12.8 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.12.7 2006-05-05
+ * Merged libsepol test framework patch from Karl MacMillan.
+
+1.12.6 2006-04-28
+ * Fixed cond_normalize to traverse the entire cond list at link time.
+
+1.12.5 2006-04-03
+ * Merged fix for leak of optional package sections from Ivan Gyurdiev.
+
+1.12.4 2006-03-29
+ * Generalize test for bitmap overflow in ebitmap_set_bit.
+
+1.12.3 2006-03-27
+ * Fixed attr_convert_callback and expand_convert_type_set
+ typemap bug.
+
+1.12.2 2006-03-24
+ * Fixed avrule_block_write num_decls endian bug.
+
+1.12.1 2006-03-20
+ * Fixed sepol_module_package_write buffer overflow bug.
+
+1.12 2006-03-14
+ * Updated version for release.
+
+1.11.20 2006-03-08
+ * Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
+ * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
+
+1.11.19 2006-02-21
+ * Merged sepol_policydb_mls_enabled interface and error handling
+ changes from Ivan Gyurdiev.
+
+1.11.18 2006-02-16
+ * Merged node_expand_addr bugfix and node_compare* change from
+ Ivan Gyurdiev.
+
+1.11.17 2006-02-15
+ * Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
+ * Merged bug fix patch from Ivan Gyurdiev.
+
+1.11.16 2006-02-14
+ * Added a defined flag to level_datum_t for use by checkpolicy.
+
+1.11.15 2006-02-14
+ * Merged nodecon support patch from Ivan Gyurdiev.
+ * Merged cleanups patch from Ivan Gyurdiev.
+
+1.11.14 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.11.13 2006-02-07
+ * Merged seuser/user_extra support patch from Joshua Brindle.
+ * Merged fix patch from Ivan Gyurdiev.
+
+1.11.12 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.11.11 2006-02-01
+ * Merged assertion copying bugfix from Joshua Brindle.
+ * Merged sepol_av_to_string patch from Joshua Brindle.
+
+1.11.10 2006-01-30
+ * Merged cond_expr mapping and package section count bug fixes
+ from Joshua Brindle.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+ * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
+
+1.11.9 2006-01-12
+ * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
+
+1.11.8 2006-01-09
+ * Merged 2nd const in APIs patch from Ivan Gyurdiev.
+
+1.11.7 2006-01-06
+ * Merged const in APIs patch from Ivan Gyurdiev.
+ * Merged compare2 function patch from Ivan Gyurdiev.
+
+1.11.6 2006-01-06
+ * Fixed hierarchy checker to only check allow rules.
+
+1.11.5 2006-01-05
+ * Merged further fixes from Russell Coker, specifically:
+ - av_to_string overflow checking
+ - sepol_context_to_string error handling
+ - hierarchy checking memory leak fixes and optimizations
+ - avrule_block_read variable initialization
+ * Marked deprecated code in genbools and genusers.
+
+1.11.4 2006-01-05
+ * Merged bugfix for sepol_port_modify from Russell Coker.
+
+1.11.3 2006-01-05
+ * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
+ * Merged port ordering patch from Ivan Gyurdiev.
+
+1.11.2 2006-01-04
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - support ordering of records in compare function
+ - enable port interfaces
+ - add interfaces for context validity and range checks
+ - add include guards
+
+1.11.1 2005-12-16
+ * Fixed mls_range_cpy bug.
+
+1.10 2005-12-07
+ * Updated version for release.
+
+1.9.42 2005-12-05
+ * Dropped handle from user_del_role interface.
+
+1.9.41 2005-11-28
+ * Merged remove defrole from sepol patch from Ivan Gyurdiev.
+
+1.9.40 2005-11-15
+ * Merged module function and map file cleanup from Ivan Gyurdiev.
+ * Merged MLS and genusers cleanups from Ivan Gyurdiev.
+
+1.9.39 2005-11-09
+ Prepare for removal of booleans* and *.users files.
+ * Cleaned up sepol_genbools to not regenerate the image if
+ there were no changes in the boolean values, including the
+ degenerate case where there are no booleans or booleans.local
+ files.
+ * Cleaned up sepol_genusers to not warn on missing local.users.
+
+1.9.38 2005-11-08
+ * Removed sepol_port_* from libsepol.map, as the port interfaces
+ are not yet stable.
+
+1.9.37 2005-11-04
+ * Merged context destroy cleanup patch from Ivan Gyurdiev.
+
+1.9.36 2005-11-03
+ * Merged context_to_string interface change patch from Ivan Gyurdiev.
+
+1.9.35 2005-11-01
+ * Added src/dso.h and src/*_internal.h.
+ Added hidden_def for exported symbols used within libsepol.
+ Added hidden for symbols that should not be exported by
+ the wildcards in libsepol.map.
+
+1.9.34 2005-10-31
+ * Merged record interface, record bugfix, and set_roles patches
+ from Ivan Gyurdiev.
+
+1.9.33 2005-10-27
+ * Merged count specification change from Ivan Gyurdiev.
+
+1.9.32 2005-10-26
+ * Added further checking and error reporting to
+ sepol_module_package_read and _info.
+
+1.9.31 2005-10-26
+ * Merged sepol handle passing, DEBUG conversion, and memory leak
+ fix patches from Ivan Gyurdiev.
+
+1.9.30 2005-10-25
+ * Removed processing of system.users from sepol_genusers and
+ dropped delusers logic.
+
+1.9.29 2005-10-25
+ * Removed policydb_destroy from error path of policydb_read,
+ since create/init/destroy/free of policydb is handled by the
+ caller now.
+ * Fixed sepol_module_package_read to handle a failed policydb_read
+ properly.
+
+1.9.28 2005-10-25
+ * Merged query/exists and count patches from Ivan Gyurdiev.
+
+1.9.27 2005-10-25
+ * Merged fix for pruned types in expand code from Joshua Brindle.
+ * Merged new module package format code from Joshua Brindle.
+
+1.9.26 2005-10-24
+ * Merged context interface cleanup, record conversion code,
+ key passing, and bug fix patches from Ivan Gyurdiev.
+
+1.9.25 2005-10-21
+ * Merged users cleanup patch from Ivan Gyurdiev.
+
+1.9.24 2005-10-21
+ * Merged user record memory leak fix from Ivan Gyurdiev.
+ * Merged reorganize users patch from Ivan Gyurdiev.
+
+1.9.23 2005-10-19
+ * Added check flag to expand_module() to control assertion
+ and hierarchy checking on expansion.
+
+1.9.22 2005-10-19
+ * Reworked check_assertions() and hierarchy_check_constraints()
+ to take handles and use callback-based error reporting.
+ * Changed expand_module() to call check_assertions() and
+ hierarchy_check_constraints() prior to returning the expanded
+ policy.
+
+1.9.21 2005-10-18
+ * Changed sepol_module_package_set_file_contexts to copy the
+ file contexts data since it is internally managed.
+
+1.9.20 2005-10-18
+ * Added sepol_policy_file_set_handle interface to associate
+ a handle with a policy file.
+ * Added handle argument to policydb_from_image/to_image.
+ * Added sepol_module_package_set_file_contexts interface.
+ * Dropped sepol_module_package_create_file interface.
+ * Reworked policydb_read/write, policydb_from_image/to_image,
+ and sepol_module_package_read/write to use callback-based error
+ reporting system rather than DEBUG.
+
+1.9.19 2005-10-17
+ * Reworked link_packages, link_modules, and expand_module to use
+ callback-based error reporting system rather than error buffering.
+
+1.9.18 2005-10-14
+ * Merged conditional expression mapping fix in the module linking
+ code from Joshua Brindle.
+
+1.9.17 2005-10-13
+ * Hid sepol_module_package type definition, and added get interfaces.
+
+1.9.16 2005-10-13
+ * Merged new callback-based error reporting system from Ivan
+ Gyurdiev.
+
+1.9.15 2005-10-13
+ * Merged support for require blocks inside conditionals from
+ Joshua Brindle (Tresys).
+
+1.9.14 2005-10-07
+ * Fixed use of policydb_from_image/to_image to ensure proper
+ init of policydb.
+
+1.9.13 2005-10-07
+ * Isolated policydb internal headers under <sepol/policydb/*.h>.
+ These headers should only be used by users of the static libsepol.
+ Created new <sepol/policydb.h> with new public types and interfaces
+ for shared libsepol.
+ Created new <sepol/module.h> with public types and interfaces moved
+ or wrapped from old module.h, link.h, and expand.h, adjusted for
+ new public types for policydb and policy_file.
+ Added public interfaces to libsepol.map.
+ Some implementation changes visible to users of the static libsepol:
+ 1) policydb_read no longer calls policydb_init.
+ Caller must do so first.
+ 2) policydb_init no longer takes policy_type argument.
+ Caller must set policy_type separately.
+ 3) expand_module automatically enables the global branch.
+ Caller no longer needs to do so.
+ 4) policydb_write uses the policy_type and policyvers from the
+ policydb itself, and sepol_set_policyvers() has been removed.
+
+1.9.12 2005-10-06
+ * Merged function renaming and static cleanup from Ivan Gyurdiev.
+
+1.9.11 2005-10-05
+ * Merged bug fix for check_assertions handling of no assertions
+ from Joshua Brindle (Tresys).
+
+1.9.10 2005-10-04
+ * Merged iterate patch from Ivan Gyurdiev.
+
+1.9.9 2005-10-03
+ * Merged MLS in modules patch from Joshua Brindle (Tresys).
+
+1.9.8 2005-09-30
+ * Merged pointer typedef elimination patch from Ivan Gyurdiev.
+ * Merged user list function, new mls functions, and bugfix patch
+ from Ivan Gyurdiev.
+
+1.9.7 2005-09-28
+ * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
+
+1.9.6 2005-09-23
+ * Merged bug fix patches from Joshua Brindle (Tresys).
+
+1.9.5 2005-09-21
+ * Merged boolean record and memory leak fix patches from Ivan
+ Gyurdiev.
+
+1.9.4 2005-09-19
+ * Merged interface record patch from Ivan Gyurdiev.
+
+1.9.3 2005-09-14
+ * Merged fix for sepol_enable/disable_debug from Ivan
+ Gyurdiev.
+
+1.9.2 2005-09-14
+ * Merged stddef.h patch and debug conversion patch from
+ Ivan Gyurdiev.
+
+1.9.1 2005-09-09
+ * Fixed expand_avtab and expand_cond_av_list to keep separate
+ entries with identical keys but different enabled flags.
+
+1.8 2005-09-06
+ * Updated version for release.
+
+1.7.24 2005-08-31
+ * Fixed symtab_insert return value for duplicate declarations.
+
+1.7.23 2005-08-31
+ * Merged fix for memory error in policy_module_destroy from
+ Jason Tang (Tresys).
+
+1.7.22 2005-08-26
+ * Merged fix for memory leak in sepol_context_to_sid from
+ Jason Tang (Tresys).
+
+1.7.21 2005-08-25
+ * Merged fixes for resource leaks on error paths and
+ change to scope_destroy from Joshua Brindle (Tresys).
+
+1.7.20 2005-08-23
+ * Merged more fixes for resource leaks on error paths
+ from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.7.19 2005-08-19
+ * Changed to treat all type conflicts as fatal errors.
+
+1.7.18 2005-08-18
+ * Merged several error handling fixes from
+ Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.7.17 2005-08-15
+ * Fixed further memory leaks found by valgrind.
+
+1.7.16 2005-08-15
+ * Fixed several memory leaks found by valgrind.
+
+1.7.15 2005-08-12
+ * Fixed empty list test in cond_write_av_list. Bug found by
+ Coverity, reported by Serge Hallyn (IBM).
+ * Merged patch to policydb_write to check errors
+ when writing the type->attribute reverse map from
+ Serge Hallyn (IBM). Bug found by Coverity.
+ * Fixed policydb_destroy to properly handle NULL type_attr_map
+ or attr_type_map.
+
+1.7.14 2005-08-12
+ * Fixed use of uninitialized data by expand_avtab_node by
+ clearing type_val_to_struct in policydb_index_others.
+
+1.7.13 2005-08-11
+ * Improved memory use by SELinux by both reducing the avtab
+ node size and reducing the number of avtab nodes (by not
+ expanding attributes in TE rules when possible). Added
+ expand_avtab and expand_cond_av_list functions for use by
+ assertion checker, hierarchy checker, compatibility code,
+ and dispol. Added new inline ebitmap operators and converted
+ existing users of ebitmaps to the new operators for greater
+ efficiency.
+ Note: The binary policy format version has been incremented to
+ version 20 as a result of these changes.
+
+1.7.12 2005-08-10
+ * Fixed bug in constraint_node_clone handling of name sets.
+
+1.7.11 2005-08-08
+ * Fix range_trans_clone to map the type values properly.
+
+1.7.10 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.7.9 2005-08-02
+ * Enabled further compiler warning flags and fixed them.
+
+1.7.8 2005-08-02
+ * Merged user, context, port records patch from Ivan Gyurdiev.
+ * Merged key extract function patch from Ivan Gyurdiev.
+
+1.7.7 2005-07-27
+ * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
+
+1.7.6 2005-07-26
+ * Merged context reorganization, memory leak fixes,
+ port and interface loading, replacements for genusers and
+ genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
+ * Merged uninitialized variable bugfix from Dan Walsh.
+
+1.7.5 2005-07-18
+ * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
+ * Removed genpolbools and genpolusers utilities.
+
+1.7.4 2005-07-18
+ * Merged hierarchy check fix from Joshua Brindle (Tresys).
+
+1.7.3 2005-07-13
+ * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
+
+1.7.2 2005-07-11
+ * Merged genbools debugging message cleanup from Red Hat.
+
+1.7.1 2005-07-06
+ * Merged loadable module support from Tresys Technology.
+
+1.6 2005-06-20
+ * Updated version for release.
+
+1.5.10 2005-05-19
+ * License changed to LGPL v2.1, see COPYING.
+
+1.5.9 2005-05-16
+ * Added sepol_genbools_policydb and sepol_genusers_policydb for
+ audit2why.
+
+1.5.8 2005-05-13
+ * Added sepol_ prefix to Flask types to avoid
+ namespace collision with libselinux.
+
+1.5.7 2005-05-13
+ * Added sepol_compute_av_reason() for audit2why.
+
+1.5.6 2005-04-25
+ * Fixed bug in role hierarchy checker.
+
+1.5.5 2005-04-13
+ * Merged hierarchical type/role patch from Tresys Technology.
+ * Merged MLS fixes from Darrel Goeddel of TCS.
+
+1.5.4 2005-04-13
+ * Changed sepol_genusers to not delete users by default,
+ and added a sepol_set_delusers function to enable deletion.
+ Also, removed special case handling of system_u and user_u.
+
+1.5.3 2005-03-29
+ * Merged booleans.local patch from Dan Walsh.
+
+1.5.2 2005-03-16
+ * Added man page for sepol_check_context.
+
+1.5.1 2005-03-15
+ * Added man page for sepol_genusers function.
+ * Merged man pages for genpolusers and chkcon from Manoj Srivastava.
+
+1.4 2005-03-09
+ * Updated version for release.
+
+1.3.8 2005-03-08
+ * Cleaned up error handling in sepol_genusers and sepol_genbools.
+
+1.3.7 2005-02-28
+ * Merged sepol_debug and fclose patch from Dan Walsh.
+
+1.3.6 2005-02-22
+ * Changed sepol_genusers to also use getline and correctly handle
+ EOL.
+
+1.3.5 2005-02-17
+ * Merged range_transition support from Darrel Goeddel (TCS).
+
+1.3.4 2005-02-16
+ * Added sepol_genusers function.
+
+1.3.3 2005-02-14
+ * Merged endianness and compute_av patches from Darrel Goeddel (TCS).
+
+1.3.2 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.3.1 2005-01-26
+ * Merged enhanced MLS support from Darrel Goeddel (TCS).
+
+1.2.1 2005-01-19
+ * Merged build fix patch from Manoj Srivastava.
+
+1.2 2004-10-07
+ * MLS build fixes.
+ * Added sepol_set_policydb_from_file and sepol_check_context for setfiles.
+
+1.0 2004-08-19
+ * Initial public release.
+
+0.4 2004-08-13
+ * Merged patch from Dan Walsh to ignore case on booleans.
+ * Changed sepol_genbools* to preserve the original policy version.
+ * Replaced exported global variables with set functions.
+ * Moved genpolbools utility from checkpolicy to libsepol.
+ * Added man pages for sepol_genbools* and genpolbools.
+
+0.3 2004-08-10
+ * Added ChangeLog, COPYING, spec file.
+ * Added sepol_genbools_array() for load_policy.
+ * Created libsepol.map to limit exported symbols in shared library.
+
+0.2 2004-08-09
+ * Exported other functions for checkpolicy and friends.
+ * Renamed service and sidtab functions to avoid libselinux conflict.
+ * Removed original code from checkpolicy, which now uses libsepol.
+ * Code cleanup: kill legacy references to kernel types/functions.
+
+0.1 2004-08-06
+ * Moved checkpolicy core logic into a library.
+ * Exported sepol_genbools() for load_policy.
diff --git a/libsepol/Makefile b/libsepol/Makefile
new file mode 100644
index 0000000..d526965
--- /dev/null
+++ b/libsepol/Makefile
@@ -0,0 +1,26 @@
+all:
+ $(MAKE) -C src
+ $(MAKE) -C utils
+
+install:
+ $(MAKE) -C include install
+ $(MAKE) -C src install
+ $(MAKE) -C utils install
+ $(MAKE) -C man install
+
+relabel:
+ $(MAKE) -C src relabel
+
+clean:
+ $(MAKE) -C src clean
+ $(MAKE) -C utils clean
+ $(MAKE) -C tests clean
+
+indent:
+ $(MAKE) -C src $@
+ $(MAKE) -C include $@
+ $(MAKE) -C utils $@
+
+test:
+ $(MAKE) -C tests test
+
diff --git a/libsepol/VERSION b/libsepol/VERSION
new file mode 100644
index 0000000..79a82f0
--- /dev/null
+++ b/libsepol/VERSION
@@ -0,0 +1 @@
+2.0.32
diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
new file mode 100644
index 0000000..0cd00ab
--- /dev/null
+++ b/libsepol/include/Makefile
@@ -0,0 +1,12 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCDIR ?= $(PREFIX)/include/sepol
+
+install:
+ test -d $(INCDIR) || install -m 755 -d $(INCDIR)
+ test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
+ install -m 644 $(wildcard sepol/*.h) $(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
+
+indent:
+ ../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/include/sepol/boolean_record.h b/libsepol/include/sepol/boolean_record.h
new file mode 100644
index 0000000..54ca021
--- /dev/null
+++ b/libsepol/include/sepol/boolean_record.h
@@ -0,0 +1,51 @@
+#ifndef _SEPOL_BOOLEAN_RECORD_H_
+#define _SEPOL_BOOLEAN_RECORD_H_
+
+#include <stddef.h>
+#include <sepol/handle.h>
+
+struct sepol_bool;
+struct sepol_bool_key;
+typedef struct sepol_bool sepol_bool_t;
+typedef struct sepol_bool_key sepol_bool_key_t;
+
+/* Key */
+extern int sepol_bool_key_create(sepol_handle_t * handle,
+ const char *name, sepol_bool_key_t ** key);
+
+extern void sepol_bool_key_unpack(const sepol_bool_key_t * key,
+ const char **name);
+
+extern int sepol_bool_key_extract(sepol_handle_t * handle,
+ const sepol_bool_t * boolean,
+ sepol_bool_key_t ** key_ptr);
+
+extern void sepol_bool_key_free(sepol_bool_key_t * key);
+
+extern int sepol_bool_compare(const sepol_bool_t * boolean,
+ const sepol_bool_key_t * key);
+
+extern int sepol_bool_compare2(const sepol_bool_t * boolean,
+ const sepol_bool_t * boolean2);
+
+/* Name */
+extern const char *sepol_bool_get_name(const sepol_bool_t * boolean);
+
+extern int sepol_bool_set_name(sepol_handle_t * handle,
+ sepol_bool_t * boolean, const char *name);
+
+/* Value */
+extern int sepol_bool_get_value(const sepol_bool_t * boolean);
+
+extern void sepol_bool_set_value(sepol_bool_t * boolean, int value);
+
+/* Create/Clone/Destroy */
+extern int sepol_bool_create(sepol_handle_t * handle, sepol_bool_t ** bool_ptr);
+
+extern int sepol_bool_clone(sepol_handle_t * handle,
+ const sepol_bool_t * boolean,
+ sepol_bool_t ** bool_ptr);
+
+extern void sepol_bool_free(sepol_bool_t * boolean);
+
+#endif
diff --git a/libsepol/include/sepol/booleans.h b/libsepol/include/sepol/booleans.h
new file mode 100644
index 0000000..95ee7de
--- /dev/null
+++ b/libsepol/include/sepol/booleans.h
@@ -0,0 +1,59 @@
+#ifndef _SEPOL_BOOLEANS_H_
+#define _SEPOL_BOOLEANS_H_
+
+#include <stddef.h>
+#include <sepol/policydb.h>
+#include <sepol/boolean_record.h>
+#include <sepol/handle.h>
+
+/*--------------compatibility--------------*/
+
+/* Given an existing binary policy (starting at 'data', with length 'len')
+ and a boolean configuration file named by 'boolpath', rewrite the binary
+ policy for the boolean settings in the boolean configuration file.
+ The binary policy is rewritten in place in memory.
+ Returns 0 upon success, or -1 otherwise. */
+extern int sepol_genbools(void *data, size_t len, char *boolpath);
+
+/* Given an existing binary policy (starting at 'data', with length 'len')
+ and boolean settings specified by the parallel arrays ('names', 'values')
+ with 'nel' elements, rewrite the binary policy for the boolean settings.
+ The binary policy is rewritten in place in memory.
+ Returns 0 upon success or -1 otherwise. */
+extern int sepol_genbools_array(void *data, size_t len,
+ char **names, int *values, int nel);
+/*---------------end compatbility------------*/
+
+/* Set the specified boolean */
+extern int sepol_bool_set(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const sepol_bool_key_t * key,
+ const sepol_bool_t * data);
+
+/* Return the number of booleans */
+extern int sepol_bool_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response);
+
+/* Check if the specified boolean exists */
+extern int sepol_bool_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_bool_key_t * key, int *response);
+
+/* Query a boolean - returns the boolean, or NULL if not found */
+extern int sepol_bool_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_bool_key_t * key,
+ sepol_bool_t ** response);
+
+/* Iterate the booleans
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_bool_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ int (*fn) (const sepol_bool_t * boolean,
+ void *fn_arg), void *arg);
+
+#endif
diff --git a/libsepol/include/sepol/context.h b/libsepol/include/sepol/context.h
new file mode 100644
index 0000000..c1eadca
--- /dev/null
+++ b/libsepol/include/sepol/context.h
@@ -0,0 +1,25 @@
+#ifndef _SEPOL_CONTEXT_H_
+#define _SEPOL_CONTEXT_H_
+
+#include <sepol/context_record.h>
+#include <sepol/policydb.h>
+#include <sepol/handle.h>
+
+/* -- Deprecated -- */
+
+extern int sepol_check_context(const char *context);
+
+/* -- End deprecated -- */
+
+extern int sepol_context_check(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_context_t * context);
+
+extern int sepol_mls_contains(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const char *mls1,
+ const char *mls2, int *response);
+
+extern int sepol_mls_check(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb, const char *mls);
+#endif
diff --git a/libsepol/include/sepol/context_record.h b/libsepol/include/sepol/context_record.h
new file mode 100644
index 0000000..c305480
--- /dev/null
+++ b/libsepol/include/sepol/context_record.h
@@ -0,0 +1,53 @@
+#ifndef _SEPOL_CONTEXT_RECORD_H_
+#define _SEPOL_CONTEXT_RECORD_H_
+
+#include <sepol/handle.h>
+
+struct sepol_context;
+typedef struct sepol_context sepol_context_t;
+
+/* We don't need a key, because the context is never stored
+ * in a data collection by itself */
+
+/* User */
+extern const char *sepol_context_get_user(const sepol_context_t * con);
+
+extern int sepol_context_set_user(sepol_handle_t * handle,
+ sepol_context_t * con, const char *user);
+
+/* Role */
+extern const char *sepol_context_get_role(const sepol_context_t * con);
+
+extern int sepol_context_set_role(sepol_handle_t * handle,
+ sepol_context_t * con, const char *role);
+
+/* Type */
+extern const char *sepol_context_get_type(const sepol_context_t * con);
+
+extern int sepol_context_set_type(sepol_handle_t * handle,
+ sepol_context_t * con, const char *type);
+
+/* MLS */
+extern const char *sepol_context_get_mls(const sepol_context_t * con);
+
+extern int sepol_context_set_mls(sepol_handle_t * handle,
+ sepol_context_t * con, const char *mls_range);
+
+/* Create/Clone/Destroy */
+extern int sepol_context_create(sepol_handle_t * handle,
+ sepol_context_t ** con_ptr);
+
+extern int sepol_context_clone(sepol_handle_t * handle,
+ const sepol_context_t * con,
+ sepol_context_t ** con_ptr);
+
+extern void sepol_context_free(sepol_context_t * con);
+
+/* Parse to/from string */
+extern int sepol_context_from_string(sepol_handle_t * handle,
+ const char *str, sepol_context_t ** con);
+
+extern int sepol_context_to_string(sepol_handle_t * handle,
+ const sepol_context_t * con, char **str_ptr);
+
+#endif
diff --git a/libsepol/include/sepol/debug.h b/libsepol/include/sepol/debug.h
new file mode 100644
index 0000000..3370845
--- /dev/null
+++ b/libsepol/include/sepol/debug.h
@@ -0,0 +1,34 @@
+#ifndef _SEPOL_DEBUG_H_
+#define _SEPOL_DEBUG_H_
+
+#include <sepol/handle.h>
+
+/* Deprecated */
+extern void sepol_debug(int on);
+/* End deprecated */
+
+#define SEPOL_MSG_ERR 1
+#define SEPOL_MSG_WARN 2
+#define SEPOL_MSG_INFO 3
+
+extern int sepol_msg_get_level(sepol_handle_t * handle);
+
+extern const char *sepol_msg_get_channel(sepol_handle_t * handle);
+
+extern const char *sepol_msg_get_fname(sepol_handle_t * handle);
+
+/* Set the messaging callback.
+ * By the default, the callback will print
+ * the message on standard output, in a
+ * particular format. Passing NULL here
+ * indicates that messaging should be suppressed */
+extern void sepol_msg_set_callback(sepol_handle_t * handle,
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ sepol_handle_t *
+ handle,
+ const char *fmt, ...),
+ void *msg_callback_arg);
+#endif
diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h
new file mode 100644
index 0000000..c6f3a8b
--- /dev/null
+++ b/libsepol/include/sepol/errcodes.h
@@ -0,0 +1,25 @@
+/* Author: Karl MacMillan <kmacmillan@mentalrootkit.com> */
+
+#ifndef __sepol_errno_h__
+#define __sepol_errno_h__
+
+#include <errno.h>
+
+#define SEPOL_OK 0
+
+/* These first error codes are defined for compatibility with
+ * previous version of libsepol. In the future, custome error
+ * codes that don't map to system error codes should be defined
+ * outside of the range of system error codes.
+ */
+#define SEPOL_ERR -1
+#define SEPOL_ENOTSUP -2 /* feature not supported in module language */
+#define SEPOL_EREQ -3 /* requirements not met */
+
+/* Error codes that map to system error codes */
+#define SEPOL_ENOMEM -ENOMEM
+#define SEPOL_ERANGE -ERANGE
+#define SEPOL_EEXIST -EEXIST
+#define SEPOL_ENOENT -ENOENT
+
+#endif
diff --git a/libsepol/include/sepol/handle.h b/libsepol/include/sepol/handle.h
new file mode 100644
index 0000000..5dca0f8
--- /dev/null
+++ b/libsepol/include/sepol/handle.h
@@ -0,0 +1,21 @@
+#ifndef _SEPOL_HANDLE_H_
+#define _SEPOL_HANDLE_H_
+
+struct sepol_handle;
+typedef struct sepol_handle sepol_handle_t;
+
+/* Create and return a sepol handle. */
+sepol_handle_t *sepol_handle_create(void);
+
+/* Set whether or not to disable dontaudits, 0 is default and does
+ * not disable dontaudits, 1 disables them */
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+
+/* Set whether module_expand() should consume the base policy passed in.
+ * This should reduce the amount of memory required to expand the policy. */
+void sepol_set_expand_consume_base(sepol_handle_t * sh, int consume_base);
+
+/* Destroy a sepol handle. */
+void sepol_handle_destroy(sepol_handle_t *);
+
+#endif
diff --git a/libsepol/include/sepol/iface_record.h b/libsepol/include/sepol/iface_record.h
new file mode 100644
index 0000000..a72678c
--- /dev/null
+++ b/libsepol/include/sepol/iface_record.h
@@ -0,0 +1,59 @@
+#ifndef _SEPOL_IFACE_RECORD_H_
+#define _SEPOL_IFACE_RECORD_H_
+
+#include <sepol/handle.h>
+#include <sepol/context_record.h>
+
+struct sepol_iface;
+struct sepol_iface_key;
+typedef struct sepol_iface sepol_iface_t;
+typedef struct sepol_iface_key sepol_iface_key_t;
+
+/* Key */
+extern int sepol_iface_compare(const sepol_iface_t * iface,
+ const sepol_iface_key_t * key);
+
+extern int sepol_iface_compare2(const sepol_iface_t * iface,
+ const sepol_iface_t * iface2);
+
+extern void sepol_iface_key_unpack(const sepol_iface_key_t * key,
+ const char **name);
+
+extern int sepol_iface_key_create(sepol_handle_t * handle,
+ const char *name,
+ sepol_iface_key_t ** key_ptr);
+
+extern int sepol_iface_key_extract(sepol_handle_t * handle,
+ const sepol_iface_t * iface,
+ sepol_iface_key_t ** key_ptr);
+
+extern void sepol_iface_key_free(sepol_iface_key_t * key);
+
+/* Name */
+extern const char *sepol_iface_get_name(const sepol_iface_t * iface);
+
+extern int sepol_iface_set_name(sepol_handle_t * handle,
+ sepol_iface_t * iface, const char *name);
+
+/* Context */
+extern sepol_context_t *sepol_iface_get_ifcon(const sepol_iface_t * iface);
+
+extern int sepol_iface_set_ifcon(sepol_handle_t * handle,
+ sepol_iface_t * iface, sepol_context_t * con);
+
+extern sepol_context_t *sepol_iface_get_msgcon(const sepol_iface_t * iface);
+
+extern int sepol_iface_set_msgcon(sepol_handle_t * handle,
+ sepol_iface_t * iface, sepol_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int sepol_iface_create(sepol_handle_t * handle,
+ sepol_iface_t ** iface_ptr);
+
+extern int sepol_iface_clone(sepol_handle_t * handle,
+ const sepol_iface_t * iface,
+ sepol_iface_t ** iface_ptr);
+
+extern void sepol_iface_free(sepol_iface_t * iface);
+
+#endif
diff --git a/libsepol/include/sepol/interfaces.h b/libsepol/include/sepol/interfaces.h
new file mode 100644
index 0000000..9849e13
--- /dev/null
+++ b/libsepol/include/sepol/interfaces.h
@@ -0,0 +1,43 @@
+#ifndef __SEPOL_INTERFACES_H_
+#define __SEPOL_INTERFACES_H_
+
+#include <sepol/policydb.h>
+#include <sepol/iface_record.h>
+#include <sepol/handle.h>
+
+/* Return the number of interfaces */
+extern int sepol_iface_count(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ unsigned int *response);
+
+/* Check if an interface exists */
+extern int sepol_iface_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_iface_key_t * key, int *response);
+
+/* Query an interface - returns the interface,
+ * or NULL if not found */
+extern int sepol_iface_query(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_iface_key_t * key,
+ sepol_iface_t ** response);
+
+/* Modify an interface, or add it, if the key
+ * is not found */
+extern int sepol_iface_modify(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const sepol_iface_key_t * key,
+ const sepol_iface_t * data);
+
+/* Iterate the interfaces
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_iface_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ int (*fn) (const sepol_iface_t * iface,
+ void *fn_arg), void *arg);
+
+#endif
diff --git a/libsepol/include/sepol/module.h b/libsepol/include/sepol/module.h
new file mode 100644
index 0000000..35f5cb7
--- /dev/null
+++ b/libsepol/include/sepol/module.h
@@ -0,0 +1,82 @@
+#ifndef _SEPOL_MODULE_H_
+#define _SEPOL_MODULE_H_
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+
+#include <sepol/handle.h>
+#include <sepol/policydb.h>
+
+struct sepol_module_package;
+typedef struct sepol_module_package sepol_module_package_t;
+
+/* Module package public interfaces. */
+
+extern int sepol_module_package_create(sepol_module_package_t ** p);
+
+extern void sepol_module_package_free(sepol_module_package_t * p);
+
+extern char *sepol_module_package_get_file_contexts(sepol_module_package_t * p);
+
+extern size_t sepol_module_package_get_file_contexts_len(sepol_module_package_t
+ * p);
+
+extern int sepol_module_package_set_file_contexts(sepol_module_package_t * p,
+ char *data, size_t len);
+
+extern char *sepol_module_package_get_seusers(sepol_module_package_t * p);
+
+extern size_t sepol_module_package_get_seusers_len(sepol_module_package_t * p);
+
+extern int sepol_module_package_set_seusers(sepol_module_package_t * p,
+ char *data, size_t len);
+
+extern char *sepol_module_package_get_user_extra(sepol_module_package_t * p);
+
+extern size_t sepol_module_package_get_user_extra_len(sepol_module_package_t *
+ p);
+
+extern int sepol_module_package_set_user_extra(sepol_module_package_t * p,
+ char *data, size_t len);
+
+extern char *sepol_module_package_get_netfilter_contexts(sepol_module_package_t
+ * p);
+
+extern size_t
+sepol_module_package_get_netfilter_contexts_len(sepol_module_package_t * p);
+
+extern int sepol_module_package_set_netfilter_contexts(sepol_module_package_t *
+ p, char *data,
+ size_t len);
+
+extern sepol_policydb_t *sepol_module_package_get_policy(sepol_module_package_t
+ * p);
+
+extern int sepol_link_packages(sepol_handle_t * handle,
+ sepol_module_package_t * base,
+ sepol_module_package_t ** modules,
+ int num_modules, int verbose);
+
+extern int sepol_module_package_read(sepol_module_package_t * mod,
+ struct sepol_policy_file *file,
+ int verbose);
+
+extern int sepol_module_package_info(struct sepol_policy_file *file,
+ int *type, char **name, char **version);
+
+extern int sepol_module_package_write(sepol_module_package_t * p,
+ struct sepol_policy_file *file);
+
+/* Module linking/expanding public interfaces. */
+
+extern int sepol_link_modules(sepol_handle_t * handle,
+ sepol_policydb_t * base,
+ sepol_policydb_t ** modules,
+ size_t len, int verbose);
+
+extern int sepol_expand_module(sepol_handle_t * handle,
+ sepol_policydb_t * base,
+ sepol_policydb_t * out, int verbose, int check);
+
+#endif
diff --git a/libsepol/include/sepol/node_record.h b/libsepol/include/sepol/node_record.h
new file mode 100644
index 0000000..9f61ac7
--- /dev/null
+++ b/libsepol/include/sepol/node_record.h
@@ -0,0 +1,92 @@
+#ifndef _SEPOL_NODE_RECORD_H_
+#define _SEPOL_NODE_RECORD_H_
+
+#include <stddef.h>
+#include <sepol/context_record.h>
+#include <sepol/handle.h>
+
+struct sepol_node;
+struct sepol_node_key;
+typedef struct sepol_node sepol_node_t;
+typedef struct sepol_node_key sepol_node_key_t;
+
+#define SEPOL_PROTO_IP4 0
+#define SEPOL_PROTO_IP6 1
+
+/* Key */
+extern int sepol_node_compare(const sepol_node_t * node,
+ const sepol_node_key_t * key);
+
+extern int sepol_node_compare2(const sepol_node_t * node,
+ const sepol_node_t * node2);
+
+extern int sepol_node_key_create(sepol_handle_t * handle,
+ const char *addr,
+ const char *mask,
+ int proto, sepol_node_key_t ** key_ptr);
+
+extern void sepol_node_key_unpack(const sepol_node_key_t * key,
+ const char **addr,
+ const char **mask, int *proto);
+
+extern int sepol_node_key_extract(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ sepol_node_key_t ** key_ptr);
+
+extern void sepol_node_key_free(sepol_node_key_t * key);
+
+/* Address */
+extern int sepol_node_get_addr(sepol_handle_t * handle,
+ const sepol_node_t * node, char **addr);
+
+extern int sepol_node_get_addr_bytes(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ char **addr, size_t * addr_sz);
+
+extern int sepol_node_set_addr(sepol_handle_t * handle,
+ sepol_node_t * node,
+ int proto, const char *addr);
+
+extern int sepol_node_set_addr_bytes(sepol_handle_t * handle,
+ sepol_node_t * node,
+ const char *addr, size_t addr_sz);
+
+/* Netmask */
+extern int sepol_node_get_mask(sepol_handle_t * handle,
+ const sepol_node_t * node, char **mask);
+
+extern int sepol_node_get_mask_bytes(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ char **mask, size_t * mask_sz);
+
+extern int sepol_node_set_mask(sepol_handle_t * handle,
+ sepol_node_t * node,
+ int proto, const char *mask);
+
+extern int sepol_node_set_mask_bytes(sepol_handle_t * handle,
+ sepol_node_t * node,
+ const char *mask, size_t mask_sz);
+
+/* Protocol */
+extern int sepol_node_get_proto(const sepol_node_t * node);
+
+extern void sepol_node_set_proto(sepol_node_t * node, int proto);
+
+extern const char *sepol_node_get_proto_str(int proto);
+
+/* Context */
+extern sepol_context_t *sepol_node_get_con(const sepol_node_t * node);
+
+extern int sepol_node_set_con(sepol_handle_t * handle,
+ sepol_node_t * node, sepol_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int sepol_node_create(sepol_handle_t * handle, sepol_node_t ** node_ptr);
+
+extern int sepol_node_clone(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ sepol_node_t ** node_ptr);
+
+extern void sepol_node_free(sepol_node_t * node);
+
+#endif
diff --git a/libsepol/include/sepol/nodes.h b/libsepol/include/sepol/nodes.h
new file mode 100644
index 0000000..1e0ac4f
--- /dev/null
+++ b/libsepol/include/sepol/nodes.h
@@ -0,0 +1,40 @@
+#ifndef _SEPOL_NODES_H_
+#define _SEPOL_NODES_H_
+
+#include <sepol/handle.h>
+#include <sepol/policydb.h>
+#include <sepol/node_record.h>
+
+/* Return the number of nodes */
+extern int sepol_node_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response);
+
+/* Check if a node exists */
+extern int sepol_node_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_node_key_t * key, int *response);
+
+/* Query a node - returns the node, or NULL if not found */
+extern int sepol_node_query(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_node_key_t * key,
+ sepol_node_t ** response);
+
+/* Modify a node, or add it, if the key is not found */
+extern int sepol_node_modify(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const sepol_node_key_t * key,
+ const sepol_node_t * data);
+
+/* Iterate the nodes
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_node_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ int (*fn) (const sepol_node_t * node,
+ void *fn_arg), void *arg);
+
+#endif
diff --git a/libsepol/include/sepol/policydb.h b/libsepol/include/sepol/policydb.h
new file mode 100644
index 0000000..43e23b3
--- /dev/null
+++ b/libsepol/include/sepol/policydb.h
@@ -0,0 +1,138 @@
+#ifndef _SEPOL_POLICYDB_H_
+#define _SEPOL_POLICYDB_H_
+
+#include <stddef.h>
+#include <stdio.h>
+
+#include <sepol/handle.h>
+
+struct sepol_policy_file;
+typedef struct sepol_policy_file sepol_policy_file_t;
+
+struct sepol_policydb;
+typedef struct sepol_policydb sepol_policydb_t;
+
+/* Policy file public interfaces. */
+
+/* Create and free memory associated with a policy file. */
+extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
+extern void sepol_policy_file_free(sepol_policy_file_t * pf);
+
+/*
+ * Set the policy file to represent a binary policy memory image.
+ * Subsequent operations using the policy file will read and write
+ * the image located at the specified address with the specified length.
+ * If 'len' is 0, then merely compute the necessary length upon
+ * subsequent policydb write operations in order to determine the
+ * necessary buffer size to allocate.
+ */
+extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
+ char *data, size_t len);
+
+/*
+ * Get the size of the buffer needed to store a policydb write
+ * previously done on this policy file.
+ */
+extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
+
+/*
+ * Set the policy file to represent a FILE.
+ * Subsequent operations using the policy file will read and write
+ * to the FILE.
+ */
+extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
+
+/*
+ * Associate a handle with a policy file, for use in
+ * error reporting from subsequent calls that take the
+ * policy file as an argument.
+ */
+extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
+ sepol_handle_t * handle);
+
+/* Policydb public interfaces. */
+
+/* Create and free memory associated with a policydb. */
+extern int sepol_policydb_create(sepol_policydb_t ** p);
+extern void sepol_policydb_free(sepol_policydb_t * p);
+
+/* Legal types of policies that the policydb can represent. */
+#define SEPOL_POLICY_KERN 0
+#define SEPOL_POLICY_BASE 1
+#define SEPOL_POLICY_MOD 2
+
+/*
+ * Range of policy versions for the kernel policy type supported
+ * by this library.
+ */
+extern int sepol_policy_kern_vers_min(void);
+extern int sepol_policy_kern_vers_max(void);
+
+/*
+ * Set the policy type as specified, and automatically initialize the
+ * policy version accordingly to the maximum version supported for the
+ * policy type.
+ * Returns -1 if the policy type is not legal.
+ */
+extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
+
+/*
+ * Set the policy version to a different value.
+ * Returns -1 if the policy version is not in the supported range for
+ * the (previously set) policy type.
+ */
+extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
+
+/* Set how to handle unknown class/perms. */
+#define SEPOL_DENY_UNKNOWN 0
+#define SEPOL_REJECT_UNKNOWN 2
+#define SEPOL_ALLOW_UNKNOWN 4
+extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
+ unsigned int handle_unknown);
+
+/*
+ * Read a policydb from a policy file.
+ * This automatically sets the type and version based on the
+ * image contents.
+ */
+extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
+
+/*
+ * Write a policydb to a policy file.
+ * The generated image will be in the binary format corresponding
+ * to the policy version associated with the policydb.
+ */
+extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
+
+/*
+ * Extract a policydb from a binary policy memory image.
+ * This is equivalent to sepol_policydb_read with a policy file
+ * set to refer to memory.
+ */
+extern int sepol_policydb_from_image(sepol_handle_t * handle,
+ void *data, size_t len,
+ sepol_policydb_t * p);
+
+/*
+ * Generate a binary policy memory image from a policydb.
+ * This is equivalent to sepol_policydb_write with a policy file
+ * set to refer to memory, but internally handles computing the
+ * necessary length and allocating an appropriately sized memory
+ * buffer for the caller.
+ */
+extern int sepol_policydb_to_image(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ void **newdata, size_t * newlen);
+
+/*
+ * Check whether the policydb has MLS enabled.
+ */
+extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
+
+/*
+ * Check whether the compatibility mode for SELinux network
+ * checks should be enabled when using this policy.
+ */
+extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/avrule_block.h b/libsepol/include/sepol/policydb/avrule_block.h
new file mode 100644
index 0000000..dc926e5
--- /dev/null
+++ b/libsepol/include/sepol/policydb/avrule_block.h
@@ -0,0 +1,37 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_AVRULE_BLOCK_H_
+#define _SEPOL_AVRULE_BLOCK_H_
+
+#include <sepol/policydb/policydb.h>
+
+extern avrule_block_t *avrule_block_create(void);
+extern void avrule_block_destroy(avrule_block_t * x);
+extern avrule_decl_t *avrule_decl_create(uint32_t decl_id);
+extern void avrule_decl_destroy(avrule_decl_t * x);
+extern void avrule_block_list_destroy(avrule_block_t * x);
+extern avrule_decl_t *get_avrule_decl(policydb_t * p, uint32_t decl_id);
+extern cond_list_t *get_decl_cond_list(policydb_t * p,
+ avrule_decl_t * decl,
+ cond_list_t * cond);
+extern int is_id_enabled(char *id, policydb_t * p, int symbol_table);
+extern int is_perm_enabled(char *class_id, char *perm_id, policydb_t * p);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/avtab.h b/libsepol/include/sepol/policydb/avtab.h
new file mode 100644
index 0000000..6955ecf
--- /dev/null
+++ b/libsepol/include/sepol/policydb/avtab.h
@@ -0,0 +1,127 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
+ * Tuned number of hash slots for avtab to reduce memory usage
+ */
+
+/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * An access vector table (avtab) is a hash table
+ * of access vectors and transition types indexed
+ * by a type pair and a class. An access vector
+ * table is used to represent the type enforcement
+ * tables.
+ */
+
+#ifndef _SEPOL_POLICYDB_AVTAB_H_
+#define _SEPOL_POLICYDB_AVTAB_H_
+
+#include <sys/types.h>
+#include <stdint.h>
+
+typedef struct avtab_key {
+ uint16_t source_type;
+ uint16_t target_type;
+ uint16_t target_class;
+#define AVTAB_ALLOWED 1
+#define AVTAB_AUDITALLOW 2
+#define AVTAB_AUDITDENY 4
+#define AVTAB_NEVERALLOW 128
+#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
+#define AVTAB_TRANSITION 16
+#define AVTAB_MEMBER 32
+#define AVTAB_CHANGE 64
+#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
+#define AVTAB_ENABLED_OLD 0x80000000
+#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */
+ uint16_t specified; /* what fields are specified */
+} avtab_key_t;
+
+typedef struct avtab_datum {
+ uint32_t data; /* access vector or type */
+} avtab_datum_t;
+
+typedef struct avtab_node *avtab_ptr_t;
+
+struct avtab_node {
+ avtab_key_t key;
+ avtab_datum_t datum;
+ avtab_ptr_t next;
+ void *parse_context; /* generic context pointer used by parser;
+ * not saved in binary policy */
+ unsigned merged; /* flag for avtab_write only;
+ not saved in binary policy */
+};
+
+typedef struct avtab {
+ avtab_ptr_t *htable;
+ uint32_t nel; /* number of elements */
+ uint32_t nslot; /* number of hash slots */
+ uint16_t mask; /* mask to compute hash func */
+} avtab_t;
+
+extern int avtab_init(avtab_t *);
+extern int avtab_alloc(avtab_t *, uint32_t);
+extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
+
+extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k);
+
+extern void avtab_destroy(avtab_t * h);
+
+extern int avtab_map(avtab_t * h,
+ int (*apply) (avtab_key_t * k,
+ avtab_datum_t * d, void *args), void *args);
+
+extern void avtab_hash_eval(avtab_t * h, char *tag);
+
+struct policy_file;
+extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
+ int (*insert) (avtab_t * a, avtab_key_t * k,
+ avtab_datum_t * d, void *p), void *p);
+
+extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers);
+
+extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key,
+ avtab_datum_t * datum);
+
+extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h,
+ avtab_key_t * key,
+ avtab_datum_t * datum,
+ void *parse_context);
+
+extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key);
+
+extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
+
+#define MAX_AVTAB_HASH_BITS 13
+#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
+#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
+#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS
+
+#endif /* _AVTAB_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
new file mode 100644
index 0000000..91814cb
--- /dev/null
+++ b/libsepol/include/sepol/policydb/conditional.h
@@ -0,0 +1,134 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Frank Mayer <mayerf@tresys.com>
+ *
+ * Copyright (C) 2003 - 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_POLICYDB_CONDITIONAL_H_
+#define _SEPOL_POLICYDB_CONDITIONAL_H_
+
+#include <sepol/policydb/flask_types.h>
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/symtab.h>
+#include <sepol/policydb/policydb.h>
+
+#define COND_EXPR_MAXDEPTH 10
+
+/* this is the max unique bools in a conditional expression
+ * for which we precompute all outcomes for the expression.
+ *
+ * NOTE - do _NOT_ use value greater than 5 because
+ * cond_node_t->expr_pre_comp can only hold at most 32 values
+ */
+#define COND_MAX_BOOLS 5
+
+/*
+ * A conditional expression is a list of operators and operands
+ * in reverse polish notation.
+ */
+typedef struct cond_expr {
+#define COND_BOOL 1 /* plain bool */
+#define COND_NOT 2 /* !bool */
+#define COND_OR 3 /* bool || bool */
+#define COND_AND 4 /* bool && bool */
+#define COND_XOR 5 /* bool ^ bool */
+#define COND_EQ 6 /* bool == bool */
+#define COND_NEQ 7 /* bool != bool */
+#define COND_LAST 8
+ uint32_t expr_type;
+ uint32_t bool;
+ struct cond_expr *next;
+} cond_expr_t;
+
+/*
+ * Each cond_node_t contains a list of rules to be enabled/disabled
+ * depending on the current value of the conditional expression. This
+ * struct is for that list.
+ */
+typedef struct cond_av_list {
+ avtab_ptr_t node;
+ struct cond_av_list *next;
+} cond_av_list_t;
+
+/*
+ * A cond node represents a conditional block in a policy. It
+ * contains a conditional expression, the current state of the expression,
+ * two lists of rules to enable/disable depending on the value of the
+ * expression (the true list corresponds to if and the false list corresponds
+ * to else)..
+ */
+typedef struct cond_node {
+ int cur_state;
+ cond_expr_t *expr;
+ /* these true/false lists point into te_avtab when that is used */
+ cond_av_list_t *true_list;
+ cond_av_list_t *false_list;
+ /* and these are using during parsing and for modules */
+ avrule_t *avtrue_list;
+ avrule_t *avfalse_list;
+ /* these fields are not written to binary policy */
+ unsigned int nbools;
+ uint32_t bool_ids[COND_MAX_BOOLS];
+ uint32_t expr_pre_comp;
+ /* */
+ struct cond_node *next;
+} cond_node_t;
+
+extern int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr);
+extern cond_expr_t *cond_copy_expr(cond_expr_t * expr);
+
+extern int cond_expr_equal(cond_node_t * a, cond_node_t * b);
+extern int cond_normalize_expr(policydb_t * p, cond_node_t * cn);
+extern void cond_node_destroy(cond_node_t * node);
+extern void cond_expr_destroy(cond_expr_t * expr);
+
+extern cond_node_t *cond_node_find(policydb_t * p,
+ cond_node_t * needle, cond_node_t * haystack,
+ int *was_created);
+
+extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node);
+
+extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
+ cond_node_t * cn);
+
+extern int evaluate_conds(policydb_t * p);
+
+extern avtab_datum_t *cond_av_list_search(avtab_key_t * key,
+ cond_av_list_t * cond_list);
+
+extern void cond_av_list_destroy(cond_av_list_t * list);
+
+extern void cond_optimize_lists(cond_list_t * cl);
+
+extern int cond_policydb_init(policydb_t * p);
+extern void cond_policydb_destroy(policydb_t * p);
+extern void cond_list_destroy(cond_list_t * list);
+
+extern int cond_init_bool_indexes(policydb_t * p);
+extern int cond_destroy_bool(hashtab_key_t key, hashtab_datum_t datum, void *p);
+
+extern int cond_index_bool(hashtab_key_t key, hashtab_datum_t datum,
+ void *datap);
+
+extern int cond_read_bool(policydb_t * p, hashtab_t h, struct policy_file *fp);
+
+extern int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp);
+
+extern void cond_compute_av(avtab_t * ctab, avtab_key_t * key,
+ struct sepol_av_decision *avd);
+
+#endif /* _CONDITIONAL_H_ */
diff --git a/libsepol/include/sepol/policydb/constraint.h b/libsepol/include/sepol/policydb/constraint.h
new file mode 100644
index 0000000..4c16ab0
--- /dev/null
+++ b/libsepol/include/sepol/policydb/constraint.h
@@ -0,0 +1,77 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A constraint is a condition that must be satisfied in
+ * order for one or more permissions to be granted.
+ * Constraints are used to impose additional restrictions
+ * beyond the type-based rules in `te' or the role-based
+ * transition rules in `rbac'. Constraints are typically
+ * used to prevent a process from transitioning to a new user
+ * identity or role unless it is in a privileged type.
+ * Constraints are likewise typically used to prevent a
+ * process from labeling an object with a different user
+ * identity.
+ */
+
+#ifndef _SEPOL_POLICYDB_CONSTRAINT_H_
+#define _SEPOL_POLICYDB_CONSTRAINT_H_
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/ebitmap.h>
+#include <sepol/policydb/flask_types.h>
+
+#define CEXPR_MAXDEPTH 5
+
+struct type_set;
+
+typedef struct constraint_expr {
+#define CEXPR_NOT 1 /* not expr */
+#define CEXPR_AND 2 /* expr and expr */
+#define CEXPR_OR 3 /* expr or expr */
+#define CEXPR_ATTR 4 /* attr op attr */
+#define CEXPR_NAMES 5 /* attr op names */
+ uint32_t expr_type; /* expression type */
+
+#define CEXPR_USER 1 /* user */
+#define CEXPR_ROLE 2 /* role */
+#define CEXPR_TYPE 4 /* type */
+#define CEXPR_TARGET 8 /* target if set, source otherwise */
+#define CEXPR_XTARGET 16 /* special 3rd target for validatetrans rule */
+#define CEXPR_L1L2 32 /* low level 1 vs. low level 2 */
+#define CEXPR_L1H2 64 /* low level 1 vs. high level 2 */
+#define CEXPR_H1L2 128 /* high level 1 vs. low level 2 */
+#define CEXPR_H1H2 256 /* high level 1 vs. high level 2 */
+#define CEXPR_L1H1 512 /* low level 1 vs. high level 1 */
+#define CEXPR_L2H2 1024 /* low level 2 vs. high level 2 */
+ uint32_t attr; /* attribute */
+
+#define CEXPR_EQ 1 /* == or eq */
+#define CEXPR_NEQ 2 /* != */
+#define CEXPR_DOM 3 /* dom */
+#define CEXPR_DOMBY 4 /* domby */
+#define CEXPR_INCOMP 5 /* incomp */
+ uint32_t op; /* operator */
+
+ ebitmap_t names; /* names */
+ struct type_set *type_names;
+
+ struct constraint_expr *next; /* next expression */
+} constraint_expr_t;
+
+typedef struct constraint_node {
+ sepol_access_vector_t permissions; /* constrained permissions */
+ constraint_expr_t *expr; /* constraint on permissions */
+ struct constraint_node *next; /* next constraint */
+} constraint_node_t;
+
+struct policydb;
+
+extern int constraint_expr_init(constraint_expr_t * expr);
+extern void constraint_expr_destroy(constraint_expr_t * expr);
+
+#endif /* _CONSTRAINT_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/context.h b/libsepol/include/sepol/policydb/context.h
new file mode 100644
index 0000000..8d74a25
--- /dev/null
+++ b/libsepol/include/sepol/policydb/context.h
@@ -0,0 +1,97 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy. Security contexts are
+ * externally represented as variable-length strings
+ * that can be interpreted by a user or application
+ * with an understanding of the security policy.
+ * Internally, the security server uses a simple
+ * structure. This structure is private to the
+ * security server and can be changed without affecting
+ * clients of the security server.
+ */
+
+#ifndef _SEPOL_POLICYDB_CONTEXT_H_
+#define _SEPOL_POLICYDB_CONTEXT_H_
+
+#include <stddef.h>
+#include <sepol/policydb/ebitmap.h>
+#include <sepol/policydb/mls_types.h>
+
+/*
+ * A security context consists of an authenticated user
+ * identity, a role, a type and a MLS range.
+ */
+typedef struct context_struct {
+ uint32_t user;
+ uint32_t role;
+ uint32_t type;
+ mls_range_t range;
+} context_struct_t;
+
+static inline void mls_context_init(context_struct_t * c)
+{
+ mls_range_init(&c->range);
+}
+
+static inline int mls_context_cpy(context_struct_t * dst,
+ context_struct_t * src)
+{
+
+ if (mls_range_cpy(&dst->range, &src->range) < 0)
+ return -1;
+
+ return 0;
+}
+
+static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
+{
+ return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
+ mls_level_eq(&c1->range.level[1], &c2->range.level[1]));
+
+}
+
+static inline void mls_context_destroy(context_struct_t * c)
+{
+ if (c == NULL)
+ return;
+
+ mls_range_destroy(&c->range);
+ mls_context_init(c);
+}
+
+static inline void context_init(context_struct_t * c)
+{
+ memset(c, 0, sizeof(*c));
+}
+
+static inline int context_cpy(context_struct_t * dst, context_struct_t * src)
+{
+ dst->user = src->user;
+ dst->role = src->role;
+ dst->type = src->type;
+ return mls_context_cpy(dst, src);
+}
+
+static inline void context_destroy(context_struct_t * c)
+{
+ if (c == NULL)
+ return;
+
+ c->user = c->role = c->type = 0;
+ mls_context_destroy(c);
+}
+
+static inline int context_cmp(context_struct_t * c1, context_struct_t * c2)
+{
+ return ((c1->user == c2->user) &&
+ (c1->role == c2->role) &&
+ (c1->type == c2->type) && mls_context_cmp(c1, c2));
+}
+
+#endif
diff --git a/libsepol/include/sepol/policydb/ebitmap.h b/libsepol/include/sepol/policydb/ebitmap.h
new file mode 100644
index 0000000..410c15c
--- /dev/null
+++ b/libsepol/include/sepol/policydb/ebitmap.h
@@ -0,0 +1,88 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * An extensible bitmap is a bitmap that supports an
+ * arbitrary number of bits. Extensible bitmaps are
+ * used to represent sets of values, such as types,
+ * roles, categories, and classes.
+ *
+ * Each extensible bitmap is implemented as a linked
+ * list of bitmap nodes, where each bitmap node has
+ * an explicitly specified starting bit position within
+ * the total bitmap.
+ */
+
+#ifndef _SEPOL_POLICYDB_EBITMAP_H_
+#define _SEPOL_POLICYDB_EBITMAP_H_
+
+#include <stdint.h>
+#include <string.h>
+
+#define MAPTYPE uint64_t /* portion of bitmap in each node */
+#define MAPSIZE (sizeof(MAPTYPE) * 8) /* number of bits in node bitmap */
+#define MAPBIT 1ULL /* a bit in the node bitmap */
+
+typedef struct ebitmap_node {
+ uint32_t startbit; /* starting position in the total bitmap */
+ MAPTYPE map; /* this node's portion of the bitmap */
+ struct ebitmap_node *next;
+} ebitmap_node_t;
+
+typedef struct ebitmap {
+ ebitmap_node_t *node; /* first node in the bitmap */
+ uint32_t highbit; /* highest position in the total bitmap */
+} ebitmap_t;
+
+#define ebitmap_length(e) ((e)->highbit)
+#define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0)
+#define ebitmap_startnode(e) ((e)->node)
+
+static inline unsigned int ebitmap_start(const ebitmap_t * e,
+ ebitmap_node_t ** n)
+{
+
+ *n = e->node;
+ return ebitmap_startbit(e);
+}
+
+static inline void ebitmap_init(ebitmap_t * e)
+{
+ memset(e, 0, sizeof(*e));
+}
+
+static inline unsigned int ebitmap_next(ebitmap_node_t ** n, unsigned int bit)
+{
+ if ((bit == ((*n)->startbit + MAPSIZE - 1)) && (*n)->next) {
+ *n = (*n)->next;
+ return (*n)->startbit;
+ }
+
+ return (bit + 1);
+}
+
+static inline int ebitmap_node_get_bit(ebitmap_node_t * n, unsigned int bit)
+{
+ if (n->map & (MAPBIT << (bit - n->startbit)))
+ return 1;
+ return 0;
+}
+
+#define ebitmap_for_each_bit(e, n, bit) \
+ for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \
+
+extern int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1);
+extern int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src);
+extern int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2);
+extern int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit);
+extern int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value);
+extern void ebitmap_destroy(ebitmap_t * e);
+extern int ebitmap_read(ebitmap_t * e, void *fp);
+
+#endif /* _EBITMAP_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/expand.h b/libsepol/include/sepol/policydb/expand.h
new file mode 100644
index 0000000..059b065
--- /dev/null
+++ b/libsepol/include/sepol/policydb/expand.h
@@ -0,0 +1,79 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * A set of utility functions that aid policy decision when dealing
+ * with hierarchal items.
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_POLICYDB_EXPAND_H
+#define _SEPOL_POLICYDB_EXPAND_H
+
+#include <stddef.h>
+#include <sepol/handle.h>
+#include <sepol/policydb/conditional.h>
+
+/*
+ * Expand only the avrules for a module. It is valid for this function
+ * to expand base into itself (i.e. base == out); the typemap for
+ * this special case should map type[i] to i+1. Likewise the boolmap
+ * should map bool[i] to i + 1. This function optionally expands
+ * neverallow rules. If neverallow rules are expanded, there is no
+ * need to copy them and doing so could cause duplicate entries when
+ * base == out. If the neverallow rules are not expanded, they are
+ * just copied to the destination policy so that assertion checking
+ * can be performed after expand. No assertion or hierarchy checking
+ * is performed by this function.
+ */
+extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
+ policydb_t * out, uint32_t * typemap, uint32_t * boolmap,
+ uint32_t * rolemap, uint32_t * usermap,
+ int verbose, int expand_neverallow);
+/*
+ * Expand all parts of a module. Neverallow rules are not expanded (only
+ * copied). It is not valid to expand base into itself. If check is non-zero,
+ * performs hierarchy and assertion checking.
+ */
+extern int expand_module(sepol_handle_t * handle,
+ policydb_t * base, policydb_t * out,
+ int verbose, int check);
+extern int convert_type_ebitmap(ebitmap_t * src, ebitmap_t * dst,
+ uint32_t * typemap);
+extern int expand_convert_type_set(policydb_t * p, uint32_t * typemap,
+ type_set_t * set, ebitmap_t * types,
+ unsigned char alwaysexpand);
+extern int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
+ unsigned char alwaysexpand);
+extern int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * p, uint32_t * rolemap);
+extern int mls_semantic_level_expand(mls_semantic_level_t *sl, mls_level_t *l,
+ policydb_t *p, sepol_handle_t *h);
+extern int mls_semantic_range_expand(mls_semantic_range_t *sr, mls_range_t *r,
+ policydb_t *p, sepol_handle_t *h);
+extern int expand_rule(sepol_handle_t * handle,
+ policydb_t * source_pol,
+ avrule_t * source_rule, avtab_t * dest_avtab,
+ cond_av_list_t ** cond, cond_av_list_t ** other,
+ int enabled);
+
+extern int expand_avtab(policydb_t * p, avtab_t * a, avtab_t * expa);
+
+extern int expand_cond_av_list(policydb_t * p, cond_av_list_t * l,
+ cond_av_list_t ** newl, avtab_t * expa);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/flask.h b/libsepol/include/sepol/policydb/flask.h
new file mode 100644
index 0000000..3134284
--- /dev/null
+++ b/libsepol/include/sepol/policydb/flask.h
@@ -0,0 +1,94 @@
+/* This file is automatically generated. Do not edit. */
+#ifndef _SEPOL_POLICYDB_FLASK_H_
+#define _SEPOL_POLICYDB_FLASK_H_
+
+/*
+ * Security object class definitions
+ */
+#define SECCLASS_SECURITY 1
+#define SECCLASS_PROCESS 2
+#define SECCLASS_SYSTEM 3
+#define SECCLASS_CAPABILITY 4
+#define SECCLASS_FILESYSTEM 5
+#define SECCLASS_FILE 6
+#define SECCLASS_DIR 7
+#define SECCLASS_FD 8
+#define SECCLASS_LNK_FILE 9
+#define SECCLASS_CHR_FILE 10
+#define SECCLASS_BLK_FILE 11
+#define SECCLASS_SOCK_FILE 12
+#define SECCLASS_FIFO_FILE 13
+#define SECCLASS_SOCKET 14
+#define SECCLASS_TCP_SOCKET 15
+#define SECCLASS_UDP_SOCKET 16
+#define SECCLASS_RAWIP_SOCKET 17
+#define SECCLASS_NODE 18
+#define SECCLASS_NETIF 19
+#define SECCLASS_NETLINK_SOCKET 20
+#define SECCLASS_PACKET_SOCKET 21
+#define SECCLASS_KEY_SOCKET 22
+#define SECCLASS_UNIX_STREAM_SOCKET 23
+#define SECCLASS_UNIX_DGRAM_SOCKET 24
+#define SECCLASS_SEM 25
+#define SECCLASS_MSG 26
+#define SECCLASS_MSGQ 27
+#define SECCLASS_SHM 28
+#define SECCLASS_IPC 29
+#define SECCLASS_PASSWD 30
+#define SECCLASS_DRAWABLE 31
+#define SECCLASS_WINDOW 32
+#define SECCLASS_GC 33
+#define SECCLASS_FONT 34
+#define SECCLASS_COLORMAP 35
+#define SECCLASS_PROPERTY 36
+#define SECCLASS_CURSOR 37
+#define SECCLASS_XCLIENT 38
+#define SECCLASS_XINPUT 39
+#define SECCLASS_XSERVER 40
+#define SECCLASS_XEXTENSION 41
+#define SECCLASS_PAX 42
+#define SECCLASS_NETLINK_ROUTE_SOCKET 43
+#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
+#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
+#define SECCLASS_NETLINK_NFLOG_SOCKET 46
+#define SECCLASS_NETLINK_XFRM_SOCKET 47
+#define SECCLASS_NETLINK_SELINUX_SOCKET 48
+#define SECCLASS_NETLINK_AUDIT_SOCKET 49
+#define SECCLASS_NETLINK_IP6FW_SOCKET 50
+#define SECCLASS_NETLINK_DNRT_SOCKET 51
+#define SECCLASS_DBUS 52
+
+/*
+ * Security identifier indices for initial entities
+ */
+#define SECINITSID_KERNEL 1
+#define SECINITSID_SECURITY 2
+#define SECINITSID_UNLABELED 3
+#define SECINITSID_FS 4
+#define SECINITSID_FILE 5
+#define SECINITSID_FILE_LABELS 6
+#define SECINITSID_INIT 7
+#define SECINITSID_ANY_SOCKET 8
+#define SECINITSID_PORT 9
+#define SECINITSID_NETIF 10
+#define SECINITSID_NETMSG 11
+#define SECINITSID_NODE 12
+#define SECINITSID_IGMP_PACKET 13
+#define SECINITSID_ICMP_SOCKET 14
+#define SECINITSID_TCP_SOCKET 15
+#define SECINITSID_SYSCTL_MODPROBE 16
+#define SECINITSID_SYSCTL 17
+#define SECINITSID_SYSCTL_FS 18
+#define SECINITSID_SYSCTL_KERNEL 19
+#define SECINITSID_SYSCTL_NET 20
+#define SECINITSID_SYSCTL_NET_UNIX 21
+#define SECINITSID_SYSCTL_VM 22
+#define SECINITSID_SYSCTL_DEV 23
+#define SECINITSID_KMOD 24
+#define SECINITSID_POLICY 25
+#define SECINITSID_SCMP_PACKET 26
+#define SECINITSID_DEVNULL 27
+
+#define SECINITSID_NUM 27
+
+#endif
diff --git a/libsepol/include/sepol/policydb/flask_types.h b/libsepol/include/sepol/policydb/flask_types.h
new file mode 100644
index 0000000..575c6f2
--- /dev/null
+++ b/libsepol/include/sepol/policydb/flask_types.h
@@ -0,0 +1,62 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+#ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_
+#define _SEPOL_POLICYDB_FLASK_TYPES_H_
+
+/*
+ * The basic Flask types and constants.
+ */
+
+#include <sys/types.h>
+#include <stdint.h>
+
+/*
+ * A security context is a set of security attributes
+ * associated with each subject and object controlled
+ * by the security policy. The security context type
+ * is defined as a variable-length string that can be
+ * interpreted by any application or user with an
+ * understanding of the security policy.
+ */
+typedef char *sepol_security_context_t;
+
+/*
+ * An access vector (AV) is a collection of related permissions
+ * for a pair of SIDs. The bits within an access vector
+ * are interpreted differently depending on the class of
+ * the object. The access vector interpretations are specified
+ * in flask/access_vectors, and the corresponding constants
+ * for permissions are defined in the automatically generated
+ * header file av_permissions.h.
+ */
+typedef uint32_t sepol_access_vector_t;
+
+/*
+ * Each object class is identified by a fixed-size value.
+ * The set of security classes is specified in flask/security_classes,
+ * with the corresponding constants defined in the automatically
+ * generated header file flask.h.
+ */
+typedef uint16_t sepol_security_class_t;
+#define SEPOL_SECCLASS_NULL 0x0000 /* no class */
+
+#define SELINUX_MAGIC 0xf97cff8c
+#define SELINUX_MOD_MAGIC 0xf97cff8d
+
+typedef uint32_t sepol_security_id_t;
+#define SEPOL_SECSID_NULL 0
+
+struct sepol_av_decision {
+ sepol_access_vector_t allowed;
+ sepol_access_vector_t decided;
+ sepol_access_vector_t auditallow;
+ sepol_access_vector_t auditdeny;
+ uint32_t seqno;
+};
+
+#endif
diff --git a/libsepol/include/sepol/policydb/hashtab.h b/libsepol/include/sepol/policydb/hashtab.h
new file mode 100644
index 0000000..1081ff6
--- /dev/null
+++ b/libsepol/include/sepol/policydb/hashtab.h
@@ -0,0 +1,137 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A hash table (hashtab) maintains associations between
+ * key values and datum values. The type of the key values
+ * and the type of the datum values is arbitrary. The
+ * functions for hash computation and key comparison are
+ * provided by the creator of the table.
+ */
+
+#ifndef _SEPOL_POLICYDB_HASHTAB_H_
+#define _SEPOL_POLICYDB_HASHTAB_H_
+
+#include <sepol/errcodes.h>
+
+#include <stdint.h>
+#include <stdio.h>
+
+typedef char *hashtab_key_t; /* generic key type */
+typedef void *hashtab_datum_t; /* generic datum type */
+
+typedef struct hashtab_node *hashtab_ptr_t;
+
+typedef struct hashtab_node {
+ hashtab_key_t key;
+ hashtab_datum_t datum;
+ hashtab_ptr_t next;
+} hashtab_node_t;
+
+typedef struct hashtab_val {
+ hashtab_ptr_t *htable; /* hash table */
+ unsigned int size; /* number of slots in hash table */
+ uint32_t nel; /* number of elements in hash table */
+ unsigned int (*hash_value) (struct hashtab_val * h, hashtab_key_t key); /* hash function */
+ int (*keycmp) (struct hashtab_val * h, hashtab_key_t key1, hashtab_key_t key2); /* key comparison function */
+} hashtab_val_t;
+
+typedef hashtab_val_t *hashtab_t;
+
+/*
+ Creates a new hash table with the specified characteristics.
+
+ Returns NULL if insufficent space is available or
+ the new hash table otherwise.
+ */
+extern hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ const hashtab_key_t
+ key),
+ int (*keycmp) (hashtab_t h,
+ const hashtab_key_t key1,
+ const hashtab_key_t key2),
+ unsigned int size);
+/*
+ Inserts the specified (key, datum) pair into the specified hash table.
+
+ Returns SEPOL_ENOMEM if insufficient space is available or
+ SEPOL_EEXIST if there is already an entry with the same key or
+ SEPOL_OK otherwise.
+ */
+extern int hashtab_insert(hashtab_t h, hashtab_key_t k, hashtab_datum_t d);
+
+/*
+ Removes the entry with the specified key from the hash table.
+ Applies the specified destroy function to (key,datum,args) for
+ the entry.
+
+ Returns SEPOL_ENOENT if no entry has the specified key or
+ SEPOL_OK otherwise.
+ */
+extern int hashtab_remove(hashtab_t h, hashtab_key_t k,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Insert or replace the specified (key, datum) pair in the specified
+ hash table. If an entry for the specified key already exists,
+ then the specified destroy function is applied to (key,datum,args)
+ for the entry prior to replacing the entry's contents.
+
+ Returns SEPOL_ENOMEM if insufficient space is available or
+ SEPOL_OK otherwise.
+ */
+extern int hashtab_replace(hashtab_t h, hashtab_key_t k, hashtab_datum_t d,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Searches for the entry with the specified key in the hash table.
+
+ Returns NULL if no entry has the specified key or
+ the datum of the entry otherwise.
+ */
+extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k);
+
+/*
+ Destroys the specified hash table.
+ */
+extern void hashtab_destroy(hashtab_t h);
+
+/*
+ Applies the specified apply function to (key,datum,args)
+ for each entry in the specified hash table.
+
+ The order in which the function is applied to the entries
+ is dependent upon the internal structure of the hash table.
+
+ If apply returns a non-zero status, then hashtab_map will cease
+ iterating through the hash table and will propagate the error
+ return to its caller.
+ */
+extern int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Same as hashtab_map, except that if apply returns a non-zero status,
+ then the (key,datum) pair will be removed from the hashtab and the
+ destroy function will be applied to (key,datum,args).
+ */
+extern void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+extern void hashtab_hash_eval(hashtab_t h, char *tag);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/hierarchy.h b/libsepol/include/sepol/policydb/hierarchy.h
new file mode 100644
index 0000000..de2dfc7
--- /dev/null
+++ b/libsepol/include/sepol/policydb/hierarchy.h
@@ -0,0 +1,32 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * A set of utility functions that aid policy decision when dealing
+ * with hierarchal items.
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_POLICYDB_HIERARCHY_H_
+#define _SEPOL_POLICYDB_HIERARCHY_H_
+
+#include <sepol/policydb/policydb.h>
+
+extern int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/link.h b/libsepol/include/sepol/policydb/link.h
new file mode 100644
index 0000000..fca9114
--- /dev/null
+++ b/libsepol/include/sepol/policydb/link.h
@@ -0,0 +1,20 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@mentalrootkit.com>
+ */
+
+#ifndef _SEPOL_POLICYDB_LINK_H
+#define _SEPOL_POLICYDB_LINK_H
+
+#include <sepol/handle.h>
+#include <sepol/errcodes.h>
+#include <sepol/policydb/policydb.h>
+
+
+#include <stddef.h>
+
+extern int link_modules(sepol_handle_t * handle,
+ policydb_t * b, policydb_t ** mods, int len,
+ int verbose);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/mls_types.h b/libsepol/include/sepol/policydb/mls_types.h
new file mode 100644
index 0000000..e491209
--- /dev/null
+++ b/libsepol/include/sepol/policydb/mls_types.h
@@ -0,0 +1,153 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * Type definitions for the multi-level security (MLS) policy.
+ */
+
+#ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
+#define _SEPOL_POLICYDB_MLS_TYPES_H_
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <sepol/policydb/ebitmap.h>
+#include <sepol/policydb/flask_types.h>
+
+typedef struct mls_level {
+ uint32_t sens; /* sensitivity */
+ ebitmap_t cat; /* category set */
+} mls_level_t;
+
+typedef struct mls_range {
+ mls_level_t level[2]; /* low == level[0], high == level[1] */
+} mls_range_t;
+
+static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
+{
+
+ dst->sens = src->sens;
+ if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
+ return -1;
+ return 0;
+}
+
+static inline void mls_level_init(struct mls_level *level)
+{
+
+ memset(level, 0, sizeof(mls_level_t));
+}
+
+static inline void mls_level_destroy(struct mls_level *level)
+{
+
+ if (level == NULL)
+ return;
+
+ ebitmap_destroy(&level->cat);
+ mls_level_init(level);
+}
+
+static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
+{
+ return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
+}
+
+static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
+{
+ return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
+}
+
+#define mls_level_incomp(l1, l2) \
+(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
+
+#define mls_level_between(l1, l2, l3) \
+(mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
+
+#define mls_range_contains(r1, r2) \
+(mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
+ mls_level_dom(&(r1).level[1], &(r2).level[1]))
+
+static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
+{
+
+ if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
+ goto err;
+
+ if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
+ goto err_destroy;
+
+ return 0;
+
+ err_destroy:
+ mls_level_destroy(&dst->level[0]);
+
+ err:
+ return -1;
+}
+
+static inline void mls_range_init(struct mls_range *r)
+{
+ mls_level_init(&r->level[0]);
+ mls_level_init(&r->level[1]);
+}
+
+static inline void mls_range_destroy(struct mls_range *r)
+{
+ mls_level_destroy(&r->level[0]);
+ mls_level_destroy(&r->level[1]);
+}
+
+static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
+{
+ return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
+ mls_level_eq(&r1->level[1], &r2->level[1]));
+}
+
+typedef struct mls_semantic_cat {
+ uint32_t low; /* first bit this struct represents */
+ uint32_t high; /* last bit represented - equals low for a single cat */
+ struct mls_semantic_cat *next;
+} mls_semantic_cat_t;
+
+typedef struct mls_semantic_level {
+ uint32_t sens;
+ mls_semantic_cat_t *cat;
+} mls_semantic_level_t;
+
+typedef struct mls_semantic_range {
+ mls_semantic_level_t level[2];
+} mls_semantic_range_t;
+
+extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
+extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
+extern void mls_semantic_level_init(mls_semantic_level_t *l);
+extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
+extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
+extern void mls_semantic_range_init(mls_semantic_range_t *r);
+extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
+extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/module.h b/libsepol/include/sepol/policydb/module.h
new file mode 100644
index 0000000..10403c8
--- /dev/null
+++ b/libsepol/include/sepol/policydb/module.h
@@ -0,0 +1,48 @@
+/* Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_POLICYDB_MODULE_H_
+#define _SEPOL_POLICYDB_MODULE_H_
+
+#include <stdlib.h>
+#include <stddef.h>
+
+#include <sepol/module.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+
+#define SEPOL_MODULE_PACKAGE_MAGIC 0xf97cff8f
+
+struct sepol_module_package {
+ sepol_policydb_t *policy;
+ uint32_t version;
+ char *file_contexts;
+ size_t file_contexts_len;
+ char *seusers;
+ size_t seusers_len;
+ char *user_extra;
+ size_t user_extra_len;
+ char *netfilter_contexts;
+ size_t netfilter_contexts_len;
+};
+
+extern int sepol_module_package_init(sepol_module_package_t * p);
+
+#endif
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
new file mode 100644
index 0000000..40c0a48
--- /dev/null
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -0,0 +1,18 @@
+#ifndef _SEPOL_POLICYDB_POLCAPS_H_
+#define _SEPOL_POLICYDB_POLCAPS_H_
+
+/* Policy capabilities */
+enum {
+ POLICYDB_CAPABILITY_NETPEER,
+ POLICYDB_CAPABILITY_OPENPERM,
+ __POLICYDB_CAPABILITY_MAX
+};
+#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
+
+/* Convert a capability name to number. */
+extern int sepol_polcap_getnum(const char *name);
+
+/* Convert a capability number to name. */
+extern const char *sepol_polcap_getname(int capnum);
+
+#endif /* _SEPOL_POLICYDB_POLCAPS_H_ */
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
new file mode 100644
index 0000000..f829286
--- /dev/null
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -0,0 +1,635 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated: Joshua Brindle <jbrindle@tresys.com>
+ * Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Module support
+ *
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
+ *
+ * Fine-grained netlink support
+ * IPv6 support
+ * Code cleanup
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ * Copyright (C) 2003 - 2004 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * A policy database (policydb) specifies the
+ * configuration data for the security policy.
+ */
+
+#ifndef _SEPOL_POLICYDB_POLICYDB_H_
+#define _SEPOL_POLICYDB_POLICYDB_H_
+
+#include <stdio.h>
+#include <stddef.h>
+
+#include <sepol/policydb.h>
+
+#include <sepol/policydb/flask_types.h>
+#include <sepol/policydb/symtab.h>
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/context.h>
+#include <sepol/policydb/constraint.h>
+#include <sepol/policydb/sidtab.h>
+
+#define ERRMSG_LEN 1024
+
+#define POLICYDB_SUCCESS 0
+#define POLICYDB_ERROR -1
+#define POLICYDB_UNSUPPORTED -2
+
+/*
+ * A datum type is defined for each kind of symbol
+ * in the configuration data: individual permissions,
+ * common prefixes for access vectors, classes,
+ * users, roles, types, sensitivities, categories, etc.
+ */
+
+/* type set preserves data needed by modules such as *, ~ and attributes */
+typedef struct type_set {
+ ebitmap_t types;
+ ebitmap_t negset;
+#define TYPE_STAR 1
+#define TYPE_COMP 2
+ uint32_t flags;
+} type_set_t;
+
+typedef struct role_set {
+ ebitmap_t roles;
+#define ROLE_STAR 1
+#define ROLE_COMP 2
+ uint32_t flags;
+} role_set_t;
+
+/* Permission attributes */
+typedef struct perm_datum {
+ symtab_datum_t s;
+} perm_datum_t;
+
+/* Attributes of a common prefix for access vectors */
+typedef struct common_datum {
+ symtab_datum_t s;
+ symtab_t permissions; /* common permissions */
+} common_datum_t;
+
+/* Class attributes */
+typedef struct class_datum {
+ symtab_datum_t s;
+ char *comkey; /* common name */
+ common_datum_t *comdatum; /* common datum */
+ symtab_t permissions; /* class-specific permission symbol table */
+ constraint_node_t *constraints; /* constraints on class permissions */
+ constraint_node_t *validatetrans; /* special transition rules */
+} class_datum_t;
+
+/* Role attributes */
+typedef struct role_datum {
+ symtab_datum_t s;
+ ebitmap_t dominates; /* set of roles dominated by this role */
+ type_set_t types; /* set of authorized types for role */
+ ebitmap_t cache; /* This is an expanded set used for context validation during parsing */
+} role_datum_t;
+
+typedef struct role_trans {
+ uint32_t role; /* current role */
+ uint32_t type; /* program executable type */
+ uint32_t new_role; /* new role */
+ struct role_trans *next;
+} role_trans_t;
+
+typedef struct role_allow {
+ uint32_t role; /* current role */
+ uint32_t new_role; /* new role */
+ struct role_allow *next;
+} role_allow_t;
+
+/* Type attributes */
+typedef struct type_datum {
+ symtab_datum_t s;
+ uint32_t primary; /* primary name? can be set to primary value if below is TYPE_ */
+#define TYPE_TYPE 0 /* regular type or alias in kernel policies */
+#define TYPE_ATTRIB 1 /* attribute */
+#define TYPE_ALIAS 2 /* alias in modular policy */
+ uint32_t flavor;
+ ebitmap_t types; /* types with this attribute */
+#define TYPE_FLAGS_PERMISSIVE 0x01
+ uint32_t flags;
+} type_datum_t;
+
+/* User attributes */
+typedef struct user_datum {
+ symtab_datum_t s;
+ role_set_t roles; /* set of authorized roles for user */
+ mls_semantic_range_t range; /* MLS range (min. - max.) for user */
+ mls_semantic_level_t dfltlevel; /* default login MLS level for user */
+ ebitmap_t cache; /* This is an expanded set used for context validation during parsing */
+ mls_range_t exp_range; /* expanded range used for validation */
+ mls_level_t exp_dfltlevel; /* expanded range used for validation */
+} user_datum_t;
+
+/* Sensitivity attributes */
+typedef struct level_datum {
+ mls_level_t *level; /* sensitivity and associated categories */
+ unsigned char isalias; /* is this sensitivity an alias for another? */
+ unsigned char defined;
+} level_datum_t;
+
+/* Category attributes */
+typedef struct cat_datum {
+ symtab_datum_t s;
+ unsigned char isalias; /* is this category an alias for another? */
+} cat_datum_t;
+
+typedef struct range_trans {
+ uint32_t source_type;
+ uint32_t target_type;
+ uint32_t target_class;
+ mls_range_t target_range;
+ struct range_trans *next;
+} range_trans_t;
+
+/* Boolean data type */
+typedef struct cond_bool_datum {
+ symtab_datum_t s;
+ int state;
+} cond_bool_datum_t;
+
+struct cond_node;
+
+typedef struct cond_node cond_list_t;
+struct cond_av_list;
+
+typedef struct class_perm_node {
+ uint32_t class;
+ uint32_t data; /* permissions or new type */
+ struct class_perm_node *next;
+} class_perm_node_t;
+
+typedef struct avrule {
+/* these typedefs are almost exactly the same as those in avtab.h - they are
+ * here because of the need to include neverallow and dontaudit messages */
+#define AVRULE_ALLOWED 1
+#define AVRULE_AUDITALLOW 2
+#define AVRULE_AUDITDENY 4
+#define AVRULE_DONTAUDIT 8
+#define AVRULE_NEVERALLOW 128
+#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW)
+#define AVRULE_TRANSITION 16
+#define AVRULE_MEMBER 32
+#define AVRULE_CHANGE 64
+#define AVRULE_TYPE (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE)
+ uint32_t specified;
+#define RULE_SELF 1
+ uint32_t flags;
+ type_set_t stypes;
+ type_set_t ttypes;
+ class_perm_node_t *perms;
+ unsigned long line; /* line number from policy.conf where
+ * this rule originated */
+ struct avrule *next;
+} avrule_t;
+
+typedef struct role_trans_rule {
+ role_set_t roles; /* current role */
+ type_set_t types; /* program executable type */
+ uint32_t new_role; /* new role */
+ struct role_trans_rule *next;
+} role_trans_rule_t;
+
+typedef struct role_allow_rule {
+ role_set_t roles; /* current role */
+ role_set_t new_roles; /* new roles */
+ struct role_allow_rule *next;
+} role_allow_rule_t;
+
+typedef struct range_trans_rule {
+ type_set_t stypes;
+ type_set_t ttypes;
+ ebitmap_t tclasses;
+ mls_semantic_range_t trange;
+ struct range_trans_rule *next;
+} range_trans_rule_t;
+
+/*
+ * The configuration data includes security contexts for
+ * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
+ * network interfaces, and nodes. This structure stores the
+ * relevant data for one such entry. Entries of the same kind
+ * (e.g. all initial SIDs) are linked together into a list.
+ */
+typedef struct ocontext {
+ union {
+ char *name; /* name of initial SID, fs, netif, fstype, path */
+ struct {
+ uint8_t protocol;
+ uint16_t low_port;
+ uint16_t high_port;
+ } port; /* TCP or UDP port information */
+ struct {
+ uint32_t addr; /* network order */
+ uint32_t mask; /* network order */
+ } node; /* node information */
+ struct {
+ uint32_t addr[4]; /* network order */
+ uint32_t mask[4]; /* network order */
+ } node6; /* IPv6 node information */
+ } u;
+ union {
+ uint32_t sclass; /* security class for genfs */
+ uint32_t behavior; /* labeling behavior for fs_use */
+ } v;
+ context_struct_t context[2]; /* security context(s) */
+ sepol_security_id_t sid[2]; /* SID(s) */
+ struct ocontext *next;
+} ocontext_t;
+
+typedef struct genfs {
+ char *fstype;
+ struct ocontext *head;
+ struct genfs *next;
+} genfs_t;
+
+/* symbol table array indices */
+#define SYM_COMMONS 0
+#define SYM_CLASSES 1
+#define SYM_ROLES 2
+#define SYM_TYPES 3
+#define SYM_USERS 4
+#define SYM_BOOLS 5
+#define SYM_LEVELS 6
+#define SYM_CATS 7
+#define SYM_NUM 8
+
+/* object context array indices */
+#define OCON_ISID 0 /* initial SIDs */
+#define OCON_FS 1 /* unlabeled file systems */
+#define OCON_PORT 2 /* TCP and UDP port numbers */
+#define OCON_NETIF 3 /* network interfaces */
+#define OCON_NODE 4 /* nodes */
+#define OCON_FSUSE 5 /* fs_use */
+#define OCON_NODE6 6 /* IPv6 nodes */
+#define OCON_NUM 7
+
+/* section: module information */
+
+/* scope_index_t holds all of the symbols that are in scope in a
+ * particular situation. The bitmaps are indices (and thus must
+ * subtract one) into the global policydb->scope array. */
+typedef struct scope_index {
+ ebitmap_t scope[SYM_NUM];
+#define p_classes_scope scope[SYM_CLASSES]
+#define p_roles_scope scope[SYM_ROLES]
+#define p_types_scope scope[SYM_TYPES]
+#define p_users_scope scope[SYM_USERS]
+#define p_bools_scope scope[SYM_BOOLS]
+#define p_sens_scope scope[SYM_LEVELS]
+#define p_cat_scope scope[SYM_CATS]
+
+ /* this array maps from class->value to the permissions within
+ * scope. if bit (perm->value - 1) is set in map
+ * class_perms_map[class->value - 1] then that permission is
+ * enabled for this class within this decl. */
+ ebitmap_t *class_perms_map;
+ /* total number of classes in class_perms_map array */
+ uint32_t class_perms_len;
+} scope_index_t;
+
+/* a list of declarations for a particular avrule_decl */
+
+/* These two structs declare a block of policy that has TE and RBAC
+ * statements and declarations. The root block (the global policy)
+ * can never have an ELSE branch. */
+typedef struct avrule_decl {
+ uint32_t decl_id;
+ uint32_t enabled; /* whether this block is enabled */
+
+ cond_list_t *cond_list;
+ avrule_t *avrules;
+ role_trans_rule_t *role_tr_rules;
+ role_allow_rule_t *role_allow_rules;
+ range_trans_rule_t *range_tr_rules;
+ scope_index_t required; /* symbols needed to activate this block */
+ scope_index_t declared; /* symbols declared within this block */
+
+ /* for additive statements (type attribute, roles, and users) */
+ symtab_t symtab[SYM_NUM];
+
+ /* In a linked module this will contain the name of the module
+ * from which this avrule_decl originated. */
+ char *module_name;
+
+ struct avrule_decl *next;
+} avrule_decl_t;
+
+typedef struct avrule_block {
+ avrule_decl_t *branch_list;
+ avrule_decl_t *enabled; /* pointer to which branch is enabled. this is
+ used in linking and never written to disk */
+#define AVRULE_OPTIONAL 1
+ uint32_t flags; /* any flags for this block, currently just optional */
+ struct avrule_block *next;
+} avrule_block_t;
+
+/* Every identifier has its own scope datum. The datum describes if
+ * the item is to be included into the final policy during
+ * expansion. */
+typedef struct scope_datum {
+/* Required for this decl */
+#define SCOPE_REQ 1
+/* Declared in this decl */
+#define SCOPE_DECL 2
+ uint32_t scope;
+ uint32_t *decl_ids;
+ uint32_t decl_ids_len;
+ /* decl_ids is a list of avrule_decl's that declare/require
+ * this symbol. If scope==SCOPE_DECL then this is a list of
+ * declarations. If the symbol may only be declared once
+ * (types, bools) then decl_ids_len will be exactly 1. For
+ * implicitly declared things (roles, users) then decl_ids_len
+ * will be at least 1. */
+} scope_datum_t;
+
+/* The policy database */
+typedef struct policydb {
+#define POLICY_KERN SEPOL_POLICY_KERN
+#define POLICY_BASE SEPOL_POLICY_BASE
+#define POLICY_MOD SEPOL_POLICY_MOD
+ uint32_t policy_type;
+ char *name;
+ char *version;
+
+ /* Set when the policydb is modified such that writing is unsupported */
+ int unsupported_format;
+
+ /* Whether this policydb is mls, should always be set */
+ int mls;
+
+ /* symbol tables */
+ symtab_t symtab[SYM_NUM];
+#define p_commons symtab[SYM_COMMONS]
+#define p_classes symtab[SYM_CLASSES]
+#define p_roles symtab[SYM_ROLES]
+#define p_types symtab[SYM_TYPES]
+#define p_users symtab[SYM_USERS]
+#define p_bools symtab[SYM_BOOLS]
+#define p_levels symtab[SYM_LEVELS]
+#define p_cats symtab[SYM_CATS]
+
+ /* symbol names indexed by (value - 1) */
+ char **sym_val_to_name[SYM_NUM];
+#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
+#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
+#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
+#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
+#define p_user_val_to_name sym_val_to_name[SYM_USERS]
+#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
+#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
+#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
+
+ /* class, role, and user attributes indexed by (value - 1) */
+ class_datum_t **class_val_to_struct;
+ role_datum_t **role_val_to_struct;
+ user_datum_t **user_val_to_struct;
+ type_datum_t **type_val_to_struct;
+
+ /* module stuff section -- used in parsing and for modules */
+
+ /* keep track of the scope for every identifier. these are
+ * hash tables, where the key is the identifier name and value
+ * a scope_datum_t. as a convenience, one may use the
+ * p_*_macros (cf. struct scope_index_t declaration). */
+ symtab_t scope[SYM_NUM];
+
+ /* module rule storage */
+ avrule_block_t *global;
+ /* avrule_decl index used for link/expand */
+ avrule_decl_t **decl_val_to_struct;
+
+ /* compiled storage of rules - use for the kernel policy */
+
+ /* type enforcement access vectors and transitions */
+ avtab_t te_avtab;
+
+ /* bools indexed by (value - 1) */
+ cond_bool_datum_t **bool_val_to_struct;
+ /* type enforcement conditional access vectors and transitions */
+ avtab_t te_cond_avtab;
+ /* linked list indexing te_cond_avtab by conditional */
+ cond_list_t *cond_list;
+
+ /* role transitions */
+ role_trans_t *role_tr;
+
+ /* role allows */
+ role_allow_t *role_allow;
+
+ /* security contexts of initial SIDs, unlabeled file systems,
+ TCP or UDP port numbers, network interfaces and nodes */
+ ocontext_t *ocontexts[OCON_NUM];
+
+ /* security contexts for files in filesystems that cannot support
+ a persistent label mapping or use another
+ fixed labeling behavior. */
+ genfs_t *genfs;
+
+ /* range transitions */
+ range_trans_t *range_tr;
+
+ ebitmap_t *type_attr_map;
+
+ ebitmap_t *attr_type_map; /* not saved in the binary policy */
+
+ ebitmap_t policycaps;
+
+ /* this bitmap is referenced by type NOT the typical type-1 used in other
+ bitmaps. Someday the 0 bit may be used for global permissive */
+ ebitmap_t permissive_map;
+
+ unsigned policyvers;
+
+ unsigned handle_unknown;
+} policydb_t;
+
+struct sepol_policydb {
+ struct policydb p;
+};
+
+extern int policydb_init(policydb_t * p);
+
+extern int policydb_from_image(sepol_handle_t * handle,
+ void *data, size_t len, policydb_t * policydb);
+
+extern int policydb_to_image(sepol_handle_t * handle,
+ policydb_t * policydb, void **newdata,
+ size_t * newlen);
+
+extern int policydb_index_classes(policydb_t * p);
+
+extern int policydb_index_bools(policydb_t * p);
+
+extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
+ unsigned int verbose);
+
+extern int policydb_reindex_users(policydb_t * p);
+
+extern void policydb_destroy(policydb_t * p);
+
+extern int policydb_load_isids(policydb_t * p, sidtab_t * s);
+
+/* Deprecated */
+extern int policydb_context_isvalid(const policydb_t * p,
+ const context_struct_t * c);
+
+extern void symtabs_destroy(symtab_t * symtab);
+extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
+typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
+ void *args);
+extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);
+
+extern void class_perm_node_init(class_perm_node_t * x);
+extern void type_set_init(type_set_t * x);
+extern void type_set_destroy(type_set_t * x);
+extern int type_set_cpy(type_set_t * dst, type_set_t * src);
+extern int type_set_or_eq(type_set_t * dst, type_set_t * other);
+extern void role_set_init(role_set_t * x);
+extern void role_set_destroy(role_set_t * x);
+extern void avrule_init(avrule_t * x);
+extern void avrule_destroy(avrule_t * x);
+extern void avrule_list_destroy(avrule_t * x);
+extern void role_trans_rule_init(role_trans_rule_t * x);
+extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
+
+extern void role_datum_init(role_datum_t * x);
+extern void role_datum_destroy(role_datum_t * x);
+extern void role_allow_rule_init(role_allow_rule_t * x);
+extern void role_allow_rule_destroy(role_allow_rule_t * x);
+extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
+extern void range_trans_rule_init(range_trans_rule_t *x);
+extern void range_trans_rule_destroy(range_trans_rule_t *x);
+extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
+extern void type_datum_init(type_datum_t * x);
+extern void type_datum_destroy(type_datum_t * x);
+extern void user_datum_init(user_datum_t * x);
+extern void user_datum_destroy(user_datum_t * x);
+extern void level_datum_init(level_datum_t * x);
+extern void level_datum_destroy(level_datum_t * x);
+extern void cat_datum_init(cat_datum_t * x);
+extern void cat_datum_destroy(cat_datum_t * x);
+
+extern int check_assertions(sepol_handle_t * handle,
+ policydb_t * p, avrule_t * avrules);
+
+extern int symtab_insert(policydb_t * x, uint32_t sym,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t scope, uint32_t avrule_decl_id,
+ uint32_t * value);
+
+/* A policy "file" may be a memory region referenced by a (data, len) pair
+ or a file referenced by a FILE pointer. */
+typedef struct policy_file {
+#define PF_USE_MEMORY 0
+#define PF_USE_STDIO 1
+#define PF_LEN 2 /* total up length in len field */
+ unsigned type;
+ char *data;
+ size_t len;
+ size_t size;
+ FILE *fp;
+ struct sepol_handle *handle;
+} policy_file_t;
+
+struct sepol_policy_file {
+ struct policy_file pf;
+};
+
+extern void policy_file_init(policy_file_t * x);
+
+extern int policydb_read(policydb_t * p, struct policy_file *fp,
+ unsigned int verbose);
+extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
+ struct policy_file *fp);
+
+extern int policydb_write(struct policydb *p, struct policy_file *pf);
+
+#define PERM_SYMTAB_SIZE 32
+
+/* Identify specific policy version changes */
+#define POLICYDB_VERSION_BASE 15
+#define POLICYDB_VERSION_BOOL 16
+#define POLICYDB_VERSION_IPV6 17
+#define POLICYDB_VERSION_NLCLASS 18
+#define POLICYDB_VERSION_VALIDATETRANS 19
+#define POLICYDB_VERSION_MLS 19
+#define POLICYDB_VERSION_AVTAB 20
+#define POLICYDB_VERSION_RANGETRANS 21
+#define POLICYDB_VERSION_POLCAP 22
+#define POLICYDB_VERSION_PERMISSIVE 23
+
+/* Range of policy versions we understand*/
+#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_PERMISSIVE
+
+/* Module versions and specific changes*/
+#define MOD_POLICYDB_VERSION_BASE 4
+#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
+#define MOD_POLICYDB_VERSION_MLS 5
+#define MOD_POLICYDB_VERSION_RANGETRANS 6
+#define MOD_POLICYDB_VERSION_MLS_USERS 6
+#define MOD_POLICYDB_VERSION_POLCAP 7
+#define MOD_POLICYDB_VERSION_PERMISSIVE 8
+
+#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_PERMISSIVE
+
+#define POLICYDB_CONFIG_MLS 1
+
+/* the config flags related to unknown classes/perms are bits 2 and 3 */
+#define DENY_UNKNOWN SEPOL_DENY_UNKNOWN
+#define REJECT_UNKNOWN SEPOL_REJECT_UNKNOWN
+#define ALLOW_UNKNOWN SEPOL_ALLOW_UNKNOWN
+
+#define POLICYDB_CONFIG_UNKNOWN_MASK (DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)
+
+#define OBJECT_R "object_r"
+#define OBJECT_R_VAL 1
+
+#define POLICYDB_MAGIC SELINUX_MAGIC
+#define POLICYDB_STRING "SE Linux"
+#define POLICYDB_ALT_STRING "Flask"
+#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
+#define POLICYDB_MOD_STRING "SE Linux Module"
+
+#endif /* _POLICYDB_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
new file mode 100644
index 0000000..aef0c7b
--- /dev/null
+++ b/libsepol/include/sepol/policydb/services.h
@@ -0,0 +1,184 @@
+
+/* -*- linux-c -*- */
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+
+#ifndef _SEPOL_POLICYDB_SERVICES_H_
+#define _SEPOL_POLICYDB_SERVICES_H_
+
+/*
+ * Security server interface.
+ */
+
+#include <sepol/policydb/flask_types.h>
+#include <sepol/policydb/policydb.h>
+#include <stddef.h>
+
+/* Set the policydb and sidtab structures to be used by
+ the service functions. If not set, then these default
+ to private structures within libsepol that can only be
+ initialized and accessed via the service functions themselves.
+ Setting the structures explicitly allows a program to directly
+ manipulate them, e.g. checkpolicy populates the structures directly
+ from a source policy rather than from a binary policy. */
+extern int sepol_set_policydb(policydb_t * p);
+extern int sepol_set_sidtab(sidtab_t * s);
+
+/* Modify a policydb for boolean settings. */
+int sepol_genbools_policydb(policydb_t * policydb, const char *booleans);
+
+/* Modify a policydb for user settings. */
+int sepol_genusers_policydb(policydb_t * policydb, const char *usersdir);
+
+/* Load the security policy. This initializes the policydb
+ and sidtab based on the provided binary policy. */
+extern int sepol_load_policy(void *data, size_t len);
+
+/*
+ * Compute access vectors based on a SID pair for
+ * the permissions in a particular class.
+ */
+extern int sepol_compute_av(sepol_security_id_t ssid, /* IN */
+ sepol_security_id_t tsid, /* IN */
+ sepol_security_class_t tclass, /* IN */
+ sepol_access_vector_t requested, /* IN */
+ struct sepol_av_decision *avd); /* OUT */
+
+/* Same as above, but also return the reason(s) for any
+ denials of the requested permissions. */
+#define SEPOL_COMPUTEAV_TE 1
+#define SEPOL_COMPUTEAV_CONS 2
+#define SEPOL_COMPUTEAV_RBAC 4
+extern int sepol_compute_av_reason(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_access_vector_t requested,
+ struct sepol_av_decision *avd,
+ unsigned int *reason);
+
+/*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+ */
+extern int sepol_transition_sid(sepol_security_id_t ssid, /* IN */
+ sepol_security_id_t tsid, /* IN */
+ sepol_security_class_t tclass, /* IN */
+ sepol_security_id_t * out_sid); /* OUT */
+
+/*
+ * Compute a SID to use when selecting a member of a
+ * polyinstantiated object of class `tclass' based on
+ * a SID pair.
+ */
+extern int sepol_member_sid(sepol_security_id_t ssid, /* IN */
+ sepol_security_id_t tsid, /* IN */
+ sepol_security_class_t tclass, /* IN */
+ sepol_security_id_t * out_sid); /* OUT */
+
+/*
+ * Compute a SID to use for relabeling an object in the
+ * class `tclass' based on a SID pair.
+ */
+extern int sepol_change_sid(sepol_security_id_t ssid, /* IN */
+ sepol_security_id_t tsid, /* IN */
+ sepol_security_class_t tclass, /* IN */
+ sepol_security_id_t * out_sid); /* OUT */
+
+/*
+ * Write the security context string representation of
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+extern int sepol_sid_to_context(sepol_security_id_t sid, /* IN */
+ sepol_security_context_t * scontext, /* OUT */
+ size_t * scontext_len); /* OUT */
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+extern int sepol_context_to_sid(const sepol_security_context_t scontext, /* IN */
+ size_t scontext_len, /* IN */
+ sepol_security_id_t * out_sid); /* OUT */
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Set `*sids' to point to a dynamically allocated
+ * array containing the set of SIDs. Set `*nel' to the
+ * number of elements in the array.
+ */
+extern int sepol_get_user_sids(sepol_security_id_t callsid,
+ char *username,
+ sepol_security_id_t ** sids, uint32_t * nel);
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'. The `fs_sid' SID is returned for
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+extern int sepol_fs_sid(char *dev, /* IN */
+ sepol_security_id_t * fs_sid, /* OUT */
+ sepol_security_id_t * file_sid); /* OUT */
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+extern int sepol_port_sid(uint16_t domain,
+ uint16_t type,
+ uint8_t protocol,
+ uint16_t port, sepol_security_id_t * out_sid);
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'. The `if_sid' SID is returned for
+ * the interface and the `msg_sid' SID is returned as
+ * the default SID for messages received on the
+ * interface.
+ */
+extern int sepol_netif_sid(char *name,
+ sepol_security_id_t * if_sid,
+ sepol_security_id_t * msg_sid);
+
+/*
+ * Return the SID of the node specified by the address
+ * `addr' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+extern int sepol_node_sid(uint16_t domain,
+ void *addr,
+ size_t addrlen, sepol_security_id_t * out_sid);
+
+/*
+ * Return a value indicating how to handle labeling for the
+ * the specified filesystem type, and optionally return a SID
+ * for the filesystem object.
+ */
+#define SECURITY_FS_USE_XATTR 1 /* use xattr */
+#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
+#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */
+#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */
+#define SECURITY_FS_USE_NONE 5 /* no labeling support */
+extern int sepol_fs_use(const char *fstype, /* IN */
+ unsigned int *behavior, /* OUT */
+ sepol_security_id_t * sid); /* OUT */
+
+/*
+ * Return the SID to use for a file in a filesystem
+ * that cannot support a persistent label mapping or use another
+ * fixed labeling behavior like transition SIDs or task SIDs.
+ */
+extern int sepol_genfs_sid(const char *fstype, /* IN */
+ char *name, /* IN */
+ sepol_security_class_t sclass, /* IN */
+ sepol_security_id_t * sid); /* OUT */
+
+#endif
diff --git a/libsepol/include/sepol/policydb/sidtab.h b/libsepol/include/sepol/policydb/sidtab.h
new file mode 100644
index 0000000..33c7cb5
--- /dev/null
+++ b/libsepol/include/sepol/policydb/sidtab.h
@@ -0,0 +1,72 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A security identifier table (sidtab) is a hash table
+ * of security context structures indexed by SID value.
+ */
+
+#ifndef _SEPOL_POLICYDB_SIDTAB_H_
+#define _SEPOL_POLICYDB_SIDTAB_H_
+
+#include <sepol/policydb/context.h>
+
+typedef struct sidtab_node {
+ sepol_security_id_t sid; /* security identifier */
+ context_struct_t context; /* security context structure */
+ struct sidtab_node *next;
+} sidtab_node_t;
+
+typedef struct sidtab_node *sidtab_ptr_t;
+
+#define SIDTAB_HASH_BITS 7
+#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS)
+#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1)
+
+#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
+
+typedef struct {
+ sidtab_ptr_t *htable;
+ unsigned int nel; /* number of elements */
+ unsigned int next_sid; /* next SID to allocate */
+ unsigned char shutdown;
+} sidtab_t;
+
+extern int sepol_sidtab_init(sidtab_t * s);
+
+extern int sepol_sidtab_insert(sidtab_t * s,
+ sepol_security_id_t sid,
+ context_struct_t * context);
+
+extern context_struct_t *sepol_sidtab_search(sidtab_t * s,
+ sepol_security_id_t sid);
+
+extern int sepol_sidtab_map(sidtab_t * s,
+ int (*apply) (sepol_security_id_t sid,
+ context_struct_t * context,
+ void *args), void *args);
+
+extern void sepol_sidtab_map_remove_on_error(sidtab_t * s,
+ int (*apply) (sepol_security_id_t
+ s,
+ context_struct_t *
+ context, void *args),
+ void *args);
+
+extern int sepol_sidtab_context_to_sid(sidtab_t * s, /* IN */
+ context_struct_t * context, /* IN */
+ sepol_security_id_t * sid); /* OUT */
+
+extern void sepol_sidtab_hash_eval(sidtab_t * h, char *tag);
+
+extern void sepol_sidtab_destroy(sidtab_t * s);
+
+extern void sepol_sidtab_set(sidtab_t * dst, sidtab_t * src);
+
+extern void sepol_sidtab_shutdown(sidtab_t * s);
+
+#endif /* _SIDTAB_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/symtab.h b/libsepol/include/sepol/policydb/symtab.h
new file mode 100644
index 0000000..c8ad664
--- /dev/null
+++ b/libsepol/include/sepol/policydb/symtab.h
@@ -0,0 +1,38 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A symbol table (symtab) maintains associations between symbol
+ * strings and datum values. The type of the datum values
+ * is arbitrary. The symbol table type is implemented
+ * using the hash table type (hashtab).
+ */
+
+#ifndef _SEPOL_POLICYDB_SYMTAB_H_
+#define _SEPOL_POLICYDB_SYMTAB_H_
+
+#include <sepol/policydb/hashtab.h>
+
+/* The symtab_datum struct stores the common information for
+ * all symtab datums. It should the first element in every
+ * struct that will be used in a symtab to allow the specific
+ * datum types to be freely cast to this type.
+ *
+ * The values start at 1 - 0 is never a valid value.
+ */
+typedef struct symtab_datum {
+ uint32_t value;
+} symtab_datum_t;
+
+typedef struct {
+ hashtab_t table; /* hash table (keyed on a string) */
+ uint32_t nprim; /* number of primary names in table */
+} symtab_t;
+
+extern int symtab_init(symtab_t *, unsigned int size);
+
+#endif /* _SYMTAB_H_ */
+
+/* FLASK */
diff --git a/libsepol/include/sepol/policydb/util.h b/libsepol/include/sepol/policydb/util.h
new file mode 100644
index 0000000..40bfaa6
--- /dev/null
+++ b/libsepol/include/sepol/policydb/util.h
@@ -0,0 +1,31 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * A set of utility functions that aid policy decision when dealing
+ * with hierarchal namespaces.
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __SEPOL_UTIL_H__
+#define __SEPOL_UTIL_H__
+
+extern int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a);
+
+extern char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
+ sepol_access_vector_t av);
+
+#endif
diff --git a/libsepol/include/sepol/port_record.h b/libsepol/include/sepol/port_record.h
new file mode 100644
index 0000000..b347e08
--- /dev/null
+++ b/libsepol/include/sepol/port_record.h
@@ -0,0 +1,66 @@
+#ifndef _SEPOL_PORT_RECORD_H_
+#define _SEPOL_PORT_RECORD_H_
+
+#include <sepol/context_record.h>
+#include <sepol/handle.h>
+
+struct sepol_port;
+struct sepol_port_key;
+typedef struct sepol_port sepol_port_t;
+typedef struct sepol_port_key sepol_port_key_t;
+
+#define SEPOL_PROTO_UDP 0
+#define SEPOL_PROTO_TCP 1
+
+/* Key */
+extern int sepol_port_compare(const sepol_port_t * port,
+ const sepol_port_key_t * key);
+
+extern int sepol_port_compare2(const sepol_port_t * port,
+ const sepol_port_t * port2);
+
+extern int sepol_port_key_create(sepol_handle_t * handle,
+ int low, int high, int proto,
+ sepol_port_key_t ** key_ptr);
+
+extern void sepol_port_key_unpack(const sepol_port_key_t * key,
+ int *low, int *high, int *proto);
+
+extern int sepol_port_key_extract(sepol_handle_t * handle,
+ const sepol_port_t * port,
+ sepol_port_key_t ** key_ptr);
+
+extern void sepol_port_key_free(sepol_port_key_t * key);
+
+/* Protocol */
+extern int sepol_port_get_proto(const sepol_port_t * port);
+
+extern void sepol_port_set_proto(sepol_port_t * port, int proto);
+
+extern const char *sepol_port_get_proto_str(int proto);
+
+/* Port */
+extern int sepol_port_get_low(const sepol_port_t * port);
+
+extern int sepol_port_get_high(const sepol_port_t * port);
+
+extern void sepol_port_set_port(sepol_port_t * port, int port_num);
+
+extern void sepol_port_set_range(sepol_port_t * port, int low, int high);
+
+/* Context */
+extern sepol_context_t *sepol_port_get_con(const sepol_port_t * port);
+
+extern int sepol_port_set_con(sepol_handle_t * handle,
+ sepol_port_t * port, sepol_context_t * con);
+
+/* Create/Clone/Destroy */
+extern int sepol_port_create(sepol_handle_t * handle, sepol_port_t ** port_ptr);
+
+extern int sepol_port_clone(sepol_handle_t * handle,
+ const sepol_port_t * port,
+ sepol_port_t ** port_ptr);
+
+extern void sepol_port_free(sepol_port_t * port);
+
+#endif
diff --git a/libsepol/include/sepol/ports.h b/libsepol/include/sepol/ports.h
new file mode 100644
index 0000000..fb94117
--- /dev/null
+++ b/libsepol/include/sepol/ports.h
@@ -0,0 +1,40 @@
+#ifndef _SEPOL_PORTS_H_
+#define _SEPOL_PORTS_H_
+
+#include <sepol/handle.h>
+#include <sepol/policydb.h>
+#include <sepol/port_record.h>
+
+/* Return the number of ports */
+extern int sepol_port_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response);
+
+/* Check if a port exists */
+extern int sepol_port_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_port_key_t * key, int *response);
+
+/* Query a port - returns the port, or NULL if not found */
+extern int sepol_port_query(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_port_key_t * key,
+ sepol_port_t ** response);
+
+/* Modify a port, or add it, if the key is not found */
+extern int sepol_port_modify(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const sepol_port_key_t * key,
+ const sepol_port_t * data);
+
+/* Iterate the ports
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_port_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ int (*fn) (const sepol_port_t * port,
+ void *fn_arg), void *arg);
+
+#endif
diff --git a/libsepol/include/sepol/roles.h b/libsepol/include/sepol/roles.h
new file mode 100644
index 0000000..113f9d2
--- /dev/null
+++ b/libsepol/include/sepol/roles.h
@@ -0,0 +1,10 @@
+#ifndef _SEPOL_ROLES_H_
+#define _SEPOL_ROLES_H_
+
+extern int sepol_role_exists(const sepol_policydb_t * policydb,
+ const char *role, int *response);
+
+extern int sepol_role_list(const sepol_policydb_t * policydb,
+ char ***roles, unsigned int *nroles);
+
+#endif
diff --git a/libsepol/include/sepol/sepol.h b/libsepol/include/sepol/sepol.h
new file mode 100644
index 0000000..c8900d3
--- /dev/null
+++ b/libsepol/include/sepol/sepol.h
@@ -0,0 +1,28 @@
+#ifndef _SEPOL_H_
+#define _SEPOL_H_
+
+#include <stddef.h>
+#include <stdio.h>
+
+#include <sepol/user_record.h>
+#include <sepol/context_record.h>
+#include <sepol/iface_record.h>
+#include <sepol/port_record.h>
+#include <sepol/boolean_record.h>
+#include <sepol/node_record.h>
+
+#include <sepol/booleans.h>
+#include <sepol/interfaces.h>
+#include <sepol/ports.h>
+#include <sepol/nodes.h>
+#include <sepol/users.h>
+#include <sepol/handle.h>
+#include <sepol/debug.h>
+#include <sepol/policydb.h>
+#include <sepol/module.h>
+#include <sepol/context.h>
+
+/* Set internal policydb from a file for subsequent service calls. */
+extern int sepol_set_policydb_from_file(FILE * fp);
+
+#endif
diff --git a/libsepol/include/sepol/user_record.h b/libsepol/include/sepol/user_record.h
new file mode 100644
index 0000000..c86ad16
--- /dev/null
+++ b/libsepol/include/sepol/user_record.h
@@ -0,0 +1,76 @@
+#ifndef _SEPOL_USER_RECORD_H_
+#define _SEPOL_USER_RECORD_H_
+
+#include <stddef.h>
+#include <sepol/handle.h>
+
+struct sepol_user;
+struct sepol_user_key;
+typedef struct sepol_user sepol_user_t;
+typedef struct sepol_user_key sepol_user_key_t;
+
+/* Key */
+extern int sepol_user_key_create(sepol_handle_t * handle,
+ const char *name, sepol_user_key_t ** key);
+
+extern void sepol_user_key_unpack(const sepol_user_key_t * key,
+ const char **name);
+
+extern int sepol_user_key_extract(sepol_handle_t * handle,
+ const sepol_user_t * user,
+ sepol_user_key_t ** key_ptr);
+
+extern void sepol_user_key_free(sepol_user_key_t * key);
+
+extern int sepol_user_compare(const sepol_user_t * user,
+ const sepol_user_key_t * key);
+
+extern int sepol_user_compare2(const sepol_user_t * user,
+ const sepol_user_t * user2);
+
+/* Name */
+extern const char *sepol_user_get_name(const sepol_user_t * user);
+
+extern int sepol_user_set_name(sepol_handle_t * handle,
+ sepol_user_t * user, const char *name);
+
+/* MLS */
+extern const char *sepol_user_get_mlslevel(const sepol_user_t * user);
+
+extern int sepol_user_set_mlslevel(sepol_handle_t * handle,
+ sepol_user_t * user, const char *mls_level);
+
+extern const char *sepol_user_get_mlsrange(const sepol_user_t * user);
+
+extern int sepol_user_set_mlsrange(sepol_handle_t * handle,
+ sepol_user_t * user, const char *mls_range);
+
+/* Role management */
+extern int sepol_user_get_num_roles(const sepol_user_t * user);
+
+extern int sepol_user_add_role(sepol_handle_t * handle,
+ sepol_user_t * user, const char *role);
+
+extern void sepol_user_del_role(sepol_user_t * user, const char *role);
+
+extern int sepol_user_has_role(const sepol_user_t * user, const char *role);
+
+extern int sepol_user_get_roles(sepol_handle_t * handle,
+ const sepol_user_t * user,
+ const char ***roles_arr,
+ unsigned int *num_roles);
+
+extern int sepol_user_set_roles(sepol_handle_t * handle,
+ sepol_user_t * user,
+ const char **roles_arr, unsigned int num_roles);
+
+/* Create/Clone/Destroy */
+extern int sepol_user_create(sepol_handle_t * handle, sepol_user_t ** user_ptr);
+
+extern int sepol_user_clone(sepol_handle_t * handle,
+ const sepol_user_t * user,
+ sepol_user_t ** user_ptr);
+
+extern void sepol_user_free(sepol_user_t * user);
+
+#endif
diff --git a/libsepol/include/sepol/users.h b/libsepol/include/sepol/users.h
new file mode 100644
index 0000000..01b0775
--- /dev/null
+++ b/libsepol/include/sepol/users.h
@@ -0,0 +1,57 @@
+#ifndef _SEPOL_USERS_H_
+#define _SEPOL_USERS_H_
+
+#include <sepol/policydb.h>
+#include <sepol/user_record.h>
+#include <sepol/handle.h>
+#include <stddef.h>
+
+/*---------compatibility------------*/
+
+/* Given an existing binary policy (starting at 'data with length 'len')
+ and user configurations living in 'usersdir', generate a new binary
+ policy for the new user configurations. Sets '*newdata' and '*newlen'
+ to refer to the new binary policy image. */
+extern int sepol_genusers(void *data, size_t len,
+ const char *usersdir,
+ void **newdata, size_t * newlen);
+
+/* Enable or disable deletion of users by sepol_genusers(3) when
+ a user in original binary policy image is not defined by the
+ new user configurations. Defaults to disabled. */
+extern void sepol_set_delusers(int on);
+
+/*--------end compatibility----------*/
+
+/* Modify the user, or add it, if the key is not found */
+extern int sepol_user_modify(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const sepol_user_key_t * key,
+ const sepol_user_t * data);
+
+/* Return the number of users */
+extern int sepol_user_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response);
+
+/* Check if the specified user exists */
+extern int sepol_user_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_user_key_t * key, int *response);
+
+/* Query a user - returns the user or NULL if not found */
+extern int sepol_user_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_user_key_t * key,
+ sepol_user_t ** response);
+
+/* Iterate the users
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+extern int sepol_user_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ int (*fn) (const sepol_user_t * user,
+ void *fn_arg), void *arg);
+
+#endif
diff --git a/libsepol/man/Makefile b/libsepol/man/Makefile
new file mode 100644
index 0000000..b96bc94
--- /dev/null
+++ b/libsepol/man/Makefile
@@ -0,0 +1,10 @@
+# Installation directories.
+MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+
+install:
+ mkdir -p $(MAN3DIR)
+ mkdir -p $(MAN8DIR)
+ install -m 644 man3/*.3 $(MAN3DIR)
+ install -m 644 man8/*.8 $(MAN8DIR)
+
diff --git a/libsepol/man/man3/sepol_check_context.3 b/libsepol/man/man3/sepol_check_context.3
new file mode 100644
index 0000000..a63cd56
--- /dev/null
+++ b/libsepol/man/man3/sepol_check_context.3
@@ -0,0 +1,25 @@
+.TH "sepol_check_context" "3" "15 March 2005" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
+.SH "NAME"
+sepol_check_context \- Check the validity of a security context against a binary policy.
+.SH "SYNOPSIS"
+.B #include <sepol/sepol.h>
+.sp
+.BI "int sepol_check_context(const char *" context ");"
+.sp
+.BI "int sepol_set_policydb_from_file(FILE *" fp ");"
+
+.SH "DESCRIPTION"
+.B sepol_check_context
+checks the validity of a security context against a binary policy
+previously loaded from a file via
+.B sepol_set_policydb_from_file.
+It is used by
+.B setfiles -c
+to validate a file contexts configuration against the binary policy
+upon policy builds. For validating a context against the active
+policy on a SELinux system, use
+.B security_check_context
+from libselinux instead.
+
+.SH "RETURN VALUE"
+Returns 0 on success or -1 with errno set otherwise.
diff --git a/libsepol/man/man3/sepol_genbools.3 b/libsepol/man/man3/sepol_genbools.3
new file mode 100644
index 0000000..0a30137
--- /dev/null
+++ b/libsepol/man/man3/sepol_genbools.3
@@ -0,0 +1,30 @@
+.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation"
+.SH "NAME"
+sepol_genbools \- Rewrite a binary policy with different boolean settings
+.SH "SYNOPSIS"
+.B #include <sepol/sepol.h>
+.sp
+.BI "int sepol_genbools(void *" data ", size_t "len ", char *" boolpath );
+.br
+.BI "int sepol_genbools_array(void *" data ", size_t " len ", char **" names ", int *" values ", int " nel );
+
+.SH "DESCRIPTION"
+.B sepol_genbools
+rewrites a binary policy stored in the memory region described by
+(data, len) to use the boolean settings specified in the file named by
+boolpath. The boolean settings are specified by name=value lines
+where value may be 0 or false to disable or 1 or true to enable. The
+binary policy is rewritten in place in memory.
+
+.B sepol_genbools_array
+does likewise, but obtains the boolean settings from the parallel arrays
+(names, values) with nel elements each.
+
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise, with errno set appropriately.
+An errno of ENOENT indicates that the boolean file did not exist.
+An errno of EINVAL indicates that one or more booleans listed in the
+boolean file was undefined in the policy or had an invalid value specified;
+in this case, the binary policy is still rewritten but any invalid
+boolean settings are ignored.
+
diff --git a/libsepol/man/man3/sepol_genusers.3 b/libsepol/man/man3/sepol_genusers.3
new file mode 100644
index 0000000..05dff00
--- /dev/null
+++ b/libsepol/man/man3/sepol_genusers.3
@@ -0,0 +1,54 @@
+.TH "sepol_genusers" "3" "15 March 2005" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
+.SH "NAME"
+sepol_genusers \- Generate a new binary policy image with a customized user configuration
+.SH "SYNOPSIS"
+.B #include <sepol/sepol.h>
+.sp
+.BI "int sepol_genusers(void *" data ", size_t "len ", const char *" usersdir ", void *" newdata ", size_t *" newlen);
+.sp
+.BI "void sepol_set_delusers(int " on ");"
+
+.SH "DESCRIPTION"
+.B sepol_genusers
+generates a new binary policy image from
+an existing binary policy image stored in the memory region described by
+the starting address
+.I data
+and the length
+.I len
+and a pair of user configuration files named
+.B system.users
+and
+.B local.users
+from the directory specified by
+.I usersdir.
+The resulting binary policy is placed into dynamically allocated
+memory and the variables
+.I newdata
+and
+.I newlen
+are set to refer to the new binary image's starting address and length.
+The original binary policy image is not modified.
+
+By default,
+.B sepol_genusers
+will preserve user entries that are defined in the original binary policy image
+but not defined in the user configuration files. If such user entries
+should instead by omitted entirely from the new binary policy image, then
+the
+.B sepol_set_delusers
+function may be called with
+.I on
+set to 1 prior to calling
+.B sepol_genusers
+in order to enable deletion of such users.
+
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise, with errno set appropriately.
+An errno of ENOENT indicates that one or both of the user
+configuration files did not exist. An errno of EINVAL indicates that
+either the original binary policy image or the generated one were
+invalid. An errno of ENOMEM indicates that insufficient memory was
+available to process the original binary policy image or to generate
+the new policy image. Invalid entries in the user configuration files
+are skipped with a warning.
diff --git a/libsepol/man/man8/chkcon.8 b/libsepol/man/man8/chkcon.8
new file mode 100644
index 0000000..f8d75df
--- /dev/null
+++ b/libsepol/man/man8/chkcon.8
@@ -0,0 +1,41 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 1997 Manoj Srivastava <srivasta@debian.org>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.TH CHKCON 8 "Mar 12 2005" "SELinux" "SELinux Command Line documentation"
+.SH NAME
+chkcon \- determine if a security context is valid for a given binary policy
+.SH SYNOPSIS
+chkcon policy_file context
+.SH DESCRIPTION
+This utility validates (the string representation of) a security context
+specified by the argument
+.I context
+against configuration data read in from a policy database binary
+representation file specified by the argument
+.I policy_file.
+.SH FILES
+policy file
+.SH AUTHOR
+This manual page (and just the manual page) was written by Manoj
+Srivastava <srivasta@debian.org>.
+
diff --git a/libsepol/man/man8/genpolbools.8 b/libsepol/man/man8/genpolbools.8
new file mode 100644
index 0000000..afeaced
--- /dev/null
+++ b/libsepol/man/man8/genpolbools.8
@@ -0,0 +1,16 @@
+.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation"
+.SH "NAME"
+genpolbools \- Rewrite a binary policy with different boolean settings
+.SH "SYNOPSIS"
+.B genpolbools oldpolicy booleans newpolicy
+
+.SH "DESCRIPTION"
+.B genpolbools
+rewrites an existing binary policy with different boolean settings,
+generating a new binary policy. The booleans file specifies the
+different boolean settings using name=value lines, where value
+can be 0 or false to disable the boolean or 1 or true to enable it.
+
+
+
+
diff --git a/libsepol/man/man8/genpolusers.8 b/libsepol/man/man8/genpolusers.8
new file mode 100644
index 0000000..34d729a
--- /dev/null
+++ b/libsepol/man/man8/genpolusers.8
@@ -0,0 +1,42 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 1997 Manoj Srivastava <srivasta@debian.org>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.TH GENPOLUSERS 8 "Mar 12 2005" "SELinux" "SELinux Command Line documentation"
+.SH NAME
+genpolusers \- Generate new binary policy with updated user configuration
+.SH SYNOPSIS
+genpolusers in-policy usersdir out-policy
+.SH DESCRIPTION
+Given an existing binary policy file
+.I in\-policy,
+generate a new binary policy
+.I out\-policy
+with an updated user configuration based on any
+.B system.users
+and
+.B local.users
+files in the specified
+.I usersdir.
+.SH AUTHOR
+This manual page (and just the manual page) was written by Manoj
+Srivastava <srivasta@debian.org>.
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
new file mode 100644
index 0000000..608fe0b
--- /dev/null
+++ b/libsepol/src/Makefile
@@ -0,0 +1,47 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+SHLIBDIR ?= $(DESTDIR)/lib
+
+LIBVERSION = 1
+
+LIBA=libsepol.a
+TARGET=libsepol.so
+LIBSO=$(TARGET).$(LIBVERSION)
+OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
+LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
+override CFLAGS += -I. -I../include -D_GNU_SOURCE
+
+all: $(LIBA) $(LIBSO)
+
+$(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ ranlib $@
+
+$(LIBSO): $(LOBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
+ ln -sf $@ $(TARGET)
+
+%.o: %.c
+ $(CC) $(CFLAGS) -fPIC -c -o $@ $<
+
+%.lo: %.c
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+install: all
+ test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
+ install -m 644 $(LIBA) $(LIBDIR)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+
+relabel:
+ /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+
+clean:
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET)
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
new file mode 100644
index 0000000..a6e0c04
--- /dev/null
+++ b/libsepol/src/assertion.c
@@ -0,0 +1,151 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Assertion checker for avtab entries, taken from
+ * checkpolicy.c by Stephen Smalley <sds@tycho.nsa.gov>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/util.h>
+
+#include "debug.h"
+
+static int check_assertion_helper(sepol_handle_t * handle,
+ policydb_t * p,
+ avtab_t * te_avtab, avtab_t * te_cond_avtab,
+ unsigned int stype, unsigned int ttype,
+ class_perm_node_t * perm, unsigned long line)
+{
+ avtab_key_t avkey;
+ avtab_ptr_t node;
+ class_perm_node_t *curperm;
+
+ for (curperm = perm; curperm != NULL; curperm = curperm->next) {
+ avkey.source_type = stype + 1;
+ avkey.target_type = ttype + 1;
+ avkey.target_class = curperm->class;
+ avkey.specified = AVTAB_ALLOWED;
+ for (node = avtab_search_node(te_avtab, &avkey);
+ node != NULL;
+ node = avtab_search_node_next(node, avkey.specified)) {
+ if (node->datum.data & curperm->data)
+ goto err;
+ }
+ for (node = avtab_search_node(te_cond_avtab, &avkey);
+ node != NULL;
+ node = avtab_search_node_next(node, avkey.specified)) {
+ if (node->datum.data & curperm->data)
+ goto err;
+ }
+ }
+
+ return 0;
+
+ err:
+ if (line) {
+ ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
+ line, p->p_type_val_to_name[stype],
+ p->p_type_val_to_name[ttype],
+ p->p_class_val_to_name[curperm->class - 1],
+ sepol_av_to_string(p, curperm->class,
+ node->datum.data & curperm->data));
+ } else {
+ ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
+ p->p_type_val_to_name[stype],
+ p->p_type_val_to_name[ttype],
+ p->p_class_val_to_name[curperm->class - 1],
+ sepol_av_to_string(p, curperm->class,
+ node->datum.data & curperm->data));
+ }
+ return -1;
+}
+
+int check_assertions(sepol_handle_t * handle, policydb_t * p,
+ avrule_t * avrules)
+{
+ avrule_t *a;
+ avtab_t te_avtab, te_cond_avtab;
+ ebitmap_node_t *snode, *tnode;
+ unsigned int i, j;
+ int rc;
+
+ if (!avrules) {
+ /* Since assertions are stored in avrules, if it is NULL
+ there won't be any to check. This also prevents an invalid
+ free if the avtabs are never initialized */
+ return 0;
+ }
+
+ if (avrules) {
+ if (avtab_init(&te_avtab))
+ goto oom;
+ if (avtab_init(&te_cond_avtab)) {
+ avtab_destroy(&te_avtab);
+ goto oom;
+ }
+ if (expand_avtab(p, &p->te_avtab, &te_avtab) ||
+ expand_avtab(p, &p->te_cond_avtab, &te_cond_avtab)) {
+ avtab_destroy(&te_avtab);
+ avtab_destroy(&te_cond_avtab);
+ goto oom;
+ }
+ }
+
+ for (a = avrules; a != NULL; a = a->next) {
+ ebitmap_t *stypes = &a->stypes.types;
+ ebitmap_t *ttypes = &a->ttypes.types;
+
+ if (!(a->specified & AVRULE_NEVERALLOW))
+ continue;
+
+ ebitmap_for_each_bit(stypes, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ if (a->flags & RULE_SELF) {
+ if (check_assertion_helper
+ (handle, p, &te_avtab, &te_cond_avtab, i, i,
+ a->perms, a->line)) {
+ rc = -1;
+ goto out;
+ }
+ }
+ ebitmap_for_each_bit(ttypes, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ if (check_assertion_helper
+ (handle, p, &te_avtab, &te_cond_avtab, i, j,
+ a->perms, a->line)) {
+ rc = -1;
+ goto out;
+ }
+ }
+ }
+ }
+
+ rc = 0;
+out:
+ avtab_destroy(&te_avtab);
+ avtab_destroy(&te_cond_avtab);
+ return rc;
+
+ oom:
+ ERR(handle, "Out of memory - unable to check neverallows");
+ return -1;
+}
diff --git a/libsepol/src/av_permissions.h b/libsepol/src/av_permissions.h
new file mode 100644
index 0000000..97278ed
--- /dev/null
+++ b/libsepol/src/av_permissions.h
@@ -0,0 +1,3 @@
+/* Used by security_compute_av. */
+#define PROCESS__TRANSITION 0x00000002UL
+#define PROCESS__DYNTRANSITION 0x00800000UL
diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
new file mode 100644
index 0000000..8d1f8f6
--- /dev/null
+++ b/libsepol/src/avrule_block.c
@@ -0,0 +1,201 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ *
+ * Functions that manipulate a logical block (conditional, optional,
+ * or global scope) for a policy module.
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/avrule_block.h>
+
+#include <assert.h>
+#include <stdlib.h>
+
+/* It is anticipated that there be less declarations within an avrule
+ * block than the global policy. Thus the symbol table sizes are
+ * smaller than those listed in policydb.c */
+static unsigned int symtab_sizes[SYM_NUM] = {
+ 2,
+ 4,
+ 8,
+ 32,
+ 16,
+ 4,
+ 2,
+ 2,
+};
+
+avrule_block_t *avrule_block_create(void)
+{
+ avrule_block_t *block;
+ if ((block = calloc(1, sizeof(*block))) == NULL) {
+ return NULL;
+ }
+ return block;
+}
+
+avrule_decl_t *avrule_decl_create(uint32_t decl_id)
+{
+ avrule_decl_t *decl;
+ int i;
+ if ((decl = calloc(1, sizeof(*decl))) == NULL) {
+ return NULL;
+ }
+ decl->decl_id = decl_id;
+ for (i = 0; i < SYM_NUM; i++) {
+ if (symtab_init(&decl->symtab[i], symtab_sizes[i])) {
+ avrule_decl_destroy(decl);
+ free(decl);
+ return NULL;
+ }
+ }
+
+ for (i = 0; i < SYM_NUM; i++) {
+ ebitmap_init(&decl->required.scope[i]);
+ ebitmap_init(&decl->declared.scope[i]);
+ }
+ return decl;
+}
+
+/* note that unlike the other destroy functions, this one does /NOT/
+ * destroy the pointer itself */
+static void scope_index_destroy(scope_index_t * scope)
+{
+ unsigned int i;
+ if (scope == NULL) {
+ return;
+ }
+ for (i = 0; i < SYM_NUM; i++) {
+ ebitmap_destroy(scope->scope + i);
+ }
+ for (i = 0; i < scope->class_perms_len; i++) {
+ ebitmap_destroy(scope->class_perms_map + i);
+ }
+ free(scope->class_perms_map);
+}
+
+void avrule_decl_destroy(avrule_decl_t * x)
+{
+ if (x == NULL) {
+ return;
+ }
+ cond_list_destroy(x->cond_list);
+ avrule_list_destroy(x->avrules);
+ role_trans_rule_list_destroy(x->role_tr_rules);
+ role_allow_rule_list_destroy(x->role_allow_rules);
+ range_trans_rule_list_destroy(x->range_tr_rules);
+ scope_index_destroy(&x->required);
+ scope_index_destroy(&x->declared);
+ symtabs_destroy(x->symtab);
+ free(x->module_name);
+ free(x);
+}
+
+void avrule_block_destroy(avrule_block_t * x)
+{
+ avrule_decl_t *decl;
+ if (x == NULL) {
+ return;
+ }
+ decl = x->branch_list;
+ while (decl != NULL) {
+ avrule_decl_t *next_decl = decl->next;
+ avrule_decl_destroy(decl);
+ decl = next_decl;
+ }
+ free(x);
+}
+
+void avrule_block_list_destroy(avrule_block_t * x)
+{
+ while (x != NULL) {
+ avrule_block_t *next = x->next;
+ avrule_block_destroy(x);
+ x = next;
+ }
+}
+
+/* Get a conditional node from a avrule_decl with the same expression.
+ * If that expression does not exist then create one. */
+cond_list_t *get_decl_cond_list(policydb_t * p, avrule_decl_t * decl,
+ cond_list_t * cond)
+{
+ cond_list_t *result;
+ int was_created;
+ result = cond_node_find(p, cond, decl->cond_list, &was_created);
+ if (result != NULL && was_created) {
+ result->next = decl->cond_list;
+ decl->cond_list = result;
+ }
+ return result;
+}
+
+/* Look up an identifier in a policy's scoping table. If it is there,
+ * marked as SCOPE_DECL, and any of its declaring block has been enabled,
+ * then return 1. Otherwise return 0. Can only be called after the
+ * decl_val_to_struct index has been created */
+int is_id_enabled(char *id, policydb_t * p, int symbol_table)
+{
+ scope_datum_t *scope =
+ (scope_datum_t *) hashtab_search(p->scope[symbol_table].table, id);
+ uint32_t i;
+ if (scope == NULL) {
+ return 0;
+ }
+ if (scope->scope != SCOPE_DECL) {
+ return 0;
+ }
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ avrule_decl_t *decl =
+ p->decl_val_to_struct[scope->decl_ids[i] - 1];
+ if (decl != NULL && decl->enabled) {
+ return 1;
+ }
+ }
+ return 0;
+}
+
+/* Check if a particular permission is present within the given class,
+ * and that the class is enabled. Returns 1 if both conditions are
+ * true, 0 if neither could be found or if the class id disabled. */
+int is_perm_enabled(char *class_id, char *perm_id, policydb_t * p)
+{
+ class_datum_t *cladatum;
+ perm_datum_t *perm;
+ if (!is_id_enabled(class_id, p, SYM_CLASSES)) {
+ return 0;
+ }
+ cladatum =
+ (class_datum_t *) hashtab_search(p->p_classes.table, class_id);
+ if (cladatum == NULL) {
+ return 0;
+ }
+ perm = hashtab_search(cladatum->permissions.table, perm_id);
+ if (perm == NULL && cladatum->comdatum != 0) {
+ /* permission was not in this class. before giving
+ * up, check the class's parent */
+ perm =
+ hashtab_search(cladatum->comdatum->permissions.table,
+ perm_id);
+ }
+ if (perm == NULL) {
+ return 0;
+ }
+ return 1;
+}
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
new file mode 100644
index 0000000..ea947cb
--- /dev/null
+++ b/libsepol/src/avtab.c
@@ -0,0 +1,531 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
+ * Tuned number of hash slots for avtab to reduce memory usage
+ */
+
+/* Updated: Frank Mayer <mayerf@tresys.com>
+ * and Karl MacMillan <kmacmillan@mentalrootkit.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
+ *
+ * Code cleanup
+ *
+ * Updated: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ *
+ * Copyright (C) 2003 Tresys Technology, LLC
+ * Copyright (C) 2003,2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the access vector table type.
+ */
+
+#include <stdlib.h>
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/errcodes.h>
+
+#include "debug.h"
+#include "private.h"
+
+static inline int avtab_hash(struct avtab_key *keyp, uint16_t mask)
+{
+ return ((keyp->target_class + (keyp->target_type << 2) +
+ (keyp->source_type << 9)) & mask);
+}
+
+static avtab_ptr_t
+avtab_insert_node(avtab_t * h, int hvalue, avtab_ptr_t prev, avtab_key_t * key,
+ avtab_datum_t * datum)
+{
+ avtab_ptr_t newnode;
+ newnode = (avtab_ptr_t) malloc(sizeof(struct avtab_node));
+ if (newnode == NULL)
+ return NULL;
+ memset(newnode, 0, sizeof(struct avtab_node));
+ newnode->key = *key;
+ newnode->datum = *datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return newnode;
+}
+
+int avtab_insert(avtab_t * h, avtab_key_t * key, avtab_datum_t * datum)
+{
+ int hvalue;
+ avtab_ptr_t prev, cur, newnode;
+ uint16_t specified =
+ key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
+
+ if (!h || !h->htable)
+ return SEPOL_ENOMEM;
+
+ hvalue = avtab_hash(key, h->mask);
+ for (prev = NULL, cur = h->htable[hvalue];
+ cur; prev = cur, cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->key.specified))
+ return SEPOL_EEXIST;
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+
+ newnode = avtab_insert_node(h, hvalue, prev, key, datum);
+ if (!newnode)
+ return SEPOL_ENOMEM;
+
+ return 0;
+}
+
+/* Unlike avtab_insert(), this function allow multiple insertions of the same
+ * key/specified mask into the table, as needed by the conditional avtab.
+ * It also returns a pointer to the node inserted.
+ */
+avtab_ptr_t
+avtab_insert_nonunique(avtab_t * h, avtab_key_t * key, avtab_datum_t * datum)
+{
+ int hvalue;
+ avtab_ptr_t prev, cur, newnode;
+ uint16_t specified =
+ key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
+
+ if (!h || !h->htable)
+ return NULL;
+ hvalue = avtab_hash(key, h->mask);
+ for (prev = NULL, cur = h->htable[hvalue];
+ cur; prev = cur, cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->key.specified))
+ break;
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+ newnode = avtab_insert_node(h, hvalue, prev, key, datum);
+
+ return newnode;
+}
+
+avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * key)
+{
+ int hvalue;
+ avtab_ptr_t cur;
+ uint16_t specified =
+ key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
+
+ if (!h || !h->htable)
+ return NULL;
+
+ hvalue = avtab_hash(key, h->mask);
+ for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->key.specified))
+ return &cur->datum;
+
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+
+ return NULL;
+}
+
+/* This search function returns a node pointer, and can be used in
+ * conjunction with avtab_search_next_node()
+ */
+avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key)
+{
+ int hvalue;
+ avtab_ptr_t cur;
+ uint16_t specified =
+ key->specified & ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
+
+ if (!h || !h->htable)
+ return NULL;
+
+ hvalue = avtab_hash(key, h->mask);
+ for (cur = h->htable[hvalue]; cur; cur = cur->next) {
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class == cur->key.target_class &&
+ (specified & cur->key.specified))
+ return cur;
+
+ if (key->source_type < cur->key.source_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type < cur->key.target_type)
+ break;
+ if (key->source_type == cur->key.source_type &&
+ key->target_type == cur->key.target_type &&
+ key->target_class < cur->key.target_class)
+ break;
+ }
+ return NULL;
+}
+
+avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified)
+{
+ avtab_ptr_t cur;
+
+ if (!node)
+ return NULL;
+
+ specified &= ~(AVTAB_ENABLED | AVTAB_ENABLED_OLD);
+ for (cur = node->next; cur; cur = cur->next) {
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type == cur->key.target_type &&
+ node->key.target_class == cur->key.target_class &&
+ (specified & cur->key.specified))
+ return cur;
+
+ if (node->key.source_type < cur->key.source_type)
+ break;
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type < cur->key.target_type)
+ break;
+ if (node->key.source_type == cur->key.source_type &&
+ node->key.target_type == cur->key.target_type &&
+ node->key.target_class < cur->key.target_class)
+ break;
+ }
+ return NULL;
+}
+
+void avtab_destroy(avtab_t * h)
+{
+ unsigned int i;
+ avtab_ptr_t cur, temp;
+
+ if (!h || !h->htable)
+ return;
+
+ for (i = 0; i < h->nslot; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ free(temp);
+ }
+ h->htable[i] = NULL;
+ }
+ free(h->htable);
+ h->htable = NULL;
+ h->nslot = 0;
+ h->mask = 0;
+}
+
+int avtab_map(avtab_t * h,
+ int (*apply) (avtab_key_t * k,
+ avtab_datum_t * d, void *args), void *args)
+{
+ unsigned int i;
+ int ret;
+ avtab_ptr_t cur;
+
+ if (!h)
+ return 0;
+
+ for (i = 0; i < h->nslot; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(&cur->key, &cur->datum, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+int avtab_init(avtab_t * h)
+{
+ h->htable = NULL;
+ h->nel = 0;
+ return 0;
+}
+
+int avtab_alloc(avtab_t *h, uint32_t nrules)
+{
+ uint16_t mask = 0;
+ uint32_t shift = 0;
+ uint32_t work = nrules;
+ uint32_t nslot = 0;
+
+ if (nrules == 0)
+ goto out;
+
+ while (work) {
+ work = work >> 1;
+ shift++;
+ }
+ if (shift > 2)
+ shift = shift - 2;
+ nslot = 1 << shift;
+ if (nslot > MAX_AVTAB_SIZE)
+ nslot = MAX_AVTAB_SIZE;
+ mask = nslot - 1;
+
+ h->htable = calloc(nslot, sizeof(avtab_ptr_t));
+ if (!h->htable)
+ return -1;
+out:
+ h->nel = 0;
+ h->nslot = nslot;
+ h->mask = mask;
+ return 0;
+}
+
+void avtab_hash_eval(avtab_t * h, char *tag)
+{
+ unsigned int i, chain_len, slots_used, max_chain_len;
+ avtab_ptr_t cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < h->nslot; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf
+ ("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, h->nslot, max_chain_len);
+}
+
+/* Ordering of datums in the original avtab format in the policy file. */
+static uint16_t spec_order[] = {
+ AVTAB_ALLOWED,
+ AVTAB_AUDITDENY,
+ AVTAB_AUDITALLOW,
+ AVTAB_TRANSITION,
+ AVTAB_CHANGE,
+ AVTAB_MEMBER
+};
+
+int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
+ int (*insertf) (avtab_t * a, avtab_key_t * k,
+ avtab_datum_t * d, void *p), void *p)
+{
+ uint16_t buf16[4], enabled;
+ uint32_t buf32[7], items, items2, val;
+ avtab_key_t key;
+ avtab_datum_t datum;
+ unsigned set;
+ unsigned int i;
+ int rc;
+
+ memset(&key, 0, sizeof(avtab_key_t));
+ memset(&datum, 0, sizeof(avtab_datum_t));
+
+ if (vers < POLICYDB_VERSION_AVTAB) {
+ rc = next_entry(buf32, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(fp->handle, "truncated entry");
+ return -1;
+ }
+ items2 = le32_to_cpu(buf32[0]);
+
+ if (items2 < 5 || items2 > ARRAY_SIZE(buf32)) {
+ ERR(fp->handle, "invalid item count");
+ return -1;
+ }
+
+ rc = next_entry(buf32, fp, sizeof(uint32_t) * items2);
+ if (rc < 0) {
+ ERR(fp->handle, "truncated entry");
+ return -1;
+ }
+
+ items = 0;
+ val = le32_to_cpu(buf32[items++]);
+ key.source_type = (uint16_t) val;
+ if (key.source_type != val) {
+ ERR(fp->handle, "truncated source type");
+ return -1;
+ }
+ val = le32_to_cpu(buf32[items++]);
+ key.target_type = (uint16_t) val;
+ if (key.target_type != val) {
+ ERR(fp->handle, "truncated target type");
+ return -1;
+ }
+ val = le32_to_cpu(buf32[items++]);
+ key.target_class = (uint16_t) val;
+ if (key.target_class != val) {
+ ERR(fp->handle, "truncated target class");
+ return -1;
+ }
+
+ val = le32_to_cpu(buf32[items++]);
+ enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
+
+ if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
+ ERR(fp->handle, "null entry");
+ return -1;
+ }
+ if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) {
+ ERR(fp->handle, "entry has both access "
+ "vectors and types");
+ return -1;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
+ if (val & spec_order[i]) {
+ key.specified = spec_order[i] | enabled;
+ datum.data = le32_to_cpu(buf32[items++]);
+ rc = insertf(a, &key, &datum, p);
+ if (rc)
+ return rc;
+ }
+ }
+
+ if (items != items2) {
+ ERR(fp->handle, "entry only had %d items, "
+ "expected %d", items2, items);
+ return -1;
+ }
+ return 0;
+ }
+
+ rc = next_entry(buf16, fp, sizeof(uint16_t) * 4);
+ if (rc < 0) {
+ ERR(fp->handle, "truncated entry");
+ return -1;
+ }
+ items = 0;
+ key.source_type = le16_to_cpu(buf16[items++]);
+ key.target_type = le16_to_cpu(buf16[items++]);
+ key.target_class = le16_to_cpu(buf16[items++]);
+ key.specified = le16_to_cpu(buf16[items++]);
+
+ set = 0;
+ for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
+ if (key.specified & spec_order[i])
+ set++;
+ }
+ if (!set || set > 1) {
+ ERR(fp->handle, "more than one specifier");
+ return -1;
+ }
+
+ rc = next_entry(buf32, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(fp->handle, "truncated entry");
+ return -1;
+ }
+ datum.data = le32_to_cpu(*buf32);
+ return insertf(a, &key, &datum, p);
+}
+
+static int avtab_insertf(avtab_t * a, avtab_key_t * k, avtab_datum_t * d,
+ void *p __attribute__ ((unused)))
+{
+ return avtab_insert(a, k, d);
+}
+
+int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers)
+{
+ unsigned int i;
+ int rc;
+ uint32_t buf[1];
+ uint32_t nel;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(fp->handle, "truncated table");
+ goto bad;
+ }
+ nel = le32_to_cpu(buf[0]);
+ if (!nel) {
+ ERR(fp->handle, "table is empty");
+ goto bad;
+ }
+
+ rc = avtab_alloc(a, nel);
+ if (rc) {
+ ERR(fp->handle, "out of memory");
+ goto bad;
+ }
+
+ for (i = 0; i < nel; i++) {
+ rc = avtab_read_item(fp, vers, a, avtab_insertf, NULL);
+ if (rc) {
+ if (rc == SEPOL_ENOMEM)
+ ERR(fp->handle, "out of memory");
+ if (rc == SEPOL_EEXIST)
+ ERR(fp->handle, "duplicate entry");
+ ERR(fp->handle, "failed on entry %d of %u", i, nel);
+ goto bad;
+ }
+ }
+
+ return 0;
+
+ bad:
+ avtab_destroy(a);
+ return -1;
+}
diff --git a/libsepol/src/boolean_internal.h b/libsepol/src/boolean_internal.h
new file mode 100644
index 0000000..aad7ade
--- /dev/null
+++ b/libsepol/src/boolean_internal.h
@@ -0,0 +1,16 @@
+#ifndef _SEPOL_BOOLEAN_INTERNAL_H_
+#define _SEPOL_BOOLEAN_INTERNAL_H_
+
+#include <sepol/boolean_record.h>
+#include <sepol/booleans.h>
+#include "dso.h"
+
+hidden_proto(sepol_bool_key_create)
+ hidden_proto(sepol_bool_key_unpack)
+ hidden_proto(sepol_bool_get_name)
+ hidden_proto(sepol_bool_set_name)
+ hidden_proto(sepol_bool_get_value)
+ hidden_proto(sepol_bool_set_value)
+ hidden_proto(sepol_bool_create)
+ hidden_proto(sepol_bool_free)
+#endif
diff --git a/libsepol/src/boolean_record.c b/libsepol/src/boolean_record.c
new file mode 100644
index 0000000..8b64413
--- /dev/null
+++ b/libsepol/src/boolean_record.c
@@ -0,0 +1,180 @@
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "boolean_internal.h"
+#include "debug.h"
+
+struct sepol_bool {
+ /* This boolean's name */
+ char *name;
+
+ /* Its value */
+ int value;
+};
+
+struct sepol_bool_key {
+ /* This boolean's name */
+ const char *name;
+};
+
+int sepol_bool_key_create(sepol_handle_t * handle,
+ const char *name, sepol_bool_key_t ** key_ptr)
+{
+
+ sepol_bool_key_t *tmp_key =
+ (sepol_bool_key_t *) malloc(sizeof(struct sepol_bool_key));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, " "could not create boolean key");
+ return STATUS_ERR;
+ }
+
+ tmp_key->name = name;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_bool_key_create)
+
+void sepol_bool_key_unpack(const sepol_bool_key_t * key, const char **name)
+{
+
+ *name = key->name;
+}
+
+hidden_def(sepol_bool_key_unpack)
+
+int sepol_bool_key_extract(sepol_handle_t * handle,
+ const sepol_bool_t * boolean,
+ sepol_bool_key_t ** key_ptr)
+{
+
+ if (sepol_bool_key_create(handle, boolean->name, key_ptr) < 0) {
+ ERR(handle, "could not extract key from boolean %s",
+ boolean->name);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+void sepol_bool_key_free(sepol_bool_key_t * key)
+{
+ free(key);
+}
+
+int sepol_bool_compare(const sepol_bool_t * boolean,
+ const sepol_bool_key_t * key)
+{
+
+ return strcmp(boolean->name, key->name);
+}
+
+int sepol_bool_compare2(const sepol_bool_t * boolean,
+ const sepol_bool_t * boolean2)
+{
+
+ return strcmp(boolean->name, boolean2->name);
+}
+
+/* Name */
+const char *sepol_bool_get_name(const sepol_bool_t * boolean)
+{
+
+ return boolean->name;
+}
+
+hidden_def(sepol_bool_get_name)
+
+int sepol_bool_set_name(sepol_handle_t * handle,
+ sepol_bool_t * boolean, const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name) {
+ ERR(handle, "out of memory, could not set boolean name");
+ return STATUS_ERR;
+ }
+ free(boolean->name);
+ boolean->name = tmp_name;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_bool_set_name)
+
+/* Value */
+int sepol_bool_get_value(const sepol_bool_t * boolean)
+{
+
+ return boolean->value;
+}
+
+hidden_def(sepol_bool_get_value)
+
+void sepol_bool_set_value(sepol_bool_t * boolean, int value)
+{
+
+ boolean->value = value;
+}
+
+hidden_def(sepol_bool_set_value)
+
+/* Create */
+int sepol_bool_create(sepol_handle_t * handle, sepol_bool_t ** bool_ptr)
+{
+
+ sepol_bool_t *boolean = (sepol_bool_t *) malloc(sizeof(sepol_bool_t));
+
+ if (!boolean) {
+ ERR(handle, "out of memory, "
+ "could not create boolean record");
+ return STATUS_ERR;
+ }
+
+ boolean->name = NULL;
+ boolean->value = 0;
+
+ *bool_ptr = boolean;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_bool_create)
+
+/* Deep copy clone */
+int sepol_bool_clone(sepol_handle_t * handle,
+ const sepol_bool_t * boolean, sepol_bool_t ** bool_ptr)
+{
+
+ sepol_bool_t *new_bool = NULL;
+
+ if (sepol_bool_create(handle, &new_bool) < 0)
+ goto err;
+
+ if (sepol_bool_set_name(handle, new_bool, boolean->name) < 0)
+ goto err;
+
+ new_bool->value = boolean->value;
+
+ *bool_ptr = new_bool;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone boolean record");
+ sepol_bool_free(new_bool);
+ return STATUS_ERR;
+}
+
+/* Destroy */
+void sepol_bool_free(sepol_bool_t * boolean)
+{
+
+ if (!boolean)
+ return;
+
+ free(boolean->name);
+ free(boolean);
+}
+
+hidden_def(sepol_bool_free)
diff --git a/libsepol/src/booleans.c b/libsepol/src/booleans.c
new file mode 100644
index 0000000..7f37c8b
--- /dev/null
+++ b/libsepol/src/booleans.c
@@ -0,0 +1,216 @@
+#include <string.h>
+#include <stdlib.h>
+
+#include "handle.h"
+#include "private.h"
+#include "debug.h"
+
+#include <sepol/booleans.h>
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include "boolean_internal.h"
+
+static int bool_update(sepol_handle_t * handle,
+ policydb_t * policydb,
+ const sepol_bool_key_t * key, const sepol_bool_t * data)
+{
+
+ const char *cname;
+ char *name;
+ int value;
+
+ sepol_bool_key_unpack(key, &cname);
+ name = strdup(cname);
+ value = sepol_bool_get_value(data);
+
+ if (!name)
+ goto omem;
+
+ cond_bool_datum_t *datum =
+ hashtab_search(policydb->p_bools.table, name);
+ if (!datum) {
+ ERR(handle, "boolean %s no longer in policy", name);
+ goto err;
+ }
+ if (value != 0 && value != 1) {
+ ERR(handle, "illegal value %d for boolean %s", value, name);
+ goto err;
+ }
+
+ free(name);
+ datum->state = value;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ free(name);
+ ERR(handle, "could not update boolean %s", cname);
+ return STATUS_ERR;
+}
+
+static int bool_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ int bool_idx, sepol_bool_t ** record)
+{
+
+ const char *name = policydb->p_bool_val_to_name[bool_idx];
+ cond_bool_datum_t *booldatum = policydb->bool_val_to_struct[bool_idx];
+ int value = booldatum->state;
+
+ sepol_bool_t *tmp_record = NULL;
+
+ if (sepol_bool_create(handle, &tmp_record) < 0)
+ goto err;
+
+ if (sepol_bool_set_name(handle, tmp_record, name) < 0)
+ goto err;
+
+ sepol_bool_set_value(tmp_record, value);
+
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not convert boolean %s to record", name);
+ sepol_bool_free(tmp_record);
+ return STATUS_ERR;
+}
+
+int sepol_bool_set(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ const sepol_bool_key_t * key, const sepol_bool_t * data)
+{
+
+ const char *name;
+ sepol_bool_key_unpack(key, &name);
+
+ policydb_t *policydb = &p->p;
+ if (bool_update(handle, policydb, key, data) < 0)
+ goto err;
+
+ if (evaluate_conds(policydb) < 0) {
+ ERR(handle, "error while re-evaluating conditionals");
+ goto err;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not set boolean %s", name);
+ return STATUS_ERR;
+}
+
+int sepol_bool_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+ *response = policydb->p_bools.nprim;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int sepol_bool_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_bool_key_t * key, int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+
+ const char *cname;
+ char *name = NULL;
+ sepol_bool_key_unpack(key, &cname);
+ name = strdup(cname);
+
+ if (!name) {
+ ERR(handle, "out of memory, could not check "
+ "if user %s exists", cname);
+ return STATUS_ERR;
+ }
+
+ *response = (hashtab_search(policydb->p_bools.table, name) != NULL);
+ free(name);
+ return STATUS_SUCCESS;
+}
+
+int sepol_bool_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_bool_key_t * key, sepol_bool_t ** response)
+{
+
+ const policydb_t *policydb = &p->p;
+ cond_bool_datum_t *booldatum = NULL;
+
+ const char *cname;
+ char *name = NULL;
+ sepol_bool_key_unpack(key, &cname);
+ name = strdup(cname);
+
+ if (!name)
+ goto omem;
+
+ booldatum = hashtab_search(policydb->p_bools.table, name);
+ if (!booldatum) {
+ *response = NULL;
+ return STATUS_SUCCESS;
+ }
+
+ if (bool_to_record(handle, policydb,
+ booldatum->s.value - 1, response) < 0)
+ goto err;
+
+ free(name);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not query boolean %s", cname);
+ free(name);
+ return STATUS_ERR;
+}
+
+int sepol_bool_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ int (*fn) (const sepol_bool_t * boolean,
+ void *fn_arg), void *arg)
+{
+
+ const policydb_t *policydb = &p->p;
+ unsigned int nbools = policydb->p_bools.nprim;
+ sepol_bool_t *boolean = NULL;
+ unsigned int i;
+
+ /* For each boolean */
+ for (i = 0; i < nbools; i++) {
+
+ int status;
+
+ if (bool_to_record(handle, policydb, i, &boolean) < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(boolean, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_bool_free(boolean);
+ boolean = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over booleans");
+ sepol_bool_free(boolean);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
new file mode 100644
index 0000000..1482387
--- /dev/null
+++ b/libsepol/src/conditional.c
@@ -0,0 +1,905 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Frank Mayer <mayerf@tresys.com>
+ * David Caplan <dac@tresys.com>
+ *
+ * Copyright (C) 2003 - 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stdlib.h>
+
+#include <sepol/policydb/flask_types.h>
+#include <sepol/policydb/conditional.h>
+
+#include "private.h"
+
+/* move all type rules to top of t/f lists to help kernel on evaluation */
+static void cond_optimize(cond_av_list_t ** l)
+{
+ cond_av_list_t *top, *p, *cur;
+
+ top = p = cur = *l;
+
+ while (cur) {
+ if ((cur->node->key.specified & AVTAB_TYPE) && (top != cur)) {
+ p->next = cur->next;
+ cur->next = top;
+ top = cur;
+ cur = p->next;
+ } else {
+ p = cur;
+ cur = cur->next;
+ }
+ }
+ *l = top;
+}
+
+/* reorder t/f lists for kernel */
+void cond_optimize_lists(cond_list_t * cl)
+{
+ cond_list_t *n;
+
+ for (n = cl; n != NULL; n = n->next) {
+ cond_optimize(&n->true_list);
+ cond_optimize(&n->false_list);
+ }
+}
+
+static int bool_present(unsigned int target, unsigned int bools[],
+ unsigned int num_bools)
+{
+ unsigned int i = 0;
+ int ret = 1;
+
+ if (num_bools > COND_MAX_BOOLS) {
+ return 0;
+ }
+ while (i < num_bools && target != bools[i])
+ i++;
+ if (i == num_bools)
+ ret = 0; /* got to end w/o match */
+ return ret;
+}
+
+static int same_bools(cond_node_t * a, cond_node_t * b)
+{
+ unsigned int i, x;
+
+ x = a->nbools;
+
+ /* same number of bools? */
+ if (x != b->nbools)
+ return 0;
+
+ /* make sure all the bools in a are also in b */
+ for (i = 0; i < x; i++)
+ if (!bool_present(a->bool_ids[i], b->bool_ids, x))
+ return 0;
+ return 1;
+}
+
+/*
+ * Determine if two conditional expressions are equal.
+ */
+int cond_expr_equal(cond_node_t * a, cond_node_t * b)
+{
+ cond_expr_t *cur_a, *cur_b;
+
+ if (a == NULL || b == NULL)
+ return 0;
+
+ if (a->nbools != b->nbools)
+ return 0;
+
+ /* if exprs have <= COND_MAX_BOOLS we can check the precompute values
+ * for the expressions.
+ */
+ if (a->nbools <= COND_MAX_BOOLS && b->nbools <= COND_MAX_BOOLS) {
+ if (!same_bools(a, b))
+ return 0;
+ return (a->expr_pre_comp == b->expr_pre_comp);
+ }
+
+ /* for long expressions we check for exactly the same expression */
+ cur_a = a->expr;
+ cur_b = b->expr;
+ while (1) {
+ if (cur_a == NULL && cur_b == NULL)
+ return 1;
+ else if (cur_a == NULL || cur_b == NULL)
+ return 0;
+ if (cur_a->expr_type != cur_b->expr_type)
+ return 0;
+ if (cur_a->expr_type == COND_BOOL) {
+ if (cur_a->bool != cur_b->bool)
+ return 0;
+ }
+ cur_a = cur_a->next;
+ cur_b = cur_b->next;
+ }
+ return 1;
+}
+
+/* Create a new conditional node, optionally copying
+ * the conditional expression from an existing node.
+ * If node is NULL then a new node will be created
+ * with no conditional expression.
+ */
+cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node)
+{
+ cond_node_t *new_node;
+ unsigned int i;
+
+ new_node = (cond_node_t *)malloc(sizeof(cond_node_t));
+ if (!new_node) {
+ return NULL;
+ }
+ memset(new_node, 0, sizeof(cond_node_t));
+
+ if (node) {
+ new_node->expr = cond_copy_expr(node->expr);
+ if (!new_node->expr) {
+ free(new_node);
+ return NULL;
+ }
+ new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
+ new_node->nbools = node->nbools;
+ for (i = 0; i < min(node->nbools, COND_MAX_BOOLS); i++)
+ new_node->bool_ids[i] = node->bool_ids[i];
+ new_node->expr_pre_comp = node->expr_pre_comp;
+ }
+
+ return new_node;
+}
+
+/* Find a conditional (the needle) within a list of existing ones (the
+ * haystack) that has a matching expression. If found, return a
+ * pointer to the existing node, setting 'was_created' to 0.
+ * Otherwise create a new one and return it, setting 'was_created' to
+ * 1. */
+cond_node_t *cond_node_find(policydb_t * p,
+ cond_node_t * needle, cond_node_t * haystack,
+ int *was_created)
+{
+ while (haystack) {
+ if (cond_expr_equal(needle, haystack)) {
+ *was_created = 0;
+ return haystack;
+ }
+ haystack = haystack->next;
+ }
+ *was_created = 1;
+
+ return cond_node_create(p, needle);
+}
+
+/* return either a pre-existing matching node or create a new node */
+cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
+ cond_node_t * cn)
+{
+ int was_created;
+ cond_node_t *result = cond_node_find(p, cn, list, &was_created);
+ if (result != NULL && was_created) {
+ /* add conditional node to policy list */
+ result->next = p->cond_list;
+ p->cond_list = result;
+ }
+ return result;
+}
+
+/*
+ * cond_evaluate_expr evaluates a conditional expr
+ * in reverse polish notation. It returns true (1), false (0),
+ * or undefined (-1). Undefined occurs when the expression
+ * exceeds the stack depth of COND_EXPR_MAXDEPTH.
+ */
+int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
+{
+
+ cond_expr_t *cur;
+ int s[COND_EXPR_MAXDEPTH];
+ int sp = -1;
+
+ s[0] = -1;
+
+ for (cur = expr; cur != NULL; cur = cur->next) {
+ switch (cur->expr_type) {
+ case COND_BOOL:
+ if (sp == (COND_EXPR_MAXDEPTH - 1))
+ return -1;
+ sp++;
+ s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
+ break;
+ case COND_NOT:
+ if (sp < 0)
+ return -1;
+ s[sp] = !s[sp];
+ break;
+ case COND_OR:
+ if (sp < 1)
+ return -1;
+ sp--;
+ s[sp] |= s[sp + 1];
+ break;
+ case COND_AND:
+ if (sp < 1)
+ return -1;
+ sp--;
+ s[sp] &= s[sp + 1];
+ break;
+ case COND_XOR:
+ if (sp < 1)
+ return -1;
+ sp--;
+ s[sp] ^= s[sp + 1];
+ break;
+ case COND_EQ:
+ if (sp < 1)
+ return -1;
+ sp--;
+ s[sp] = (s[sp] == s[sp + 1]);
+ break;
+ case COND_NEQ:
+ if (sp < 1)
+ return -1;
+ sp--;
+ s[sp] = (s[sp] != s[sp + 1]);
+ break;
+ default:
+ return -1;
+ }
+ }
+ return s[0];
+}
+
+cond_expr_t *cond_copy_expr(cond_expr_t * expr)
+{
+ cond_expr_t *cur, *head, *tail, *new_expr;
+ tail = head = NULL;
+ cur = expr;
+ while (cur) {
+ new_expr = (cond_expr_t *) malloc(sizeof(cond_expr_t));
+ if (!new_expr)
+ goto free_head;
+ memset(new_expr, 0, sizeof(cond_expr_t));
+
+ new_expr->expr_type = cur->expr_type;
+ new_expr->bool = cur->bool;
+
+ if (!head)
+ head = new_expr;
+ if (tail)
+ tail->next = new_expr;
+ tail = new_expr;
+ cur = cur->next;
+ }
+ return head;
+
+ free_head:
+ while (head) {
+ tail = head->next;
+ free(head);
+ head = tail;
+ }
+ return NULL;
+}
+
+/*
+ * evaluate_cond_node evaluates the conditional stored in
+ * a cond_node_t and if the result is different than the
+ * current state of the node it sets the rules in the true/false
+ * list appropriately. If the result of the expression is undefined
+ * all of the rules are disabled for safety.
+ */
+static int evaluate_cond_node(policydb_t * p, cond_node_t * node)
+{
+ int new_state;
+ cond_av_list_t *cur;
+
+ new_state = cond_evaluate_expr(p, node->expr);
+ if (new_state != node->cur_state) {
+ node->cur_state = new_state;
+ if (new_state == -1)
+ printf
+ ("expression result was undefined - disabling all rules.\n");
+ /* turn the rules on or off */
+ for (cur = node->true_list; cur != NULL; cur = cur->next) {
+ if (new_state <= 0) {
+ cur->node->key.specified &= ~AVTAB_ENABLED;
+ } else {
+ cur->node->key.specified |= AVTAB_ENABLED;
+ }
+ }
+
+ for (cur = node->false_list; cur != NULL; cur = cur->next) {
+ /* -1 or 1 */
+ if (new_state) {
+ cur->node->key.specified &= ~AVTAB_ENABLED;
+ } else {
+ cur->node->key.specified |= AVTAB_ENABLED;
+ }
+ }
+ }
+ return 0;
+}
+
+/* precompute and simplify an expression if possible. If left with !expression, change
+ * to expression and switch t and f. precompute expression for expressions with limited
+ * number of bools.
+ */
+int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
+{
+ cond_expr_t *ne, *e;
+ cond_av_list_t *tmp;
+ unsigned int i, j, orig_value[COND_MAX_BOOLS];
+ int k;
+ uint32_t test = 0x0;
+ avrule_t *tmp2;
+
+ cn->nbools = 0;
+
+ memset(cn->bool_ids, 0, sizeof(cn->bool_ids));
+ cn->expr_pre_comp = 0x0;
+
+ /* take care of !expr case */
+ ne = NULL;
+ e = cn->expr;
+
+ /* becuase it's RPN look at last element */
+ while (e->next != NULL) {
+ ne = e;
+ e = e->next;
+ }
+ if (e->expr_type == COND_NOT) {
+ if (ne) {
+ ne->next = NULL;
+ } else { /* ne should never be NULL */
+ printf
+ ("Found expr with no bools and only a ! - this should never happen.\n");
+ return -1;
+ }
+ /* swap the true and false lists */
+ tmp = cn->true_list;
+ cn->true_list = cn->false_list;
+ cn->false_list = tmp;
+ tmp2 = cn->avtrue_list;
+ cn->avtrue_list = cn->avfalse_list;
+ cn->avfalse_list = tmp2;
+
+ /* free the "not" node in the list */
+ free(e);
+ }
+
+ /* find all the bools in the expression */
+ for (e = cn->expr; e != NULL; e = e->next) {
+ switch (e->expr_type) {
+ case COND_BOOL:
+ i = 0;
+ /* see if we've already seen this bool */
+ if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
+ /* count em all but only record up to COND_MAX_BOOLS */
+ if (cn->nbools < COND_MAX_BOOLS)
+ cn->bool_ids[cn->nbools++] = e->bool;
+ else
+ cn->nbools++;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ /* only precompute for exprs with <= COND_AX_BOOLS */
+ if (cn->nbools <= COND_MAX_BOOLS) {
+ /* save the default values for the bools so we can play with them */
+ for (i = 0; i < cn->nbools; i++) {
+ orig_value[i] =
+ p->bool_val_to_struct[cn->bool_ids[i] - 1]->state;
+ }
+
+ /* loop through all possible combinations of values for bools in expression */
+ for (test = 0x0; test < (0x1U << cn->nbools); test++) {
+ /* temporarily set the value for all the bools in the
+ * expression using the corr. bit in test */
+ for (j = 0; j < cn->nbools; j++) {
+ p->bool_val_to_struct[cn->bool_ids[j] -
+ 1]->state =
+ (test & (0x1 << j)) ? 1 : 0;
+ }
+ k = cond_evaluate_expr(p, cn->expr);
+ if (k == -1) {
+ printf
+ ("While testing expression, expression result "
+ "was undefined - this should never happen.\n");
+ return -1;
+ }
+ /* set the bit if expression evaluates true */
+ if (k)
+ cn->expr_pre_comp |= 0x1 << test;
+ }
+
+ /* restore bool default values */
+ for (i = 0; i < cn->nbools; i++)
+ p->bool_val_to_struct[cn->bool_ids[i] - 1]->state =
+ orig_value[i];
+ }
+ return 0;
+}
+
+int evaluate_conds(policydb_t * p)
+{
+ int ret;
+ cond_node_t *cur;
+
+ for (cur = p->cond_list; cur != NULL; cur = cur->next) {
+ ret = evaluate_cond_node(p, cur);
+ if (ret)
+ return ret;
+ }
+ return 0;
+}
+
+int cond_policydb_init(policydb_t * p)
+{
+ p->bool_val_to_struct = NULL;
+ p->cond_list = NULL;
+ if (avtab_init(&p->te_cond_avtab))
+ return -1;
+
+ return 0;
+}
+
+void cond_av_list_destroy(cond_av_list_t * list)
+{
+ cond_av_list_t *cur, *next;
+ for (cur = list; cur != NULL; cur = next) {
+ next = cur->next;
+ /* the avtab_ptr_t node is destroy by the avtab */
+ free(cur);
+ }
+}
+
+void cond_expr_destroy(cond_expr_t * expr)
+{
+ cond_expr_t *cur_expr, *next_expr;
+
+ if (!expr)
+ return;
+
+ for (cur_expr = expr; cur_expr != NULL; cur_expr = next_expr) {
+ next_expr = cur_expr->next;
+ free(cur_expr);
+ }
+}
+
+void cond_node_destroy(cond_node_t * node)
+{
+ if (!node)
+ return;
+
+ cond_expr_destroy(node->expr);
+ avrule_list_destroy(node->avtrue_list);
+ avrule_list_destroy(node->avfalse_list);
+ cond_av_list_destroy(node->true_list);
+ cond_av_list_destroy(node->false_list);
+}
+
+void cond_list_destroy(cond_list_t * list)
+{
+ cond_node_t *next, *cur;
+
+ if (list == NULL)
+ return;
+
+ for (cur = list; cur != NULL; cur = next) {
+ next = cur->next;
+ cond_node_destroy(cur);
+ free(cur);
+ }
+}
+
+void cond_policydb_destroy(policydb_t * p)
+{
+ if (p->bool_val_to_struct != NULL)
+ free(p->bool_val_to_struct);
+ avtab_destroy(&p->te_cond_avtab);
+ cond_list_destroy(p->cond_list);
+}
+
+int cond_init_bool_indexes(policydb_t * p)
+{
+ if (p->bool_val_to_struct)
+ free(p->bool_val_to_struct);
+ p->bool_val_to_struct = (cond_bool_datum_t **)
+ malloc(p->p_bools.nprim * sizeof(cond_bool_datum_t *));
+ if (!p->bool_val_to_struct)
+ return -1;
+ return 0;
+}
+
+int cond_destroy_bool(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+int cond_index_bool(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ cond_bool_datum_t *booldatum;
+
+ booldatum = datum;
+ p = datap;
+
+ if (!booldatum->s.value || booldatum->s.value > p->p_bools.nprim)
+ return -EINVAL;
+
+ p->p_bool_val_to_name[booldatum->s.value - 1] = key;
+ p->bool_val_to_struct[booldatum->s.value - 1] = booldatum;
+
+ return 0;
+}
+
+static int bool_isvalid(cond_bool_datum_t * b)
+{
+ if (!(b->state == 0 || b->state == 1))
+ return 0;
+ return 1;
+}
+
+int cond_read_bool(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ cond_bool_datum_t *booldatum;
+ uint32_t buf[3], len;
+ int rc;
+
+ booldatum = malloc(sizeof(cond_bool_datum_t));
+ if (!booldatum)
+ return -1;
+ memset(booldatum, 0, sizeof(cond_bool_datum_t));
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
+ if (rc < 0)
+ goto err;
+
+ booldatum->s.value = le32_to_cpu(buf[0]);
+ booldatum->state = le32_to_cpu(buf[1]);
+
+ if (!bool_isvalid(booldatum))
+ goto err;
+
+ len = le32_to_cpu(buf[2]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto err;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto err;
+ key[len] = 0;
+ if (hashtab_insert(h, key, booldatum))
+ goto err;
+
+ return 0;
+ err:
+ cond_destroy_bool(key, booldatum, 0);
+ return -1;
+}
+
+struct cond_insertf_data {
+ struct policydb *p;
+ cond_av_list_t *other;
+ cond_av_list_t *head;
+ cond_av_list_t *tail;
+};
+
+static int cond_insertf(avtab_t * a
+ __attribute__ ((unused)), avtab_key_t * k,
+ avtab_datum_t * d, void *ptr)
+{
+ struct cond_insertf_data *data = ptr;
+ struct policydb *p = data->p;
+ cond_av_list_t *other = data->other, *list, *cur;
+ avtab_ptr_t node_ptr;
+ uint8_t found;
+
+ /*
+ * For type rules we have to make certain there aren't any
+ * conflicting rules by searching the te_avtab and the
+ * cond_te_avtab.
+ */
+ if (k->specified & AVTAB_TYPE) {
+ if (avtab_search(&p->te_avtab, k)) {
+ printf
+ ("security: type rule already exists outside of a conditional.");
+ goto err;
+ }
+ /*
+ * If we are reading the false list other will be a pointer to
+ * the true list. We can have duplicate entries if there is only
+ * 1 other entry and it is in our true list.
+ *
+ * If we are reading the true list (other == NULL) there shouldn't
+ * be any other entries.
+ */
+ if (other) {
+ node_ptr = avtab_search_node(&p->te_cond_avtab, k);
+ if (node_ptr) {
+ if (avtab_search_node_next
+ (node_ptr, k->specified)) {
+ printf
+ ("security: too many conflicting type rules.");
+ goto err;
+ }
+ found = 0;
+ for (cur = other; cur != NULL; cur = cur->next) {
+ if (cur->node == node_ptr) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ printf
+ ("security: conflicting type rules.\n");
+ goto err;
+ }
+ }
+ } else {
+ if (avtab_search(&p->te_cond_avtab, k)) {
+ printf
+ ("security: conflicting type rules when adding type rule for true.\n");
+ goto err;
+ }
+ }
+ }
+
+ node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
+ if (!node_ptr) {
+ printf("security: could not insert rule.");
+ goto err;
+ }
+ node_ptr->parse_context = (void *)1;
+
+ list = malloc(sizeof(cond_av_list_t));
+ if (!list)
+ goto err;
+ memset(list, 0, sizeof(cond_av_list_t));
+
+ list->node = node_ptr;
+ if (!data->head)
+ data->head = list;
+ else
+ data->tail->next = list;
+ data->tail = list;
+ return 0;
+
+ err:
+ cond_av_list_destroy(data->head);
+ data->head = NULL;
+ return -1;
+}
+
+static int cond_read_av_list(policydb_t * p, void *fp,
+ cond_av_list_t ** ret_list, cond_av_list_t * other)
+{
+ unsigned int i;
+ int rc;
+ uint32_t buf[1], len;
+ struct cond_insertf_data data;
+
+ *ret_list = NULL;
+
+ len = 0;
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+
+ len = le32_to_cpu(buf[0]);
+ if (len == 0) {
+ return 0;
+ }
+
+ data.p = p;
+ data.other = other;
+ data.head = NULL;
+ data.tail = NULL;
+ for (i = 0; i < len; i++) {
+ rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab,
+ cond_insertf, &data);
+ if (rc)
+ return rc;
+
+ }
+
+ *ret_list = data.head;
+ return 0;
+}
+
+static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
+{
+ if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
+ printf
+ ("security: conditional expressions uses unknown operator.\n");
+ return 0;
+ }
+
+ if (expr->bool > p->p_bools.nprim) {
+ printf
+ ("security: conditional expressions uses unknown bool.\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
+{
+ uint32_t buf[2];
+ int len, i, rc;
+ cond_expr_t *expr = NULL, *last = NULL;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto err;
+
+ node->cur_state = le32_to_cpu(buf[0]);
+
+ len = 0;
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto err;
+
+ /* expr */
+ len = le32_to_cpu(buf[0]);
+
+ for (i = 0; i < len; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto err;
+
+ expr = malloc(sizeof(cond_expr_t));
+ if (!expr) {
+ goto err;
+ }
+ memset(expr, 0, sizeof(cond_expr_t));
+
+ expr->expr_type = le32_to_cpu(buf[0]);
+ expr->bool = le32_to_cpu(buf[1]);
+
+ if (!expr_isvalid(p, expr)) {
+ free(expr);
+ goto err;
+ }
+
+ if (i == 0) {
+ node->expr = expr;
+ } else {
+ last->next = expr;
+ }
+ last = expr;
+ }
+
+ if (p->policy_type == POLICY_KERN) {
+ if (cond_read_av_list(p, fp, &node->true_list, NULL) != 0)
+ goto err;
+ if (cond_read_av_list(p, fp, &node->false_list, node->true_list)
+ != 0)
+ goto err;
+ } else {
+ if (avrule_read_list(p, &node->avtrue_list, fp))
+ goto err;
+ if (avrule_read_list(p, &node->avfalse_list, fp))
+ goto err;
+ }
+
+ return 0;
+ err:
+ cond_node_destroy(node);
+ free(node);
+ return -1;
+}
+
+int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp)
+{
+ cond_node_t *node, *last = NULL;
+ uint32_t buf[1];
+ int i, len, rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+
+ len = le32_to_cpu(buf[0]);
+
+ rc = avtab_alloc(&p->te_cond_avtab, p->te_avtab.nel);
+ if (rc)
+ goto err;
+
+ for (i = 0; i < len; i++) {
+ node = malloc(sizeof(cond_node_t));
+ if (!node)
+ goto err;
+ memset(node, 0, sizeof(cond_node_t));
+
+ if (cond_read_node(p, node, fp) != 0)
+ goto err;
+
+ if (i == 0) {
+ *list = node;
+ } else {
+ last->next = node;
+ }
+ last = node;
+ }
+ return 0;
+ err:
+ return -1;
+}
+
+/* Determine whether additional permissions are granted by the conditional
+ * av table, and if so, add them to the result
+ */
+void cond_compute_av(avtab_t * ctab, avtab_key_t * key,
+ struct sepol_av_decision *avd)
+{
+ avtab_ptr_t node;
+
+ if (!ctab || !key || !avd)
+ return;
+
+ for (node = avtab_search_node(ctab, key); node != NULL;
+ node = avtab_search_node_next(node, key->specified)) {
+ if ((uint16_t) (AVTAB_ALLOWED | AVTAB_ENABLED) ==
+ (node->key.specified & (AVTAB_ALLOWED | AVTAB_ENABLED)))
+ avd->allowed |= node->datum.data;
+ if ((uint16_t) (AVTAB_AUDITDENY | AVTAB_ENABLED) ==
+ (node->key.specified & (AVTAB_AUDITDENY | AVTAB_ENABLED)))
+ /* Since a '0' in an auditdeny mask represents a
+ * permission we do NOT want to audit (dontaudit), we use
+ * the '&' operand to ensure that all '0's in the mask
+ * are retained (much unlike the allow and auditallow cases).
+ */
+ avd->auditdeny &= node->datum.data;
+ if ((uint16_t) (AVTAB_AUDITALLOW | AVTAB_ENABLED) ==
+ (node->key.specified & (AVTAB_AUDITALLOW | AVTAB_ENABLED)))
+ avd->auditallow |= node->datum.data;
+ }
+ return;
+}
+
+avtab_datum_t *cond_av_list_search(avtab_key_t * key,
+ cond_av_list_t * cond_list)
+{
+
+ cond_av_list_t *cur_av;
+
+ for (cur_av = cond_list; cur_av != NULL; cur_av = cur_av->next) {
+
+ if (cur_av->node->key.source_type == key->source_type &&
+ cur_av->node->key.target_type == key->target_type &&
+ cur_av->node->key.target_class == key->target_class)
+
+ return &cur_av->node->datum;
+
+ }
+ return NULL;
+
+}
diff --git a/libsepol/src/constraint.c b/libsepol/src/constraint.c
new file mode 100644
index 0000000..7154019
--- /dev/null
+++ b/libsepol/src/constraint.c
@@ -0,0 +1,47 @@
+/* Authors: Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/constraint.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/flask_types.h>
+
+#include <assert.h>
+#include <stdlib.h>
+
+int constraint_expr_init(constraint_expr_t * expr)
+{
+ memset(expr, 0, sizeof(*expr));
+ ebitmap_init(&expr->names);
+ if ((expr->type_names = malloc(sizeof(*expr->type_names))) == NULL) {
+ return -1;
+ }
+ type_set_init(expr->type_names);
+ return 0;
+}
+
+void constraint_expr_destroy(constraint_expr_t * expr)
+{
+ if (expr != NULL) {
+ ebitmap_destroy(&expr->names);
+ type_set_destroy(expr->type_names);
+ free(expr->type_names);
+ free(expr);
+ }
+}
diff --git a/libsepol/src/context.c b/libsepol/src/context.c
new file mode 100644
index 0000000..84dad34
--- /dev/null
+++ b/libsepol/src/context.c
@@ -0,0 +1,338 @@
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include "context_internal.h"
+
+#include "debug.h"
+#include "context.h"
+#include "handle.h"
+#include "mls.h"
+
+/* ----- Compatibility ---- */
+int policydb_context_isvalid(const policydb_t * p, const context_struct_t * c)
+{
+
+ return context_is_valid(p, c);
+}
+
+int sepol_check_context(const char *context)
+{
+
+ return sepol_context_to_sid((const sepol_security_context_t)context,
+ strlen(context) + 1, NULL);
+}
+
+/* ---- End compatibility --- */
+
+/*
+ * Return 1 if the fields in the security context
+ * structure `c' are valid. Return 0 otherwise.
+ */
+int context_is_valid(const policydb_t * p, const context_struct_t * c)
+{
+
+ role_datum_t *role;
+ user_datum_t *usrdatum;
+ ebitmap_t types, roles;
+ int ret = 1;
+
+ ebitmap_init(&types);
+ ebitmap_init(&roles);
+ if (!c->role || c->role > p->p_roles.nprim)
+ return 0;
+
+ if (!c->user || c->user > p->p_users.nprim)
+ return 0;
+
+ if (!c->type || c->type > p->p_types.nprim)
+ return 0;
+
+ if (c->role != OBJECT_R_VAL) {
+ /*
+ * Role must be authorized for the type.
+ */
+ role = p->role_val_to_struct[c->role - 1];
+ if (!ebitmap_get_bit(&role->cache, c->type - 1))
+ /* role may not be associated with type */
+ return 0;
+
+ /*
+ * User must be authorized for the role.
+ */
+ usrdatum = p->user_val_to_struct[c->user - 1];
+ if (!usrdatum)
+ return 0;
+
+ if (!ebitmap_get_bit(&usrdatum->cache, c->role - 1))
+ /* user may not be associated with role */
+ return 0;
+ }
+
+ if (!mls_context_isvalid(p, c))
+ return 0;
+
+ return ret;
+}
+
+/*
+ * Write the security context string representation of
+ * the context structure `context' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int context_to_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * context,
+ char **result, size_t * result_len)
+{
+
+ char *scontext = NULL;
+ size_t scontext_len = 0;
+ char *ptr;
+
+ /* Compute the size of the context. */
+ scontext_len +=
+ strlen(policydb->p_user_val_to_name[context->user - 1]) + 1;
+ scontext_len +=
+ strlen(policydb->p_role_val_to_name[context->role - 1]) + 1;
+ scontext_len += strlen(policydb->p_type_val_to_name[context->type - 1]);
+ scontext_len += mls_compute_context_len(policydb, context);
+
+ /* We must null terminate the string */
+ scontext_len += 1;
+
+ /* Allocate space for the context; caller must free this space. */
+ scontext = malloc(scontext_len);
+ if (!scontext)
+ goto omem;
+ scontext[scontext_len - 1] = '\0';
+
+ /*
+ * Copy the user name, role name and type name into the context.
+ */
+ ptr = scontext;
+ sprintf(ptr, "%s:%s:%s",
+ policydb->p_user_val_to_name[context->user - 1],
+ policydb->p_role_val_to_name[context->role - 1],
+ policydb->p_type_val_to_name[context->type - 1]);
+
+ ptr +=
+ strlen(policydb->p_user_val_to_name[context->user - 1]) + 1 +
+ strlen(policydb->p_role_val_to_name[context->role - 1]) + 1 +
+ strlen(policydb->p_type_val_to_name[context->type - 1]);
+
+ mls_sid_to_context(policydb, context, &ptr);
+
+ *result = scontext;
+ *result_len = scontext_len;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not convert " "context to string");
+ free(scontext);
+ return STATUS_ERR;
+}
+
+/*
+ * Create a context structure from the given record
+ */
+int context_from_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ context_struct_t ** cptr,
+ const sepol_context_t * record)
+{
+
+ context_struct_t *scontext = NULL;
+ user_datum_t *usrdatum;
+ role_datum_t *roldatum;
+ type_datum_t *typdatum;
+
+ /* Hashtab keys are not constant - suppress warnings */
+ char *user = strdup(sepol_context_get_user(record));
+ char *role = strdup(sepol_context_get_role(record));
+ char *type = strdup(sepol_context_get_type(record));
+ const char *mls = sepol_context_get_mls(record);
+
+ scontext = (context_struct_t *) malloc(sizeof(context_struct_t));
+ if (!user || !role || !type || !scontext) {
+ ERR(handle, "out of memory");
+ goto err;
+ }
+ context_init(scontext);
+
+ /* User */
+ usrdatum = (user_datum_t *) hashtab_search(policydb->p_users.table,
+ (hashtab_key_t) user);
+ if (!usrdatum) {
+ ERR(handle, "user %s is not defined", user);
+ goto err_destroy;
+ }
+ scontext->user = usrdatum->s.value;
+
+ /* Role */
+ roldatum = (role_datum_t *) hashtab_search(policydb->p_roles.table,
+ (hashtab_key_t) role);
+ if (!roldatum) {
+ ERR(handle, "role %s is not defined", role);
+ goto err_destroy;
+ }
+ scontext->role = roldatum->s.value;
+
+ /* Type */
+ typdatum = (type_datum_t *) hashtab_search(policydb->p_types.table,
+ (hashtab_key_t) type);
+ if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
+ ERR(handle, "type %s is not defined", type);
+ goto err_destroy;
+ }
+ scontext->type = typdatum->s.value;
+
+ /* MLS */
+ if (mls && !policydb->mls) {
+ ERR(handle, "MLS is disabled, but MLS context \"%s\" found",
+ mls);
+ goto err_destroy;
+ } else if (!mls && policydb->mls) {
+ ERR(handle, "MLS is enabled, but no MLS context found");
+ goto err_destroy;
+ }
+ if (mls && (mls_from_string(handle, policydb, mls, scontext) < 0))
+ goto err_destroy;
+
+ /* Validity check */
+ if (!context_is_valid(policydb, scontext)) {
+ if (mls) {
+ ERR(handle,
+ "invalid security context: \"%s:%s:%s:%s\"",
+ user, role, type, mls);
+ } else {
+ ERR(handle,
+ "invalid security context: \"%s:%s:%s\"",
+ user, role, type);
+ }
+ goto err_destroy;
+ }
+
+ *cptr = scontext;
+ free(user);
+ free(type);
+ free(role);
+ return STATUS_SUCCESS;
+
+ err_destroy:
+ errno = EINVAL;
+ context_destroy(scontext);
+
+ err:
+ free(scontext);
+ free(user);
+ free(type);
+ free(role);
+ ERR(handle, "could not create context structure");
+ return STATUS_ERR;
+}
+
+/*
+ * Create a record from the given context structure
+ */
+int context_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * context,
+ sepol_context_t ** record)
+{
+
+ sepol_context_t *tmp_record = NULL;
+ char *mls = NULL;
+
+ if (sepol_context_create(handle, &tmp_record) < 0)
+ goto err;
+
+ if (sepol_context_set_user(handle, tmp_record,
+ policydb->p_user_val_to_name[context->user -
+ 1]) < 0)
+ goto err;
+
+ if (sepol_context_set_role(handle, tmp_record,
+ policydb->p_role_val_to_name[context->role -
+ 1]) < 0)
+ goto err;
+
+ if (sepol_context_set_type(handle, tmp_record,
+ policydb->p_type_val_to_name[context->type -
+ 1]) < 0)
+ goto err;
+
+ if (policydb->mls) {
+ if (mls_to_string(handle, policydb, context, &mls) < 0)
+ goto err;
+
+ if (sepol_context_set_mls(handle, tmp_record, mls) < 0)
+ goto err;
+ }
+
+ free(mls);
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not create context record");
+ sepol_context_free(tmp_record);
+ free(mls);
+ return STATUS_ERR;
+}
+
+/*
+ * Create a context structure from the provided string.
+ */
+int context_from_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ context_struct_t ** cptr,
+ const char *con_str, size_t con_str_len)
+{
+
+ char *con_cpy = NULL;
+ sepol_context_t *ctx_record = NULL;
+
+ /* sepol_context_from_string expects a NULL-terminated string */
+ con_cpy = malloc(con_str_len + 1);
+ if (!con_cpy)
+ goto omem;
+ memcpy(con_cpy, con_str, con_str_len);
+ con_cpy[con_str_len] = '\0';
+
+ if (sepol_context_from_string(handle, con_cpy, &ctx_record) < 0)
+ goto err;
+
+ /* Now create from the data structure */
+ if (context_from_record(handle, policydb, cptr, ctx_record) < 0)
+ goto err;
+
+ free(con_cpy);
+ sepol_context_free(ctx_record);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not create context structure");
+ free(con_cpy);
+ sepol_context_free(ctx_record);
+ return STATUS_ERR;
+}
+
+int sepol_context_check(sepol_handle_t * handle,
+ const sepol_policydb_t * policydb,
+ const sepol_context_t * context)
+{
+
+ context_struct_t *con = NULL;
+ int ret = context_from_record(handle, &policydb->p, &con, context);
+ context_destroy(con);
+ free(con);
+ return ret;
+}
diff --git a/libsepol/src/context.h b/libsepol/src/context.h
new file mode 100644
index 0000000..d25ca8a
--- /dev/null
+++ b/libsepol/src/context.h
@@ -0,0 +1,37 @@
+#ifndef _SEPOL_INTERNAL_CONTEXT_H_
+#define _SEPOL_INTERNAL_CONTEXT_H_
+
+#include <stddef.h>
+#include "context_internal.h"
+#include <sepol/policydb/context.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/handle.h>
+
+/* Create a context structure from high level representation */
+extern int context_from_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ context_struct_t ** cptr,
+ const sepol_context_t * data);
+
+extern int context_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * context,
+ sepol_context_t ** record);
+
+/* Create a context structure from string representation */
+extern int context_from_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ context_struct_t ** cptr,
+ const char *con_str, size_t con_str_len);
+
+/* Check if the provided context is valid for this policy */
+extern int context_is_valid(const policydb_t * policydb,
+ const context_struct_t * context);
+
+/* Extract the context as string */
+extern int context_to_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * context,
+ char **result, size_t * result_len);
+
+#endif
diff --git a/libsepol/src/context_internal.h b/libsepol/src/context_internal.h
new file mode 100644
index 0000000..7987c1c
--- /dev/null
+++ b/libsepol/src/context_internal.h
@@ -0,0 +1,19 @@
+#ifndef _SEPOL_CONTEXT_INTERNAL_H_
+#define _SEPOL_CONTEXT_INTERNAL_H_
+
+#include <sepol/context_record.h>
+#include "dso.h"
+
+hidden_proto(sepol_context_clone)
+ hidden_proto(sepol_context_create)
+ hidden_proto(sepol_context_free)
+ hidden_proto(sepol_context_from_string)
+ hidden_proto(sepol_context_get_mls)
+ hidden_proto(sepol_context_get_role)
+ hidden_proto(sepol_context_get_type)
+ hidden_proto(sepol_context_get_user)
+ hidden_proto(sepol_context_set_mls)
+ hidden_proto(sepol_context_set_role)
+ hidden_proto(sepol_context_set_type)
+ hidden_proto(sepol_context_set_user)
+#endif
diff --git a/libsepol/src/context_record.c b/libsepol/src/context_record.c
new file mode 100644
index 0000000..ac2884a
--- /dev/null
+++ b/libsepol/src/context_record.c
@@ -0,0 +1,324 @@
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "context_internal.h"
+#include "debug.h"
+
+struct sepol_context {
+
+ /* Selinux user */
+ char *user;
+
+ /* Selinux role */
+ char *role;
+
+ /* Selinux type */
+ char *type;
+
+ /* MLS */
+ char *mls;
+};
+
+/* User */
+const char *sepol_context_get_user(const sepol_context_t * con)
+{
+
+ return con->user;
+}
+
+hidden_def(sepol_context_get_user)
+
+int sepol_context_set_user(sepol_handle_t * handle,
+ sepol_context_t * con, const char *user)
+{
+
+ char *tmp_user = strdup(user);
+ if (!tmp_user) {
+ ERR(handle, "out of memory, could not set "
+ "context user to %s", user);
+ return STATUS_ERR;
+ }
+
+ free(con->user);
+ con->user = tmp_user;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_context_set_user)
+
+/* Role */
+const char *sepol_context_get_role(const sepol_context_t * con)
+{
+
+ return con->role;
+}
+
+hidden_def(sepol_context_get_role)
+
+int sepol_context_set_role(sepol_handle_t * handle,
+ sepol_context_t * con, const char *role)
+{
+
+ char *tmp_role = strdup(role);
+ if (!tmp_role) {
+ ERR(handle, "out of memory, could not set "
+ "context role to %s", role);
+ return STATUS_ERR;
+ }
+ free(con->role);
+ con->role = tmp_role;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_context_set_role)
+
+/* Type */
+const char *sepol_context_get_type(const sepol_context_t * con)
+{
+
+ return con->type;
+}
+
+hidden_def(sepol_context_get_type)
+
+int sepol_context_set_type(sepol_handle_t * handle,
+ sepol_context_t * con, const char *type)
+{
+
+ char *tmp_type = strdup(type);
+ if (!tmp_type) {
+ ERR(handle, "out of memory, could not set "
+ "context type to %s", type);
+ return STATUS_ERR;
+ }
+ free(con->type);
+ con->type = tmp_type;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_context_set_type)
+
+/* MLS */
+const char *sepol_context_get_mls(const sepol_context_t * con)
+{
+
+ return con->mls;
+}
+
+hidden_def(sepol_context_get_mls)
+
+int sepol_context_set_mls(sepol_handle_t * handle,
+ sepol_context_t * con, const char *mls)
+{
+
+ char *tmp_mls = strdup(mls);
+ if (!tmp_mls) {
+ ERR(handle, "out of memory, could not set "
+ "MLS fields to %s", mls);
+ return STATUS_ERR;
+ }
+ free(con->mls);
+ con->mls = tmp_mls;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_context_set_mls)
+
+/* Create */
+int sepol_context_create(sepol_handle_t * handle, sepol_context_t ** con_ptr)
+{
+
+ sepol_context_t *con =
+ (sepol_context_t *) malloc(sizeof(sepol_context_t));
+
+ if (!con) {
+ ERR(handle, "out of memory, could not " "create context\n");
+ return STATUS_ERR;
+ }
+
+ con->user = NULL;
+ con->role = NULL;
+ con->type = NULL;
+ con->mls = NULL;
+ *con_ptr = con;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_context_create)
+
+/* Deep copy clone */
+int sepol_context_clone(sepol_handle_t * handle,
+ const sepol_context_t * con, sepol_context_t ** con_ptr)
+{
+
+ sepol_context_t *new_con = NULL;
+
+ if (!con) {
+ *con_ptr = NULL;
+ return 0;
+ }
+
+ if (sepol_context_create(handle, &new_con) < 0)
+ goto err;
+
+ if (!(new_con->user = strdup(con->user)))
+ goto omem;
+
+ if (!(new_con->role = strdup(con->role)))
+ goto omem;
+
+ if (!(new_con->type = strdup(con->type)))
+ goto omem;
+
+ if (con->mls && !(new_con->mls = strdup(con->mls)))
+ goto omem;
+
+ *con_ptr = new_con;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not clone context record");
+ sepol_context_free(new_con);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_context_clone)
+
+/* Destroy */
+void sepol_context_free(sepol_context_t * con)
+{
+
+ if (!con)
+ return;
+
+ free(con->user);
+ free(con->role);
+ free(con->type);
+ free(con->mls);
+ free(con);
+}
+
+hidden_def(sepol_context_free)
+
+int sepol_context_from_string(sepol_handle_t * handle,
+ const char *str, sepol_context_t ** con)
+{
+
+ char *tmp = NULL, *low, *high;
+ sepol_context_t *tmp_con = NULL;
+
+ if (!strcmp(str, "<<none>>")) {
+ *con = NULL;
+ return STATUS_SUCCESS;
+ }
+
+ if (sepol_context_create(handle, &tmp_con) < 0)
+ goto err;
+
+ /* Working copy context */
+ tmp = strdup(str);
+ if (!tmp) {
+ ERR(handle, "out of memory");
+ goto err;
+ }
+ low = tmp;
+
+ /* Then, break it into its components */
+
+ /* User */
+ if (!(high = strchr(low, ':')))
+ goto mcontext;
+ else
+ *high++ = '\0';
+ if (sepol_context_set_user(handle, tmp_con, low) < 0)
+ goto err;
+ low = high;
+
+ /* Role */
+ if (!(high = strchr(low, ':')))
+ goto mcontext;
+ else
+ *high++ = '\0';
+ if (sepol_context_set_role(handle, tmp_con, low) < 0)
+ goto err;
+ low = high;
+
+ /* Type, and possibly MLS */
+ if (!(high = strchr(low, ':'))) {
+ if (sepol_context_set_type(handle, tmp_con, low) < 0)
+ goto err;
+ } else {
+ *high++ = '\0';
+ if (sepol_context_set_type(handle, tmp_con, low) < 0)
+ goto err;
+ low = high;
+ if (sepol_context_set_mls(handle, tmp_con, low) < 0)
+ goto err;
+ }
+
+ free(tmp);
+ *con = tmp_con;
+
+ return STATUS_SUCCESS;
+
+ mcontext:
+ errno = EINVAL;
+ ERR(handle, "malformed context \"%s\"", str);
+
+ err:
+ ERR(handle, "could not construct context from string");
+ free(tmp);
+ sepol_context_free(tmp_con);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_context_from_string)
+
+int sepol_context_to_string(sepol_handle_t * handle,
+ const sepol_context_t * con, char **str_ptr)
+{
+
+ int rc;
+ const int user_sz = strlen(con->user);
+ const int role_sz = strlen(con->role);
+ const int type_sz = strlen(con->type);
+ const int mls_sz = (con->mls) ? strlen(con->mls) : 0;
+ const int total_sz = user_sz + role_sz + type_sz +
+ mls_sz + ((con->mls) ? 3 : 2);
+
+ char *str = (char *)malloc(total_sz + 1);
+ if (!str)
+ goto omem;
+
+ if (con->mls) {
+ rc = snprintf(str, total_sz + 1, "%s:%s:%s:%s",
+ con->user, con->role, con->type, con->mls);
+ if (rc < 0 || (rc >= total_sz + 1)) {
+ ERR(handle, "print error");
+ goto err;
+ }
+ } else {
+ rc = snprintf(str, total_sz + 1, "%s:%s:%s",
+ con->user, con->role, con->type);
+ if (rc < 0 || (rc >= total_sz + 1)) {
+ ERR(handle, "print error");
+ goto err;
+ }
+ }
+
+ *str_ptr = str;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not convert context to string");
+ free(str);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/debug.c b/libsepol/src/debug.c
new file mode 100644
index 0000000..552b7d7
--- /dev/null
+++ b/libsepol/src/debug.c
@@ -0,0 +1,89 @@
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "handle.h"
+#include "debug.h"
+
+/* Deprecated */
+struct sepol_handle sepol_compat_handle = {
+ .msg_callback = sepol_msg_default_handler,
+ .msg_callback_arg = NULL,
+};
+
+void sepol_debug(int on)
+{
+ sepol_compat_handle.msg_callback = (on) ?
+ sepol_msg_default_handler : NULL;
+}
+
+/* End deprecated */
+
+int sepol_msg_get_level(sepol_handle_t * handle)
+{
+ return handle->msg_level;
+}
+
+hidden_def(sepol_msg_get_level)
+
+const char *sepol_msg_get_channel(sepol_handle_t * handle)
+{
+ return handle->msg_channel;
+}
+
+hidden_def(sepol_msg_get_channel)
+
+const char *sepol_msg_get_fname(sepol_handle_t * handle)
+{
+ return handle->msg_fname;
+}
+
+hidden_def(sepol_msg_get_fname)
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+void hidden sepol_msg_default_handler(void *varg,
+ sepol_handle_t * handle,
+ const char *fmt, ...)
+{
+
+ FILE *stream = NULL;
+
+ switch (sepol_msg_get_level(handle)) {
+
+ case SEPOL_MSG_ERR:
+ case SEPOL_MSG_WARN:
+ stream = stderr;
+ break;
+ case SEPOL_MSG_INFO:
+ default:
+ stream = stdout;
+ break;
+ }
+
+ fprintf(stream, "%s.%s: ",
+ sepol_msg_get_channel(handle), sepol_msg_get_fname(handle));
+
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stream, fmt, ap);
+ va_end(ap);
+
+ fprintf(stream, "\n");
+
+ varg = NULL;
+}
+
+extern void sepol_msg_set_callback(sepol_handle_t * handle,
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ sepol_handle_t *
+ handle,
+ const char *fmt, ...),
+ void *msg_callback_arg)
+{
+
+ handle->msg_callback = msg_callback;
+ handle->msg_callback_arg = msg_callback_arg;
+}
diff --git a/libsepol/src/debug.h b/libsepol/src/debug.h
new file mode 100644
index 0000000..56b397b
--- /dev/null
+++ b/libsepol/src/debug.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_INTERNAL_DEBUG_H_
+#define _SEPOL_INTERNAL_DEBUG_H_
+
+#include <stdio.h>
+#include <sepol/debug.h>
+#include "dso.h"
+#include "handle.h"
+
+#define STATUS_SUCCESS 0
+#define STATUS_ERR -1
+#define STATUS_NODATA 1
+
+/* FIXME: this needs to become a real function. Declaring variables
+ * in a macro is _evil_ as it can shadow other variables in local scope.
+ * The variable h has been renamed to _sepol_h to reduce this chance, but
+ * it is still wrong.
+ */
+#define msg_write(handle_arg, level_arg, \
+ channel_arg, func_arg, ...) do { \
+ sepol_handle_t *_sepol_h = (handle_arg) ?: &sepol_compat_handle; \
+ if (_sepol_h->msg_callback) { \
+ _sepol_h->msg_fname = func_arg; \
+ _sepol_h->msg_channel = channel_arg; \
+ _sepol_h->msg_level = level_arg; \
+ \
+ _sepol_h->msg_callback( \
+ _sepol_h->msg_callback_arg, \
+ _sepol_h, __VA_ARGS__); \
+ } \
+ } while(0)
+
+#define ERR(handle, ...) \
+ msg_write(handle, SEPOL_MSG_ERR, "libsepol", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define INFO(handle, ...) \
+ msg_write(handle, SEPOL_MSG_INFO, "libsepol", \
+ __FUNCTION__, __VA_ARGS__)
+
+#define WARN(handle, ...) \
+ msg_write(handle, SEPOL_MSG_WARN, "libsepol", \
+ __FUNCTION__, __VA_ARGS__)
+
+#ifdef __GNUC__
+__attribute__ ((format(printf, 3, 4)))
+#endif
+extern void hidden sepol_msg_default_handler(void *varg,
+ sepol_handle_t * msg,
+ const char *fmt, ...);
+
+extern struct sepol_handle sepol_compat_handle;
+
+hidden_proto(sepol_msg_get_channel)
+ hidden_proto(sepol_msg_get_fname)
+ hidden_proto(sepol_msg_get_level)
+#endif
diff --git a/libsepol/src/dso.h b/libsepol/src/dso.h
new file mode 100644
index 0000000..5c69aae
--- /dev/null
+++ b/libsepol/src/dso.h
@@ -0,0 +1,23 @@
+#ifndef _SEPOL_DSO_H
+#define _SEPOL_DSO_H 1
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal) \
+ extern __typeof (fct) internal; \
+ extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif
diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
new file mode 100644
index 0000000..cc6a915
--- /dev/null
+++ b/libsepol/src/ebitmap.c
@@ -0,0 +1,368 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * Implementation of the extensible bitmap type.
+ */
+
+#include <stdlib.h>
+
+#include <sepol/policydb/ebitmap.h>
+#include <sepol/policydb/policydb.h>
+
+#include "debug.h"
+#include "private.h"
+
+int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2, *new, *prev;
+
+ ebitmap_init(dst);
+
+ n1 = e1->node;
+ n2 = e2->node;
+ prev = 0;
+ while (n1 || n2) {
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new) {
+ ebitmap_destroy(dst);
+ return -ENOMEM;
+ }
+ memset(new, 0, sizeof(ebitmap_node_t));
+ if (n1 && n2 && n1->startbit == n2->startbit) {
+ new->startbit = n1->startbit;
+ new->map = n1->map | n2->map;
+ n1 = n1->next;
+ n2 = n2->next;
+ } else if (!n2 || (n1 && n1->startbit < n2->startbit)) {
+ new->startbit = n1->startbit;
+ new->map = n1->map;
+ n1 = n1->next;
+ } else {
+ new->startbit = n2->startbit;
+ new->map = n2->map;
+ n2 = n2->next;
+ }
+
+ new->next = 0;
+ if (prev)
+ prev->next = new;
+ else
+ dst->node = new;
+ prev = new;
+ }
+
+ dst->highbit = (e1->highbit > e2->highbit) ? e1->highbit : e2->highbit;
+ return 0;
+}
+
+int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1)
+{
+ ebitmap_t tmp;
+
+ if (ebitmap_or(&tmp, dst, e1))
+ return -1;
+ ebitmap_destroy(dst);
+ dst->node = tmp.node;
+ dst->highbit = tmp.highbit;
+
+ return 0;
+}
+
+int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2;
+
+ if (e1->highbit != e2->highbit)
+ return 0;
+
+ n1 = e1->node;
+ n2 = e2->node;
+ while (n1 && n2 &&
+ (n1->startbit == n2->startbit) && (n1->map == n2->map)) {
+ n1 = n1->next;
+ n2 = n2->next;
+ }
+
+ if (n1 || n2)
+ return 0;
+
+ return 1;
+}
+
+int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
+{
+ ebitmap_node_t *n, *new, *prev;
+
+ ebitmap_init(dst);
+ n = src->node;
+ prev = 0;
+ while (n) {
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new) {
+ ebitmap_destroy(dst);
+ return -ENOMEM;
+ }
+ memset(new, 0, sizeof(ebitmap_node_t));
+ new->startbit = n->startbit;
+ new->map = n->map;
+ new->next = 0;
+ if (prev)
+ prev->next = new;
+ else
+ dst->node = new;
+ prev = new;
+ n = n->next;
+ }
+
+ dst->highbit = src->highbit;
+ return 0;
+}
+
+int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
+{
+ ebitmap_node_t *n1, *n2;
+
+ if (e1->highbit < e2->highbit)
+ return 0;
+
+ n1 = e1->node;
+ n2 = e2->node;
+ while (n1 && n2 && (n1->startbit <= n2->startbit)) {
+ if (n1->startbit < n2->startbit) {
+ n1 = n1->next;
+ continue;
+ }
+ if ((n1->map & n2->map) != n2->map)
+ return 0;
+
+ n1 = n1->next;
+ n2 = n2->next;
+ }
+
+ if (n2)
+ return 0;
+
+ return 1;
+}
+
+int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
+{
+ ebitmap_node_t *n;
+
+ if (e->highbit < bit)
+ return 0;
+
+ n = e->node;
+ while (n && (n->startbit <= bit)) {
+ if ((n->startbit + MAPSIZE) > bit) {
+ if (n->map & (MAPBIT << (bit - n->startbit)))
+ return 1;
+ else
+ return 0;
+ }
+ n = n->next;
+ }
+
+ return 0;
+}
+
+int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value)
+{
+ ebitmap_node_t *n, *prev, *new;
+ uint32_t startbit = bit & ~(MAPSIZE - 1);
+ uint32_t highbit = startbit + MAPSIZE;
+
+ if (highbit == 0) {
+ ERR(NULL, "bitmap overflow, bit 0x%x", bit);
+ return -EINVAL;
+ }
+
+ prev = 0;
+ n = e->node;
+ while (n && n->startbit <= bit) {
+ if ((n->startbit + MAPSIZE) > bit) {
+ if (value) {
+ n->map |= (MAPBIT << (bit - n->startbit));
+ } else {
+ n->map &= ~(MAPBIT << (bit - n->startbit));
+ if (!n->map) {
+ /* drop this node from the bitmap */
+
+ if (!n->next) {
+ /*
+ * this was the highest map
+ * within the bitmap
+ */
+ if (prev)
+ e->highbit =
+ prev->startbit +
+ MAPSIZE;
+ else
+ e->highbit = 0;
+ }
+ if (prev)
+ prev->next = n->next;
+ else
+ e->node = n->next;
+
+ free(n);
+ }
+ }
+ return 0;
+ }
+ prev = n;
+ n = n->next;
+ }
+
+ if (!value)
+ return 0;
+
+ new = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!new)
+ return -ENOMEM;
+ memset(new, 0, sizeof(ebitmap_node_t));
+
+ new->startbit = startbit;
+ new->map = (MAPBIT << (bit - new->startbit));
+
+ if (!n) {
+ /* this node will be the highest map within the bitmap */
+ e->highbit = highbit;
+ }
+
+ if (prev) {
+ new->next = prev->next;
+ prev->next = new;
+ } else {
+ new->next = e->node;
+ e->node = new;
+ }
+
+ return 0;
+}
+
+void ebitmap_destroy(ebitmap_t * e)
+{
+ ebitmap_node_t *n, *temp;
+
+ if (!e)
+ return;
+
+ n = e->node;
+ while (n) {
+ temp = n;
+ n = n->next;
+ free(temp);
+ }
+
+ e->highbit = 0;
+ e->node = 0;
+ return;
+}
+
+int ebitmap_read(ebitmap_t * e, void *fp)
+{
+ int rc;
+ ebitmap_node_t *n, *l;
+ uint32_t buf[3], mapsize, count, i;
+ uint64_t map;
+
+ ebitmap_init(e);
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
+ if (rc < 0)
+ goto bad;
+
+ mapsize = le32_to_cpu(buf[0]);
+ e->highbit = le32_to_cpu(buf[1]);
+ count = le32_to_cpu(buf[2]);
+
+ if (mapsize != MAPSIZE) {
+ printf
+ ("security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n",
+ mapsize, MAPSIZE, e->highbit);
+ goto bad;
+ }
+ if (!e->highbit) {
+ e->node = NULL;
+ goto ok;
+ }
+ if (e->highbit & (MAPSIZE - 1)) {
+ printf
+ ("security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n",
+ e->highbit, MAPSIZE);
+ goto bad;
+ }
+ l = NULL;
+ for (i = 0; i < count; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ printf("security: ebitmap: truncated map\n");
+ goto bad;
+ }
+ n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+ if (!n) {
+ printf("security: ebitmap: out of memory\n");
+ rc = -ENOMEM;
+ goto bad;
+ }
+ memset(n, 0, sizeof(ebitmap_node_t));
+
+ n->startbit = le32_to_cpu(buf[0]);
+
+ if (n->startbit & (MAPSIZE - 1)) {
+ printf
+ ("security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n",
+ n->startbit, MAPSIZE);
+ goto bad_free;
+ }
+ if (n->startbit > (e->highbit - MAPSIZE)) {
+ printf
+ ("security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n",
+ n->startbit, (e->highbit - MAPSIZE));
+ goto bad_free;
+ }
+ rc = next_entry(&map, fp, sizeof(uint64_t));
+ if (rc < 0) {
+ printf("security: ebitmap: truncated map\n");
+ goto bad_free;
+ }
+ n->map = le64_to_cpu(map);
+
+ if (!n->map) {
+ printf
+ ("security: ebitmap: null map in ebitmap (startbit %d)\n",
+ n->startbit);
+ goto bad_free;
+ }
+ if (l) {
+ if (n->startbit <= l->startbit) {
+ printf
+ ("security: ebitmap: start bit %d comes after start bit %d\n",
+ n->startbit, l->startbit);
+ goto bad_free;
+ }
+ l->next = n;
+ } else
+ e->node = n;
+
+ l = n;
+ }
+
+ ok:
+ rc = 0;
+ out:
+ return rc;
+ bad_free:
+ free(n);
+ bad:
+ if (!rc)
+ rc = -EINVAL;
+ ebitmap_destroy(e);
+ goto out;
+}
+
+/* FLASK */
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
new file mode 100644
index 0000000..3194f8a
--- /dev/null
+++ b/libsepol/src/expand.c
@@ -0,0 +1,2801 @@
+/* Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ * Jason Tang <jtang@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "context.h"
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/avrule_block.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include "debug.h"
+#include "private.h"
+
+typedef struct expand_state {
+ int verbose;
+ uint32_t *typemap;
+ uint32_t *boolmap;
+ uint32_t *rolemap;
+ uint32_t *usermap;
+ policydb_t *base;
+ policydb_t *out;
+ sepol_handle_t *handle;
+ int expand_neverallow;
+} expand_state_t;
+
+static void expand_state_init(expand_state_t * state)
+{
+ memset(state, 0, sizeof(expand_state_t));
+}
+
+static int map_ebitmap(ebitmap_t * src, ebitmap_t * dst, uint32_t * map)
+{
+ unsigned int i;
+ ebitmap_node_t *tnode;
+ ebitmap_init(dst);
+
+ ebitmap_for_each_bit(src, tnode, i) {
+ if (!ebitmap_node_get_bit(tnode, i))
+ continue;
+ if (!map[i])
+ continue;
+ if (ebitmap_set_bit(dst, map[i] - 1, 1))
+ return -1;
+ }
+ return 0;
+}
+
+static int type_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ type_datum_t *type, *new_type;
+ expand_state_t *state;
+
+ id = (char *)key;
+ type = (type_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if ((type->flavor == TYPE_TYPE && !type->primary)
+ || type->flavor == TYPE_ALIAS) {
+ /* aliases are handled later */
+ return 0;
+ }
+ if (!is_id_enabled(id, state->base, SYM_TYPES)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying type or attribute %s", id);
+
+ new_id = strdup(id);
+ if (new_id == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ new_type = (type_datum_t *) malloc(sizeof(type_datum_t));
+ if (!new_type) {
+ ERR(state->handle, "Out of memory!");
+ free(new_id);
+ return SEPOL_ENOMEM;
+ }
+ memset(new_type, 0, sizeof(type_datum_t));
+
+ new_type->flavor = type->flavor;
+ new_type->flags = type->flags;
+ new_type->s.value = ++state->out->p_types.nprim;
+ if (new_type->s.value > UINT16_MAX) {
+ free(new_id);
+ free(new_type);
+ ERR(state->handle, "type space overflow");
+ return -1;
+ }
+ new_type->primary = 1;
+ state->typemap[type->s.value - 1] = new_type->s.value;
+
+ ret = hashtab_insert(state->out->p_types.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_type);
+ if (ret) {
+ free(new_id);
+ free(new_type);
+ ERR(state->handle, "hashtab overflow");
+ return -1;
+ }
+
+ if (new_type->flags & TYPE_FLAGS_PERMISSIVE)
+ if (ebitmap_set_bit(&state->out->permissive_map, new_type->s.value, 1)) {
+ ERR(state->handle, "Out of memory!\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int attr_convert_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id;
+ type_datum_t *type, *new_type;
+ expand_state_t *state;
+ ebitmap_t tmp_union;
+
+ id = (char *)key;
+ type = (type_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (type->flavor != TYPE_ATTRIB)
+ return 0;
+
+ if (!is_id_enabled(id, state->base, SYM_TYPES)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "converting attribute %s", id);
+
+ new_type = hashtab_search(state->out->p_types.table, id);
+ if (!new_type) {
+ ERR(state->handle, "attribute %s vanished!", id);
+ return -1;
+ }
+ if (map_ebitmap(&type->types, &tmp_union, state->typemap)) {
+ ERR(state->handle, "out of memory");
+ return -1;
+ }
+
+ /* then union tmp_union onto &new_type->types */
+ if (ebitmap_union(&new_type->types, &tmp_union)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ ebitmap_destroy(&tmp_union);
+
+ return 0;
+}
+
+static int perm_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ symtab_t *s;
+ perm_datum_t *perm, *new_perm;
+
+ id = key;
+ perm = (perm_datum_t *) datum;
+ s = (symtab_t *) data;
+
+ new_perm = (perm_datum_t *) malloc(sizeof(perm_datum_t));
+ if (!new_perm) {
+ return -1;
+ }
+ memset(new_perm, 0, sizeof(perm_datum_t));
+
+ new_id = strdup(id);
+ if (!new_id) {
+ free(new_perm);
+ return -1;
+ }
+
+ new_perm->s.value = perm->s.value;
+ s->nprim++;
+
+ ret = hashtab_insert(s->table, new_id, (hashtab_datum_t *) new_perm);
+ if (ret) {
+ free(new_id);
+ free(new_perm);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int common_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ common_datum_t *common, *new_common;
+ expand_state_t *state;
+
+ id = (char *)key;
+ common = (common_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (state->verbose)
+ INFO(state->handle, "copying common %s", id);
+
+ new_common = (common_datum_t *) malloc(sizeof(common_datum_t));
+ if (!new_common) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(new_common, 0, sizeof(common_datum_t));
+ if (symtab_init(&new_common->permissions, PERM_SYMTAB_SIZE)) {
+ ERR(state->handle, "Out of memory!");
+ free(new_common);
+ return -1;
+ }
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ free(new_common);
+ return -1;
+ }
+
+ new_common->s.value = common->s.value;
+ state->out->p_commons.nprim++;
+
+ ret =
+ hashtab_insert(state->out->p_commons.table, new_id,
+ (hashtab_datum_t *) new_common);
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ free(new_common);
+ free(new_id);
+ return -1;
+ }
+
+ if (hashtab_map
+ (common->permissions.table, perm_copy_callback,
+ &new_common->permissions)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int constraint_node_clone(constraint_node_t ** dst,
+ constraint_node_t * src,
+ expand_state_t * state)
+{
+ constraint_node_t *new_con = NULL, *last_new_con = NULL;
+ constraint_expr_t *new_expr = NULL;
+ *dst = NULL;
+ while (src != NULL) {
+ constraint_expr_t *expr, *expr_l = NULL;
+ new_con =
+ (constraint_node_t *) malloc(sizeof(constraint_node_t));
+ if (!new_con) {
+ goto out_of_mem;
+ }
+ memset(new_con, 0, sizeof(constraint_node_t));
+ new_con->permissions = src->permissions;
+ for (expr = src->expr; expr; expr = expr->next) {
+ if ((new_expr = calloc(1, sizeof(*new_expr))) == NULL) {
+ goto out_of_mem;
+ }
+ if (constraint_expr_init(new_expr) == -1) {
+ goto out_of_mem;
+ }
+ new_expr->expr_type = expr->expr_type;
+ new_expr->attr = expr->attr;
+ new_expr->op = expr->op;
+ if (new_expr->expr_type == CEXPR_NAMES) {
+ if (new_expr->attr & CEXPR_TYPE) {
+ /* Type sets require expansion and conversion. */
+ if (expand_convert_type_set(state->out,
+ state->
+ typemap,
+ expr->
+ type_names,
+ &new_expr->
+ names, 1)) {
+ goto out_of_mem;
+ }
+ } else if (new_expr->attr & CEXPR_ROLE) {
+ if (map_ebitmap(&expr->names, &new_expr->names, state->rolemap)) {
+ goto out_of_mem;
+ }
+ } else if (new_expr->attr & CEXPR_USER) {
+ if (map_ebitmap(&expr->names, &new_expr->names, state->usermap)) {
+ goto out_of_mem;
+ }
+ } else {
+ /* Other kinds of sets do not. */
+ if (ebitmap_cpy(&new_expr->names,
+ &expr->names)) {
+ goto out_of_mem;
+ }
+ }
+ }
+ if (expr_l) {
+ expr_l->next = new_expr;
+ } else {
+ new_con->expr = new_expr;
+ }
+ expr_l = new_expr;
+ new_expr = NULL;
+ }
+ if (last_new_con == NULL) {
+ *dst = new_con;
+ } else {
+ last_new_con->next = new_con;
+ }
+ last_new_con = new_con;
+ src = src->next;
+ }
+
+ return 0;
+ out_of_mem:
+ ERR(state->handle, "Out of memory!");
+ if (new_con)
+ free(new_con);
+ constraint_expr_destroy(new_expr);
+ return -1;
+}
+
+static int class_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ class_datum_t *class, *new_class;
+ expand_state_t *state;
+
+ id = (char *)key;
+ class = (class_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (!is_id_enabled(id, state->base, SYM_CLASSES)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying class %s", id);
+
+ new_class = (class_datum_t *) malloc(sizeof(class_datum_t));
+ if (!new_class) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(new_class, 0, sizeof(class_datum_t));
+ if (symtab_init(&new_class->permissions, PERM_SYMTAB_SIZE)) {
+ ERR(state->handle, "Out of memory!");
+ free(new_class);
+ return -1;
+ }
+
+ new_class->s.value = class->s.value;
+ state->out->p_classes.nprim++;
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ free(new_class);
+ return -1;
+ }
+
+ ret =
+ hashtab_insert(state->out->p_classes.table, new_id,
+ (hashtab_datum_t *) new_class);
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ free(new_class);
+ free(new_id);
+ return -1;
+ }
+
+ if (hashtab_map
+ (class->permissions.table, perm_copy_callback,
+ &new_class->permissions)) {
+ ERR(state->handle, "hashtab overflow");
+ return -1;
+ }
+
+ if (class->comkey) {
+ new_class->comkey = strdup(class->comkey);
+ if (!new_class->comkey) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ new_class->comdatum =
+ hashtab_search(state->out->p_commons.table,
+ new_class->comkey);
+ if (!new_class->comdatum) {
+ ERR(state->handle, "could not find common datum %s",
+ new_class->comkey);
+ return -1;
+ }
+ new_class->permissions.nprim +=
+ new_class->comdatum->permissions.nprim;
+ }
+
+ return 0;
+}
+
+static int constraint_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id;
+ class_datum_t *class, *new_class;
+ expand_state_t *state;
+
+ id = (char *)key;
+ class = (class_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ new_class = hashtab_search(state->out->p_classes.table, id);
+ if (!new_class) {
+ ERR(state->handle, "class %s vanished", id);
+ return -1;
+ }
+
+ /* constraints */
+ if (constraint_node_clone
+ (&new_class->constraints, class->constraints, state) == -1
+ || constraint_node_clone(&new_class->validatetrans,
+ class->validatetrans, state) == -1) {
+ return -1;
+ }
+ return 0;
+}
+
+/* The aliases have to be copied after the types and attributes to be certain that
+ * the out symbol table will have the type that the alias refers. Otherwise, we
+ * won't be able to find the type value for the alias. We can't depend on the
+ * declaration ordering because of the hash table.
+ */
+static int alias_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ type_datum_t *alias, *new_alias;
+ expand_state_t *state;
+
+ id = (char *)key;
+ alias = (type_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ /* ignore regular types */
+ if (alias->flavor == TYPE_TYPE && alias->primary)
+ return 0;
+
+ /* ignore attributes */
+ if (alias->flavor == TYPE_ATTRIB)
+ return 0;
+
+ if (state->verbose)
+ INFO(state->handle, "copying alias %s", id);
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ new_alias = (type_datum_t *) malloc(sizeof(type_datum_t));
+ if (!new_alias) {
+ ERR(state->handle, "Out of memory!");
+ free(new_id);
+ return SEPOL_ENOMEM;
+ }
+ memset(new_alias, 0, sizeof(type_datum_t));
+ if (alias->flavor == TYPE_TYPE)
+ new_alias->s.value = state->typemap[alias->s.value - 1];
+ else if (alias->flavor == TYPE_ALIAS)
+ new_alias->s.value = state->typemap[alias->primary - 1];
+ else
+ assert(0); /* unreachable */
+
+ new_alias->flags = alias->flags;
+
+ ret = hashtab_insert(state->out->p_types.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_alias);
+
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ free(new_alias);
+ free(new_id);
+ return -1;
+ }
+
+ state->typemap[alias->s.value - 1] = new_alias->s.value;
+
+ if (new_alias->flags & TYPE_FLAGS_PERMISSIVE)
+ if (ebitmap_set_bit(&state->out->permissive_map, new_alias->s.value, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int role_remap_dominates(hashtab_key_t key __attribute__ ((unused)), hashtab_datum_t datum, void *data)
+{
+ ebitmap_t mapped_roles;
+ role_datum_t *role = (role_datum_t *) datum;
+ expand_state_t *state = (expand_state_t *) data;
+
+ if (map_ebitmap(&role->dominates, &mapped_roles, state->rolemap))
+ return -1;
+
+ ebitmap_destroy(&role->dominates);
+
+ if (ebitmap_cpy(&role->dominates, &mapped_roles))
+ return -1;
+
+ ebitmap_destroy(&mapped_roles);
+
+ return 0;
+}
+
+static int role_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id, *new_id;
+ role_datum_t *role;
+ role_datum_t *new_role;
+ expand_state_t *state;
+ ebitmap_t tmp_union_types;
+
+ id = key;
+ role = (role_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (strcmp(id, OBJECT_R) == 0) {
+ /* object_r is always value 1 */
+ state->rolemap[role->s.value - 1] = 1;
+ return 0;
+ }
+
+ if (!is_id_enabled(id, state->base, SYM_ROLES)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying role %s", id);
+
+ new_role =
+ (role_datum_t *) hashtab_search(state->out->p_roles.table, id);
+ if (!new_role) {
+ new_role = (role_datum_t *) malloc(sizeof(role_datum_t));
+ if (!new_role) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(new_role, 0, sizeof(role_datum_t));
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ state->out->p_roles.nprim++;
+ new_role->s.value = state->out->p_roles.nprim;
+ state->rolemap[role->s.value - 1] = new_role->s.value;
+ ret = hashtab_insert(state->out->p_roles.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_role);
+
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ free(new_role);
+ free(new_id);
+ return -1;
+ }
+ }
+
+ /* The dominates bitmap is going to be wrong for the moment,
+ * we'll come back later and remap them, after we are sure all
+ * the roles have been added */
+ if (ebitmap_union(&new_role->dominates, &role->dominates)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ ebitmap_init(&tmp_union_types);
+
+ /* convert types in the role datum in the global symtab */
+ if (expand_convert_type_set
+ (state->out, state->typemap, &role->types, &tmp_union_types, 1)) {
+ ebitmap_destroy(&tmp_union_types);
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ if (ebitmap_union(&new_role->types.types, &tmp_union_types)) {
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&tmp_union_types);
+ return -1;
+ }
+ ebitmap_destroy(&tmp_union_types);
+
+ return 0;
+}
+
+int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
+ policydb_t * p, sepol_handle_t * h)
+{
+ mls_semantic_cat_t *cat;
+ level_datum_t *levdatum;
+ unsigned int i;
+
+ mls_level_init(l);
+
+ if (!p->mls)
+ return 0;
+
+ /* Required not declared. */
+ if (!sl->sens)
+ return 0;
+
+ l->sens = sl->sens;
+ levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
+ p->p_sens_val_to_name[l->
+ sens -
+ 1]);
+ for (cat = sl->cat; cat; cat = cat->next) {
+ if (cat->low > cat->high) {
+ ERR(h, "Category range is not valid %s.%s",
+ p->p_cat_val_to_name[cat->low - 1],
+ p->p_cat_val_to_name[cat->high - 1]);
+ return -1;
+ }
+ for (i = cat->low - 1; i < cat->high; i++) {
+ if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
+ ERR(h, "Category %s can not be associate with "
+ "level %s",
+ p->p_cat_val_to_name[i],
+ p->p_sens_val_to_name[l->sens - 1]);
+ }
+ if (ebitmap_set_bit(&l->cat, i, 1)) {
+ ERR(h, "Out of memory!");
+ return -1;
+ }
+ }
+ }
+
+ return 0;
+}
+
+int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r,
+ policydb_t * p, sepol_handle_t * h)
+{
+ if (mls_semantic_level_expand(&sr->level[0], &r->level[0], p, h) < 0)
+ return -1;
+
+ if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) {
+ mls_semantic_level_destroy(&sr->level[0]);
+ return -1;
+ }
+
+ if (!mls_level_dom(&r->level[1], &r->level[0])) {
+ mls_range_destroy(r);
+ ERR(h, "MLS range high level does not dominate low level");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int user_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ expand_state_t *state;
+ user_datum_t *user;
+ user_datum_t *new_user;
+ char *id, *new_id;
+ ebitmap_t tmp_union;
+
+ id = key;
+ user = (user_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (!is_id_enabled(id, state->base, SYM_USERS)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying user %s", id);
+
+ new_user =
+ (user_datum_t *) hashtab_search(state->out->p_users.table, id);
+ if (!new_user) {
+ new_user = (user_datum_t *) malloc(sizeof(user_datum_t));
+ if (!new_user) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(new_user, 0, sizeof(user_datum_t));
+
+ state->out->p_users.nprim++;
+ new_user->s.value = state->out->p_users.nprim;
+ state->usermap[user->s.value - 1] = new_user->s.value;
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ ret = hashtab_insert(state->out->p_users.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_user);
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ user_datum_destroy(new_user);
+ free(new_user);
+ free(new_id);
+ return -1;
+ }
+
+ /* expand the semantic MLS info */
+ if (mls_semantic_range_expand(&user->range,
+ &new_user->exp_range,
+ state->out, state->handle)) {
+ return -1;
+ }
+ if (mls_semantic_level_expand(&user->dfltlevel,
+ &new_user->exp_dfltlevel,
+ state->out, state->handle)) {
+ return -1;
+ }
+ if (!mls_level_between(&new_user->exp_dfltlevel,
+ &new_user->exp_range.level[0],
+ &new_user->exp_range.level[1])) {
+ ERR(state->handle, "default level not within user "
+ "range");
+ return -1;
+ }
+ } else {
+ /* require that the MLS info match */
+ mls_range_t tmp_range;
+ mls_level_t tmp_level;
+
+ if (mls_semantic_range_expand(&user->range, &tmp_range,
+ state->out, state->handle)) {
+ return -1;
+ }
+ if (mls_semantic_level_expand(&user->dfltlevel, &tmp_level,
+ state->out, state->handle)) {
+ mls_range_destroy(&tmp_range);
+ return -1;
+ }
+ if (!mls_range_eq(&new_user->exp_range, &tmp_range) ||
+ !mls_level_eq(&new_user->exp_dfltlevel, &tmp_level)) {
+ mls_range_destroy(&tmp_range);
+ mls_level_destroy(&tmp_level);
+ return -1;
+ }
+ mls_range_destroy(&tmp_range);
+ mls_level_destroy(&tmp_level);
+ }
+
+ ebitmap_init(&tmp_union);
+
+ /* get global roles for this user */
+ if (role_set_expand(&user->roles, &tmp_union, state->base, state->rolemap)) {
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&tmp_union);
+ return -1;
+ }
+
+ if (ebitmap_union(&new_user->roles.roles, &tmp_union)) {
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&tmp_union);
+ return -1;
+ }
+ ebitmap_destroy(&tmp_union);
+
+ return 0;
+}
+
+static int bool_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ expand_state_t *state;
+ cond_bool_datum_t *bool, *new_bool;
+ char *id, *new_id;
+
+ id = key;
+ bool = (cond_bool_datum_t *) datum;
+ state = (expand_state_t *) data;
+
+ if (!is_id_enabled(id, state->base, SYM_BOOLS)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying boolean %s", id);
+
+ new_bool = (cond_bool_datum_t *) malloc(sizeof(cond_bool_datum_t));
+ if (!new_bool) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ new_id = strdup(id);
+ if (!new_id) {
+ ERR(state->handle, "Out of memory!");
+ free(new_bool);
+ return -1;
+ }
+
+ state->out->p_bools.nprim++;
+ new_bool->s.value = state->out->p_bools.nprim;
+
+ ret = hashtab_insert(state->out->p_bools.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_bool);
+ if (ret) {
+ ERR(state->handle, "hashtab overflow");
+ free(new_bool);
+ free(new_id);
+ return -1;
+ }
+
+ state->boolmap[bool->s.value - 1] = new_bool->s.value;
+
+ new_bool->state = bool->state;
+
+ return 0;
+}
+
+static int sens_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ expand_state_t *state = (expand_state_t *) data;
+ level_datum_t *level = (level_datum_t *) datum, *new_level = NULL;
+ char *id = (char *)key, *new_id = NULL;
+
+ if (!is_id_enabled(id, state->base, SYM_LEVELS)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying sensitivity level %s", id);
+
+ new_level = (level_datum_t *) malloc(sizeof(level_datum_t));
+ if (!new_level)
+ goto out_of_mem;
+ level_datum_init(new_level);
+ new_level->level = (mls_level_t *) malloc(sizeof(mls_level_t));
+ if (!new_level->level)
+ goto out_of_mem;
+ mls_level_init(new_level->level);
+ new_id = strdup(id);
+ if (!new_id)
+ goto out_of_mem;
+
+ if (mls_level_cpy(new_level->level, level->level)) {
+ goto out_of_mem;
+ }
+ new_level->isalias = level->isalias;
+ state->out->p_levels.nprim++;
+
+ if (hashtab_insert(state->out->p_levels.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_level)) {
+ goto out_of_mem;
+ }
+ return 0;
+
+ out_of_mem:
+ ERR(state->handle, "Out of memory!");
+ if (new_level != NULL && new_level->level != NULL) {
+ mls_level_destroy(new_level->level);
+ free(new_level->level);
+ }
+ level_datum_destroy(new_level);
+ free(new_level);
+ free(new_id);
+ return -1;
+}
+
+static int cats_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ expand_state_t *state = (expand_state_t *) data;
+ cat_datum_t *cat = (cat_datum_t *) datum, *new_cat = NULL;
+ char *id = (char *)key, *new_id = NULL;
+
+ if (!is_id_enabled(id, state->base, SYM_CATS)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
+ if (state->verbose)
+ INFO(state->handle, "copying category attribute %s", id);
+
+ new_cat = (cat_datum_t *) malloc(sizeof(cat_datum_t));
+ if (!new_cat)
+ goto out_of_mem;
+ cat_datum_init(new_cat);
+ new_id = strdup(id);
+ if (!new_id)
+ goto out_of_mem;
+
+ new_cat->s.value = cat->s.value;
+ new_cat->isalias = cat->isalias;
+ state->out->p_cats.nprim++;
+ if (hashtab_insert(state->out->p_cats.table,
+ (hashtab_key_t) new_id, (hashtab_datum_t) new_cat)) {
+ goto out_of_mem;
+ }
+
+ return 0;
+
+ out_of_mem:
+ ERR(state->handle, "Out of memory!");
+ cat_datum_destroy(new_cat);
+ free(new_cat);
+ free(new_id);
+ return -1;
+}
+
+static int copy_role_allows(expand_state_t * state, role_allow_rule_t * rules)
+{
+ unsigned int i, j;
+ role_allow_t *cur_allow, *n, *l;
+ role_allow_rule_t *cur;
+ ebitmap_t roles, new_roles;
+ ebitmap_node_t *snode, *tnode;
+
+ /* start at the end of the list */
+ for (l = state->out->role_allow; l && l->next; l = l->next) ;
+
+ cur = rules;
+ while (cur) {
+ ebitmap_init(&roles);
+ ebitmap_init(&new_roles);
+
+ if (role_set_expand(&cur->roles, &roles, state->out, state->rolemap)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ if (role_set_expand(&cur->new_roles, &new_roles, state->out, state->rolemap)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ ebitmap_for_each_bit(&roles, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ ebitmap_for_each_bit(&new_roles, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ /* check for duplicates */
+ cur_allow = state->out->role_allow;
+ while (cur_allow) {
+ if ((cur_allow->role == i + 1) &&
+ (cur_allow->new_role == j + 1))
+ break;
+ cur_allow = cur_allow->next;
+ }
+ if (cur_allow)
+ continue;
+ n = (role_allow_t *)
+ malloc(sizeof(role_allow_t));
+ if (!n) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(n, 0, sizeof(role_allow_t));
+ n->role = i + 1;
+ n->new_role = j + 1;
+ if (l) {
+ l->next = n;
+ } else {
+ state->out->role_allow = n;
+ }
+ l = n;
+ }
+ }
+
+ ebitmap_destroy(&roles);
+ ebitmap_destroy(&new_roles);
+
+ cur = cur->next;
+ }
+
+ return 0;
+}
+
+static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
+{
+ unsigned int i, j;
+ role_trans_t *n, *l, *cur_trans;
+ role_trans_rule_t *cur;
+ ebitmap_t roles, types;
+ ebitmap_node_t *rnode, *tnode;
+
+ /* start at the end of the list */
+ for (l = state->out->role_tr; l && l->next; l = l->next) ;
+
+ cur = rules;
+ while (cur) {
+ ebitmap_init(&roles);
+ ebitmap_init(&types);
+
+ if (role_set_expand(&cur->roles, &roles, state->out, state->rolemap)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ if (expand_convert_type_set
+ (state->out, state->typemap, &cur->types, &types, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ ebitmap_for_each_bit(&roles, rnode, i) {
+ if (!ebitmap_node_get_bit(rnode, i))
+ continue;
+ ebitmap_for_each_bit(&types, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+
+ cur_trans = state->out->role_tr;
+ while (cur_trans) {
+ if ((cur_trans->role == i + 1) &&
+ (cur_trans->type == j + 1)) {
+ if (cur_trans->new_role ==
+ cur->new_role) {
+ break;
+ } else {
+ ERR(state->handle,
+ "Conflicting role trans rule %s %s : %s",
+ state->out->
+ p_role_val_to_name
+ [i],
+ state->out->
+ p_type_val_to_name
+ [j],
+ state->out->
+ p_role_val_to_name
+ [cur->new_role -
+ 1]);
+ return -1;
+ }
+ }
+ cur_trans = cur_trans->next;
+ }
+ if (cur_trans)
+ continue;
+
+ n = (role_trans_t *)
+ malloc(sizeof(role_trans_t));
+ if (!n) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(n, 0, sizeof(role_trans_t));
+ n->role = i + 1;
+ n->type = j + 1;
+ n->new_role = state->rolemap[cur->new_role - 1];
+ if (l) {
+ l->next = n;
+ } else {
+ state->out->role_tr = n;
+ }
+ l = n;
+ }
+ }
+
+ ebitmap_destroy(&roles);
+ ebitmap_destroy(&types);
+
+ cur = cur->next;
+ }
+ return 0;
+}
+
+static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
+ mls_semantic_range_t * trange,
+ expand_state_t * state)
+{
+ range_trans_t *rt, *check_rt = state->out->range_tr;
+ mls_range_t exp_range;
+ int rc = -1;
+
+ if (mls_semantic_range_expand(trange, &exp_range, state->out,
+ state->handle))
+ goto out;
+
+ /* check for duplicates/conflicts */
+ while (check_rt) {
+ if ((check_rt->source_type == stype) &&
+ (check_rt->target_type == ttype) &&
+ (check_rt->target_class == tclass)) {
+ if (mls_range_eq(&check_rt->target_range, &exp_range)) {
+ /* duplicate */
+ break;
+ } else {
+ /* conflict */
+ ERR(state->handle,
+ "Conflicting range trans rule %s %s : %s",
+ state->out->p_type_val_to_name[stype - 1],
+ state->out->p_type_val_to_name[ttype - 1],
+ state->out->p_class_val_to_name[tclass -
+ 1]);
+ goto out;
+ }
+ }
+ check_rt = check_rt->next;
+ }
+ if (check_rt) {
+ /* this is a dup - skip */
+ rc = 0;
+ goto out;
+ }
+
+ rt = (range_trans_t *) calloc(1, sizeof(range_trans_t));
+ if (!rt) {
+ ERR(state->handle, "Out of memory!");
+ goto out;
+ }
+
+ rt->next = state->out->range_tr;
+ state->out->range_tr = rt;
+
+ rt->source_type = stype;
+ rt->target_type = ttype;
+ rt->target_class = tclass;
+ if (mls_range_cpy(&rt->target_range, &exp_range)) {
+ ERR(state->handle, "Out of memory!");
+ goto out;
+ }
+
+ rc = 0;
+
+ out:
+ mls_range_destroy(&exp_range);
+ return rc;
+}
+
+static int expand_range_trans(expand_state_t * state,
+ range_trans_rule_t * rules)
+{
+ unsigned int i, j, k;
+ range_trans_rule_t *rule;
+
+ ebitmap_t stypes, ttypes;
+ ebitmap_node_t *snode, *tnode, *cnode;
+
+ if (state->verbose)
+ INFO(state->handle, "expanding range transitions");
+
+ for (rule = rules; rule; rule = rule->next) {
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ /* expand the type sets */
+ if (expand_convert_type_set(state->out, state->typemap,
+ &rule->stypes, &stypes, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ if (expand_convert_type_set(state->out, state->typemap,
+ &rule->ttypes, &ttypes, 1)) {
+ ebitmap_destroy(&stypes);
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ /* loop on source type */
+ ebitmap_for_each_bit(&stypes, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ /* loop on target type */
+ ebitmap_for_each_bit(&ttypes, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ /* loop on target class */
+ ebitmap_for_each_bit(&rule->tclasses, cnode, k) {
+ if (!ebitmap_node_get_bit(cnode, k))
+ continue;
+
+ if (exp_rangetr_helper(i + 1,
+ j + 1,
+ k + 1,
+ &rule->trange,
+ state)) {
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ return -1;
+ }
+ }
+ }
+ }
+
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ }
+
+ return 0;
+}
+
+/* Search for an AV tab node within a hash table with the given key.
+ * If the node does not exist, create it and return it; otherwise
+ * return the pre-existing one.
+*/
+static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
+ avtab_t * avtab, avtab_key_t * key,
+ cond_av_list_t ** cond)
+{
+ avtab_ptr_t node;
+ avtab_datum_t avdatum;
+ cond_av_list_t *nl;
+
+ node = avtab_search_node(avtab, key);
+
+ /* If this is for conditional policies, keep searching in case
+ the node is part of my conditional avtab. */
+ if (cond) {
+ while (node) {
+ if (node->parse_context == cond)
+ break;
+ node = avtab_search_node_next(node, key->specified);
+ }
+ }
+
+ if (!node) {
+ memset(&avdatum, 0, sizeof avdatum);
+ /* this is used to get the node - insertion is actually unique */
+ node = avtab_insert_nonunique(avtab, key, &avdatum);
+ if (!node) {
+ ERR(handle, "hash table overflow");
+ return NULL;
+ }
+ if (cond) {
+ node->parse_context = cond;
+ nl = (cond_av_list_t *) malloc(sizeof(cond_av_list_t));
+ if (!nl) {
+ ERR(handle, "Memory error");
+ return NULL;
+ }
+ memset(nl, 0, sizeof(cond_av_list_t));
+ nl->node = node;
+ nl->next = *cond;
+ *cond = nl;
+ }
+ }
+
+ return node;
+}
+
+#define EXPAND_RULE_SUCCESS 1
+#define EXPAND_RULE_CONFLICT 0
+#define EXPAND_RULE_ERROR -1
+
+static int expand_terule_helper(sepol_handle_t * handle,
+ policydb_t * p, uint32_t * typemap,
+ uint32_t specified, cond_av_list_t ** cond,
+ cond_av_list_t ** other, uint32_t stype,
+ uint32_t ttype, class_perm_node_t * perms,
+ avtab_t * avtab, int enabled)
+{
+ avtab_key_t avkey;
+ avtab_datum_t *avdatump;
+ avtab_ptr_t node;
+ class_perm_node_t *cur;
+ int conflict;
+ uint32_t oldtype = 0, spec = 0;
+
+ if (specified & AVRULE_TRANSITION) {
+ spec = AVTAB_TRANSITION;
+ } else if (specified & AVRULE_MEMBER) {
+ spec = AVTAB_MEMBER;
+ } else if (specified & AVRULE_CHANGE) {
+ spec = AVTAB_CHANGE;
+ } else {
+ assert(0); /* unreachable */
+ }
+
+ cur = perms;
+ while (cur) {
+ uint32_t remapped_data =
+ typemap ? typemap[cur->data - 1] : cur->data;
+ avkey.source_type = stype + 1;
+ avkey.target_type = ttype + 1;
+ avkey.target_class = cur->class;
+ avkey.specified = spec;
+
+ conflict = 0;
+ /* check to see if the expanded TE already exists --
+ * either in the global scope or in another
+ * conditional AV tab */
+ node = avtab_search_node(&p->te_avtab, &avkey);
+ if (node) {
+ conflict = 1;
+ } else {
+ node = avtab_search_node(&p->te_cond_avtab, &avkey);
+ if (node && node->parse_context != other) {
+ conflict = 2;
+ }
+ }
+
+ if (conflict) {
+ avdatump = &node->datum;
+ if (specified & AVRULE_TRANSITION) {
+ oldtype = avdatump->data;
+ } else if (specified & AVRULE_MEMBER) {
+ oldtype = avdatump->data;
+ } else if (specified & AVRULE_CHANGE) {
+ oldtype = avdatump->data;
+ }
+
+ if (oldtype == remapped_data) {
+ /* if the duplicate is inside the same scope (eg., unconditional
+ * or in same conditional then ignore it */
+ if ((conflict == 1 && cond == NULL)
+ || node->parse_context == cond)
+ return EXPAND_RULE_SUCCESS;
+ ERR(handle, "duplicate TE rule for %s %s:%s %s",
+ p->p_type_val_to_name[avkey.source_type -
+ 1],
+ p->p_type_val_to_name[avkey.target_type -
+ 1],
+ p->p_class_val_to_name[avkey.target_class -
+ 1],
+ p->p_type_val_to_name[oldtype - 1]);
+ return EXPAND_RULE_CONFLICT;
+ }
+ ERR(handle,
+ "conflicting TE rule for (%s, %s:%s): old was %s, new is %s",
+ p->p_type_val_to_name[avkey.source_type - 1],
+ p->p_type_val_to_name[avkey.target_type - 1],
+ p->p_class_val_to_name[avkey.target_class - 1],
+ p->p_type_val_to_name[oldtype - 1],
+ p->p_type_val_to_name[remapped_data - 1]);
+ return EXPAND_RULE_CONFLICT;
+ }
+
+ node = find_avtab_node(handle, avtab, &avkey, cond);
+ if (!node)
+ return -1;
+ if (enabled) {
+ node->key.specified |= AVTAB_ENABLED;
+ } else {
+ node->key.specified &= ~AVTAB_ENABLED;
+ }
+
+ avdatump = &node->datum;
+ if (specified & AVRULE_TRANSITION) {
+ avdatump->data = remapped_data;
+ } else if (specified & AVRULE_MEMBER) {
+ avdatump->data = remapped_data;
+ } else if (specified & AVRULE_CHANGE) {
+ avdatump->data = remapped_data;
+ } else {
+ assert(0); /* should never occur */
+ }
+
+ cur = cur->next;
+ }
+
+ return EXPAND_RULE_SUCCESS;
+}
+
+static int expand_avrule_helper(sepol_handle_t * handle,
+ uint32_t specified,
+ cond_av_list_t ** cond,
+ uint32_t stype, uint32_t ttype,
+ class_perm_node_t * perms, avtab_t * avtab,
+ int enabled)
+{
+ avtab_key_t avkey;
+ avtab_datum_t *avdatump;
+ avtab_ptr_t node;
+ class_perm_node_t *cur;
+ uint32_t spec = 0;
+
+ if (specified & AVRULE_ALLOWED) {
+ spec = AVTAB_ALLOWED;
+ } else if (specified & AVRULE_AUDITALLOW) {
+ spec = AVTAB_AUDITALLOW;
+ } else if (specified & AVRULE_AUDITDENY) {
+ spec = AVTAB_AUDITDENY;
+ } else if (specified & AVRULE_DONTAUDIT) {
+ if (handle && handle->disable_dontaudit)
+ return EXPAND_RULE_SUCCESS;
+ spec = AVTAB_AUDITDENY;
+ } else if (specified & AVRULE_NEVERALLOW) {
+ spec = AVTAB_NEVERALLOW;
+ } else {
+ assert(0); /* unreachable */
+ }
+
+ cur = perms;
+ while (cur) {
+ avkey.source_type = stype + 1;
+ avkey.target_type = ttype + 1;
+ avkey.target_class = cur->class;
+ avkey.specified = spec;
+
+ node = find_avtab_node(handle, avtab, &avkey, cond);
+ if (!node)
+ return EXPAND_RULE_ERROR;
+ if (enabled) {
+ node->key.specified |= AVTAB_ENABLED;
+ } else {
+ node->key.specified &= ~AVTAB_ENABLED;
+ }
+
+ avdatump = &node->datum;
+ if (specified & AVRULE_ALLOWED) {
+ avdatump->data |= cur->data;
+ } else if (specified & AVRULE_AUDITALLOW) {
+ avdatump->data |= cur->data;
+ } else if (specified & AVRULE_NEVERALLOW) {
+ avdatump->data |= cur->data;
+ } else if (specified & AVRULE_AUDITDENY) {
+ /* Since a '0' in an auditdeny mask represents
+ * a permission we do NOT want to audit
+ * (dontaudit), we use the '&' operand to
+ * ensure that all '0's in the mask are
+ * retained (much unlike the allow and
+ * auditallow cases).
+ */
+ avdatump->data &= cur->data;
+ } else if (specified & AVRULE_DONTAUDIT) {
+ if (avdatump->data)
+ avdatump->data &= ~cur->data;
+ else
+ avdatump->data = ~cur->data;
+ } else {
+ assert(0); /* should never occur */
+ }
+
+ cur = cur->next;
+ }
+ return EXPAND_RULE_SUCCESS;
+}
+
+static int expand_rule_helper(sepol_handle_t * handle,
+ policydb_t * p, uint32_t * typemap,
+ avrule_t * source_rule, avtab_t * dest_avtab,
+ cond_av_list_t ** cond, cond_av_list_t ** other,
+ int enabled,
+ ebitmap_t * stypes, ebitmap_t * ttypes)
+{
+ unsigned int i, j;
+ int retval;
+ ebitmap_node_t *snode, *tnode;
+
+ ebitmap_for_each_bit(stypes, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ if (source_rule->flags & RULE_SELF) {
+ if (source_rule->specified & AVRULE_AV) {
+ if ((retval =
+ expand_avrule_helper(handle,
+ source_rule->
+ specified, cond, i, i,
+ source_rule->perms,
+ dest_avtab,
+ enabled)) !=
+ EXPAND_RULE_SUCCESS) {
+ return retval;
+ }
+ } else {
+ if ((retval =
+ expand_terule_helper(handle, p,
+ typemap,
+ source_rule->
+ specified, cond,
+ other, i, i,
+ source_rule->perms,
+ dest_avtab,
+ enabled)) !=
+ EXPAND_RULE_SUCCESS) {
+ return retval;
+ }
+ }
+ }
+ ebitmap_for_each_bit(ttypes, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ if (source_rule->specified & AVRULE_AV) {
+ if ((retval =
+ expand_avrule_helper(handle,
+ source_rule->
+ specified, cond, i, j,
+ source_rule->perms,
+ dest_avtab,
+ enabled)) !=
+ EXPAND_RULE_SUCCESS) {
+ return retval;
+ }
+ } else {
+ if ((retval =
+ expand_terule_helper(handle, p,
+ typemap,
+ source_rule->
+ specified, cond,
+ other, i, j,
+ source_rule->perms,
+ dest_avtab,
+ enabled)) !=
+ EXPAND_RULE_SUCCESS) {
+ return retval;
+ }
+ }
+ }
+ }
+
+ return EXPAND_RULE_SUCCESS;
+}
+
+/*
+ * Expand a rule into a given avtab - checking for conflicting type
+ * rules in the destination policy. Return EXPAND_RULE_SUCCESS on
+ * success, EXPAND_RULE_CONFLICT if the rule conflicts with something
+ * (and hence was not added), or EXPAND_RULE_ERROR on error.
+ */
+static int convert_and_expand_rule(sepol_handle_t * handle,
+ policydb_t * dest_pol, uint32_t * typemap,
+ avrule_t * source_rule, avtab_t * dest_avtab,
+ cond_av_list_t ** cond,
+ cond_av_list_t ** other, int enabled,
+ int do_neverallow)
+{
+ int retval;
+ ebitmap_t stypes, ttypes;
+ unsigned char alwaysexpand;
+
+ if (!do_neverallow && source_rule->specified & AVRULE_NEVERALLOW)
+ return EXPAND_RULE_SUCCESS;
+
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ /* Force expansion for type rules and for self rules. */
+ alwaysexpand = ((source_rule->specified & AVRULE_TYPE) ||
+ (source_rule->flags & RULE_SELF));
+
+ if (expand_convert_type_set
+ (dest_pol, typemap, &source_rule->stypes, &stypes, alwaysexpand))
+ return EXPAND_RULE_ERROR;
+ if (expand_convert_type_set
+ (dest_pol, typemap, &source_rule->ttypes, &ttypes, alwaysexpand))
+ return EXPAND_RULE_ERROR;
+
+ retval = expand_rule_helper(handle, dest_pol, typemap,
+ source_rule, dest_avtab,
+ cond, other, enabled, &stypes, &ttypes);
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ return retval;
+}
+
+static int cond_avrule_list_copy(policydb_t * dest_pol, avrule_t * source_rules,
+ avtab_t * dest_avtab, cond_av_list_t ** list,
+ cond_av_list_t ** other, uint32_t * typemap,
+ int enabled, expand_state_t * state)
+{
+ avrule_t *cur;
+
+ cur = source_rules;
+ while (cur) {
+ if (convert_and_expand_rule(state->handle, dest_pol,
+ typemap, cur, dest_avtab,
+ list, other, enabled,
+ 0) != EXPAND_RULE_SUCCESS) {
+ return -1;
+ }
+
+ cur = cur->next;
+ }
+
+ return 0;
+}
+
+static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
+{
+ cond_expr_t *cur;
+ unsigned int i;
+
+ cur = cn->expr;
+ while (cur) {
+ if (cur->bool)
+ cur->bool = state->boolmap[cur->bool - 1];
+ cur = cur->next;
+ }
+
+ for (i = 0; i < min(cn->nbools, COND_MAX_BOOLS); i++)
+ cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
+
+ if (cond_normalize_expr(state->out, cn)) {
+ ERR(state->handle, "Error while normalizing conditional");
+ return -1;
+ }
+
+ return 0;
+}
+
+/* copy the nodes in *reverse* order -- the result is that the last
+ * given conditional appears first in the policy, so as to match the
+ * behavior of the upstream compiler */
+static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
+{
+ cond_node_t *new_cond, *tmp;
+
+ if (cn == NULL) {
+ return 0;
+ }
+ if (cond_node_copy(state, cn->next)) {
+ return -1;
+ }
+ if (cond_normalize_expr(state->base, cn)) {
+ ERR(state->handle, "Error while normalizing conditional");
+ return -1;
+ }
+
+ /* create a new temporary conditional node with the booleans
+ * mapped */
+ tmp = cond_node_create(state->base, cn);
+ if (!tmp) {
+ ERR(state->handle, "Out of memory");
+ return -1;
+ }
+
+ if (cond_node_map_bools(state, tmp)) {
+ ERR(state->handle, "Error mapping booleans");
+ return -1;
+ }
+
+ new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
+ if (!new_cond) {
+ cond_node_destroy(tmp);
+ free(tmp);
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ cond_node_destroy(tmp);
+ free(tmp);
+
+ if (cond_avrule_list_copy
+ (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
+ &new_cond->true_list, &new_cond->false_list, state->typemap,
+ new_cond->cur_state, state))
+ return -1;
+ if (cond_avrule_list_copy
+ (state->out, cn->avfalse_list, &state->out->te_cond_avtab,
+ &new_cond->false_list, &new_cond->true_list, state->typemap,
+ !new_cond->cur_state, state))
+ return -1;
+
+ return 0;
+}
+
+static int context_copy(context_struct_t * dst, context_struct_t * src,
+ expand_state_t * state)
+{
+ dst->user = state->usermap[src->user - 1];
+ dst->role = state->rolemap[src->role - 1];
+ dst->type = state->typemap[src->type - 1];
+ return mls_context_cpy(dst, src);
+}
+
+static int ocontext_copy(expand_state_t * state)
+{
+ unsigned int i, j;
+ ocontext_t *c, *n, *l;
+
+ for (i = 0; i < OCON_NUM; i++) {
+ l = NULL;
+ for (c = state->base->ocontexts[i]; c; c = c->next) {
+ n = malloc(sizeof(ocontext_t));
+ if (!n) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(n, 0, sizeof(ocontext_t));
+ if (l) {
+ l->next = n;
+ } else {
+ state->out->ocontexts[i] = n;
+ }
+ l = n;
+ if (context_copy(&n->context[0], &c->context[0], state)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ switch (i) {
+ case OCON_ISID:
+ n->sid[0] = c->sid[0];
+ break;
+ case OCON_FS: /* FALLTHROUGH */
+ case OCON_NETIF:
+ n->u.name = strdup(c->u.name);
+ if (!n->u.name) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ if (context_copy
+ (&n->context[1], &c->context[1], state)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ break;
+ case OCON_PORT:
+ n->u.port.protocol = c->u.port.protocol;
+ n->u.port.low_port = c->u.port.low_port;
+ n->u.port.high_port = c->u.port.high_port;
+ break;
+ case OCON_NODE:
+ n->u.node.addr = c->u.node.addr;
+ n->u.node.mask = c->u.node.mask;
+ break;
+ case OCON_FSUSE:
+ n->v.behavior = c->v.behavior;
+ n->u.name = strdup(c->u.name);
+ if (!n->u.name) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ break;
+ case OCON_NODE6:
+ for (j = 0; j < 4; j++)
+ n->u.node6.addr[j] = c->u.node6.addr[j];
+ for (j = 0; j < 4; j++)
+ n->u.node6.mask[j] = c->u.node6.mask[j];
+ break;
+ default:
+ /* shouldn't get here */
+ assert(0);
+ }
+ }
+ }
+ return 0;
+}
+
+static int genfs_copy(expand_state_t * state)
+{
+ ocontext_t *c, *newc, *l;
+ genfs_t *genfs, *newgenfs, *end;
+
+ end = NULL;
+ for (genfs = state->base->genfs; genfs; genfs = genfs->next) {
+ newgenfs = malloc(sizeof(genfs_t));
+ if (!newgenfs) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(newgenfs, 0, sizeof(genfs_t));
+ newgenfs->fstype = strdup(genfs->fstype);
+ if (!newgenfs->fstype) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ l = NULL;
+ for (c = genfs->head; c; c = c->next) {
+ newc = malloc(sizeof(ocontext_t));
+ if (!newc) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memset(newc, 0, sizeof(ocontext_t));
+ newc->u.name = strdup(c->u.name);
+ if (!newc->u.name) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ newc->v.sclass = c->v.sclass;
+ context_copy(&newc->context[0], &c->context[0], state);
+ if (l)
+ l->next = newc;
+ else
+ newgenfs->head = newc;
+ l = newc;
+ }
+ if (!end) {
+ state->out->genfs = newgenfs;
+ } else {
+ end->next = newgenfs;
+ }
+ end = newgenfs;
+ }
+ return 0;
+}
+
+static int type_attr_map(hashtab_key_t key
+ __attribute__ ((unused)), hashtab_datum_t datum,
+ void *ptr)
+{
+ type_datum_t *type;
+ expand_state_t *state = ptr;
+ policydb_t *p = state->out;
+ unsigned int i;
+ ebitmap_node_t *tnode;
+
+ type = (type_datum_t *) datum;
+ if (type->flavor == TYPE_ATTRIB) {
+ if (ebitmap_cpy(&p->attr_type_map[type->s.value - 1],
+ &type->types)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ ebitmap_for_each_bit(&type->types, tnode, i) {
+ if (!ebitmap_node_get_bit(tnode, i))
+ continue;
+ if (ebitmap_set_bit(&p->type_attr_map[i],
+ type->s.value - 1, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
+
+static void type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ free(key);
+ type_datum_destroy((type_datum_t *) datum);
+ free(datum);
+}
+
+static int type_attr_remove(hashtab_key_t key
+ __attribute__ ((unused)), hashtab_datum_t datum,
+ void *args)
+{
+ type_datum_t *typdatum;
+ policydb_t *p;
+
+ typdatum = (type_datum_t *) datum;
+ p = (policydb_t *) args;
+ if (typdatum->flavor == TYPE_ATTRIB) {
+ p->type_val_to_struct[typdatum->s.value - 1] = NULL;
+ p->p_type_val_to_name[typdatum->s.value - 1] = NULL;
+ return 1;
+ }
+ return 0;
+}
+
+/* converts typeset using typemap and expands into ebitmap_t types using the attributes in the passed in policy.
+ * this should not be called until after all the blocks have been processed and the attributes in target policy
+ * are complete. */
+int expand_convert_type_set(policydb_t * p, uint32_t * typemap,
+ type_set_t * set, ebitmap_t * types,
+ unsigned char alwaysexpand)
+{
+ type_set_t tmpset;
+
+ type_set_init(&tmpset);
+
+ if (map_ebitmap(&set->types, &tmpset.types, typemap))
+ return -1;
+
+ if (map_ebitmap(&set->negset, &tmpset.negset, typemap))
+ return -1;
+
+ tmpset.flags = set->flags;
+
+ if (type_set_expand(&tmpset, types, p, alwaysexpand))
+ return -1;
+
+ type_set_destroy(&tmpset);
+
+ return 0;
+}
+
+/* Expand a rule into a given avtab - checking for conflicting type
+ * rules. Return 1 on success, 0 if the rule conflicts with something
+ * (and hence was not added), or -1 on error. */
+int expand_rule(sepol_handle_t * handle,
+ policydb_t * source_pol,
+ avrule_t * source_rule, avtab_t * dest_avtab,
+ cond_av_list_t ** cond, cond_av_list_t ** other, int enabled)
+{
+ int retval;
+ ebitmap_t stypes, ttypes;
+
+ if (source_rule->specified & AVRULE_NEVERALLOW)
+ return 1;
+
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ if (type_set_expand(&source_rule->stypes, &stypes, source_pol, 1))
+ return -1;
+ if (type_set_expand(&source_rule->ttypes, &ttypes, source_pol, 1))
+ return -1;
+ retval = expand_rule_helper(handle, source_pol, NULL,
+ source_rule, dest_avtab,
+ cond, other, enabled, &stypes, &ttypes);
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ return retval;
+}
+
+int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * p, uint32_t * rolemap)
+{
+ unsigned int i;
+ ebitmap_node_t *rnode;
+ ebitmap_t mapped_roles;
+
+ ebitmap_init(r);
+ ebitmap_init(&mapped_roles);
+
+ if (x->flags & ROLE_STAR) {
+ for (i = 0; i < p->p_roles.nprim++; i++)
+ if (ebitmap_set_bit(r, i, 1))
+ return -1;
+ return 0;
+ }
+
+ if (rolemap) {
+ if (map_ebitmap(&x->roles, &mapped_roles, rolemap))
+ return -1;
+ } else {
+ if (ebitmap_cpy(&mapped_roles, &x->roles))
+ return -1;
+ }
+
+ ebitmap_for_each_bit(&mapped_roles, rnode, i) {
+ if (ebitmap_node_get_bit(rnode, i)) {
+ if (ebitmap_set_bit(r, i, 1))
+ return -1;
+ }
+ }
+
+ ebitmap_destroy(&mapped_roles);
+
+ /* if role is to be complimented, invert the entire bitmap here */
+ if (x->flags & ROLE_COMP) {
+ for (i = 0; i < ebitmap_length(r); i++) {
+ if (ebitmap_get_bit(r, i)) {
+ if (ebitmap_set_bit(r, i, 0))
+ return -1;
+ } else {
+ if (ebitmap_set_bit(r, i, 1))
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Expand a type set into an ebitmap containing the types. This
+ * handles the negset, attributes, and flags.
+ * Attribute expansion depends on several factors:
+ * - if alwaysexpand is 1, then they will be expanded,
+ * - if the type set has a negset or flags, then they will be expanded,
+ * - otherwise, they will not be expanded.
+ */
+int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
+ unsigned char alwaysexpand)
+{
+ unsigned int i;
+ ebitmap_t types, neg_types;
+ ebitmap_node_t *tnode;
+
+ ebitmap_init(&types);
+ ebitmap_init(t);
+
+ if (alwaysexpand || ebitmap_length(&set->negset) || set->flags) {
+ /* First go through the types and OR all the attributes to types */
+ ebitmap_for_each_bit(&set->types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ if (p->type_val_to_struct[i]->flavor ==
+ TYPE_ATTRIB) {
+ if (ebitmap_union
+ (&types,
+ &p->type_val_to_struct[i]->
+ types)) {
+ return -1;
+ }
+ } else {
+ if (ebitmap_set_bit(&types, i, 1)) {
+ return -1;
+ }
+ }
+ }
+ }
+ } else {
+ /* No expansion of attributes, just copy the set as is. */
+ if (ebitmap_cpy(&types, &set->types))
+ return -1;
+ }
+
+ /* Now do the same thing for negset */
+ ebitmap_init(&neg_types);
+ ebitmap_for_each_bit(&set->negset, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ if (p->type_val_to_struct[i] &&
+ p->type_val_to_struct[i]->flavor == TYPE_ATTRIB) {
+ if (ebitmap_union
+ (&neg_types,
+ &p->type_val_to_struct[i]->types)) {
+ return -1;
+ }
+ } else {
+ if (ebitmap_set_bit(&neg_types, i, 1)) {
+ return -1;
+ }
+ }
+ }
+ }
+
+ if (set->flags & TYPE_STAR) {
+ /* set all types not in neg_types */
+ for (i = 0; i < p->p_types.nprim; i++) {
+ if (ebitmap_get_bit(&neg_types, i))
+ continue;
+ if (p->type_val_to_struct[i] &&
+ p->type_val_to_struct[i]->flavor == TYPE_ATTRIB)
+ continue;
+ if (ebitmap_set_bit(t, i, 1))
+ return -1;
+ }
+ goto out;
+ }
+
+ ebitmap_for_each_bit(&types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)
+ && (!ebitmap_get_bit(&neg_types, i)))
+ if (ebitmap_set_bit(t, i, 1))
+ return -1;
+ }
+
+ if (set->flags & TYPE_COMP) {
+ for (i = 0; i < p->p_types.nprim; i++) {
+ if (p->type_val_to_struct[i] &&
+ p->type_val_to_struct[i]->flavor == TYPE_ATTRIB) {
+ assert(!ebitmap_get_bit(t, i));
+ continue;
+ }
+ if (ebitmap_get_bit(t, i)) {
+ if (ebitmap_set_bit(t, i, 0))
+ return -1;
+ } else {
+ if (ebitmap_set_bit(t, i, 1))
+ return -1;
+ }
+ }
+ }
+
+ out:
+
+ ebitmap_destroy(&types);
+ ebitmap_destroy(&neg_types);
+
+ return 0;
+}
+
+static int copy_neverallow(policydb_t * dest_pol, uint32_t * typemap,
+ avrule_t * source_rule)
+{
+ ebitmap_t stypes, ttypes;
+ avrule_t *avrule;
+ class_perm_node_t *cur_perm, *new_perm, *tail_perm;
+
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ if (expand_convert_type_set
+ (dest_pol, typemap, &source_rule->stypes, &stypes, 1))
+ return -1;
+ if (expand_convert_type_set
+ (dest_pol, typemap, &source_rule->ttypes, &ttypes, 1))
+ return -1;
+
+ avrule = (avrule_t *) malloc(sizeof(avrule_t));
+ if (!avrule)
+ return -1;
+
+ avrule_init(avrule);
+ avrule->specified = AVRULE_NEVERALLOW;
+ avrule->line = source_rule->line;
+ avrule->flags = source_rule->flags;
+
+ if (ebitmap_cpy(&avrule->stypes.types, &stypes))
+ goto err;
+
+ if (ebitmap_cpy(&avrule->ttypes.types, &ttypes))
+ goto err;
+
+ cur_perm = source_rule->perms;
+ tail_perm = NULL;
+ while (cur_perm) {
+ new_perm =
+ (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
+ if (!new_perm)
+ goto err;
+ class_perm_node_init(new_perm);
+ new_perm->class = cur_perm->class;
+ assert(new_perm->class);
+
+ /* once we have modules with permissions we'll need to map the permissions (and classes) */
+ new_perm->data = cur_perm->data;
+
+ if (!avrule->perms)
+ avrule->perms = new_perm;
+
+ if (tail_perm)
+ tail_perm->next = new_perm;
+ tail_perm = new_perm;
+ cur_perm = cur_perm->next;
+ }
+
+ /* just prepend the avrule to the first branch; it'll never be
+ written to disk */
+ if (!dest_pol->global->branch_list->avrules)
+ dest_pol->global->branch_list->avrules = avrule;
+ else {
+ avrule->next = dest_pol->global->branch_list->avrules;
+ dest_pol->global->branch_list->avrules = avrule;
+ }
+
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+
+ return 0;
+
+ err:
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ ebitmap_destroy(&avrule->stypes.types);
+ ebitmap_destroy(&avrule->ttypes.types);
+ cur_perm = avrule->perms;
+ while (cur_perm) {
+ tail_perm = cur_perm->next;
+ free(cur_perm);
+ cur_perm = tail_perm;
+ }
+ free(avrule);
+ return -1;
+}
+
+/*
+ * Expands the avrule blocks for a policy. RBAC rules are copied. Neverallow
+ * rules are copied or expanded as per the settings in the state object; all
+ * other AV rules are expanded. If neverallow rules are expanded, they are not
+ * copied, otherwise they are copied for later use by the assertion checker.
+ */
+static int copy_and_expand_avrule_block(expand_state_t * state)
+{
+ avrule_block_t *curblock = state->base->global;
+ avrule_block_t *prevblock;
+ int retval = -1;
+
+ if (avtab_alloc(&state->out->te_avtab, MAX_AVTAB_SIZE)) {
+ ERR(state->handle, "Out of Memory!");
+ return -1;
+ }
+
+ if (avtab_alloc(&state->out->te_cond_avtab, MAX_AVTAB_SIZE)) {
+ ERR(state->handle, "Out of Memory!");
+ return -1;
+ }
+
+ while (curblock) {
+ avrule_decl_t *decl = curblock->enabled;
+ avrule_t *cur_avrule;
+
+ if (decl == NULL) {
+ /* nothing was enabled within this block */
+ goto cont;
+ }
+
+ /* copy role allows and role trans */
+ if (copy_role_allows(state, decl->role_allow_rules) != 0 ||
+ copy_role_trans(state, decl->role_tr_rules) != 0) {
+ goto cleanup;
+ }
+
+ /* expand the range transition rules */
+ if (expand_range_trans(state, decl->range_tr_rules))
+ goto cleanup;
+
+ /* copy rules */
+ cur_avrule = decl->avrules;
+ while (cur_avrule != NULL) {
+ if (!(state->expand_neverallow)
+ && cur_avrule->specified & AVRULE_NEVERALLOW) {
+ /* copy this over directly so that assertions are checked later */
+ if (copy_neverallow
+ (state->out, state->typemap, cur_avrule))
+ ERR(state->handle,
+ "Error while copying neverallow.");
+ } else {
+ if (cur_avrule->specified & AVRULE_NEVERALLOW) {
+ state->out->unsupported_format = 1;
+ }
+ if (convert_and_expand_rule
+ (state->handle, state->out, state->typemap,
+ cur_avrule, &state->out->te_avtab, NULL,
+ NULL, 0,
+ state->expand_neverallow) !=
+ EXPAND_RULE_SUCCESS) {
+ goto cleanup;
+ }
+ }
+ cur_avrule = cur_avrule->next;
+ }
+
+ /* copy conditional rules */
+ if (cond_node_copy(state, decl->cond_list))
+ goto cleanup;
+
+ cont:
+ prevblock = curblock;
+ curblock = curblock->next;
+
+ if (state->handle && state->handle->expand_consume_base) {
+ /* set base top avrule block in case there
+ * is an error condition and the policy needs
+ * to be destroyed */
+ state->base->global = curblock;
+ avrule_block_destroy(prevblock);
+ }
+ }
+
+ retval = 0;
+
+ cleanup:
+ return retval;
+}
+
+/*
+ * This function allows external users of the library (such as setools) to
+ * expand only the avrules and optionally perform expansion of neverallow rules
+ * or expand into the same policy for analysis purposes.
+ */
+int expand_module_avrules(sepol_handle_t * handle, policydb_t * base,
+ policydb_t * out, uint32_t * typemap,
+ uint32_t * boolmap, uint32_t * rolemap,
+ uint32_t * usermap, int verbose,
+ int expand_neverallow)
+{
+ expand_state_t state;
+
+ expand_state_init(&state);
+
+ state.base = base;
+ state.out = out;
+ state.typemap = typemap;
+ state.boolmap = boolmap;
+ state.rolemap = rolemap;
+ state.usermap = usermap;
+ state.handle = handle;
+ state.verbose = verbose;
+ state.expand_neverallow = expand_neverallow;
+
+ return copy_and_expand_avrule_block(&state);
+}
+
+/* Linking should always be done before calling expand, even if
+ * there is only a base since all optionals are dealt with at link time
+ * the base passed in should be indexed and avrule blocks should be
+ * enabled.
+ */
+int expand_module(sepol_handle_t * handle,
+ policydb_t * base, policydb_t * out, int verbose, int check)
+{
+ int retval = -1;
+ unsigned int i;
+ expand_state_t state;
+ avrule_block_t *curblock;
+
+ expand_state_init(&state);
+
+ state.verbose = verbose;
+ state.typemap = NULL;
+ state.base = base;
+ state.out = out;
+ state.handle = handle;
+
+ if (base->policy_type != POLICY_BASE) {
+ ERR(handle, "Target of expand was not a base policy.");
+ return -1;
+ }
+
+ state.out->policy_type = POLICY_KERN;
+ state.out->policyvers = POLICYDB_VERSION_MAX;
+
+ /* Copy mls state from base to out */
+ out->mls = base->mls;
+ out->handle_unknown = base->handle_unknown;
+
+ /* Copy policy capabilities */
+ if (ebitmap_cpy(&out->policycaps, &base->policycaps)) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
+ if ((state.typemap =
+ (uint32_t *) calloc(state.base->p_types.nprim,
+ sizeof(uint32_t))) == NULL) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
+ state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
+ if (!state.boolmap) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
+ state.rolemap = (uint32_t *)calloc(state.base->p_roles.nprim, sizeof(uint32_t));
+ if (!state.rolemap) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
+ state.usermap = (uint32_t *)calloc(state.base->p_users.nprim, sizeof(uint32_t));
+ if (!state.usermap) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+
+ /* order is important - types must be first */
+
+ /* copy types */
+ if (hashtab_map(state.base->p_types.table, type_copy_callback, &state)) {
+ goto cleanup;
+ }
+
+ /* convert attribute type sets */
+ if (hashtab_map
+ (state.base->p_types.table, attr_convert_callback, &state)) {
+ goto cleanup;
+ }
+
+ /* copy commons */
+ if (hashtab_map
+ (state.base->p_commons.table, common_copy_callback, &state)) {
+ goto cleanup;
+ }
+
+ /* copy classes, note, this does not copy constraints, constraints can't be
+ * copied until after all the blocks have been processed and attributes are complete */
+ if (hashtab_map
+ (state.base->p_classes.table, class_copy_callback, &state)) {
+ goto cleanup;
+ }
+
+ /* copy aliases */
+ if (hashtab_map(state.base->p_types.table, alias_copy_callback, &state))
+ goto cleanup;
+
+ /* index here so that type indexes are available for role_copy_callback */
+ if (policydb_index_others(handle, out, verbose)) {
+ ERR(handle, "Error while indexing out symbols");
+ goto cleanup;
+ }
+
+ /* copy roles */
+ if (hashtab_map(state.base->p_roles.table, role_copy_callback, &state))
+ goto cleanup;
+
+ /* copy MLS's sensitivity level and categories - this needs to be done
+ * before expanding users (they need to be indexed too) */
+ if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state))
+ goto cleanup;
+ if (hashtab_map(state.base->p_cats.table, cats_copy_callback, &state))
+ goto cleanup;
+ if (policydb_index_others(handle, out, verbose)) {
+ ERR(handle, "Error while indexing out symbols");
+ goto cleanup;
+ }
+
+ /* copy users */
+ if (hashtab_map(state.base->p_users.table, user_copy_callback, &state))
+ goto cleanup;
+
+ /* copy bools */
+ if (hashtab_map(state.base->p_bools.table, bool_copy_callback, &state))
+ goto cleanup;
+
+ if (policydb_index_classes(out)) {
+ ERR(handle, "Error while indexing out classes");
+ goto cleanup;
+ }
+ if (policydb_index_others(handle, out, verbose)) {
+ ERR(handle, "Error while indexing out symbols");
+ goto cleanup;
+ }
+
+ /* loop through all decls and union attributes, roles, users */
+ for (curblock = state.base->global; curblock != NULL;
+ curblock = curblock->next) {
+ avrule_decl_t *decl = curblock->enabled;
+
+ if (decl == NULL) {
+ /* nothing was enabled within this block */
+ continue;
+ }
+
+ /* convert attribute type sets */
+ if (hashtab_map
+ (decl->p_types.table, attr_convert_callback, &state)) {
+ goto cleanup;
+ }
+
+ /* copy roles */
+ if (hashtab_map
+ (decl->p_roles.table, role_copy_callback, &state))
+ goto cleanup;
+
+ /* copy users */
+ if (hashtab_map
+ (decl->p_users.table, user_copy_callback, &state))
+ goto cleanup;
+
+ }
+
+ /* remap role dominates bitmaps */
+ if (hashtab_map(state.out->p_roles.table, role_remap_dominates, &state)) {
+ goto cleanup;
+ }
+
+ if (copy_and_expand_avrule_block(&state) < 0) {
+ ERR(handle, "Error during expand");
+ goto cleanup;
+ }
+
+ /* copy constraints */
+ if (hashtab_map
+ (state.base->p_classes.table, constraint_copy_callback, &state)) {
+ goto cleanup;
+ }
+
+ cond_optimize_lists(state.out->cond_list);
+ evaluate_conds(state.out);
+
+ /* copy ocontexts */
+ if (ocontext_copy(&state))
+ goto cleanup;
+
+ /* copy genfs */
+ if (genfs_copy(&state))
+ goto cleanup;
+
+ /* Build the type<->attribute maps and remove attributes. */
+ state.out->attr_type_map = malloc(state.out->p_types.nprim *
+ sizeof(ebitmap_t));
+ state.out->type_attr_map = malloc(state.out->p_types.nprim *
+ sizeof(ebitmap_t));
+ if (!state.out->attr_type_map || !state.out->type_attr_map) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+ for (i = 0; i < state.out->p_types.nprim; i++) {
+ ebitmap_init(&state.out->type_attr_map[i]);
+ ebitmap_init(&state.out->attr_type_map[i]);
+ /* add the type itself as the degenerate case */
+ if (ebitmap_set_bit(&state.out->type_attr_map[i], i, 1)) {
+ ERR(handle, "Out of memory!");
+ goto cleanup;
+ }
+ }
+ if (hashtab_map(state.out->p_types.table, type_attr_map, &state))
+ goto cleanup;
+ hashtab_map_remove_on_error(state.out->p_types.table,
+ type_attr_remove, type_destroy, state.out);
+ if (check) {
+ if (hierarchy_check_constraints(handle, state.out))
+ goto cleanup;
+
+ if (check_assertions
+ (handle, state.out,
+ state.out->global->branch_list->avrules))
+ goto cleanup;
+ }
+
+ retval = 0;
+
+ cleanup:
+ free(state.typemap);
+ free(state.boolmap);
+ free(state.rolemap);
+ free(state.usermap);
+ return retval;
+}
+
+static int expand_avtab_insert(avtab_t * a, avtab_key_t * k, avtab_datum_t * d)
+{
+ avtab_ptr_t node;
+ avtab_datum_t *avd;
+ int rc;
+
+ node = avtab_search_node(a, k);
+ if (!node) {
+ rc = avtab_insert(a, k, d);
+ if (rc)
+ ERR(NULL, "Out of memory!");
+ return rc;
+ }
+
+ if ((k->specified & AVTAB_ENABLED) !=
+ (node->key.specified & AVTAB_ENABLED)) {
+ node = avtab_insert_nonunique(a, k, d);
+ if (!node) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+ return 0;
+ }
+
+ avd = &node->datum;
+ switch (k->specified & ~AVTAB_ENABLED) {
+ case AVTAB_ALLOWED:
+ case AVTAB_AUDITALLOW:
+ avd->data |= d->data;
+ break;
+ case AVTAB_AUDITDENY:
+ avd->data &= d->data;
+ break;
+ default:
+ ERR(NULL, "Type conflict!");
+ return -1;
+ }
+
+ return 0;
+}
+
+struct expand_avtab_data {
+ avtab_t *expa;
+ policydb_t *p;
+
+};
+
+static int expand_avtab_node(avtab_key_t * k, avtab_datum_t * d, void *args)
+{
+ struct expand_avtab_data *ptr = args;
+ avtab_t *expa = ptr->expa;
+ policydb_t *p = ptr->p;
+ type_datum_t *stype = p->type_val_to_struct[k->source_type - 1];
+ type_datum_t *ttype = p->type_val_to_struct[k->target_type - 1];
+ ebitmap_t *sattr = &p->attr_type_map[k->source_type - 1];
+ ebitmap_t *tattr = &p->attr_type_map[k->target_type - 1];
+ ebitmap_node_t *snode, *tnode;
+ unsigned int i, j;
+ avtab_key_t newkey;
+ int rc;
+
+ newkey.target_class = k->target_class;
+ newkey.specified = k->specified;
+
+ if (stype && ttype) {
+ /* Both are individual types, no expansion required. */
+ return expand_avtab_insert(expa, k, d);
+ }
+
+ if (stype) {
+ /* Source is an individual type, target is an attribute. */
+ newkey.source_type = k->source_type;
+ ebitmap_for_each_bit(tattr, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ newkey.target_type = j + 1;
+ rc = expand_avtab_insert(expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ return 0;
+ }
+
+ if (ttype) {
+ /* Target is an individual type, source is an attribute. */
+ newkey.target_type = k->target_type;
+ ebitmap_for_each_bit(sattr, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ newkey.source_type = i + 1;
+ rc = expand_avtab_insert(expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ return 0;
+ }
+
+ /* Both source and target type are attributes. */
+ ebitmap_for_each_bit(sattr, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ ebitmap_for_each_bit(tattr, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ newkey.source_type = i + 1;
+ newkey.target_type = j + 1;
+ rc = expand_avtab_insert(expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+int expand_avtab(policydb_t * p, avtab_t * a, avtab_t * expa)
+{
+ struct expand_avtab_data data;
+
+ if (avtab_alloc(expa, MAX_AVTAB_SIZE)) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+
+ data.expa = expa;
+ data.p = p;
+ return avtab_map(a, expand_avtab_node, &data);
+}
+
+static int expand_cond_insert(cond_av_list_t ** l,
+ avtab_t * expa,
+ avtab_key_t * k, avtab_datum_t * d)
+{
+ avtab_ptr_t node;
+ avtab_datum_t *avd;
+ cond_av_list_t *nl;
+
+ node = avtab_search_node(expa, k);
+ if (!node ||
+ (k->specified & AVTAB_ENABLED) !=
+ (node->key.specified & AVTAB_ENABLED)) {
+ node = avtab_insert_nonunique(expa, k, d);
+ if (!node) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+ node->parse_context = (void *)1;
+ nl = (cond_av_list_t *) malloc(sizeof(*nl));
+ if (!nl) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+ memset(nl, 0, sizeof(*nl));
+ nl->node = node;
+ nl->next = *l;
+ *l = nl;
+ return 0;
+ }
+
+ avd = &node->datum;
+ switch (k->specified & ~AVTAB_ENABLED) {
+ case AVTAB_ALLOWED:
+ case AVTAB_AUDITALLOW:
+ avd->data |= d->data;
+ break;
+ case AVTAB_AUDITDENY:
+ avd->data &= d->data;
+ break;
+ default:
+ ERR(NULL, "Type conflict!");
+ return -1;
+ }
+
+ return 0;
+}
+
+int expand_cond_av_node(policydb_t * p,
+ avtab_ptr_t node,
+ cond_av_list_t ** newl, avtab_t * expa)
+{
+ avtab_key_t *k = &node->key;
+ avtab_datum_t *d = &node->datum;
+ type_datum_t *stype = p->type_val_to_struct[k->source_type - 1];
+ type_datum_t *ttype = p->type_val_to_struct[k->target_type - 1];
+ ebitmap_t *sattr = &p->attr_type_map[k->source_type - 1];
+ ebitmap_t *tattr = &p->attr_type_map[k->target_type - 1];
+ ebitmap_node_t *snode, *tnode;
+ unsigned int i, j;
+ avtab_key_t newkey;
+ int rc;
+
+ newkey.target_class = k->target_class;
+ newkey.specified = k->specified;
+
+ if (stype && ttype) {
+ /* Both are individual types, no expansion required. */
+ return expand_cond_insert(newl, expa, k, d);
+ }
+
+ if (stype) {
+ /* Source is an individual type, target is an attribute. */
+ newkey.source_type = k->source_type;
+ ebitmap_for_each_bit(tattr, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ newkey.target_type = j + 1;
+ rc = expand_cond_insert(newl, expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ return 0;
+ }
+
+ if (ttype) {
+ /* Target is an individual type, source is an attribute. */
+ newkey.target_type = k->target_type;
+ ebitmap_for_each_bit(sattr, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ newkey.source_type = i + 1;
+ rc = expand_cond_insert(newl, expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ return 0;
+ }
+
+ /* Both source and target type are attributes. */
+ ebitmap_for_each_bit(sattr, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ ebitmap_for_each_bit(tattr, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ newkey.source_type = i + 1;
+ newkey.target_type = j + 1;
+ rc = expand_cond_insert(newl, expa, &newkey, d);
+ if (rc)
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+int expand_cond_av_list(policydb_t * p, cond_av_list_t * l,
+ cond_av_list_t ** newl, avtab_t * expa)
+{
+ cond_av_list_t *cur;
+ avtab_ptr_t node;
+ int rc;
+
+ if (avtab_alloc(expa, MAX_AVTAB_SIZE)) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+
+ *newl = NULL;
+ for (cur = l; cur; cur = cur->next) {
+ node = cur->node;
+ rc = expand_cond_av_node(p, node, newl, expa);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
diff --git a/libsepol/src/genbools.c b/libsepol/src/genbools.c
new file mode 100644
index 0000000..e353ef3
--- /dev/null
+++ b/libsepol/src/genbools.c
@@ -0,0 +1,252 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+
+#include "debug.h"
+#include "private.h"
+#include "dso.h"
+
+/* -- Deprecated -- */
+
+static char *strtrim(char *dest, char *source, int size)
+{
+ int i = 0;
+ char *ptr = source;
+ i = 0;
+ while (isspace(*ptr) && i < size) {
+ ptr++;
+ i++;
+ }
+ strncpy(dest, ptr, size);
+ for (i = strlen(dest) - 1; i > 0; i--) {
+ if (!isspace(dest[i]))
+ break;
+ }
+ dest[i + 1] = '\0';
+ return dest;
+}
+
+static int process_boolean(char *buffer, char *name, int namesize, int *val)
+{
+ char name1[BUFSIZ];
+ char *ptr;
+ char *tok = strtok_r(buffer, "=", &ptr);
+ if (tok) {
+ strncpy(name1, tok, BUFSIZ - 1);
+ strtrim(name, name1, namesize - 1);
+ if (name[0] == '#')
+ return 0;
+ tok = strtok_r(NULL, "\0", &ptr);
+ if (tok) {
+ while (isspace(*tok))
+ tok++;
+ *val = -1;
+ if (isdigit(tok[0]))
+ *val = atoi(tok);
+ else if (!strncasecmp(tok, "true", sizeof("true") - 1))
+ *val = 1;
+ else if (!strncasecmp
+ (tok, "false", sizeof("false") - 1))
+ *val = 0;
+ if (*val != 0 && *val != 1) {
+ ERR(NULL, "illegal value for boolean "
+ "%s=%s", name, tok);
+ return -1;
+ }
+
+ }
+ }
+ return 1;
+}
+
+static int load_booleans(struct policydb *policydb, const char *path,
+ int *changesp)
+{
+ FILE *boolf;
+ char *buffer = NULL;
+ size_t size = 0;
+ char localbools[BUFSIZ];
+ char name[BUFSIZ];
+ int val;
+ int errors = 0, changes = 0;
+ struct cond_bool_datum *datum;
+
+ boolf = fopen(path, "r");
+ if (boolf == NULL)
+ goto localbool;
+
+ while (getline(&buffer, &size, boolf) > 0) {
+ int ret = process_boolean(buffer, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1) {
+ datum = hashtab_search(policydb->p_bools.table, name);
+ if (!datum) {
+ ERR(NULL, "unknown boolean %s", name);
+ errors++;
+ continue;
+ }
+ if (datum->state != val) {
+ datum->state = val;
+ changes++;
+ }
+ }
+ }
+ fclose(boolf);
+ localbool:
+ snprintf(localbools, sizeof(localbools), "%s.local", path);
+ boolf = fopen(localbools, "r");
+ if (boolf != NULL) {
+ while (getline(&buffer, &size, boolf) > 0) {
+ int ret =
+ process_boolean(buffer, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1) {
+ datum =
+ hashtab_search(policydb->p_bools.table,
+ name);
+ if (!datum) {
+ ERR(NULL, "unknown boolean %s", name);
+ errors++;
+ continue;
+ }
+ if (datum->state != val) {
+ datum->state = val;
+ changes++;
+ }
+ }
+ }
+ fclose(boolf);
+ }
+ free(buffer);
+ if (errors)
+ errno = EINVAL;
+ *changesp = changes;
+ return errors ? -1 : 0;
+}
+
+int sepol_genbools(void *data, size_t len, char *booleans)
+{
+ struct policydb policydb;
+ struct policy_file pf;
+ int rc, changes = 0;
+
+ if (policydb_init(&policydb))
+ goto err;
+ if (policydb_from_image(NULL, data, len, &policydb) < 0)
+ goto err;
+
+ if (load_booleans(&policydb, booleans, &changes) < 0) {
+ WARN(NULL, "error while reading %s", booleans);
+ }
+
+ if (!changes)
+ goto out;
+
+ if (evaluate_conds(&policydb) < 0) {
+ ERR(NULL, "error while re-evaluating conditionals");
+ errno = EINVAL;
+ goto err_destroy;
+ }
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_MEMORY;
+ pf.data = data;
+ pf.len = len;
+ rc = policydb_write(&policydb, &pf);
+ if (rc) {
+ ERR(NULL, "unable to write new binary policy image");
+ errno = EINVAL;
+ goto err_destroy;
+ }
+
+ out:
+ policydb_destroy(&policydb);
+ return 0;
+
+ err_destroy:
+ policydb_destroy(&policydb);
+
+ err:
+ return -1;
+}
+
+int hidden sepol_genbools_policydb(policydb_t * policydb, const char *booleans)
+{
+ int rc, changes = 0;
+
+ rc = load_booleans(policydb, booleans, &changes);
+ if (!rc && changes)
+ rc = evaluate_conds(policydb);
+ if (rc)
+ errno = EINVAL;
+ return rc;
+}
+
+/* -- End Deprecated -- */
+
+int sepol_genbools_array(void *data, size_t len, char **names, int *values,
+ int nel)
+{
+ struct policydb policydb;
+ struct policy_file pf;
+ int rc, i, errors = 0;
+ struct cond_bool_datum *datum;
+
+ /* Create policy database from image */
+ if (policydb_init(&policydb))
+ goto err;
+ if (policydb_from_image(NULL, data, len, &policydb) < 0)
+ goto err;
+
+ for (i = 0; i < nel; i++) {
+ datum = hashtab_search(policydb.p_bools.table, names[i]);
+ if (!datum) {
+ ERR(NULL, "boolean %s no longer in policy", names[i]);
+ errors++;
+ continue;
+ }
+ if (values[i] != 0 && values[i] != 1) {
+ ERR(NULL, "illegal value %d for boolean %s",
+ values[i], names[i]);
+ errors++;
+ continue;
+ }
+ datum->state = values[i];
+ }
+
+ if (evaluate_conds(&policydb) < 0) {
+ ERR(NULL, "error while re-evaluating conditionals");
+ errno = EINVAL;
+ goto err_destroy;
+ }
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_MEMORY;
+ pf.data = data;
+ pf.len = len;
+ rc = policydb_write(&policydb, &pf);
+ if (rc) {
+ ERR(NULL, "unable to write binary policy");
+ errno = EINVAL;
+ goto err_destroy;
+ }
+ if (errors) {
+ errno = EINVAL;
+ goto err_destroy;
+ }
+
+ policydb_destroy(&policydb);
+ return 0;
+
+ err_destroy:
+ policydb_destroy(&policydb);
+
+ err:
+ return -1;
+}
diff --git a/libsepol/src/genusers.c b/libsepol/src/genusers.c
new file mode 100644
index 0000000..44f94e9
--- /dev/null
+++ b/libsepol/src/genusers.c
@@ -0,0 +1,318 @@
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+
+#include <sepol/policydb/policydb.h>
+#include <stdarg.h>
+
+#include "debug.h"
+#include "private.h"
+#include "dso.h"
+#include "mls.h"
+
+/* -- Deprecated -- */
+
+void sepol_set_delusers(int on __attribute((unused)))
+{
+ WARN(NULL, "Deprecated interface");
+}
+
+#undef BADLINE
+#define BADLINE() { \
+ ERR(NULL, "invalid entry %s (%s:%u)", \
+ buffer, path, lineno); \
+ continue; \
+}
+
+static int load_users(struct policydb *policydb, const char *path)
+{
+ FILE *fp;
+ char *buffer = NULL, *p, *q, oldc;
+ size_t len = 0;
+ ssize_t nread;
+ unsigned lineno = 0, islist = 0, bit;
+ user_datum_t *usrdatum;
+ role_datum_t *roldatum;
+ ebitmap_node_t *rnode;
+
+ fp = fopen(path, "r");
+ if (fp == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ while ((nread = getline(&buffer, &len, fp)) > 0) {
+ lineno++;
+ if (buffer[nread - 1] == '\n')
+ buffer[nread - 1] = 0;
+ p = buffer;
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p) || *p == '#')
+ continue;
+
+ if (strncasecmp(p, "user", 4))
+ BADLINE();
+ p += 4;
+ if (!isspace(*p))
+ BADLINE();
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ q = p;
+ while (*p && !isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ *p++ = 0;
+
+ usrdatum = hashtab_search(policydb->p_users.table, q);
+ if (usrdatum) {
+ /* Replacing an existing user definition. */
+ ebitmap_destroy(&usrdatum->roles.roles);
+ ebitmap_init(&usrdatum->roles.roles);
+ } else {
+ char *id = strdup(q);
+
+ /* Adding a new user definition. */
+ usrdatum =
+ (user_datum_t *) malloc(sizeof(user_datum_t));
+ if (!id || !usrdatum) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
+ memset(usrdatum, 0, sizeof(user_datum_t));
+ usrdatum->s.value = ++policydb->p_users.nprim;
+ ebitmap_init(&usrdatum->roles.roles);
+ if (hashtab_insert(policydb->p_users.table,
+ id, (hashtab_datum_t) usrdatum)) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
+ }
+
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ if (strncasecmp(p, "roles", 5))
+ BADLINE();
+ p += 5;
+ if (!isspace(*p))
+ BADLINE();
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ if (*p == '{') {
+ islist = 1;
+ p++;
+ } else
+ islist = 0;
+
+ oldc = 0;
+ do {
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ break;
+
+ q = p;
+ while (*p && *p != ';' && *p != '}' && !isspace(*p))
+ p++;
+ if (!(*p))
+ break;
+ if (*p == '}')
+ islist = 0;
+ oldc = *p;
+ *p++ = 0;
+ if (!q[0])
+ break;
+
+ roldatum = hashtab_search(policydb->p_roles.table, q);
+ if (!roldatum) {
+ ERR(NULL, "undefined role %s (%s:%u)",
+ q, path, lineno);
+ continue;
+ }
+ /* Set the role and every role it dominates */
+ ebitmap_for_each_bit(&roldatum->dominates, rnode, bit) {
+ if (ebitmap_node_get_bit(rnode, bit))
+ if (ebitmap_set_bit
+ (&usrdatum->roles.roles, bit, 1)) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
+ }
+ } while (islist);
+ if (oldc == 0)
+ BADLINE();
+
+ if (policydb->mls) {
+ context_struct_t context;
+ char *scontext, *r, *s;
+
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ if (strncasecmp(p, "level", 5))
+ BADLINE();
+ p += 5;
+ if (!isspace(*p))
+ BADLINE();
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ q = p;
+ while (*p && strncasecmp(p, "range", 5))
+ p++;
+ if (!(*p))
+ BADLINE();
+ *--p = 0;
+ p++;
+
+ scontext = malloc(p - q);
+ if (!scontext) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
+ r = scontext;
+ s = q;
+ while (*s) {
+ if (!isspace(*s))
+ *r++ = *s;
+ s++;
+ }
+ *r = 0;
+ r = scontext;
+
+ context_init(&context);
+ if (mls_context_to_sid(policydb, oldc, &r, &context) <
+ 0) {
+ ERR(NULL, "invalid level %s (%s:%u)", scontext,
+ path, lineno);
+ free(scontext);
+ continue;
+
+ }
+ free(scontext);
+ memcpy(&usrdatum->dfltlevel, &context.range.level[0],
+ sizeof(usrdatum->dfltlevel));
+
+ if (strncasecmp(p, "range", 5))
+ BADLINE();
+ p += 5;
+ if (!isspace(*p))
+ BADLINE();
+ while (*p && isspace(*p))
+ p++;
+ if (!(*p))
+ BADLINE();
+ q = p;
+ while (*p && *p != ';')
+ p++;
+ if (!(*p))
+ BADLINE();
+ *p++ = 0;
+
+ scontext = malloc(p - q);
+ if (!scontext) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
+ r = scontext;
+ s = q;
+ while (*s) {
+ if (!isspace(*s))
+ *r++ = *s;
+ s++;
+ }
+ *r = 0;
+ r = scontext;
+
+ context_init(&context);
+ if (mls_context_to_sid(policydb, oldc, &r, &context) <
+ 0) {
+ ERR(NULL, "invalid range %s (%s:%u)", scontext,
+ path, lineno);
+ free(scontext);
+ continue;
+ }
+ free(scontext);
+ memcpy(&usrdatum->range, &context.range,
+ sizeof(usrdatum->range));
+ }
+ }
+
+ free(buffer);
+ fclose(fp);
+ return 0;
+}
+
+int sepol_genusers(void *data, size_t len,
+ const char *usersdir, void **newdata, size_t * newlen)
+{
+ struct policydb policydb;
+ char path[PATH_MAX];
+
+ /* Construct policy database */
+ if (policydb_init(&policydb))
+ goto err;
+ if (policydb_from_image(NULL, data, len, &policydb) < 0)
+ goto err;
+
+ /* Load locally defined users. */
+ snprintf(path, sizeof path, "%s/local.users", usersdir);
+ if (load_users(&policydb, path) < 0)
+ goto err_destroy;
+
+ /* Write policy database */
+ if (policydb_to_image(NULL, &policydb, newdata, newlen) < 0)
+ goto err_destroy;
+
+ policydb_destroy(&policydb);
+ return 0;
+
+ err_destroy:
+ policydb_destroy(&policydb);
+
+ err:
+ return -1;
+}
+
+int hidden sepol_genusers_policydb(policydb_t * policydb, const char *usersdir)
+{
+ char path[PATH_MAX];
+
+ /* Load locally defined users. */
+ snprintf(path, sizeof path, "%s/local.users", usersdir);
+ if (load_users(policydb, path) < 0) {
+ ERR(NULL, "unable to load local.users: %s", strerror(errno));
+ return -1;
+ }
+
+ if (policydb_reindex_users(policydb) < 0) {
+ ERR(NULL, "unable to reindex users: %s", strerror(errno));
+ return -1;
+
+ }
+
+ return 0;
+}
+
+/* -- End Deprecated -- */
diff --git a/libsepol/src/handle.c b/libsepol/src/handle.c
new file mode 100644
index 0000000..66f3ef5
--- /dev/null
+++ b/libsepol/src/handle.c
@@ -0,0 +1,39 @@
+#include <stdlib.h>
+#include <assert.h>
+#include "handle.h"
+#include "debug.h"
+
+sepol_handle_t *sepol_handle_create(void)
+{
+
+ sepol_handle_t *sh = malloc(sizeof(sepol_handle_t));
+ if (sh == NULL)
+ return NULL;
+
+ /* Set callback */
+ sh->msg_callback = sepol_msg_default_handler;
+ sh->msg_callback_arg = NULL;
+
+ /* by default do not disable dontaudits */
+ sh->disable_dontaudit = 0;
+ sh->expand_consume_base = 0;
+
+ return sh;
+}
+
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh !=NULL);
+ sh->disable_dontaudit = disable_dontaudit;
+}
+
+void sepol_set_expand_consume_base(sepol_handle_t *sh, int consume_base)
+{
+ assert(sh != NULL);
+ sh->expand_consume_base = consume_base;
+}
+
+void sepol_handle_destroy(sepol_handle_t * sh)
+{
+ free(sh);
+}
diff --git a/libsepol/src/handle.h b/libsepol/src/handle.h
new file mode 100644
index 0000000..254fbd8
--- /dev/null
+++ b/libsepol/src/handle.h
@@ -0,0 +1,23 @@
+#ifndef _SEPOL_INTERNAL_HANDLE_H_
+#define _SEPOL_INTERNAL_HANDLE_H_
+
+#include <sepol/handle.h>
+
+struct sepol_handle {
+ /* Error handling */
+ int msg_level;
+ const char *msg_channel;
+ const char *msg_fname;
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 3, 4)))
+#endif
+ void (*msg_callback) (void *varg,
+ sepol_handle_t * handle, const char *fmt, ...);
+ void *msg_callback_arg;
+
+ int disable_dontaudit;
+ int expand_consume_base;
+
+};
+
+#endif
diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c
new file mode 100644
index 0000000..c4be72c
--- /dev/null
+++ b/libsepol/src/hashtab.c
@@ -0,0 +1,313 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated : Karl MacMillan <kmacmillan@mentalrootkit.com>
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+/* FLASK */
+
+/*
+ * Implementation of the hash table type.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <sepol/policydb/hashtab.h>
+
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ const hashtab_key_t key),
+ int (*keycmp) (hashtab_t h,
+ const hashtab_key_t key1,
+ const hashtab_key_t key2),
+ unsigned int size)
+{
+
+ hashtab_t p;
+ unsigned int i;
+
+ p = (hashtab_t) malloc(sizeof(hashtab_val_t));
+ if (p == NULL)
+ return p;
+
+ memset(p, 0, sizeof(hashtab_val_t));
+ p->size = size;
+ p->nel = 0;
+ p->hash_value = hash_value;
+ p->keycmp = keycmp;
+ p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size);
+ if (p->htable == NULL) {
+ free(p);
+ return NULL;
+ }
+ for (i = 0; i < size; i++)
+ p->htable[i] = (hashtab_ptr_t) NULL;
+
+ return p;
+}
+
+int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+ if (!h)
+ return SEPOL_ENOMEM;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0))
+ return SEPOL_EEXIST;
+
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return SEPOL_ENOMEM;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return SEPOL_OK;
+}
+
+int hashtab_remove(hashtab_t h, hashtab_key_t key,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ int hvalue;
+ hashtab_ptr_t cur, last;
+
+ if (!h)
+ return SEPOL_ENOENT;
+
+ hvalue = h->hash_value(h, key);
+ last = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ last = cur;
+ cur = cur->next;
+ }
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return SEPOL_ENOENT;
+
+ if (last == NULL)
+ h->htable[hvalue] = cur->next;
+ else
+ last->next = cur->next;
+
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ free(cur);
+ h->nel--;
+ return SEPOL_OK;
+}
+
+int hashtab_replace(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+ if (!h)
+ return SEPOL_ENOMEM;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0)) {
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ cur->key = key;
+ cur->datum = datum;
+ } else {
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return SEPOL_ENOMEM;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+ }
+
+ return SEPOL_OK;
+}
+
+hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t key)
+{
+
+ int hvalue;
+ hashtab_ptr_t cur;
+
+ if (!h)
+ return NULL;
+
+ hvalue = h->hash_value(h, key);
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0)
+ cur = cur->next;
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return NULL;
+
+ return cur->datum;
+}
+
+void hashtab_destroy(hashtab_t h)
+{
+ unsigned int i;
+ hashtab_ptr_t cur, temp;
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ free(temp);
+ }
+ h->htable[i] = NULL;
+ }
+
+ free(h->htable);
+ h->htable = NULL;
+
+ free(h);
+}
+
+int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ unsigned int i, ret;
+ hashtab_ptr_t cur;
+
+ if (!h)
+ return SEPOL_OK;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return SEPOL_OK;
+}
+
+void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args)
+{
+ unsigned int i;
+ int ret;
+ hashtab_ptr_t last, cur, temp;
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ last = NULL;
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret) {
+ if (last) {
+ last->next = cur->next;
+ } else {
+ h->htable[i] = cur->next;
+ }
+
+ temp = cur;
+ cur = cur->next;
+ if (destroy)
+ destroy(temp->key, temp->datum, args);
+ free(temp);
+ h->nel--;
+ } else {
+ last = cur;
+ cur = cur->next;
+ }
+ }
+ }
+
+ return;
+}
+
+void hashtab_hash_eval(hashtab_t h, char *tag)
+{
+ unsigned int i;
+ int chain_len, slots_used, max_chain_len;
+ hashtab_ptr_t cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf
+ ("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, h->size, max_chain_len);
+}
diff --git a/libsepol/src/hierarchy.c b/libsepol/src/hierarchy.c
new file mode 100644
index 0000000..dac42a6
--- /dev/null
+++ b/libsepol/src/hierarchy.c
@@ -0,0 +1,451 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * A set of utility functions that aid policy decision when dealing
+ * with hierarchal namespaces.
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/hierarchy.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/util.h>
+
+#include "debug.h"
+
+typedef struct hierarchy_args {
+ policydb_t *p;
+ avtab_t *expa; /* expanded avtab */
+ /* This tells check_avtab_hierarchy to check this list in addition to the unconditional avtab */
+ cond_av_list_t *opt_cond_list;
+ sepol_handle_t *handle;
+ int numerr;
+} hierarchy_args_t;
+
+/* This merely returns the string part before the last '.'
+ * it does no verification of the existance of the parent
+ * in the policy, you must do this yourself.
+ *
+ * Caller must free parent after use.
+ */
+static int find_parent(char *type, char **parent)
+{
+ char *tmp;
+ int len;
+
+ assert(type);
+
+ tmp = strrchr(type, '.');
+ /* no '.' means it has no parent */
+ if (!tmp) {
+ *parent = NULL;
+ return 0;
+ }
+
+ /* allocate buffer for part of string before the '.' */
+ len = tmp - type;
+ *parent = (char *)malloc(sizeof(char) * (len + 1));
+
+ if (!(*parent))
+ return -1;
+ memcpy(*parent, type, len);
+ (*parent)[len] = '\0';
+
+ return 0;
+}
+
+/* This function verifies that the type passed in either has a parent or is in the
+ * root of the namespace, 0 on success, 1 on orphan and -1 on error
+ */
+static int check_type_hierarchy_callback(hashtab_key_t k, hashtab_datum_t d,
+ void *args)
+{
+ char *parent;
+ hierarchy_args_t *a;
+ type_datum_t *t, *t2;
+ char *key;
+
+ a = (hierarchy_args_t *) args;
+ t = (type_datum_t *) d;
+ key = (char *)k;
+
+ if (t->flavor == TYPE_ATTRIB) {
+ /* It's an attribute, we don't care */
+ return 0;
+ }
+
+ if (find_parent(key, &parent))
+ return -1;
+
+ if (!parent) {
+ /* This type is in the root namespace */
+ return 0;
+ }
+
+ t2 = hashtab_search(a->p->p_types.table, parent);
+ if (!t2) {
+ /* If the parent does not exist this type is an orphan, not legal */
+ ERR(a->handle, "type %s does not exist, %s is an orphan",
+ parent, a->p->p_type_val_to_name[t->s.value - 1]);
+ a->numerr++;
+ } else if (t2->flavor == TYPE_ATTRIB) {
+ /* The parent is an attribute but the child isn't, not legal */
+ ERR(a->handle, "type %s is a child of an attribute",
+ a->p->p_type_val_to_name[t->s.value - 1]);
+ a->numerr++;
+ }
+ free(parent);
+ return 0;
+}
+
+/* This function only verifies that the avtab node passed in does not violate any
+ * hiearchy constraint via any relationship with other types in the avtab.
+ * it should be called using avtab_map, returns 0 on success, 1 on violation and
+ * -1 on error. opt_cond_list is an optional argument that tells this to check
+ * a conditional list for the relationship as well as the unconditional avtab
+ */
+static int check_avtab_hierarchy_callback(avtab_key_t * k, avtab_datum_t * d,
+ void *args)
+{
+ char *parent;
+ avtab_key_t key;
+ avtab_datum_t *avdatump;
+ hierarchy_args_t *a;
+ uint32_t av = 0;
+ type_datum_t *t = NULL, *t2 = NULL;
+
+ if (!(k->specified & AVTAB_ALLOWED)) {
+ /* This is not an allow rule, no checking done */
+ return 0;
+ }
+
+ a = (hierarchy_args_t *) args;
+ if (find_parent(a->p->p_type_val_to_name[k->source_type - 1], &parent))
+ return -1;
+
+ /* search for parent first */
+ if (parent) {
+ t = hashtab_search(a->p->p_types.table, parent);
+ if (!t) {
+ /* This error was already covered by type_check_hierarchy */
+ free(parent);
+ return 0;
+ }
+ free(parent);
+
+ key.source_type = t->s.value;
+ key.target_type = k->target_type;
+ key.target_class = k->target_class;
+ key.specified = AVTAB_ALLOWED;
+
+ avdatump = avtab_search(a->expa, &key);
+ if (avdatump) {
+ /* search for access allowed between type 1's parent and type 2 */
+ if ((avdatump->data & d->data) == d->data) {
+ return 0;
+ }
+ av = avdatump->data;
+ }
+ if (a->opt_cond_list) {
+ /* if a conditional list is present search it before continuing */
+ avdatump = cond_av_list_search(&key, a->opt_cond_list);
+ if (avdatump) {
+ if (((av | avdatump->data) & d->data) ==
+ d->data) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ /* next we try type 1 and type 2's parent */
+ if (find_parent(a->p->p_type_val_to_name[k->target_type - 1], &parent))
+ return -1;
+
+ if (parent) {
+ t2 = hashtab_search(a->p->p_types.table, parent);
+ if (!t2) {
+ /* This error was already covered by type_check_hierarchy */
+ free(parent);
+ return 0;
+ }
+ free(parent);
+
+ key.source_type = k->source_type;
+ key.target_type = t2->s.value;
+ key.target_class = k->target_class;
+ key.specified = AVTAB_ALLOWED;
+
+ avdatump = avtab_search(a->expa, &key);
+ if (avdatump) {
+ if ((avdatump->data & d->data) == d->data) {
+ return 0;
+ }
+ av = avdatump->data;
+ }
+ if (a->opt_cond_list) {
+ /* if a conditional list is present search it before continuing */
+ avdatump = cond_av_list_search(&key, a->opt_cond_list);
+ if (avdatump) {
+ if (((av | avdatump->data) & d->data) ==
+ d->data) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ if (t && t2) {
+ key.source_type = t->s.value;
+ key.target_type = t2->s.value;
+ key.target_class = k->target_class;
+ key.specified = AVTAB_ALLOWED;
+
+ avdatump = avtab_search(a->expa, &key);
+ if (avdatump) {
+ if ((avdatump->data & d->data) == d->data) {
+ return 0;
+ }
+ av = avdatump->data;
+ }
+ if (a->opt_cond_list) {
+ /* if a conditional list is present search it before continuing */
+ avdatump = cond_av_list_search(&key, a->opt_cond_list);
+ if (avdatump) {
+ if (((av | avdatump->data) & d->data) ==
+ d->data) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ if (!t && !t2) {
+ /* Neither one of these types have parents and
+ * therefore the hierarchical constraint does not apply */
+ return 0;
+ }
+
+ /* At this point there is a violation of the hierarchal constraint, send error condition back */
+ ERR(a->handle,
+ "hierarchy violation between types %s and %s : %s { %s }",
+ a->p->p_type_val_to_name[k->source_type - 1],
+ a->p->p_type_val_to_name[k->target_type - 1],
+ a->p->p_class_val_to_name[k->target_class - 1],
+ sepol_av_to_string(a->p, k->target_class, d->data & ~av));
+ a->numerr++;
+ return 0;
+}
+
+static int check_cond_avtab_hierarchy(cond_list_t * cond_list,
+ hierarchy_args_t * args)
+{
+ int rc;
+ cond_list_t *cur_node;
+ cond_av_list_t *cur_av, *expl = NULL;
+ avtab_t expa;
+ hierarchy_args_t *a = (hierarchy_args_t *) args;
+
+ for (cur_node = cond_list; cur_node != NULL; cur_node = cur_node->next) {
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_cond_av_list
+ (args->p, cur_node->true_list, &expl, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+ args->opt_cond_list = expl;
+ for (cur_av = expl; cur_av != NULL; cur_av = cur_av->next) {
+ rc = check_avtab_hierarchy_callback(&cur_av->node->key,
+ &cur_av->node->
+ datum, args);
+ if (rc)
+ a->numerr++;
+ }
+ cond_av_list_destroy(expl);
+ avtab_destroy(&expa);
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_cond_av_list
+ (args->p, cur_node->false_list, &expl, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+ args->opt_cond_list = expl;
+ for (cur_av = expl; cur_av != NULL; cur_av = cur_av->next) {
+ rc = check_avtab_hierarchy_callback(&cur_av->node->key,
+ &cur_av->node->
+ datum, args);
+ if (rc)
+ a->numerr++;
+ }
+ cond_av_list_destroy(expl);
+ avtab_destroy(&expa);
+ }
+
+ return 0;
+
+ oom:
+ ERR(args->handle, "out of memory on conditional av list expansion");
+ return 1;
+}
+
+/* The role hierarchy is defined as: a child role cannot have more types than it's parent.
+ * This function should be called with hashtab_map, it will return 0 on success, 1 on
+ * constraint violation and -1 on error
+ */
+static int check_role_hierarchy_callback(hashtab_key_t k
+ __attribute__ ((unused)),
+ hashtab_datum_t d, void *args)
+{
+ char *parent;
+ hierarchy_args_t *a;
+ role_datum_t *r, *rp;
+
+ a = (hierarchy_args_t *) args;
+ r = (role_datum_t *) d;
+
+ if (find_parent(a->p->p_role_val_to_name[r->s.value - 1], &parent))
+ return -1;
+
+ if (!parent) {
+ /* This role has no parent */
+ return 0;
+ }
+
+ rp = hashtab_search(a->p->p_roles.table, parent);
+ if (!rp) {
+ /* Orphan role */
+ ERR(a->handle, "role %s doesn't exist, %s is an orphan",
+ parent, a->p->p_role_val_to_name[r->s.value - 1]);
+ free(parent);
+ a->numerr++;
+ return 0;
+ }
+
+ if (!ebitmap_contains(&rp->types.types, &r->types.types)) {
+ /* This is a violation of the hiearchal constraint, return error condition */
+ ERR(a->handle, "Role hierarchy violation, %s exceeds %s",
+ a->p->p_role_val_to_name[r->s.value - 1], parent);
+ a->numerr++;
+ }
+
+ free(parent);
+
+ return 0;
+}
+
+/* The user hierarchy is defined as: a child user cannot have a role that
+ * its parent doesn't have. This function should be called with hashtab_map,
+ * it will return 0 on success, 1 on constraint violation and -1 on error.
+ */
+static int check_user_hierarchy_callback(hashtab_key_t k
+ __attribute__ ((unused)),
+ hashtab_datum_t d, void *args)
+{
+ char *parent;
+ hierarchy_args_t *a;
+ user_datum_t *u, *up;
+
+ a = (hierarchy_args_t *) args;
+ u = (user_datum_t *) d;
+
+ if (find_parent(a->p->p_user_val_to_name[u->s.value - 1], &parent))
+ return -1;
+
+ if (!parent) {
+ /* This user has no parent */
+ return 0;
+ }
+
+ up = hashtab_search(a->p->p_users.table, parent);
+ if (!up) {
+ /* Orphan user */
+ ERR(a->handle, "user %s doesn't exist, %s is an orphan",
+ parent, a->p->p_user_val_to_name[u->s.value - 1]);
+ free(parent);
+ a->numerr++;
+ return 0;
+ }
+
+ if (!ebitmap_contains(&up->roles.roles, &u->roles.roles)) {
+ /* hierarchical constraint violation, return error */
+ ERR(a->handle, "User hierarchy violation, %s exceeds %s",
+ a->p->p_user_val_to_name[u->s.value - 1], parent);
+ a->numerr++;
+ }
+
+ free(parent);
+
+ return 0;
+}
+
+int hierarchy_check_constraints(sepol_handle_t * handle, policydb_t * p)
+{
+ hierarchy_args_t args;
+ avtab_t expa;
+
+ if (avtab_init(&expa))
+ goto oom;
+ if (expand_avtab(p, &p->te_avtab, &expa)) {
+ avtab_destroy(&expa);
+ goto oom;
+ }
+
+ args.p = p;
+ args.expa = &expa;
+ args.opt_cond_list = NULL;
+ args.handle = handle;
+ args.numerr = 0;
+
+ if (hashtab_map(p->p_types.table, check_type_hierarchy_callback, &args))
+ goto bad;
+
+ if (avtab_map(&expa, check_avtab_hierarchy_callback, &args))
+ goto bad;
+
+ if (check_cond_avtab_hierarchy(p->cond_list, &args))
+ goto bad;
+
+ if (hashtab_map(p->p_roles.table, check_role_hierarchy_callback, &args))
+ goto bad;
+
+ if (hashtab_map(p->p_users.table, check_user_hierarchy_callback, &args))
+ goto bad;
+
+ if (args.numerr) {
+ ERR(handle, "%d total errors found during hierarchy check",
+ args.numerr);
+ goto bad;
+ }
+
+ avtab_destroy(&expa);
+ return 0;
+
+ bad:
+ avtab_destroy(&expa);
+ return -1;
+
+ oom:
+ ERR(handle, "Out of memory");
+ return -1;
+}
diff --git a/libsepol/src/iface_internal.h b/libsepol/src/iface_internal.h
new file mode 100644
index 0000000..5b78d9b
--- /dev/null
+++ b/libsepol/src/iface_internal.h
@@ -0,0 +1,18 @@
+#ifndef _SEPOL_IFACE_INTERNAL_H_
+#define _SEPOL_IFACE_INTERNAL_H_
+
+#include <sepol/iface_record.h>
+#include <sepol/interfaces.h>
+#include "dso.h"
+
+hidden_proto(sepol_iface_create)
+ hidden_proto(sepol_iface_free)
+ hidden_proto(sepol_iface_get_ifcon)
+ hidden_proto(sepol_iface_get_msgcon)
+ hidden_proto(sepol_iface_get_name)
+ hidden_proto(sepol_iface_key_create)
+ hidden_proto(sepol_iface_key_unpack)
+ hidden_proto(sepol_iface_set_ifcon)
+ hidden_proto(sepol_iface_set_msgcon)
+ hidden_proto(sepol_iface_set_name)
+#endif
diff --git a/libsepol/src/iface_record.c b/libsepol/src/iface_record.c
new file mode 100644
index 0000000..09adeb7
--- /dev/null
+++ b/libsepol/src/iface_record.c
@@ -0,0 +1,233 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "iface_internal.h"
+#include "context_internal.h"
+#include "debug.h"
+
+struct sepol_iface {
+
+ /* Interface name */
+ char *name;
+
+ /* Interface context */
+ sepol_context_t *netif_con;
+
+ /* Message context */
+ sepol_context_t *netmsg_con;
+};
+
+struct sepol_iface_key {
+
+ /* Interface name */
+ const char *name;
+};
+
+/* Key */
+int sepol_iface_key_create(sepol_handle_t * handle,
+ const char *name, sepol_iface_key_t ** key_ptr)
+{
+
+ sepol_iface_key_t *tmp_key =
+ (sepol_iface_key_t *) malloc(sizeof(sepol_iface_key_t));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, could not create interface key");
+ return STATUS_ERR;
+ }
+
+ tmp_key->name = name;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_iface_key_create)
+
+void sepol_iface_key_unpack(const sepol_iface_key_t * key, const char **name)
+{
+
+ *name = key->name;
+}
+
+hidden_def(sepol_iface_key_unpack)
+
+int sepol_iface_key_extract(sepol_handle_t * handle,
+ const sepol_iface_t * iface,
+ sepol_iface_key_t ** key_ptr)
+{
+
+ if (sepol_iface_key_create(handle, iface->name, key_ptr) < 0) {
+ ERR(handle, "could not extract key from "
+ "interface %s", iface->name);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+void sepol_iface_key_free(sepol_iface_key_t * key)
+{
+ free(key);
+}
+
+int sepol_iface_compare(const sepol_iface_t * iface,
+ const sepol_iface_key_t * key)
+{
+
+ return strcmp(iface->name, key->name);
+}
+
+int sepol_iface_compare2(const sepol_iface_t * iface,
+ const sepol_iface_t * iface2)
+{
+
+ return strcmp(iface->name, iface2->name);
+}
+
+/* Create */
+int sepol_iface_create(sepol_handle_t * handle, sepol_iface_t ** iface)
+{
+
+ sepol_iface_t *tmp_iface =
+ (sepol_iface_t *) malloc(sizeof(sepol_iface_t));
+
+ if (!tmp_iface) {
+ ERR(handle, "out of memory, could not create "
+ "interface record");
+ return STATUS_ERR;
+ }
+
+ tmp_iface->name = NULL;
+ tmp_iface->netif_con = NULL;
+ tmp_iface->netmsg_con = NULL;
+ *iface = tmp_iface;
+
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_iface_create)
+
+/* Name */
+const char *sepol_iface_get_name(const sepol_iface_t * iface)
+{
+
+ return iface->name;
+}
+
+hidden_def(sepol_iface_get_name)
+
+int sepol_iface_set_name(sepol_handle_t * handle,
+ sepol_iface_t * iface, const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name) {
+ ERR(handle, "out of memory, " "could not set interface name");
+ return STATUS_ERR;
+ }
+ free(iface->name);
+ iface->name = tmp_name;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_iface_set_name)
+
+/* Interface Context */
+sepol_context_t *sepol_iface_get_ifcon(const sepol_iface_t * iface)
+{
+
+ return iface->netif_con;
+}
+
+hidden_def(sepol_iface_get_ifcon)
+
+int sepol_iface_set_ifcon(sepol_handle_t * handle,
+ sepol_iface_t * iface, sepol_context_t * con)
+{
+
+ sepol_context_t *newcon;
+
+ if (sepol_context_clone(handle, con, &newcon) < 0) {
+ ERR(handle, "out of memory, could not set interface context");
+ return STATUS_ERR;
+ }
+
+ sepol_context_free(iface->netif_con);
+ iface->netif_con = newcon;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_iface_set_ifcon)
+
+/* Message Context */
+sepol_context_t *sepol_iface_get_msgcon(const sepol_iface_t * iface)
+{
+
+ return iface->netmsg_con;
+}
+
+hidden_def(sepol_iface_get_msgcon)
+
+int sepol_iface_set_msgcon(sepol_handle_t * handle,
+ sepol_iface_t * iface, sepol_context_t * con)
+{
+
+ sepol_context_t *newcon;
+ if (sepol_context_clone(handle, con, &newcon) < 0) {
+ ERR(handle, "out of memory, could not set message context");
+ return STATUS_ERR;
+ }
+
+ sepol_context_free(iface->netmsg_con);
+ iface->netmsg_con = newcon;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_iface_set_msgcon)
+
+/* Deep copy clone */
+int sepol_iface_clone(sepol_handle_t * handle,
+ const sepol_iface_t * iface, sepol_iface_t ** iface_ptr)
+{
+
+ sepol_iface_t *new_iface = NULL;
+ if (sepol_iface_create(handle, &new_iface) < 0)
+ goto err;
+
+ if (sepol_iface_set_name(handle, new_iface, iface->name) < 0)
+ goto err;
+
+ if (iface->netif_con &&
+ (sepol_context_clone
+ (handle, iface->netif_con, &new_iface->netif_con) < 0))
+ goto err;
+
+ if (iface->netmsg_con &&
+ (sepol_context_clone
+ (handle, iface->netmsg_con, &new_iface->netmsg_con) < 0))
+ goto err;
+
+ *iface_ptr = new_iface;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone interface record");
+ sepol_iface_free(new_iface);
+ return STATUS_ERR;
+}
+
+/* Destroy */
+void sepol_iface_free(sepol_iface_t * iface)
+{
+
+ if (!iface)
+ return;
+
+ free(iface->name);
+ sepol_context_free(iface->netif_con);
+ sepol_context_free(iface->netmsg_con);
+ free(iface);
+}
+
+hidden_def(sepol_iface_free)
diff --git a/libsepol/src/interfaces.c b/libsepol/src/interfaces.c
new file mode 100644
index 0000000..fd4a001
--- /dev/null
+++ b/libsepol/src/interfaces.c
@@ -0,0 +1,273 @@
+#include <stdlib.h>
+
+#include "debug.h"
+#include "context.h"
+#include "handle.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/interfaces.h>
+#include "iface_internal.h"
+
+/* Create a low level structure from record */
+static int iface_from_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t ** iface, const sepol_iface_t * record)
+{
+
+ ocontext_t *tmp_iface = NULL;
+ context_struct_t *tmp_con = NULL;
+
+ tmp_iface = (ocontext_t *) calloc(1, sizeof(ocontext_t));
+ if (!tmp_iface)
+ goto omem;
+
+ /* Name */
+ tmp_iface->u.name = strdup(sepol_iface_get_name(record));
+ if (!tmp_iface->u.name)
+ goto omem;
+
+ /* Interface Context */
+ if (context_from_record(handle, policydb,
+ &tmp_con, sepol_iface_get_ifcon(record)) < 0)
+ goto err;
+ context_cpy(&tmp_iface->context[0], tmp_con);
+ context_destroy(tmp_con);
+ free(tmp_con);
+ tmp_con = NULL;
+
+ /* Message Context */
+ if (context_from_record(handle, policydb,
+ &tmp_con, sepol_iface_get_msgcon(record)) < 0)
+ goto err;
+ context_cpy(&tmp_iface->context[1], tmp_con);
+ context_destroy(tmp_con);
+ free(tmp_con);
+ tmp_con = NULL;
+
+ *iface = tmp_iface;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ if (tmp_iface != NULL) {
+ free(tmp_iface->u.name);
+ context_destroy(&tmp_iface->context[0]);
+ context_destroy(&tmp_iface->context[1]);
+ free(tmp_iface);
+ }
+ context_destroy(tmp_con);
+ free(tmp_con);
+ ERR(handle, "error creating interface structure");
+ return STATUS_ERR;
+}
+
+static int iface_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t * iface, sepol_iface_t ** record)
+{
+
+ char *name = iface->u.name;
+ context_struct_t *ifcon = &iface->context[0];
+ context_struct_t *msgcon = &iface->context[1];
+
+ sepol_context_t *tmp_con = NULL;
+ sepol_iface_t *tmp_record = NULL;
+
+ if (sepol_iface_create(handle, &tmp_record) < 0)
+ goto err;
+
+ if (sepol_iface_set_name(handle, tmp_record, name) < 0)
+ goto err;
+
+ if (context_to_record(handle, policydb, ifcon, &tmp_con) < 0)
+ goto err;
+ if (sepol_iface_set_ifcon(handle, tmp_record, tmp_con) < 0)
+ goto err;
+ sepol_context_free(tmp_con);
+ tmp_con = NULL;
+
+ if (context_to_record(handle, policydb, msgcon, &tmp_con) < 0)
+ goto err;
+ if (sepol_iface_set_msgcon(handle, tmp_record, tmp_con) < 0)
+ goto err;
+ sepol_context_free(tmp_con);
+ tmp_con = NULL;
+
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not convert interface %s to record", name);
+ sepol_context_free(tmp_con);
+ sepol_iface_free(tmp_record);
+ return STATUS_ERR;
+}
+
+/* Check if an interface exists */
+int sepol_iface_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_iface_key_t * key, int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ const char *name;
+ sepol_iface_key_unpack(key, &name);
+
+ head = policydb->ocontexts[OCON_NETIF];
+ for (c = head; c; c = c->next) {
+ if (!strcmp(name, c->u.name)) {
+ *response = 1;
+ return STATUS_SUCCESS;
+ }
+ }
+ *response = 0;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+/* Query an interface */
+int sepol_iface_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_iface_key_t * key, sepol_iface_t ** response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ const char *name;
+ sepol_iface_key_unpack(key, &name);
+
+ head = policydb->ocontexts[OCON_NETIF];
+ for (c = head; c; c = c->next) {
+ if (!strcmp(name, c->u.name)) {
+
+ if (iface_to_record(handle, policydb, c, response) < 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+ }
+ }
+
+ *response = NULL;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query interface %s", name);
+ return STATUS_ERR;
+}
+
+/* Load an interface into policy */
+int sepol_iface_modify(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ const sepol_iface_key_t * key,
+ const sepol_iface_t * data)
+{
+
+ policydb_t *policydb = &p->p;
+ ocontext_t *head, *prev, *c, *iface = NULL;
+
+ const char *name;
+ sepol_iface_key_unpack(key, &name);
+
+ if (iface_from_record(handle, policydb, &iface, data) < 0)
+ goto err;
+
+ prev = NULL;
+ head = policydb->ocontexts[OCON_NETIF];
+ for (c = head; c; c = c->next) {
+ if (!strcmp(name, c->u.name)) {
+
+ /* Replace */
+ iface->next = c->next;
+ if (prev == NULL)
+ policydb->ocontexts[OCON_NETIF] = iface;
+ else
+ prev->next = iface;
+ free(c->u.name);
+ context_destroy(&c->context[0]);
+ context_destroy(&c->context[1]);
+ free(c);
+
+ return STATUS_SUCCESS;
+ }
+ prev = c;
+ }
+
+ /* Attach to context list */
+ iface->next = policydb->ocontexts[OCON_NETIF];
+ policydb->ocontexts[OCON_NETIF] = iface;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "error while loading interface %s", name);
+
+ if (iface != NULL) {
+ free(iface->u.name);
+ context_destroy(&iface->context[0]);
+ context_destroy(&iface->context[1]);
+ free(iface);
+ }
+ return STATUS_ERR;
+}
+
+/* Return the number of interfaces */
+extern int sepol_iface_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response)
+{
+
+ unsigned int count = 0;
+ ocontext_t *c, *head;
+ const policydb_t *policydb = &p->p;
+
+ head = policydb->ocontexts[OCON_NETIF];
+ for (c = head; c != NULL; c = c->next)
+ count++;
+
+ *response = count;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int sepol_iface_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ int (*fn) (const sepol_iface_t * iface,
+ void *fn_arg), void *arg)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+ sepol_iface_t *iface = NULL;
+
+ head = policydb->ocontexts[OCON_NETIF];
+ for (c = head; c; c = c->next) {
+ int status;
+
+ if (iface_to_record(handle, policydb, c, &iface) < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(iface, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_iface_free(iface);
+ iface = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over interfaces");
+ sepol_iface_free(iface);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/libsepol.map b/libsepol/src/libsepol.map
new file mode 100644
index 0000000..af069b7
--- /dev/null
+++ b/libsepol/src/libsepol.map
@@ -0,0 +1,18 @@
+{
+ global:
+ sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
+ sepol_bool_*; sepol_genbools*;
+ sepol_context_*; sepol_mls_*; sepol_check_context;
+ sepol_iface_*;
+ sepol_port_*;
+ sepol_node_*;
+ sepol_user_*; sepol_genusers; sepol_set_delusers;
+ sepol_msg_*; sepol_debug;
+ sepol_handle_*;
+ sepol_policydb_*; sepol_set_policydb_from_file;
+ sepol_policy_kern_*;
+ sepol_policy_file_*;
+ sepol_set_disable_dontaudit;
+ sepol_set_expand_consume_base;
+ local: *;
+};
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
new file mode 100644
index 0000000..b7a3a58
--- /dev/null
+++ b/libsepol/src/link.c
@@ -0,0 +1,2255 @@
+/* Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * Copyright (C) 2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/avrule_block.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/util.h>
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include "debug.h"
+
+#undef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
+typedef struct policy_module {
+ policydb_t *policy;
+ uint32_t num_decls;
+ uint32_t *map[SYM_NUM];
+ uint32_t *avdecl_map;
+ uint32_t **perm_map;
+ uint32_t *perm_map_len;
+
+ /* a pointer to within the base module's avrule_block chain to
+ * where this module's global now resides */
+ avrule_block_t *base_global;
+} policy_module_t;
+
+typedef struct link_state {
+ int verbose;
+ policydb_t *base;
+ avrule_block_t *last_avrule_block, *last_base_avrule_block;
+ uint32_t next_decl_id, current_decl_id;
+
+ /* temporary variables, used during hashtab_map() calls */
+ policy_module_t *cur;
+ char *cur_mod_name;
+ avrule_decl_t *dest_decl;
+ class_datum_t *src_class, *dest_class;
+ char *dest_class_name;
+ char dest_class_req; /* flag indicating the class was not declared */
+ uint32_t symbol_num;
+ /* used to report the name of the module if dependancy error occurs */
+ policydb_t **decl_to_mod;
+
+ /* error reporting fields */
+ sepol_handle_t *handle;
+} link_state_t;
+
+typedef struct missing_requirement {
+ uint32_t symbol_type;
+ uint32_t symbol_value;
+ uint32_t perm_value;
+} missing_requirement_t;
+
+static const char *symtab_names[SYM_NUM] = {
+ "common", "class", "role", "type/attribute", "user",
+ "bool", "level", "category"
+};
+
+/* Deallocates all elements within a module, but NOT the policydb_t
+ * structure within, as well as the pointer itself. */
+static void policy_module_destroy(policy_module_t * mod)
+{
+ unsigned int i;
+ if (mod == NULL) {
+ return;
+ }
+ for (i = 0; i < SYM_NUM; i++) {
+ free(mod->map[i]);
+ }
+ for (i = 0; mod->perm_map != NULL && i < mod->policy->p_classes.nprim;
+ i++) {
+ free(mod->perm_map[i]);
+ }
+ free(mod->perm_map);
+ free(mod->perm_map_len);
+ free(mod->avdecl_map);
+ free(mod);
+}
+
+/***** functions that copy identifiers from a module to base *****/
+
+/* Note: there is currently no scoping for permissions, which causes some
+ * strange side-effects. The current approach is this:
+ *
+ * a) perm is required and the class _and_ perm are declared in base: only add a mapping.
+ * b) perm is required and the class and perm are _not_ declared in base: simply add the permissions
+ * to the object class. This means that the requirements for the decl are the union of the permissions
+ * required for all decls, but who cares.
+ * c) perm is required, the class is declared in base, but the perm is not present. Nothing we can do
+ * here because we can't mark a single permission as required, so we bail with a requirement error
+ * _even_ if we are in an optional.
+ *
+ * A is correct behavior, b is wrong but not too bad, c is totall wrong for optionals. Fixing this requires
+ * a format change.
+ */
+static int permission_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *perm_id = key, *new_id = NULL;
+ perm_datum_t *perm, *new_perm = NULL, *dest_perm;
+ link_state_t *state = (link_state_t *) data;
+
+ class_datum_t *src_class = state->src_class;
+ class_datum_t *dest_class = state->dest_class;
+ policy_module_t *mod = state->cur;
+ uint32_t sclassi = src_class->s.value - 1;
+ int ret;
+
+ perm = (perm_datum_t *) datum;
+ dest_perm = hashtab_search(dest_class->permissions.table, perm_id);
+ if (dest_perm == NULL && dest_class->comdatum != NULL) {
+ dest_perm =
+ hashtab_search(dest_class->comdatum->permissions.table,
+ perm_id);
+ }
+
+ if (dest_perm == NULL) {
+ /* If the object class was not declared in the base, add the perm
+ * to the object class. */
+ if (state->dest_class_req) {
+ /* If the class was required (not declared), insert the new permission */
+ new_id = strdup(perm_id);
+ if (new_id == NULL) {
+ ERR(state->handle, "Memory error");
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ new_perm =
+ (perm_datum_t *) calloc(1, sizeof(perm_datum_t));
+ if (new_perm == NULL) {
+ ERR(state->handle, "Memory error");
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ ret = hashtab_insert(dest_class->permissions.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_perm);
+ if (ret) {
+ ERR(state->handle,
+ "could not insert permission into class\n");
+ goto err;
+ }
+ new_perm->s.value = dest_class->permissions.nprim + 1;
+ dest_perm = new_perm;
+ } else {
+ /* this is case c from above */
+ ERR(state->handle,
+ "Module %s depends on permission %s in class %s, not satisfied",
+ state->cur_mod_name, perm_id,
+ state->dest_class_name);
+ return SEPOL_EREQ;
+ }
+ }
+
+ /* build the mapping for permissions encompassing this class.
+ * unlike symbols, the permission map translates between
+ * module permission bit to target permission bit. that bit
+ * may have originated from the class -or- it could be from
+ * the class's common parent.*/
+ if (perm->s.value > mod->perm_map_len[sclassi]) {
+ uint32_t *newmap = calloc(perm->s.value, sizeof(*newmap));
+ if (newmap == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ memcpy(newmap, mod->perm_map[sclassi],
+ mod->perm_map_len[sclassi] * sizeof(*newmap));
+ free(mod->perm_map[sclassi]);
+ mod->perm_map[sclassi] = newmap;
+ mod->perm_map_len[sclassi] = perm->s.value;
+ }
+ mod->perm_map[sclassi][perm->s.value - 1] = dest_perm->s.value;
+
+ return 0;
+ err:
+ free(new_id);
+ free(new_perm);
+ return ret;
+}
+
+static int class_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id = key, *new_id = NULL;
+ class_datum_t *cladatum, *new_class = NULL;
+ link_state_t *state = (link_state_t *) data;
+ scope_datum_t *scope = NULL;
+ int ret;
+
+ cladatum = (class_datum_t *) datum;
+ state->dest_class_req = 0;
+
+ new_class = hashtab_search(state->base->p_classes.table, id);
+ /* If there is not an object class already in the base symtab that means
+ * that either a) a module is trying to declare a new object class (which
+ * the compiler should prevent) or b) an object class was required that is
+ * not in the base.
+ */
+ if (new_class == NULL) {
+ scope =
+ hashtab_search(state->cur->policy->p_classes_scope.table,
+ id);
+ if (scope == NULL) {
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ if (scope->scope == SCOPE_DECL) {
+ /* disallow declarations in modules */
+ ERR(state->handle,
+ "%s: Modules may not yet declare new classes.",
+ state->cur_mod_name);
+ ret = SEPOL_ENOTSUP;
+ goto err;
+ } else {
+ /* It would be nice to error early here because the requirement is
+ * not met, but we cannot because the decl might be optional (in which
+ * case we should record the requirement so that it is just turned
+ * off). Note: this will break horribly if modules can declare object
+ * classes because the class numbers will be all wrong (i.e., they
+ * might be assigned in the order they were required rather than the
+ * current scheme which ensures correct numbering by ordering the
+ * declarations properly). This can't be fixed until some infrastructure
+ * for querying the object class numbers is in place. */
+ state->dest_class_req = 1;
+ new_class =
+ (class_datum_t *) calloc(1, sizeof(class_datum_t));
+ if (new_class == NULL) {
+ ERR(state->handle, "Memory error\n");
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ if (symtab_init
+ (&new_class->permissions, PERM_SYMTAB_SIZE)) {
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ new_id = strdup(id);
+ if (new_id == NULL) {
+ ERR(state->handle, "Memory error\n");
+ ret = SEPOL_ERR;
+ goto err;
+ }
+ ret = hashtab_insert(state->base->p_classes.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_class);
+ if (ret) {
+ ERR(state->handle,
+ "could not insert new class into symtab");
+ goto err;
+ }
+ new_class->s.value = ++(state->base->p_classes.nprim);
+ }
+ }
+
+ state->cur->map[SYM_CLASSES][cladatum->s.value - 1] =
+ new_class->s.value;
+
+ /* copy permissions */
+ state->src_class = cladatum;
+ state->dest_class = new_class;
+ state->dest_class_name = (char *)key;
+
+ ret =
+ hashtab_map(cladatum->permissions.table, permission_copy_callback,
+ state);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return 0;
+ err:
+ free(new_class);
+ free(new_id);
+ return ret;
+}
+
+static int role_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id = key, *new_id = NULL;
+ role_datum_t *role, *base_role, *new_role = NULL;
+ link_state_t *state = (link_state_t *) data;
+
+ role = (role_datum_t *) datum;
+
+ base_role = hashtab_search(state->base->p_roles.table, id);
+ if (base_role == NULL) {
+ if (state->verbose)
+ INFO(state->handle, "copying role %s", id);
+
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+
+ if ((new_role =
+ (role_datum_t *) malloc(sizeof(*new_role))) == NULL) {
+ goto cleanup;
+ }
+ role_datum_init(new_role);
+
+ /* new_role's dominates and types field will be copied
+ * during role_fix_callback() */
+ new_role->s.value = state->base->p_roles.nprim + 1;
+
+ ret = hashtab_insert(state->base->p_roles.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_role);
+ if (ret) {
+ goto cleanup;
+ }
+ state->base->p_roles.nprim++;
+ base_role = new_role;
+ }
+
+ if (state->dest_decl) {
+ new_id = NULL;
+ if ((new_role = malloc(sizeof(*new_role))) == NULL) {
+ goto cleanup;
+ }
+ role_datum_init(new_role);
+ new_role->s.value = base_role->s.value;
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+ if (hashtab_insert
+ (state->dest_decl->p_roles.table, new_id, new_role)) {
+ goto cleanup;
+ }
+ state->dest_decl->p_roles.nprim++;
+ }
+
+ state->cur->map[SYM_ROLES][role->s.value - 1] = base_role->s.value;
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ role_datum_destroy(new_role);
+ free(new_id);
+ free(new_role);
+ return -1;
+}
+
+/* Copy types and attributes from a module into the base module. The
+ * attributes are copied, but the types that make up this attribute
+ * are delayed type_fix_callback(). */
+static int type_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id = key, *new_id = NULL;
+ type_datum_t *type, *base_type, *new_type = NULL;
+ link_state_t *state = (link_state_t *) data;
+
+ type = (type_datum_t *) datum;
+ if ((type->flavor == TYPE_TYPE && !type->primary)
+ || type->flavor == TYPE_ALIAS) {
+ /* aliases are handled later, in alias_copy_callback() */
+ return 0;
+ }
+
+ base_type = hashtab_search(state->base->p_types.table, id);
+ if (base_type != NULL) {
+ /* type already exists. check that it is what this
+ * module expected. duplicate declarations (e.g., two
+ * modules both declare type foo_t) is checked during
+ * scope_copy_callback(). */
+ if (type->flavor == TYPE_ATTRIB
+ && base_type->flavor != TYPE_ATTRIB) {
+ ERR(state->handle,
+ "%s: Expected %s to be an attribute, but it was already declared as a type.",
+ state->cur_mod_name, id);
+ return -1;
+ } else if (type->flavor != TYPE_ATTRIB
+ && base_type->flavor == TYPE_ATTRIB) {
+ ERR(state->handle,
+ "%s: Expected %s to be a type, but it was already declared as an attribute.",
+ state->cur_mod_name, id);
+ return -1;
+ }
+ /* permissive should pass to the base type */
+ base_type->flags |= (type->flags & TYPE_FLAGS_PERMISSIVE);
+ } else {
+ if (state->verbose)
+ INFO(state->handle, "copying type %s", id);
+
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+
+ if ((new_type =
+ (type_datum_t *) calloc(1, sizeof(*new_type))) == NULL) {
+ goto cleanup;
+ }
+ new_type->primary = type->primary;
+ new_type->flags = type->flags;
+ new_type->flavor = type->flavor;
+ /* for attributes, the writing of new_type->types is
+ done in type_fix_callback() */
+
+ new_type->s.value = state->base->p_types.nprim + 1;
+
+ ret = hashtab_insert(state->base->p_types.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_type);
+ if (ret) {
+ goto cleanup;
+ }
+ state->base->p_types.nprim++;
+ base_type = new_type;
+ }
+
+ if (state->dest_decl) {
+ new_id = NULL;
+ if ((new_type = calloc(1, sizeof(*new_type))) == NULL) {
+ goto cleanup;
+ }
+ new_type->primary = type->primary;
+ new_type->flavor = type->flavor;
+ new_type->flags = type->flags;
+ new_type->s.value = base_type->s.value;
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+ if (hashtab_insert
+ (state->dest_decl->p_types.table, new_id, new_type)) {
+ goto cleanup;
+ }
+ state->dest_decl->p_types.nprim++;
+ }
+
+ state->cur->map[SYM_TYPES][type->s.value - 1] = base_type->s.value;
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ free(new_id);
+ free(new_type);
+ return -1;
+}
+
+static int user_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id = key, *new_id = NULL;
+ user_datum_t *user, *base_user, *new_user = NULL;
+ link_state_t *state = (link_state_t *) data;
+
+ user = (user_datum_t *) datum;
+
+ base_user = hashtab_search(state->base->p_users.table, id);
+ if (base_user == NULL) {
+ if (state->verbose)
+ INFO(state->handle, "copying user %s", id);
+
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+
+ if ((new_user =
+ (user_datum_t *) malloc(sizeof(*new_user))) == NULL) {
+ goto cleanup;
+ }
+ user_datum_init(new_user);
+ /* new_users's roles and MLS fields will be copied during
+ user_fix_callback(). */
+
+ new_user->s.value = state->base->p_users.nprim + 1;
+
+ ret = hashtab_insert(state->base->p_users.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_user);
+ if (ret) {
+ goto cleanup;
+ }
+ state->base->p_users.nprim++;
+ base_user = new_user;
+ }
+
+ if (state->dest_decl) {
+ new_id = NULL;
+ if ((new_user = malloc(sizeof(*new_user))) == NULL) {
+ goto cleanup;
+ }
+ user_datum_init(new_user);
+ new_user->s.value = base_user->s.value;
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+ if (hashtab_insert
+ (state->dest_decl->p_users.table, new_id, new_user)) {
+ goto cleanup;
+ }
+ state->dest_decl->p_users.nprim++;
+ }
+
+ state->cur->map[SYM_USERS][user->s.value - 1] = base_user->s.value;
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ user_datum_destroy(new_user);
+ free(new_id);
+ free(new_user);
+ return -1;
+}
+
+static int bool_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ int ret;
+ char *id = key, *new_id = NULL;
+ cond_bool_datum_t *booldatum, *base_bool, *new_bool = NULL;
+ link_state_t *state = (link_state_t *) data;
+
+ booldatum = (cond_bool_datum_t *) datum;
+
+ base_bool = hashtab_search(state->base->p_bools.table, id);
+ if (base_bool == NULL) {
+ if (state->verbose)
+ INFO(state->handle, "copying boolean %s", id);
+
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+
+ if ((new_bool =
+ (cond_bool_datum_t *) malloc(sizeof(*new_bool))) == NULL) {
+ goto cleanup;
+ }
+ new_bool->state = booldatum->state;
+ new_bool->s.value = state->base->p_bools.nprim + 1;
+
+ ret = hashtab_insert(state->base->p_bools.table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_bool);
+ if (ret) {
+ goto cleanup;
+ }
+ state->base->p_bools.nprim++;
+ base_bool = new_bool;
+
+ }
+
+ state->cur->map[SYM_BOOLS][booldatum->s.value - 1] = base_bool->s.value;
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ cond_destroy_bool(new_id, new_bool, NULL);
+ return -1;
+}
+
+static int sens_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id = key;
+ level_datum_t *level, *base_level;
+ link_state_t *state = (link_state_t *) data;
+ scope_datum_t *scope;
+
+ level = (level_datum_t *) datum;
+
+ base_level = hashtab_search(state->base->p_levels.table, id);
+ if (!base_level) {
+ scope =
+ hashtab_search(state->cur->policy->p_sens_scope.table, id);
+ if (!scope)
+ return SEPOL_ERR;
+ if (scope->scope == SCOPE_DECL) {
+ /* disallow declarations in modules */
+ ERR(state->handle,
+ "%s: Modules may not declare new sensitivities.",
+ state->cur_mod_name);
+ return SEPOL_ENOTSUP;
+ }
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Sensitivity %s not declared by base.",
+ state->cur_mod_name, id);
+ return SEPOL_ENOTSUP;
+ }
+ }
+
+ state->cur->map[SYM_LEVELS][level->level->sens - 1] =
+ base_level->level->sens;
+
+ return 0;
+}
+
+static int cat_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id = key;
+ cat_datum_t *cat, *base_cat;
+ link_state_t *state = (link_state_t *) data;
+ scope_datum_t *scope;
+
+ cat = (cat_datum_t *) datum;
+
+ base_cat = hashtab_search(state->base->p_cats.table, id);
+ if (!base_cat) {
+ scope =
+ hashtab_search(state->cur->policy->p_cat_scope.table, id);
+ if (!scope)
+ return SEPOL_ERR;
+ if (scope->scope == SCOPE_DECL) {
+ /* disallow declarations in modules */
+ ERR(state->handle,
+ "%s: Modules may not declare new categories.",
+ state->cur_mod_name);
+ return SEPOL_ENOTSUP;
+ }
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Category %s not declared by base.",
+ state->cur_mod_name, id);
+ return SEPOL_ENOTSUP;
+ }
+ }
+
+ state->cur->map[SYM_CATS][cat->s.value - 1] = base_cat->s.value;
+
+ return 0;
+}
+
+static int (*copy_callback_f[SYM_NUM]) (hashtab_key_t key,
+ hashtab_datum_t datum, void *datap) = {
+NULL, class_copy_callback, role_copy_callback, type_copy_callback,
+ user_copy_callback, bool_copy_callback, sens_copy_callback,
+ cat_copy_callback};
+
+/* The aliases have to be copied after the types and attributes to be
+ * certain that the base symbol table will have the type that the
+ * alias refers. Otherwise, we won't be able to find the type value
+ * for the alias. We can't depend on the declaration ordering because
+ * of the hash table.
+ */
+static int alias_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id = key, *new_id = NULL, *target_id;
+ type_datum_t *type, *base_type, *new_type = NULL, *target_type;
+ link_state_t *state = (link_state_t *) data;
+ policy_module_t *mod = state->cur;
+ int primval;
+
+ type = (type_datum_t *) datum;
+ /* there are 2 kinds of aliases. Ones with their own value (TYPE_ALIAS)
+ * and ones with the value of their primary (TYPE_TYPE && type->primary = 0)
+ */
+ if (!
+ (type->flavor == TYPE_ALIAS
+ || (type->flavor == TYPE_TYPE && !type->primary))) {
+ /* ignore types and attributes -- they were handled in
+ * type_copy_callback() */
+ return 0;
+ }
+
+ if (type->flavor == TYPE_ALIAS)
+ primval = type->primary;
+ else
+ primval = type->s.value;
+
+ target_id = mod->policy->p_type_val_to_name[primval - 1];
+ target_type = hashtab_search(state->base->p_types.table, target_id);
+ if (target_type == NULL) {
+ ERR(state->handle, "%s: Could not find type %s for alias %s.",
+ state->cur_mod_name, target_id, id);
+ return -1;
+ }
+
+ if (!strcmp(id, target_id)) {
+ ERR(state->handle, "%s: Self aliasing of %s.",
+ state->cur_mod_name, id);
+ return -1;
+ }
+
+ target_type->flags |= (type->flags & TYPE_FLAGS_PERMISSIVE);
+
+ base_type = hashtab_search(state->base->p_types.table, id);
+ if (base_type == NULL) {
+ if (state->verbose)
+ INFO(state->handle, "copying alias %s", id);
+
+ if ((new_type =
+ (type_datum_t *) calloc(1, sizeof(*new_type))) == NULL) {
+ goto cleanup;
+ }
+ /* the linked copy always has TYPE_ALIAS style aliases */
+ new_type->primary = target_type->s.value;
+ new_type->flags = target_type->flags;
+ new_type->flavor = TYPE_ALIAS;
+ new_type->s.value = state->base->p_types.nprim + 1;
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+ if (hashtab_insert
+ (state->base->p_types.table, new_id, new_type)) {
+ goto cleanup;
+ }
+ state->base->p_types.nprim++;
+ base_type = new_type;
+ } else {
+
+ /* if this already exists and isn't an alias it was required by another module (or base)
+ * and inserted into the hashtable as a type, fix it up now */
+
+ if (base_type->flavor == TYPE_ALIAS) {
+ /* error checking */
+ assert(base_type->primary == target_type->s.value);
+ assert(base_type->primary ==
+ mod->map[SYM_TYPES][primval - 1]);
+ assert(mod->map[SYM_TYPES][type->s.value - 1] ==
+ base_type->primary);
+ return 0;
+ }
+
+ if (base_type->flavor == TYPE_ATTRIB) {
+ ERR(state->handle,
+ "%s is an alias of an attribute, not allowed", id);
+ return -1;
+ }
+
+ base_type->flavor = TYPE_ALIAS;
+ base_type->primary = target_type->s.value;
+ base_type->flags |= (target_type->flags & TYPE_FLAGS_PERMISSIVE);
+
+ }
+ /* the aliases map points from its value to its primary so when this module
+ * references this type the value it gets back from the map is the primary */
+ mod->map[SYM_TYPES][type->s.value - 1] = base_type->primary;
+
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ free(new_id);
+ free(new_type);
+ return -1;
+}
+
+/*********** callbacks that fix bitmaps ***********/
+
+static int type_set_convert(type_set_t * types, type_set_t * dst,
+ policy_module_t * mod, link_state_t * state
+ __attribute__ ((unused)))
+{
+ unsigned int i;
+ ebitmap_node_t *tnode;
+ ebitmap_for_each_bit(&types->types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ assert(mod->map[SYM_TYPES][i]);
+ if (ebitmap_set_bit
+ (&dst->types, mod->map[SYM_TYPES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+ ebitmap_for_each_bit(&types->negset, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ assert(mod->map[SYM_TYPES][i]);
+ if (ebitmap_set_bit
+ (&dst->negset, mod->map[SYM_TYPES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+ dst->flags = types->flags;
+ return 0;
+
+ cleanup:
+ return -1;
+}
+
+/* OR 2 typemaps together and at the same time map the src types to
+ * the correct values in the dst typeset.
+ */
+static int type_set_or_convert(type_set_t * types, type_set_t * dst,
+ policy_module_t * mod, link_state_t * state)
+{
+ type_set_t ts_tmp;
+
+ type_set_init(&ts_tmp);
+ if (type_set_convert(types, &ts_tmp, mod, state) == -1) {
+ goto cleanup;
+ }
+ if (type_set_or_eq(dst, &ts_tmp)) {
+ goto cleanup;
+ }
+ type_set_destroy(&ts_tmp);
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ type_set_destroy(&ts_tmp);
+ return -1;
+}
+
+static int role_set_or_convert(role_set_t * roles, role_set_t * dst,
+ policy_module_t * mod, link_state_t * state)
+{
+ unsigned int i;
+ ebitmap_t tmp;
+ ebitmap_node_t *rnode;
+
+ ebitmap_init(&tmp);
+ ebitmap_for_each_bit(&roles->roles, rnode, i) {
+ if (ebitmap_node_get_bit(rnode, i)) {
+ assert(mod->map[SYM_ROLES][i]);
+ if (ebitmap_set_bit
+ (&tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+ if (ebitmap_union(&dst->roles, &tmp)) {
+ goto cleanup;
+ }
+ dst->flags |= roles->flags;
+ ebitmap_destroy(&tmp);
+ return 0;
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&tmp);
+ return -1;
+}
+
+static int mls_level_convert(mls_semantic_level_t * src, mls_semantic_level_t * dst,
+ policy_module_t * mod, link_state_t * state)
+{
+ mls_semantic_cat_t *src_cat, *new_cat;
+
+ if (!mod->policy->mls)
+ return 0;
+
+ /* Required not declared. */
+ if (!src->sens)
+ return 0;
+
+ assert(mod->map[SYM_LEVELS][src->sens - 1]);
+ dst->sens = mod->map[SYM_LEVELS][src->sens - 1];
+
+ for (src_cat = src->cat; src_cat; src_cat = src_cat->next) {
+ new_cat =
+ (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!new_cat) {
+ ERR(state->handle, "Out of memory");
+ return -1;
+ }
+ mls_semantic_cat_init(new_cat);
+
+ new_cat->next = dst->cat;
+ dst->cat = new_cat;
+
+ assert(mod->map[SYM_CATS][src_cat->low - 1]);
+ dst->cat->low = mod->map[SYM_CATS][src_cat->low - 1];
+ assert(mod->map[SYM_CATS][src_cat->high - 1]);
+ dst->cat->high = mod->map[SYM_CATS][src_cat->high - 1];
+ }
+
+ return 0;
+}
+
+static int mls_range_convert(mls_semantic_range_t * src, mls_semantic_range_t * dst,
+ policy_module_t * mod, link_state_t * state)
+{
+ int ret;
+ ret = mls_level_convert(&src->level[0], &dst->level[0], mod, state);
+ if (ret)
+ return ret;
+ ret = mls_level_convert(&src->level[1], &dst->level[1], mod, state);
+ if (ret)
+ return ret;
+ return 0;
+}
+
+static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ unsigned int i;
+ char *id = key;
+ role_datum_t *role, *dest_role = NULL;
+ link_state_t *state = (link_state_t *) data;
+ ebitmap_t e_tmp;
+ policy_module_t *mod = state->cur;
+ ebitmap_node_t *rnode;
+ hashtab_t role_tab;
+
+ role = (role_datum_t *) datum;
+ if (state->dest_decl == NULL)
+ role_tab = state->base->p_roles.table;
+ else
+ role_tab = state->dest_decl->p_roles.table;
+
+ dest_role = hashtab_search(role_tab, id);
+ assert(dest_role != NULL);
+
+ if (state->verbose) {
+ INFO(state->handle, "fixing role %s", id);
+ }
+
+ ebitmap_init(&e_tmp);
+ ebitmap_for_each_bit(&role->dominates, rnode, i) {
+ if (ebitmap_node_get_bit(rnode, i)) {
+ assert(mod->map[SYM_ROLES][i]);
+ if (ebitmap_set_bit
+ (&e_tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+ if (ebitmap_union(&dest_role->dominates, &e_tmp)) {
+ goto cleanup;
+ }
+ if (type_set_or_convert(&role->types, &dest_role->types, mod, state)) {
+ goto cleanup;
+ }
+ ebitmap_destroy(&e_tmp);
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&e_tmp);
+ return -1;
+}
+
+static int type_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ unsigned int i;
+ char *id = key;
+ type_datum_t *type, *new_type = NULL;
+ link_state_t *state = (link_state_t *) data;
+ ebitmap_t e_tmp;
+ policy_module_t *mod = state->cur;
+ ebitmap_node_t *tnode;
+ symtab_t *typetab;
+
+ type = (type_datum_t *) datum;
+
+ if (state->dest_decl == NULL)
+ typetab = &state->base->p_types;
+ else
+ typetab = &state->dest_decl->p_types;
+
+ /* only fix attributes */
+ if (type->flavor != TYPE_ATTRIB) {
+ return 0;
+ }
+
+ new_type = hashtab_search(typetab->table, id);
+ assert(new_type != NULL && new_type->flavor == TYPE_ATTRIB);
+
+ if (state->verbose) {
+ INFO(state->handle, "fixing attribute %s", id);
+ }
+
+ ebitmap_init(&e_tmp);
+ ebitmap_for_each_bit(&type->types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ assert(mod->map[SYM_TYPES][i]);
+ if (ebitmap_set_bit
+ (&e_tmp, mod->map[SYM_TYPES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+ if (ebitmap_union(&new_type->types, &e_tmp)) {
+ goto cleanup;
+ }
+ ebitmap_destroy(&e_tmp);
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ ebitmap_destroy(&e_tmp);
+ return -1;
+}
+
+static int user_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ char *id = key;
+ user_datum_t *user, *new_user = NULL;
+ link_state_t *state = (link_state_t *) data;
+ policy_module_t *mod = state->cur;
+ symtab_t *usertab;
+
+ user = (user_datum_t *) datum;
+
+ if (state->dest_decl == NULL)
+ usertab = &state->base->p_users;
+ else
+ usertab = &state->dest_decl->p_users;
+
+ new_user = hashtab_search(usertab->table, id);
+ assert(new_user != NULL);
+
+ if (state->verbose) {
+ INFO(state->handle, "fixing user %s", id);
+ }
+
+ if (role_set_or_convert(&user->roles, &new_user->roles, mod, state)) {
+ goto cleanup;
+ }
+
+ if (mls_range_convert(&user->range, &new_user->range, mod, state))
+ goto cleanup;
+
+ if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod, state))
+ goto cleanup;
+
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ return -1;
+}
+
+static int (*fix_callback_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
+ void *datap) = {
+NULL, NULL, role_fix_callback, type_fix_callback, user_fix_callback,
+ NULL, NULL, NULL};
+
+/*********** functions that copy AV rules ***********/
+
+static int copy_avrule_list(avrule_t * list, avrule_t ** dst,
+ policy_module_t * module, link_state_t * state)
+{
+ unsigned int i;
+ avrule_t *cur, *new_rule = NULL, *tail;
+ class_perm_node_t *cur_perm, *new_perm, *tail_perm = NULL;
+
+ tail = *dst;
+ while (tail && tail->next) {
+ tail = tail->next;
+ }
+
+ cur = list;
+ while (cur) {
+ if ((new_rule = (avrule_t *) malloc(sizeof(avrule_t))) == NULL) {
+ goto cleanup;
+ }
+ avrule_init(new_rule);
+
+ new_rule->specified = cur->specified;
+ new_rule->flags = cur->flags;
+ if (type_set_convert
+ (&cur->stypes, &new_rule->stypes, module, state) == -1
+ || type_set_convert(&cur->ttypes, &new_rule->ttypes, module,
+ state) == -1) {
+ goto cleanup;
+ }
+
+ cur_perm = cur->perms;
+ tail_perm = NULL;
+ while (cur_perm) {
+ if ((new_perm = (class_perm_node_t *)
+ malloc(sizeof(class_perm_node_t))) == NULL) {
+ goto cleanup;
+ }
+ class_perm_node_init(new_perm);
+
+ new_perm->class =
+ module->map[SYM_CLASSES][cur_perm->class - 1];
+ assert(new_perm->class);
+
+ if (new_rule->specified & AVRULE_AV) {
+ for (i = 0;
+ i <
+ module->perm_map_len[cur_perm->class - 1];
+ i++) {
+ if (!(cur_perm->data & (1U << i)))
+ continue;
+ new_perm->data |=
+ (1U <<
+ (module->
+ perm_map[cur_perm->class - 1][i] -
+ 1));
+ }
+ } else {
+ new_perm->data =
+ module->map[SYM_TYPES][cur_perm->data - 1];
+ }
+
+ if (new_rule->perms == NULL) {
+ new_rule->perms = new_perm;
+ } else {
+ tail_perm->next = new_perm;
+ }
+ tail_perm = new_perm;
+ cur_perm = cur_perm->next;
+ }
+ new_rule->line = cur->line;
+
+ cur = cur->next;
+
+ if (*dst == NULL) {
+ *dst = new_rule;
+ } else {
+ tail->next = new_rule;
+ }
+ tail = new_rule;
+ }
+
+ return 0;
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ avrule_destroy(new_rule);
+ free(new_rule);
+ return -1;
+}
+
+static int copy_role_trans_list(role_trans_rule_t * list,
+ role_trans_rule_t ** dst,
+ policy_module_t * module, link_state_t * state)
+{
+ role_trans_rule_t *cur, *new_rule = NULL, *tail;
+
+ cur = list;
+ tail = *dst;
+ while (tail && tail->next) {
+ tail = tail->next;
+ }
+ while (cur) {
+ if ((new_rule =
+ (role_trans_rule_t *) malloc(sizeof(role_trans_rule_t))) ==
+ NULL) {
+ goto cleanup;
+ }
+ role_trans_rule_init(new_rule);
+
+ if (role_set_or_convert
+ (&cur->roles, &new_rule->roles, module, state)
+ || type_set_or_convert(&cur->types, &new_rule->types,
+ module, state)) {
+ goto cleanup;
+ }
+
+ new_rule->new_role = module->map[SYM_ROLES][cur->new_role - 1];
+
+ if (*dst == NULL) {
+ *dst = new_rule;
+ } else {
+ tail->next = new_rule;
+ }
+ tail = new_rule;
+ cur = cur->next;
+ }
+ return 0;
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ role_trans_rule_list_destroy(new_rule);
+ return -1;
+}
+
+static int copy_role_allow_list(role_allow_rule_t * list,
+ role_allow_rule_t ** dst,
+ policy_module_t * module, link_state_t * state)
+{
+ role_allow_rule_t *cur, *new_rule = NULL, *tail;
+
+ cur = list;
+ tail = *dst;
+ while (tail && tail->next) {
+ tail = tail->next;
+ }
+
+ while (cur) {
+ if ((new_rule =
+ (role_allow_rule_t *) malloc(sizeof(role_allow_rule_t))) ==
+ NULL) {
+ goto cleanup;
+ }
+ role_allow_rule_init(new_rule);
+
+ if (role_set_or_convert
+ (&cur->roles, &new_rule->roles, module, state)
+ || role_set_or_convert(&cur->new_roles,
+ &new_rule->new_roles, module,
+ state)) {
+ goto cleanup;
+ }
+ if (*dst == NULL) {
+ *dst = new_rule;
+ } else {
+ tail->next = new_rule;
+ }
+ tail = new_rule;
+ cur = cur->next;
+ }
+ return 0;
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ role_allow_rule_list_destroy(new_rule);
+ return -1;
+}
+
+static int copy_range_trans_list(range_trans_rule_t * rules,
+ range_trans_rule_t ** dst,
+ policy_module_t * mod, link_state_t * state)
+{
+ range_trans_rule_t *rule, *new_rule = NULL;
+ unsigned int i;
+ ebitmap_node_t *cnode;
+
+ for (rule = rules; rule; rule = rule->next) {
+ new_rule =
+ (range_trans_rule_t *) malloc(sizeof(range_trans_rule_t));
+ if (!new_rule)
+ goto cleanup;
+
+ range_trans_rule_init(new_rule);
+
+ new_rule->next = *dst;
+ *dst = new_rule;
+
+ if (type_set_convert(&rule->stypes, &new_rule->stypes,
+ mod, state))
+ goto cleanup;
+
+ if (type_set_convert(&rule->ttypes, &new_rule->ttypes,
+ mod, state))
+ goto cleanup;
+
+ ebitmap_for_each_bit(&rule->tclasses, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ assert(mod->map[SYM_CLASSES][i]);
+ if (ebitmap_set_bit
+ (&new_rule->tclasses,
+ mod->map[SYM_CLASSES][i] - 1, 1)) {
+ goto cleanup;
+ }
+ }
+ }
+
+ if (mls_range_convert(&rule->trange, &new_rule->trange, mod, state))
+ goto cleanup;
+ }
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ range_trans_rule_list_destroy(new_rule);
+ return -1;
+}
+
+static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
+ policy_module_t * module, link_state_t * state)
+{
+ unsigned i;
+ cond_node_t *cur, *new_node = NULL, *tail;
+ cond_expr_t *cur_expr;
+ tail = *dst;
+ while (tail && tail->next)
+ tail = tail->next;
+
+ cur = list;
+ while (cur) {
+ new_node = (cond_node_t *) malloc(sizeof(cond_node_t));
+ if (!new_node) {
+ goto cleanup;
+ }
+ memset(new_node, 0, sizeof(cond_node_t));
+
+ new_node->cur_state = cur->cur_state;
+ new_node->expr = cond_copy_expr(cur->expr);
+ if (!new_node->expr)
+ goto cleanup;
+ /* go back through and remap the expression */
+ for (cur_expr = new_node->expr; cur_expr != NULL;
+ cur_expr = cur_expr->next) {
+ /* expression nodes don't have a bool value of 0 - don't map them */
+ if (cur_expr->expr_type != COND_BOOL)
+ continue;
+ assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
+ cur_expr->bool =
+ module->map[SYM_BOOLS][cur_expr->bool - 1];
+ }
+ new_node->nbools = cur->nbools;
+ /* FIXME should COND_MAX_BOOLS be used here? */
+ for (i = 0; i < min(cur->nbools, COND_MAX_BOOLS); i++) {
+ uint32_t remapped_id =
+ module->map[SYM_BOOLS][cur->bool_ids[i] - 1];
+ assert(remapped_id != 0);
+ new_node->bool_ids[i] = remapped_id;
+ }
+ new_node->expr_pre_comp = cur->expr_pre_comp;
+
+ if (copy_avrule_list
+ (cur->avtrue_list, &new_node->avtrue_list, module, state)
+ || copy_avrule_list(cur->avfalse_list,
+ &new_node->avfalse_list, module,
+ state)) {
+ goto cleanup;
+ }
+
+ if (*dst == NULL) {
+ *dst = new_node;
+ } else {
+ tail->next = new_node;
+ }
+ tail = new_node;
+ cur = cur->next;
+ }
+ return 0;
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ cond_node_destroy(new_node);
+ free(new_node);
+ return -1;
+
+}
+
+/*********** functions that copy avrule_decls from module to base ***********/
+
+static int copy_identifiers(link_state_t * state, symtab_t * src_symtab,
+ avrule_decl_t * dest_decl)
+{
+ int i, ret;
+
+ state->dest_decl = dest_decl;
+ for (i = 0; i < SYM_NUM; i++) {
+ if (copy_callback_f[i] != NULL) {
+ ret =
+ hashtab_map(src_symtab[i].table, copy_callback_f[i],
+ state);
+ if (ret) {
+ return ret;
+ }
+ }
+ }
+
+ if (hashtab_map
+ (src_symtab[SYM_TYPES].table, alias_copy_callback, state)) {
+ return -1;
+ }
+
+ /* then fix bitmaps associated with those newly copied identifiers */
+ for (i = 0; i < SYM_NUM; i++) {
+ if (fix_callback_f[i] != NULL &&
+ hashtab_map(src_symtab[i].table, fix_callback_f[i],
+ state)) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int copy_scope_index(scope_index_t * src, scope_index_t * dest,
+ policy_module_t * module, link_state_t * state)
+{
+ unsigned int i, j;
+ uint32_t largest_mapped_class_value = 0;
+ ebitmap_node_t *node;
+ /* copy the scoping information for this avrule decl block */
+ for (i = 0; i < SYM_NUM; i++) {
+ ebitmap_t *srcmap = src->scope + i;
+ ebitmap_t *destmap = dest->scope + i;
+ if (copy_callback_f[i] == NULL) {
+ continue;
+ }
+ ebitmap_for_each_bit(srcmap, node, j) {
+ if (ebitmap_node_get_bit(node, j)) {
+ assert(module->map[i][j] != 0);
+ if (ebitmap_set_bit
+ (destmap, module->map[i][j] - 1, 1) != 0) {
+
+ goto cleanup;
+ }
+ if (i == SYM_CLASSES &&
+ largest_mapped_class_value <
+ module->map[SYM_CLASSES][j]) {
+ largest_mapped_class_value =
+ module->map[SYM_CLASSES][j];
+ }
+ }
+ }
+ }
+
+ /* next copy the enabled permissions data */
+ if ((dest->class_perms_map = malloc(largest_mapped_class_value *
+ sizeof(*dest->class_perms_map))) ==
+ NULL) {
+ goto cleanup;
+ }
+ for (i = 0; i < largest_mapped_class_value; i++) {
+ ebitmap_init(dest->class_perms_map + i);
+ }
+ dest->class_perms_len = largest_mapped_class_value;
+ for (i = 0; i < src->class_perms_len; i++) {
+ ebitmap_t *srcmap = src->class_perms_map + i;
+ ebitmap_t *destmap =
+ dest->class_perms_map + module->map[SYM_CLASSES][i] - 1;
+ ebitmap_for_each_bit(srcmap, node, j) {
+ if (ebitmap_node_get_bit(node, j) &&
+ ebitmap_set_bit(destmap, module->perm_map[i][j] - 1,
+ 1)) {
+ goto cleanup;
+ }
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ return -1;
+}
+
+static int copy_avrule_decl(link_state_t * state, policy_module_t * module,
+ avrule_decl_t * src_decl, avrule_decl_t * dest_decl)
+{
+ int ret;
+
+ /* copy all of the RBAC and TE rules */
+ if (copy_avrule_list
+ (src_decl->avrules, &dest_decl->avrules, module, state) == -1
+ || copy_role_trans_list(src_decl->role_tr_rules,
+ &dest_decl->role_tr_rules, module,
+ state) == -1
+ || copy_role_allow_list(src_decl->role_allow_rules,
+ &dest_decl->role_allow_rules, module,
+ state) == -1
+ || copy_cond_list(src_decl->cond_list, &dest_decl->cond_list,
+ module, state) == -1) {
+ return -1;
+ }
+
+ if (copy_range_trans_list(src_decl->range_tr_rules,
+ &dest_decl->range_tr_rules, module, state))
+ return -1;
+
+ /* finally copy any identifiers local to this declaration */
+ ret = copy_identifiers(state, src_decl->symtab, dest_decl);
+ if (ret < 0) {
+ return ret;
+ }
+
+ /* then copy required and declared scope indices here */
+ if (copy_scope_index(&src_decl->required, &dest_decl->required,
+ module, state) == -1 ||
+ copy_scope_index(&src_decl->declared, &dest_decl->declared,
+ module, state) == -1) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static int copy_avrule_block(link_state_t * state, policy_module_t * module,
+ avrule_block_t * block)
+{
+ avrule_block_t *new_block = avrule_block_create();
+ avrule_decl_t *decl, *last_decl = NULL;
+ int ret;
+
+ if (new_block == NULL) {
+ ERR(state->handle, "Out of memory!");
+ ret = -1;
+ goto cleanup;
+ }
+
+ new_block->flags = block->flags;
+
+ for (decl = block->branch_list; decl != NULL; decl = decl->next) {
+ avrule_decl_t *new_decl =
+ avrule_decl_create(state->next_decl_id);
+ if (new_decl == NULL) {
+ ERR(state->handle, "Out of memory!");
+ ret = -1;
+ goto cleanup;
+ }
+
+ if (module->policy->name != NULL) {
+ new_decl->module_name = strdup(module->policy->name);
+ if (new_decl->module_name == NULL) {
+ ERR(state->handle, "Out of memory\n");
+ ret = -1;
+ goto cleanup;
+ }
+ }
+
+ if (last_decl == NULL) {
+ new_block->branch_list = new_decl;
+ } else {
+ last_decl->next = new_decl;
+ }
+ last_decl = new_decl;
+ state->base->decl_val_to_struct[state->next_decl_id - 1] =
+ new_decl;
+ state->decl_to_mod[state->next_decl_id] = module->policy;
+
+ module->avdecl_map[decl->decl_id] = new_decl->decl_id;
+
+ ret = copy_avrule_decl(state, module, decl, new_decl);
+ if (ret) {
+ goto cleanup;
+ }
+
+ state->next_decl_id++;
+ }
+ state->last_avrule_block->next = new_block;
+ state->last_avrule_block = new_block;
+ return 0;
+
+ cleanup:
+ avrule_block_list_destroy(new_block);
+ return ret;
+}
+
+static int scope_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *data)
+{
+ unsigned int i;
+ int ret;
+ char *id = key, *new_id = NULL;
+ scope_datum_t *scope, *base_scope;
+ link_state_t *state = (link_state_t *) data;
+ uint32_t symbol_num = state->symbol_num;
+ uint32_t *avdecl_map = state->cur->avdecl_map;
+
+ scope = (scope_datum_t *) datum;
+
+ /* check if the base already has a scope entry */
+ base_scope = hashtab_search(state->base->scope[symbol_num].table, id);
+ if (base_scope == NULL) {
+ scope_datum_t *new_scope;
+ if ((new_id = strdup(id)) == NULL) {
+ goto cleanup;
+ }
+
+ if ((new_scope =
+ (scope_datum_t *) calloc(1, sizeof(*new_scope))) == NULL) {
+ free(new_id);
+ goto cleanup;
+ }
+ ret = hashtab_insert(state->base->scope[symbol_num].table,
+ (hashtab_key_t) new_id,
+ (hashtab_datum_t) new_scope);
+ if (ret) {
+ free(new_id);
+ free(new_scope);
+ goto cleanup;
+ }
+ new_scope->scope = SCOPE_REQ; /* this is reset further down */
+ base_scope = new_scope;
+ }
+ if (base_scope->scope == SCOPE_REQ && scope->scope == SCOPE_DECL) {
+ /* this module declared symbol, so overwrite the old
+ * list with the new decl ids */
+ base_scope->scope = SCOPE_DECL;
+ free(base_scope->decl_ids);
+ base_scope->decl_ids = NULL;
+ base_scope->decl_ids_len = 0;
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ if (add_i_to_a(avdecl_map[scope->decl_ids[i]],
+ &base_scope->decl_ids_len,
+ &base_scope->decl_ids) == -1) {
+ goto cleanup;
+ }
+ }
+ } else if (base_scope->scope == SCOPE_DECL && scope->scope == SCOPE_REQ) {
+ /* this module depended on a symbol that now exists,
+ * so don't do anything */
+ } else if (base_scope->scope == SCOPE_REQ && scope->scope == SCOPE_REQ) {
+ /* symbol is still required, so add to the list */
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ if (add_i_to_a(avdecl_map[scope->decl_ids[i]],
+ &base_scope->decl_ids_len,
+ &base_scope->decl_ids) == -1) {
+ goto cleanup;
+ }
+ }
+ } else {
+ /* this module declared a symbol, and it was already
+ * declared. only roles and users may be multiply
+ * declared; for all others this is an error. */
+ if (symbol_num != SYM_ROLES && symbol_num != SYM_USERS) {
+ ERR(state->handle,
+ "%s: Duplicate declaration in module: %s %s",
+ state->cur_mod_name,
+ symtab_names[state->symbol_num], id);
+ return -1;
+ }
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ if (add_i_to_a(avdecl_map[scope->decl_ids[i]],
+ &base_scope->decl_ids_len,
+ &base_scope->decl_ids) == -1) {
+ goto cleanup;
+ }
+ }
+ }
+ return 0;
+
+ cleanup:
+ ERR(state->handle, "Out of memory!");
+ return -1;
+}
+
+/* Copy a module over to a base, remapping all values within. After
+ * all identifiers and rules are done, copy the scoping information.
+ * This is when it checks for duplicate declarations. */
+static int copy_module(link_state_t * state, policy_module_t * module)
+{
+ int i, ret;
+ avrule_block_t *cur;
+ state->cur = module;
+ state->cur_mod_name = module->policy->name;
+
+ /* first copy all of the identifiers */
+ ret = copy_identifiers(state, module->policy->symtab, NULL);
+ if (ret) {
+ return ret;
+ }
+
+ /* next copy all of the avrule blocks */
+ for (cur = module->policy->global; cur != NULL; cur = cur->next) {
+ ret = copy_avrule_block(state, module, cur);
+ if (ret) {
+ return ret;
+ }
+ }
+
+ /* then copy the scoping tables */
+ for (i = 0; i < SYM_NUM; i++) {
+ state->symbol_num = i;
+ if (hashtab_map
+ (module->policy->scope[i].table, scope_copy_callback,
+ state)) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/***** functions that check requirements and enable blocks in a module ******/
+
+/* borrowed from checkpolicy.c */
+
+struct find_perm_arg {
+ unsigned int valuep;
+ hashtab_key_t key;
+};
+
+static int find_perm(hashtab_key_t key, hashtab_datum_t datum, void *varg)
+{
+
+ struct find_perm_arg *arg = varg;
+
+ perm_datum_t *perdatum = (perm_datum_t *) datum;
+ if (arg->valuep == perdatum->s.value) {
+ arg->key = key;
+ return 1;
+ }
+
+ return 0;
+}
+
+/* Check if the requirements are met for a single declaration. If all
+ * are met return 1. For the first requirement found to be missing,
+ * if 'missing_sym_num' and 'missing_value' are both not NULL then
+ * write to them the symbol number and value for the missing
+ * declaration. Then return 0 to indicate a missing declaration.
+ * Note that if a declaration had no requirement at all (e.g., an ELSE
+ * block) this returns 1. */
+static int is_decl_requires_met(link_state_t * state,
+ avrule_decl_t * decl,
+ struct missing_requirement *req)
+{
+ /* (This algorithm is very unoptimized. It performs many
+ * redundant checks. A very obvious improvement is to cache
+ * which symbols have been verified, so that they do not need
+ * to be re-checked.) */
+ unsigned int i, j;
+ ebitmap_t *bitmap;
+ char *id, *perm_id;
+ policydb_t *pol = state->base;
+ ebitmap_node_t *node;
+
+ /* check that all symbols have been satisfied */
+ for (i = 0; i < SYM_NUM; i++) {
+ if (i == SYM_CLASSES) {
+ /* classes will be checked during permissions
+ * checking phase below */
+ continue;
+ }
+ bitmap = &decl->required.scope[i];
+ ebitmap_for_each_bit(bitmap, node, j) {
+ if (!ebitmap_node_get_bit(node, j)) {
+ continue;
+ }
+
+ /* check base's scope table */
+ id = pol->sym_val_to_name[i][j];
+ if (!is_id_enabled(id, state->base, i)) {
+ /* this symbol was not found */
+ if (req != NULL) {
+ req->symbol_type = i;
+ req->symbol_value = j + 1;
+ }
+ return 0;
+ }
+ }
+ }
+ /* check that all classes and permissions have been satisfied */
+ for (i = 0; i < decl->required.class_perms_len; i++) {
+
+ bitmap = decl->required.class_perms_map + i;
+ ebitmap_for_each_bit(bitmap, node, j) {
+ struct find_perm_arg fparg;
+ class_datum_t *cladatum;
+ uint32_t perm_value = j + 1;
+ scope_datum_t *scope;
+
+ if (!ebitmap_node_get_bit(node, j)) {
+ continue;
+ }
+ id = pol->p_class_val_to_name[i];
+ cladatum = pol->class_val_to_struct[i];
+
+ scope =
+ hashtab_search(state->base->p_classes_scope.table,
+ id);
+ if (scope == NULL) {
+ ERR(state->handle,
+ "Could not find scope information for class %s",
+ id);
+ return -1;
+ }
+
+ fparg.valuep = perm_value;
+ fparg.key = NULL;
+
+ hashtab_map(cladatum->permissions.table, find_perm,
+ &fparg);
+ if (fparg.key == NULL && cladatum->comdatum != NULL)
+ hashtab_map(cladatum->comdatum->permissions.
+ table, find_perm, &fparg);
+ perm_id = fparg.key;
+
+ assert(perm_id != NULL);
+ if (!is_perm_enabled(id, perm_id, state->base)) {
+ if (req != NULL) {
+ req->symbol_type = SYM_CLASSES;
+ req->symbol_value = i + 1;
+ req->perm_value = perm_value;
+ }
+ return 0;
+ }
+ }
+ }
+
+ /* all requirements have been met */
+ return 1;
+}
+
+static int debug_requirements(link_state_t * state, policydb_t * p)
+{
+ int ret;
+ avrule_block_t *cur;
+ missing_requirement_t req;
+
+ for (cur = p->global; cur != NULL; cur = cur->next) {
+ if (cur->enabled != NULL)
+ continue;
+
+ ret = is_decl_requires_met(state, cur->branch_list, &req);
+ if (ret < 0) {
+ return ret;
+ } else if (ret == 0) {
+ char *mod_name = cur->branch_list->module_name ?
+ cur->branch_list->module_name : "BASE";
+ if (req.symbol_type == SYM_CLASSES) {
+
+ struct find_perm_arg fparg;
+
+ class_datum_t *cladatum;
+ cladatum =
+ p->class_val_to_struct[req.symbol_value -
+ 1];
+
+ fparg.valuep = req.perm_value;
+ fparg.key = NULL;
+ hashtab_map(cladatum->permissions.table,
+ find_perm, &fparg);
+
+ if (cur->flags & AVRULE_OPTIONAL) {
+ ERR(state->handle,
+ "%s[%d]'s optional requirements were not met: class %s, permission %s",
+ mod_name, cur->branch_list->decl_id,
+ p->p_class_val_to_name[req.
+ symbol_value
+ - 1],
+ fparg.key);
+ } else {
+ ERR(state->handle,
+ "%s[%d]'s global requirements were not met: class %s, permission %s",
+ mod_name, cur->branch_list->decl_id,
+ p->p_class_val_to_name[req.
+ symbol_value
+ - 1],
+ fparg.key);
+ }
+ } else {
+ if (cur->flags & AVRULE_OPTIONAL) {
+ ERR(state->handle,
+ "%s[%d]'s optional requirements were not met: %s %s",
+ mod_name, cur->branch_list->decl_id,
+ symtab_names[req.symbol_type],
+ p->sym_val_to_name[req.
+ symbol_type][req.
+ symbol_value
+ -
+ 1]);
+ } else {
+ ERR(state->handle,
+ "%s[%d]'s global requirements were not met: %s %s",
+ mod_name, cur->branch_list->decl_id,
+ symtab_names[req.symbol_type],
+ p->sym_val_to_name[req.
+ symbol_type][req.
+ symbol_value
+ -
+ 1]);
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+static void print_missing_requirements(link_state_t * state,
+ avrule_block_t * cur,
+ missing_requirement_t * req)
+{
+ policydb_t *p = state->base;
+ char *mod_name = cur->branch_list->module_name ?
+ cur->branch_list->module_name : "BASE";
+
+ if (req->symbol_type == SYM_CLASSES) {
+
+ struct find_perm_arg fparg;
+
+ class_datum_t *cladatum;
+ cladatum = p->class_val_to_struct[req->symbol_value - 1];
+
+ fparg.valuep = req->perm_value;
+ fparg.key = NULL;
+ hashtab_map(cladatum->permissions.table, find_perm, &fparg);
+
+ ERR(state->handle,
+ "%s's global requirements were not met: class %s, permission %s",
+ mod_name,
+ p->p_class_val_to_name[req->symbol_value - 1], fparg.key);
+ } else {
+ ERR(state->handle,
+ "%s's global requirements were not met: %s %s",
+ mod_name,
+ symtab_names[req->symbol_type],
+ p->sym_val_to_name[req->symbol_type][req->symbol_value -
+ 1]);
+ }
+}
+
+/* Enable all of the avrule_decl blocks for the policy. This simple
+ * algorithm is the following:
+ *
+ * 1) Enable all of the non-else avrule_decls for all blocks.
+ * 2) Iterate through the non-else decls looking for decls whose requirements
+ * are not met.
+ * 2a) If the decl is non-optional, return immediately with an error.
+ * 2b) If the decl is optional, disable the block and mark changed = 1
+ * 3) If changed == 1 goto 2.
+ * 4) Iterate through all blocks looking for those that have no enabled
+ * decl. If the block has an else decl, enable.
+ *
+ * This will correctly handle all dependencies, including mutual and
+ * cicular. The only downside is that it is slow.
+ */
+static int enable_avrules(link_state_t * state, policydb_t * pol)
+{
+ int changed = 1;
+ avrule_block_t *block;
+ avrule_decl_t *decl;
+ missing_requirement_t req;
+ int ret = 0, rc;
+
+ if (state->verbose) {
+ INFO(state->handle, "Determining which avrules to enable.");
+ }
+
+ /* 1) enable all of the non-else blocks */
+ for (block = pol->global; block != NULL; block = block->next) {
+ block->enabled = block->branch_list;
+ block->enabled->enabled = 1;
+ for (decl = block->branch_list->next; decl != NULL;
+ decl = decl->next)
+ decl->enabled = 0;
+ }
+
+ /* 2) Iterate */
+ while (changed) {
+ changed = 0;
+ for (block = pol->global; block != NULL; block = block->next) {
+ if (block->enabled == NULL) {
+ continue;
+ }
+ decl = block->branch_list;
+ if (state->verbose) {
+ char *mod_name = decl->module_name ?
+ decl->module_name : "BASE";
+ INFO(state->handle, "check module %s decl %d\n",
+ mod_name, decl->decl_id);
+ }
+ rc = is_decl_requires_met(state, decl, &req);
+ if (rc < 0) {
+ ret = SEPOL_ERR;
+ goto out;
+ } else if (rc == 0) {
+ decl->enabled = 0;
+ block->enabled = NULL;
+ changed = 1;
+ if (!(block->flags & AVRULE_OPTIONAL)) {
+ print_missing_requirements(state, block,
+ &req);
+ ret = SEPOL_EREQ;
+ goto out;
+ }
+ }
+ }
+ }
+
+ /* 4) else handling
+ *
+ * Iterate through all of the blocks skipping the first (which is the
+ * global block, is required to be present, and cannot have an else).
+ * If the block is disabled and has an else decl, enable that.
+ *
+ * This code assumes that the second block in the branch list is the else
+ * block. This is currently supported by the compiler.
+ */
+ for (block = pol->global->next; block != NULL; block = block->next) {
+ if (block->enabled == NULL) {
+ if (block->branch_list->next != NULL) {
+ block->enabled = block->branch_list->next;
+ block->branch_list->next->enabled = 1;
+ }
+ }
+ }
+
+ out:
+ if (state->verbose)
+ debug_requirements(state, pol);
+
+ return ret;
+}
+
+/*********** the main linking functions ***********/
+
+/* Given a module's policy, normalize all conditional expressions
+ * within. Return 0 on success, -1 on error. */
+static int cond_normalize(policydb_t * p)
+{
+ avrule_block_t *block;
+ for (block = p->global; block != NULL; block = block->next) {
+ avrule_decl_t *decl;
+ for (decl = block->branch_list; decl != NULL; decl = decl->next) {
+ cond_list_t *cond = decl->cond_list;
+ while (cond) {
+ if (cond_normalize_expr(p, cond) < 0)
+ return -1;
+ cond = cond->next;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Allocate space for the various remapping arrays. */
+static int prepare_module(link_state_t * state, policy_module_t * module)
+{
+ int i;
+ uint32_t items, num_decls = 0;
+ avrule_block_t *cur;
+
+ /* allocate the maps */
+ for (i = 0; i < SYM_NUM; i++) {
+ items = module->policy->symtab[i].nprim;
+ if ((module->map[i] =
+ (uint32_t *) calloc(items,
+ sizeof(*module->map[i]))) == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ }
+
+ /* allocate the permissions remap here */
+ items = module->policy->p_classes.nprim;
+ if ((module->perm_map_len =
+ calloc(items, sizeof(*module->perm_map_len))) == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ if ((module->perm_map =
+ calloc(items, sizeof(*module->perm_map))) == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ /* allocate a map for avrule_decls */
+ for (cur = module->policy->global; cur != NULL; cur = cur->next) {
+ avrule_decl_t *decl;
+ for (decl = cur->branch_list; decl != NULL; decl = decl->next) {
+ if (decl->decl_id > num_decls) {
+ num_decls = decl->decl_id;
+ }
+ }
+ }
+ num_decls++;
+ if ((module->avdecl_map = calloc(num_decls, sizeof(uint32_t))) == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ module->num_decls = num_decls;
+
+ /* normalize conditionals within */
+ if (cond_normalize(module->policy) < 0) {
+ ERR(state->handle,
+ "Error while normalizing conditionals within the module %s.",
+ module->policy->name);
+ return -1;
+ }
+ return 0;
+}
+
+static int prepare_base(link_state_t * state, uint32_t num_mod_decls)
+{
+ avrule_block_t *cur = state->base->global;
+ assert(cur != NULL);
+ state->next_decl_id = 0;
+
+ /* iterate through all of the declarations in the base, to
+ determine what the next decl_id should be */
+ while (cur != NULL) {
+ avrule_decl_t *decl;
+ for (decl = cur->branch_list; decl != NULL; decl = decl->next) {
+ if (decl->decl_id > state->next_decl_id) {
+ state->next_decl_id = decl->decl_id;
+ }
+ }
+ state->last_avrule_block = cur;
+ cur = cur->next;
+ }
+ state->last_base_avrule_block = state->last_avrule_block;
+ state->next_decl_id++;
+
+ /* allocate the table mapping from base's decl_id to its
+ * avrule_decls and set the initial mappings */
+ free(state->base->decl_val_to_struct);
+ if ((state->base->decl_val_to_struct =
+ calloc(state->next_decl_id + num_mod_decls,
+ sizeof(*(state->base->decl_val_to_struct)))) == NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ /* This allocates the decl block to module mapping used for error reporting */
+ if ((state->decl_to_mod = calloc(state->next_decl_id + num_mod_decls,
+ sizeof(*(state->decl_to_mod)))) ==
+ NULL) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ cur = state->base->global;
+ while (cur != NULL) {
+ avrule_decl_t *decl = cur->branch_list;
+ while (decl != NULL) {
+ state->base->decl_val_to_struct[decl->decl_id - 1] =
+ decl;
+ state->decl_to_mod[decl->decl_id] = state->base;
+ decl = decl->next;
+ }
+ cur = cur->next;
+ }
+
+ /* normalize conditionals within */
+ if (cond_normalize(state->base) < 0) {
+ ERR(state->handle,
+ "Error while normalizing conditionals within the base module.");
+ return -1;
+ }
+ return 0;
+}
+
+/* Link a set of modules into a base module. This process is somewhat
+ * similar to an actual compiler: it requires a set of order dependent
+ * steps. The base and every module must have been indexed prior to
+ * calling this function.
+ */
+int link_modules(sepol_handle_t * handle,
+ policydb_t * b, policydb_t ** mods, int len, int verbose)
+{
+ int i, ret, retval = -1;
+ policy_module_t **modules = NULL;
+ link_state_t state;
+ uint32_t num_mod_decls = 0;
+
+ memset(&state, 0, sizeof(state));
+ state.base = b;
+ state.verbose = verbose;
+ state.handle = handle;
+
+ if (b->policy_type != POLICY_BASE) {
+ ERR(state.handle, "Target of link was not a base policy.");
+ return -1;
+ }
+
+ /* first allocate some space to hold the maps from module
+ * symbol's value to the destination symbol value; then do
+ * other preparation work */
+ if ((modules =
+ (policy_module_t **) calloc(len, sizeof(*modules))) == NULL) {
+ ERR(state.handle, "Out of memory!");
+ return -1;
+ }
+ for (i = 0; i < len; i++) {
+ if (mods[i]->policy_type != POLICY_MOD) {
+ ERR(state.handle,
+ "Tried to link in a policy that was not a module.");
+ goto cleanup;
+ }
+
+ if (mods[i]->mls != b->mls) {
+ if (b->mls)
+ ERR(state.handle,
+ "Tried to link in a non-MLS module with an MLS base.");
+ else
+ ERR(state.handle,
+ "Tried to link in an MLS module with a non-MLS base.");
+ goto cleanup;
+ }
+
+ if ((modules[i] =
+ (policy_module_t *) calloc(1,
+ sizeof(policy_module_t))) ==
+ NULL) {
+ ERR(state.handle, "Out of memory!");
+ goto cleanup;
+ }
+ modules[i]->policy = mods[i];
+ if (prepare_module(&state, modules[i]) == -1) {
+ goto cleanup;
+ }
+ num_mod_decls += modules[i]->num_decls;
+ }
+ if (prepare_base(&state, num_mod_decls) == -1) {
+ goto cleanup;
+ }
+
+ /* copy all types, declared and required */
+ for (i = 0; i < len; i++) {
+ state.cur = modules[i];
+ state.cur_mod_name = modules[i]->policy->name;
+ ret =
+ hashtab_map(modules[i]->policy->p_types.table,
+ type_copy_callback, &state);
+ if (ret) {
+ retval = ret;
+ goto cleanup;
+ }
+ }
+
+ /* then copy everything else, including aliases, and fixup attributes */
+ for (i = 0; i < len; i++) {
+ state.cur = modules[i];
+ state.cur_mod_name = modules[i]->policy->name;
+ ret =
+ copy_identifiers(&state, modules[i]->policy->symtab, NULL);
+ if (ret) {
+ retval = ret;
+ goto cleanup;
+ }
+ }
+
+ if (policydb_index_others(state.handle, state.base, 0)) {
+ ERR(state.handle, "Error while indexing others");
+ goto cleanup;
+ }
+
+ /* copy and remap the module's data over to base */
+ for (i = 0; i < len; i++) {
+ state.cur = modules[i];
+ ret = copy_module(&state, modules[i]);
+ if (ret) {
+ retval = ret;
+ goto cleanup;
+ }
+ }
+
+ /* re-index base, for symbols were added to symbol tables */
+ if (policydb_index_classes(state.base)) {
+ ERR(state.handle, "Error while indexing classes");
+ goto cleanup;
+ }
+ if (policydb_index_others(state.handle, state.base, 0)) {
+ ERR(state.handle, "Error while indexing others");
+ goto cleanup;
+ }
+
+ if (enable_avrules(&state, state.base)) {
+ retval = SEPOL_EREQ;
+ goto cleanup;
+ }
+
+ retval = 0;
+ cleanup:
+ for (i = 0; modules != NULL && i < len; i++) {
+ policy_module_destroy(modules[i]);
+ }
+ free(modules);
+ free(state.decl_to_mod);
+ return retval;
+}
diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
new file mode 100644
index 0000000..1e84bb7
--- /dev/null
+++ b/libsepol/src/mls.c
@@ -0,0 +1,798 @@
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the multi-level security (MLS) policy.
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/flask.h>
+#include <sepol/policydb/context.h>
+
+#include <stdlib.h>
+
+#include "handle.h"
+#include "debug.h"
+#include "private.h"
+#include "mls.h"
+
+int mls_to_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * mls, char **str)
+{
+
+ char *ptr = NULL, *ptr2 = NULL;
+
+ /* Temporary buffer - length + NULL terminator */
+ int len = mls_compute_context_len(policydb, mls) + 1;
+
+ ptr = (char *)malloc(len);
+ if (ptr == NULL)
+ goto omem;
+
+ /* Final string w/ ':' cut off */
+ ptr2 = (char *)malloc(len - 1);
+ if (ptr2 == NULL)
+ goto omem;
+
+ mls_sid_to_context(policydb, mls, &ptr);
+ ptr -= len - 1;
+ strcpy(ptr2, ptr + 1);
+
+ free(ptr);
+ *str = ptr2;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not convert mls context to string");
+
+ free(ptr);
+ free(ptr2);
+ return STATUS_ERR;
+
+}
+
+int mls_from_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const char *str, context_struct_t * mls)
+{
+
+ char *tmp = strdup(str);
+ char *tmp_cp = tmp;
+ if (!tmp)
+ goto omem;
+
+ if (mls_context_to_sid(policydb, '$', &tmp_cp, mls) < 0) {
+ ERR(handle, "invalid MLS context %s", str);
+ free(tmp);
+ goto err;
+ }
+
+ free(tmp);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not construct mls context structure");
+ return STATUS_ERR;
+}
+
+/*
+ * Return the length in bytes for the MLS fields of the
+ * security context string representation of `context'.
+ */
+int mls_compute_context_len(const policydb_t * policydb,
+ const context_struct_t * context)
+{
+
+ unsigned int i, l, len, range;
+ ebitmap_node_t *cnode;
+
+ if (!policydb->mls)
+ return 0;
+
+ len = 1; /* for the beginning ":" */
+ for (l = 0; l < 2; l++) {
+ range = 0;
+ len +=
+ strlen(policydb->
+ p_sens_val_to_name[context->range.level[l].sens -
+ 1]);
+
+ ebitmap_for_each_bit(&context->range.level[l].cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ if (range) {
+ range++;
+ continue;
+ }
+
+ len +=
+ strlen(policydb->p_cat_val_to_name[i]) + 1;
+ range++;
+ } else {
+ if (range > 1)
+ len +=
+ strlen(policydb->
+ p_cat_val_to_name[i - 1]) +
+ 1;
+ range = 0;
+ }
+ }
+ /* Handle case where last category is the end of range */
+ if (range > 1)
+ len += strlen(policydb->p_cat_val_to_name[i - 1]) + 1;
+
+ if (l == 0) {
+ if (mls_level_eq(&context->range.level[0],
+ &context->range.level[1]))
+ break;
+ else
+ len++;
+ }
+ }
+
+ return len;
+}
+
+/*
+ * Write the security context string representation of
+ * the MLS fields of `context' into the string `*scontext'.
+ * Update `*scontext' to point to the end of the MLS fields.
+ */
+void mls_sid_to_context(const policydb_t * policydb,
+ const context_struct_t * context, char **scontext)
+{
+
+ char *scontextp;
+ unsigned int i, l, range, wrote_sep;
+ ebitmap_node_t *cnode;
+
+ if (!policydb->mls)
+ return;
+
+ scontextp = *scontext;
+
+ *scontextp = ':';
+ scontextp++;
+
+ for (l = 0; l < 2; l++) {
+ range = 0;
+ wrote_sep = 0;
+ strcpy(scontextp,
+ policydb->p_sens_val_to_name[context->range.level[l].
+ sens - 1]);
+ scontextp +=
+ strlen(policydb->
+ p_sens_val_to_name[context->range.level[l].sens -
+ 1]);
+ /* categories */
+ ebitmap_for_each_bit(&context->range.level[l].cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ if (range) {
+ range++;
+ continue;
+ }
+
+ if (!wrote_sep) {
+ *scontextp++ = ':';
+ wrote_sep = 1;
+ } else
+ *scontextp++ = ',';
+ strcpy(scontextp,
+ policydb->p_cat_val_to_name[i]);
+ scontextp +=
+ strlen(policydb->p_cat_val_to_name[i]);
+ range++;
+ } else {
+ if (range > 1) {
+ if (range > 2)
+ *scontextp++ = '.';
+ else
+ *scontextp++ = ',';
+
+ strcpy(scontextp,
+ policydb->p_cat_val_to_name[i -
+ 1]);
+ scontextp +=
+ strlen(policydb->
+ p_cat_val_to_name[i - 1]);
+ }
+ range = 0;
+ }
+ }
+ /* Handle case where last category is the end of range */
+ if (range > 1) {
+ if (range > 2)
+ *scontextp++ = '.';
+ else
+ *scontextp++ = ',';
+
+ strcpy(scontextp, policydb->p_cat_val_to_name[i - 1]);
+ scontextp += strlen(policydb->p_cat_val_to_name[i - 1]);
+ }
+
+ if (l == 0) {
+ if (mls_level_eq(&context->range.level[0],
+ &context->range.level[1]))
+ break;
+ else {
+ *scontextp = '-';
+ scontextp++;
+ }
+ }
+ }
+
+ *scontext = scontextp;
+ return;
+}
+
+/*
+ * Return 1 if the MLS fields in the security context
+ * structure `c' are valid. Return 0 otherwise.
+ */
+int mls_context_isvalid(const policydb_t * p, const context_struct_t * c)
+{
+
+ level_datum_t *levdatum;
+ user_datum_t *usrdatum;
+ unsigned int i, l;
+ ebitmap_node_t *cnode;
+
+ if (!p->mls)
+ return 1;
+
+ /*
+ * MLS range validity checks: high must dominate low, low level must
+ * be valid (category set <-> sensitivity check), and high level must
+ * be valid (category set <-> sensitivity check)
+ */
+ if (!mls_level_dom(&c->range.level[1], &c->range.level[0]))
+ /* High does not dominate low. */
+ return 0;
+
+ for (l = 0; l < 2; l++) {
+ if (!c->range.level[l].sens
+ || c->range.level[l].sens > p->p_levels.nprim)
+ return 0;
+ levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
+ p->
+ p_sens_val_to_name
+ [c->range.level[l].
+ sens - 1]);
+ if (!levdatum)
+ return 0;
+
+ ebitmap_for_each_bit(&c->range.level[l].cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ if (i > p->p_cats.nprim)
+ return 0;
+ if (!ebitmap_get_bit(&levdatum->level->cat, i))
+ /*
+ * Category may not be associated with
+ * sensitivity in low level.
+ */
+ return 0;
+ }
+ }
+ }
+
+ if (c->role == OBJECT_R_VAL)
+ return 1;
+
+ /*
+ * User must be authorized for the MLS range.
+ */
+ if (!c->user || c->user > p->p_users.nprim)
+ return 0;
+ usrdatum = p->user_val_to_struct[c->user - 1];
+ if (!mls_range_contains(usrdatum->exp_range, c->range))
+ return 0; /* user may not be associated with range */
+
+ return 1;
+}
+
+/*
+ * Set the MLS fields in the security context structure
+ * `context' based on the string representation in
+ * the string `*scontext'. Update `*scontext' to
+ * point to the end of the string representation of
+ * the MLS fields.
+ *
+ * This function modifies the string in place, inserting
+ * NULL characters to terminate the MLS fields.
+ */
+int mls_context_to_sid(const policydb_t * policydb,
+ char oldc, char **scontext, context_struct_t * context)
+{
+
+ char delim;
+ char *scontextp, *p, *rngptr;
+ level_datum_t *levdatum;
+ cat_datum_t *catdatum, *rngdatum;
+ unsigned int l;
+
+ if (!policydb->mls)
+ return 0;
+
+ /* No MLS component to the security context */
+ if (!oldc)
+ goto err;
+
+ /* Extract low sensitivity. */
+ scontextp = p = *scontext;
+ while (*p && *p != ':' && *p != '-')
+ p++;
+
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+
+ for (l = 0; l < 2; l++) {
+ levdatum =
+ (level_datum_t *) hashtab_search(policydb->p_levels.table,
+ (hashtab_key_t) scontextp);
+
+ if (!levdatum)
+ goto err;
+
+ context->range.level[l].sens = levdatum->level->sens;
+
+ if (delim == ':') {
+ /* Extract category set. */
+ while (1) {
+ scontextp = p;
+ while (*p && *p != ',' && *p != '-')
+ p++;
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+
+ /* Separate into range if exists */
+ if ((rngptr = strchr(scontextp, '.')) != NULL) {
+ /* Remove '.' */
+ *rngptr++ = 0;
+ }
+
+ catdatum =
+ (cat_datum_t *) hashtab_search(policydb->
+ p_cats.table,
+ (hashtab_key_t)
+ scontextp);
+ if (!catdatum)
+ goto err;
+
+ if (ebitmap_set_bit
+ (&context->range.level[l].cat,
+ catdatum->s.value - 1, 1))
+ goto err;
+
+ /* If range, set all categories in range */
+ if (rngptr) {
+ unsigned int i;
+
+ rngdatum = (cat_datum_t *)
+ hashtab_search(policydb->p_cats.
+ table,
+ (hashtab_key_t)
+ rngptr);
+ if (!rngdatum)
+ goto err;
+
+ if (catdatum->s.value >=
+ rngdatum->s.value)
+ goto err;
+
+ for (i = catdatum->s.value;
+ i < rngdatum->s.value; i++) {
+ if (ebitmap_set_bit
+ (&context->range.level[l].
+ cat, i, 1))
+ goto err;
+ }
+ }
+
+ if (delim != ',')
+ break;
+ }
+ }
+ if (delim == '-') {
+ /* Extract high sensitivity. */
+ scontextp = p;
+ while (*p && *p != ':')
+ p++;
+
+ delim = *p;
+ if (delim != 0)
+ *p++ = 0;
+ } else
+ break;
+ }
+
+ /* High level is missing, copy low level */
+ if (l == 0) {
+ if (mls_level_cpy(&context->range.level[1],
+ &context->range.level[0]) < 0)
+ goto err;
+ }
+ *scontext = ++p;
+
+ return STATUS_SUCCESS;
+
+ err:
+ return STATUS_ERR;
+}
+
+/*
+ * Copies the MLS range from `src' into `dst'.
+ */
+static inline int mls_copy_context(context_struct_t * dst,
+ context_struct_t * src)
+{
+ int l, rc = 0;
+
+ /* Copy the MLS range from the source context */
+ for (l = 0; l < 2; l++) {
+ dst->range.level[l].sens = src->range.level[l].sens;
+ rc = ebitmap_cpy(&dst->range.level[l].cat,
+ &src->range.level[l].cat);
+ if (rc)
+ break;
+ }
+
+ return rc;
+}
+
+/*
+ * Copies the effective MLS range from `src' into `dst'.
+ */
+static inline int mls_scopy_context(context_struct_t * dst,
+ context_struct_t * src)
+{
+ int l, rc = 0;
+
+ /* Copy the MLS range from the source context */
+ for (l = 0; l < 2; l++) {
+ dst->range.level[l].sens = src->range.level[0].sens;
+ rc = ebitmap_cpy(&dst->range.level[l].cat,
+ &src->range.level[0].cat);
+ if (rc)
+ break;
+ }
+
+ return rc;
+}
+
+/*
+ * Copies the MLS range `range' into `context'.
+ */
+static inline int mls_range_set(context_struct_t * context, mls_range_t * range)
+{
+ int l, rc = 0;
+
+ /* Copy the MLS range into the context */
+ for (l = 0; l < 2; l++) {
+ context->range.level[l].sens = range->level[l].sens;
+ rc = ebitmap_cpy(&context->range.level[l].cat,
+ &range->level[l].cat);
+ if (rc)
+ break;
+ }
+
+ return rc;
+}
+
+int mls_setup_user_range(context_struct_t * fromcon, user_datum_t * user,
+ context_struct_t * usercon, int mls)
+{
+ if (mls) {
+ mls_level_t *fromcon_sen = &(fromcon->range.level[0]);
+ mls_level_t *fromcon_clr = &(fromcon->range.level[1]);
+ mls_level_t *user_low = &(user->exp_range.level[0]);
+ mls_level_t *user_clr = &(user->exp_range.level[1]);
+ mls_level_t *user_def = &(user->exp_dfltlevel);
+ mls_level_t *usercon_sen = &(usercon->range.level[0]);
+ mls_level_t *usercon_clr = &(usercon->range.level[1]);
+
+ /* Honor the user's default level if we can */
+ if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) {
+ *usercon_sen = *user_def;
+ } else if (mls_level_between(fromcon_sen, user_def, user_clr)) {
+ *usercon_sen = *fromcon_sen;
+ } else if (mls_level_between(fromcon_clr, user_low, user_def)) {
+ *usercon_sen = *user_low;
+ } else
+ return -EINVAL;
+
+ /* Lower the clearance of available contexts
+ if the clearance of "fromcon" is lower than
+ that of the user's default clearance (but
+ only if the "fromcon" clearance dominates
+ the user's computed sensitivity level) */
+ if (mls_level_dom(user_clr, fromcon_clr)) {
+ *usercon_clr = *fromcon_clr;
+ } else if (mls_level_dom(fromcon_clr, user_clr)) {
+ *usercon_clr = *user_clr;
+ } else
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * Convert the MLS fields in the security context
+ * structure `c' from the values specified in the
+ * policy `oldp' to the values specified in the policy `newp'.
+ */
+int mls_convert_context(policydb_t * oldp,
+ policydb_t * newp, context_struct_t * c)
+{
+ level_datum_t *levdatum;
+ cat_datum_t *catdatum;
+ ebitmap_t bitmap;
+ unsigned int l, i;
+ ebitmap_node_t *cnode;
+
+ if (!oldp->mls)
+ return 0;
+
+ for (l = 0; l < 2; l++) {
+ levdatum =
+ (level_datum_t *) hashtab_search(newp->p_levels.table,
+ oldp->
+ p_sens_val_to_name[c->
+ range.
+ level
+ [l].
+ sens -
+ 1]);
+
+ if (!levdatum)
+ return -EINVAL;
+ c->range.level[l].sens = levdatum->level->sens;
+
+ ebitmap_init(&bitmap);
+ ebitmap_for_each_bit(&c->range.level[l].cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ int rc;
+
+ catdatum =
+ (cat_datum_t *) hashtab_search(newp->p_cats.
+ table,
+ oldp->
+ p_cat_val_to_name
+ [i]);
+ if (!catdatum)
+ return -EINVAL;
+ rc = ebitmap_set_bit(&bitmap,
+ catdatum->s.value - 1, 1);
+ if (rc)
+ return rc;
+ }
+ }
+ ebitmap_destroy(&c->range.level[l].cat);
+ c->range.level[l].cat = bitmap;
+ }
+
+ return 0;
+}
+
+int mls_compute_sid(policydb_t * policydb,
+ context_struct_t * scontext,
+ context_struct_t * tcontext,
+ sepol_security_class_t tclass,
+ uint32_t specified, context_struct_t * newcontext)
+{
+ range_trans_t *rtr;
+ if (!policydb->mls)
+ return 0;
+
+ switch (specified) {
+ case AVTAB_TRANSITION:
+ /* Look for a range transition rule. */
+ for (rtr = policydb->range_tr; rtr; rtr = rtr->next) {
+ if (rtr->source_type == scontext->type &&
+ rtr->target_type == tcontext->type &&
+ rtr->target_class == tclass) {
+ /* Set the range from the rule */
+ return mls_range_set(newcontext,
+ &rtr->target_range);
+ }
+ }
+ /* Fallthrough */
+ case AVTAB_CHANGE:
+ if (tclass == SECCLASS_PROCESS)
+ /* Use the process MLS attributes. */
+ return mls_copy_context(newcontext, scontext);
+ else
+ /* Use the process effective MLS attributes. */
+ return mls_scopy_context(newcontext, scontext);
+ case AVTAB_MEMBER:
+ /* Only polyinstantiate the MLS attributes if
+ the type is being polyinstantiated */
+ if (newcontext->type != tcontext->type) {
+ /* Use the process effective MLS attributes. */
+ return mls_scopy_context(newcontext, scontext);
+ } else {
+ /* Use the related object MLS attributes. */
+ return mls_copy_context(newcontext, tcontext);
+ }
+ default:
+ return -EINVAL;
+ }
+ return -EINVAL;
+}
+
+int sepol_mls_contains(sepol_handle_t * handle,
+ sepol_policydb_t * policydb,
+ const char *mls1, const char *mls2, int *response)
+{
+
+ context_struct_t *ctx1 = NULL, *ctx2 = NULL;
+ ctx1 = malloc(sizeof(context_struct_t));
+ ctx2 = malloc(sizeof(context_struct_t));
+ if (ctx1 == NULL || ctx2 == NULL)
+ goto omem;
+ context_init(ctx1);
+ context_init(ctx2);
+
+ if (mls_from_string(handle, &policydb->p, mls1, ctx1) < 0)
+ goto err;
+
+ if (mls_from_string(handle, &policydb->p, mls2, ctx2) < 0)
+ goto err;
+
+ *response = mls_range_contains(ctx1->range, ctx2->range);
+ context_destroy(ctx1);
+ context_destroy(ctx2);
+ free(ctx1);
+ free(ctx2);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not check if mls context %s contains %s",
+ mls1, mls2);
+ context_destroy(ctx1);
+ context_destroy(ctx2);
+ free(ctx1);
+ free(ctx2);
+ return STATUS_ERR;
+}
+
+int sepol_mls_check(sepol_handle_t * handle,
+ sepol_policydb_t * policydb, const char *mls)
+{
+
+ int ret;
+ context_struct_t *con = malloc(sizeof(context_struct_t));
+ if (!con) {
+ ERR(handle, "out of memory, could not check if "
+ "mls context %s is valid", mls);
+ return STATUS_ERR;
+ }
+ context_init(con);
+
+ ret = mls_from_string(handle, &policydb->p, mls, con);
+ context_destroy(con);
+ free(con);
+ return ret;
+}
+
+void mls_semantic_cat_init(mls_semantic_cat_t * c)
+{
+ memset(c, 0, sizeof(mls_semantic_cat_t));
+}
+
+void mls_semantic_cat_destroy(mls_semantic_cat_t * c __attribute__ ((unused)))
+{
+ /* it's currently a simple struct - really nothing to destroy */
+ return;
+}
+
+void mls_semantic_level_init(mls_semantic_level_t * l)
+{
+ memset(l, 0, sizeof(mls_semantic_level_t));
+}
+
+void mls_semantic_level_destroy(mls_semantic_level_t * l)
+{
+ mls_semantic_cat_t *cur, *next;
+
+ if (l == NULL)
+ return;
+
+ next = l->cat;
+ while (next) {
+ cur = next;
+ next = cur->next;
+ mls_semantic_cat_destroy(cur);
+ free(cur);
+ }
+}
+
+int mls_semantic_level_cpy(mls_semantic_level_t * dst,
+ mls_semantic_level_t * src)
+{
+ mls_semantic_cat_t *cat, *newcat, *lnewcat = NULL;
+
+ mls_semantic_level_init(dst);
+ dst->sens = src->sens;
+ cat = src->cat;
+ while (cat) {
+ newcat =
+ (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!newcat)
+ goto err;
+
+ mls_semantic_cat_init(newcat);
+ if (lnewcat)
+ lnewcat->next = newcat;
+ else
+ dst->cat = newcat;
+
+ newcat->low = cat->low;
+ newcat->high = cat->high;
+
+ lnewcat = newcat;
+ cat = cat->next;
+ }
+ return 0;
+
+ err:
+ mls_semantic_level_destroy(dst);
+ return -1;
+}
+
+void mls_semantic_range_init(mls_semantic_range_t * r)
+{
+ mls_semantic_level_init(&r->level[0]);
+ mls_semantic_level_init(&r->level[1]);
+}
+
+void mls_semantic_range_destroy(mls_semantic_range_t * r)
+{
+ mls_semantic_level_destroy(&r->level[0]);
+ mls_semantic_level_destroy(&r->level[1]);
+}
+
+int mls_semantic_range_cpy(mls_semantic_range_t * dst,
+ mls_semantic_range_t * src)
+{
+ if (mls_semantic_level_cpy(&dst->level[0], &src->level[0]) < 0)
+ return -1;
+
+ if (mls_semantic_level_cpy(&dst->level[1], &src->level[1]) < 0) {
+ mls_semantic_level_destroy(&dst->level[0]);
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/libsepol/src/mls.h b/libsepol/src/mls.h
new file mode 100644
index 0000000..98da3d3
--- /dev/null
+++ b/libsepol/src/mls.h
@@ -0,0 +1,67 @@
+/* Author: Stephen Smalley, <sds@epoch.ncsc.mil>
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SEPOL_MLS_INTERNAL_H_
+#define _SEPOL_MLS_INTERNAL_H_
+
+#include "policydb_internal.h"
+#include <sepol/policydb/context.h>
+#include "handle.h"
+
+extern int mls_from_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const char *str, context_struct_t * mls);
+
+extern int mls_to_string(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ const context_struct_t * mls, char **str);
+
+/* Deprecated */
+extern int mls_compute_context_len(const policydb_t * policydb,
+ const context_struct_t * context);
+
+/* Deprecated */
+extern void mls_sid_to_context(const policydb_t * policydb,
+ const context_struct_t * context,
+ char **scontext);
+
+/* Deprecated */
+extern int mls_context_to_sid(const policydb_t * policydb,
+ char oldc,
+ char **scontext, context_struct_t * context);
+
+extern int mls_context_isvalid(const policydb_t * p,
+ const context_struct_t * c);
+
+extern int mls_convert_context(policydb_t * oldp,
+ policydb_t * newp, context_struct_t * context);
+
+extern int mls_compute_sid(policydb_t * policydb,
+ context_struct_t * scontext,
+ context_struct_t * tcontext,
+ sepol_security_class_t tclass,
+ uint32_t specified, context_struct_t * newcontext);
+
+extern int mls_setup_user_range(context_struct_t * fromcon, user_datum_t * user,
+ context_struct_t * usercon, int mls);
+
+#endif
diff --git a/libsepol/src/module.c b/libsepol/src/module.c
new file mode 100644
index 0000000..3337808
--- /dev/null
+++ b/libsepol/src/module.c
@@ -0,0 +1,979 @@
+/* Author: Karl MacMillan <kmacmillan@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "policydb_internal.h"
+#include "module_internal.h"
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/module.h>
+#include "debug.h"
+#include "private.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#define SEPOL_PACKAGE_SECTION_FC 0xf97cff90
+#define SEPOL_PACKAGE_SECTION_SEUSER 0x97cff91
+#define SEPOL_PACKAGE_SECTION_USER_EXTRA 0x97cff92
+#define SEPOL_PACKAGE_SECTION_NETFILTER 0x97cff93
+
+static int policy_file_seek(struct policy_file *fp, size_t offset)
+{
+ switch (fp->type) {
+ case PF_USE_STDIO:
+ if (offset > LONG_MAX) {
+ errno = EFAULT;
+ return -1;
+ }
+ return fseek(fp->fp, (long)offset, SEEK_SET);
+ case PF_USE_MEMORY:
+ if (offset > fp->size) {
+ errno = EFAULT;
+ return -1;
+ }
+ fp->data -= fp->size - fp->len;
+ fp->data += offset;
+ fp->len = fp->size - offset;
+ return 0;
+ default:
+ return 0;
+ }
+}
+
+static size_t policy_file_length(struct policy_file *fp)
+{
+ long prev_offset, end_offset;
+ switch (fp->type) {
+ case PF_USE_STDIO:
+ prev_offset = ftell(fp->fp);
+ fseek(fp->fp, 0L, SEEK_END);
+ end_offset = ftell(fp->fp);
+ fseek(fp->fp, prev_offset, SEEK_SET);
+ return end_offset;
+ case PF_USE_MEMORY:
+ return fp->size;
+ default:
+ return 0;
+ }
+}
+
+static int module_package_init(sepol_module_package_t * p)
+{
+ memset(p, 0, sizeof(sepol_module_package_t));
+ if (sepol_policydb_create(&p->policy))
+ return -1;
+
+ p->version = 1;
+ return 0;
+}
+
+static int set_char(char **field, char *data, size_t len)
+{
+ if (*field) {
+ free(*field);
+ *field = NULL;
+ }
+ if (len) {
+ *field = malloc(len);
+ if (!*field)
+ return -1;
+ memcpy(*field, data, len);
+ }
+ return 0;
+}
+
+int sepol_module_package_create(sepol_module_package_t ** p)
+{
+ *p = calloc(1, sizeof(sepol_module_package_t));
+ if (!(*p))
+ return -1;
+ return module_package_init(*p);
+}
+
+hidden_def(sepol_module_package_create)
+
+/* Deallocates all memory associated with a module package, including
+ * the pointer itself. Does nothing if p is NULL.
+ */
+void sepol_module_package_free(sepol_module_package_t * p)
+{
+ if (p == NULL)
+ return;
+
+ sepol_policydb_free(p->policy);
+ free(p->file_contexts);
+ free(p->seusers);
+ free(p->user_extra);
+ free(p->netfilter_contexts);
+ free(p);
+}
+
+hidden_def(sepol_module_package_free)
+
+char *sepol_module_package_get_file_contexts(sepol_module_package_t * p)
+{
+ return p->file_contexts;
+}
+
+size_t sepol_module_package_get_file_contexts_len(sepol_module_package_t * p)
+{
+ return p->file_contexts_len;
+}
+
+char *sepol_module_package_get_seusers(sepol_module_package_t * p)
+{
+ return p->seusers;
+}
+
+size_t sepol_module_package_get_seusers_len(sepol_module_package_t * p)
+{
+ return p->seusers_len;
+}
+
+char *sepol_module_package_get_user_extra(sepol_module_package_t * p)
+{
+ return p->user_extra;
+}
+
+size_t sepol_module_package_get_user_extra_len(sepol_module_package_t * p)
+{
+ return p->user_extra_len;
+}
+
+char *sepol_module_package_get_netfilter_contexts(sepol_module_package_t * p)
+{
+ return p->netfilter_contexts;
+}
+
+size_t sepol_module_package_get_netfilter_contexts_len(sepol_module_package_t *
+ p)
+{
+ return p->netfilter_contexts_len;
+}
+
+int sepol_module_package_set_file_contexts(sepol_module_package_t * p,
+ char *data, size_t len)
+{
+ if (set_char(&p->file_contexts, data, len))
+ return -1;
+
+ p->file_contexts_len = len;
+ return 0;
+}
+
+int sepol_module_package_set_seusers(sepol_module_package_t * p,
+ char *data, size_t len)
+{
+ if (set_char(&p->seusers, data, len))
+ return -1;
+
+ p->seusers_len = len;
+ return 0;
+}
+
+int sepol_module_package_set_user_extra(sepol_module_package_t * p,
+ char *data, size_t len)
+{
+ if (set_char(&p->user_extra, data, len))
+ return -1;
+
+ p->user_extra_len = len;
+ return 0;
+}
+
+int sepol_module_package_set_netfilter_contexts(sepol_module_package_t * p,
+ char *data, size_t len)
+{
+ if (set_char(&p->netfilter_contexts, data, len))
+ return -1;
+
+ p->netfilter_contexts_len = len;
+ return 0;
+}
+
+sepol_policydb_t *sepol_module_package_get_policy(sepol_module_package_t * p)
+{
+ return p->policy;
+}
+
+/* Append each of the file contexts from each module to the base
+ * policy's file context. 'base_context' will be reallocated to a
+ * larger size (and thus it is an in/out reference
+ * variable). 'base_fc_len' is the length of base's file context; it
+ * too is a reference variable. Return 0 on success, -1 if out of
+ * memory. */
+static int link_file_contexts(sepol_module_package_t * base,
+ sepol_module_package_t ** modules,
+ int num_modules)
+{
+ size_t fc_len;
+ int i;
+ char *s;
+
+ fc_len = base->file_contexts_len;
+ for (i = 0; i < num_modules; i++) {
+ fc_len += modules[i]->file_contexts_len;
+ }
+
+ if ((s = (char *)realloc(base->file_contexts, fc_len)) == NULL) {
+ return -1;
+ }
+ base->file_contexts = s;
+ for (i = 0; i < num_modules; i++) {
+ memcpy(base->file_contexts + base->file_contexts_len,
+ modules[i]->file_contexts,
+ modules[i]->file_contexts_len);
+ base->file_contexts_len += modules[i]->file_contexts_len;
+ }
+ return 0;
+}
+
+/* Append each of the netfilter contexts from each module to the base
+ * policy's netfilter context. 'base_context' will be reallocated to a
+ * larger size (and thus it is an in/out reference
+ * variable). 'base_nc_len' is the length of base's netfilter contexts; it
+ * too is a reference variable. Return 0 on success, -1 if out of
+ * memory. */
+static int link_netfilter_contexts(sepol_module_package_t * base,
+ sepol_module_package_t ** modules,
+ int num_modules)
+{
+ size_t base_nc_len;
+ int i;
+ char *base_context;
+
+ base_nc_len = base->netfilter_contexts_len;
+ for (i = 0; i < num_modules; i++) {
+ base_nc_len += modules[i]->netfilter_contexts_len;
+ }
+
+ if ((base_context =
+ (char *)realloc(base->netfilter_contexts, base_nc_len)) == NULL) {
+ return -1;
+ }
+ base->netfilter_contexts = base_context;
+ for (i = 0; i < num_modules; i++) {
+ memcpy(base->netfilter_contexts + base->netfilter_contexts_len,
+ modules[i]->netfilter_contexts,
+ modules[i]->netfilter_contexts_len);
+ base->netfilter_contexts_len +=
+ modules[i]->netfilter_contexts_len;
+ }
+ return 0;
+}
+
+/* Links the module packages into the base. Returns 0 on success, -1
+ * if a requirement was not met, or -2 for all other errors. */
+int sepol_link_packages(sepol_handle_t * handle,
+ sepol_module_package_t * base,
+ sepol_module_package_t ** modules, int num_modules,
+ int verbose)
+{
+ policydb_t **mod_pols = NULL;
+ int i, retval;
+
+ if ((mod_pols = calloc(num_modules, sizeof(*mod_pols))) == NULL) {
+ ERR(handle, "Out of memory!");
+ return -2;
+ }
+ for (i = 0; i < num_modules; i++) {
+ mod_pols[i] = &modules[i]->policy->p;
+ }
+
+ retval = link_modules(handle, &base->policy->p, mod_pols, num_modules,
+ verbose);
+ free(mod_pols);
+ if (retval == -3) {
+ return -1;
+ } else if (retval < 0) {
+ return -2;
+ }
+
+ if (link_file_contexts(base, modules, num_modules) == -1) {
+ ERR(handle, "Out of memory!");
+ return -2;
+ }
+
+ if (link_netfilter_contexts(base, modules, num_modules) == -1) {
+ ERR(handle, "Out of memory!");
+ return -2;
+ }
+
+ return 0;
+}
+
+/* buf must be large enough - no checks are performed */
+#define _read_helper_bufsize BUFSIZ
+static int read_helper(char *buf, struct policy_file *file, uint32_t bytes)
+{
+ uint32_t offset, nel, read_len;
+ int rc;
+
+ offset = 0;
+ nel = bytes;
+
+ while (nel) {
+ if (nel < _read_helper_bufsize)
+ read_len = nel;
+ else
+ read_len = _read_helper_bufsize;
+ rc = next_entry(&buf[offset], file, read_len);
+ if (rc < 0)
+ return -1;
+ offset += read_len;
+ nel -= read_len;
+ }
+ return 0;
+}
+
+#define MAXSECTIONS 100
+
+/* Get the section offsets from a package file, offsets will be malloc'd to
+ * the appropriate size and the caller must free() them */
+static int module_package_read_offsets(sepol_module_package_t * mod,
+ struct policy_file *file,
+ size_t ** offsets, uint32_t * sections)
+{
+ uint32_t *buf = NULL, nsec;
+ unsigned i;
+ size_t *off = NULL;
+ int rc;
+
+ buf = malloc(sizeof(uint32_t)*3);
+ if (!buf) {
+ ERR(file->handle, "out of memory");
+ goto err;
+ }
+
+ rc = next_entry(buf, file, sizeof(uint32_t) * 3);
+ if (rc < 0) {
+ ERR(file->handle, "module package header truncated");
+ goto err;
+ }
+ if (le32_to_cpu(buf[0]) != SEPOL_MODULE_PACKAGE_MAGIC) {
+ ERR(file->handle,
+ "wrong magic number for module package: expected %#08x, got %#08x",
+ SEPOL_MODULE_PACKAGE_MAGIC, le32_to_cpu(buf[0]));
+ goto err;
+ }
+
+ mod->version = le32_to_cpu(buf[1]);
+ nsec = *sections = le32_to_cpu(buf[2]);
+
+ if (nsec > MAXSECTIONS) {
+ ERR(file->handle, "too many sections (%u) in module package",
+ nsec);
+ goto err;
+ }
+
+ off = (size_t *) malloc((nsec + 1) * sizeof(size_t));
+ if (!off) {
+ ERR(file->handle, "out of memory");
+ goto err;
+ }
+
+ free(buf);
+ buf = malloc(sizeof(uint32_t) * nsec);
+ if (!buf) {
+ ERR(file->handle, "out of memory");
+ goto err;
+ }
+ rc = next_entry(buf, file, sizeof(uint32_t) * nsec);
+ if (rc < 0) {
+ ERR(file->handle, "module package offset array truncated");
+ goto err;
+ }
+
+ for (i = 0; i < nsec; i++) {
+ off[i] = le32_to_cpu(buf[i]);
+ if (i && off[i] < off[i - 1]) {
+ ERR(file->handle, "offsets are not increasing (at %u, "
+ "offset %zu -> %zu", i, off[i - 1],
+ off[i]);
+ return -1;
+ }
+ }
+
+ free(buf);
+ off[nsec] = policy_file_length(file);
+ *offsets = off;
+ return 0;
+
+err:
+ free(buf);
+ free(off);
+ return -1;
+}
+
+/* Flags for which sections have been seen during parsing of module package. */
+#define SEEN_MOD 1
+#define SEEN_FC 2
+#define SEEN_SEUSER 4
+#define SEEN_USER_EXTRA 8
+#define SEEN_NETFILTER 16
+
+int sepol_module_package_read(sepol_module_package_t * mod,
+ struct sepol_policy_file *spf, int verbose)
+{
+ struct policy_file *file = &spf->pf;
+ uint32_t buf[1], nsec;
+ size_t *offsets, len;
+ int rc;
+ unsigned i, seen = 0;
+
+ if (module_package_read_offsets(mod, file, &offsets, &nsec))
+ return -1;
+
+ /* we know the section offsets, seek to them and read in the data */
+
+ for (i = 0; i < nsec; i++) {
+
+ if (policy_file_seek(file, offsets[i])) {
+ ERR(file->handle, "error seeking to offset %zu for "
+ "module package section %u", offsets[i], i);
+ goto cleanup;
+ }
+
+ len = offsets[i + 1] - offsets[i];
+
+ if (len < sizeof(uint32_t)) {
+ ERR(file->handle, "module package section %u "
+ "has too small length %zu", i, len);
+ goto cleanup;
+ }
+
+ /* read the magic number, so that we know which function to call */
+ rc = next_entry(buf, file, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(file->handle,
+ "module package section %u truncated, lacks magic number",
+ i);
+ goto cleanup;
+ }
+
+ switch (le32_to_cpu(buf[0])) {
+ case SEPOL_PACKAGE_SECTION_FC:
+ if (seen & SEEN_FC) {
+ ERR(file->handle,
+ "found multiple file contexts sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ mod->file_contexts_len = len - sizeof(uint32_t);
+ mod->file_contexts =
+ (char *)malloc(mod->file_contexts_len);
+ if (!mod->file_contexts) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ if (read_helper
+ (mod->file_contexts, file,
+ mod->file_contexts_len)) {
+ ERR(file->handle,
+ "invalid file contexts section at section %u",
+ i);
+ free(mod->file_contexts);
+ mod->file_contexts = NULL;
+ goto cleanup;
+ }
+ seen |= SEEN_FC;
+ break;
+ case SEPOL_PACKAGE_SECTION_SEUSER:
+ if (seen & SEEN_SEUSER) {
+ ERR(file->handle,
+ "found multiple seuser sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ mod->seusers_len = len - sizeof(uint32_t);
+ mod->seusers = (char *)malloc(mod->seusers_len);
+ if (!mod->seusers) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ if (read_helper(mod->seusers, file, mod->seusers_len)) {
+ ERR(file->handle,
+ "invalid seuser section at section %u", i);
+ free(mod->seusers);
+ mod->seusers = NULL;
+ goto cleanup;
+ }
+ seen |= SEEN_SEUSER;
+ break;
+ case SEPOL_PACKAGE_SECTION_USER_EXTRA:
+ if (seen & SEEN_USER_EXTRA) {
+ ERR(file->handle,
+ "found multiple user_extra sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ mod->user_extra_len = len - sizeof(uint32_t);
+ mod->user_extra = (char *)malloc(mod->user_extra_len);
+ if (!mod->user_extra) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ if (read_helper
+ (mod->user_extra, file, mod->user_extra_len)) {
+ ERR(file->handle,
+ "invalid user_extra section at section %u",
+ i);
+ free(mod->user_extra);
+ mod->user_extra = NULL;
+ goto cleanup;
+ }
+ seen |= SEEN_USER_EXTRA;
+ break;
+ case SEPOL_PACKAGE_SECTION_NETFILTER:
+ if (seen & SEEN_NETFILTER) {
+ ERR(file->handle,
+ "found multiple netfilter contexts sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ mod->netfilter_contexts_len = len - sizeof(uint32_t);
+ mod->netfilter_contexts =
+ (char *)malloc(mod->netfilter_contexts_len);
+ if (!mod->netfilter_contexts) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ if (read_helper
+ (mod->netfilter_contexts, file,
+ mod->netfilter_contexts_len)) {
+ ERR(file->handle,
+ "invalid netfilter contexts section at section %u",
+ i);
+ free(mod->netfilter_contexts);
+ mod->netfilter_contexts = NULL;
+ goto cleanup;
+ }
+ seen |= SEEN_NETFILTER;
+ break;
+ case POLICYDB_MOD_MAGIC:
+ if (seen & SEEN_MOD) {
+ ERR(file->handle,
+ "found multiple module sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ /* seek back to where the magic number was */
+ if (policy_file_seek(file, offsets[i]))
+ goto cleanup;
+
+ rc = policydb_read(&mod->policy->p, file, verbose);
+ if (rc < 0) {
+ ERR(file->handle,
+ "invalid module in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ seen |= SEEN_MOD;
+ break;
+ default:
+ /* unknown section, ignore */
+ ERR(file->handle,
+ "unknown magic number at section %u, offset: %zx, number: %ux ",
+ i, offsets[i], le32_to_cpu(buf[0]));
+ break;
+ }
+ }
+
+ if ((seen & SEEN_MOD) == 0) {
+ ERR(file->handle, "missing module in module package");
+ goto cleanup;
+ }
+
+ free(offsets);
+ return 0;
+
+ cleanup:
+ free(offsets);
+ return -1;
+}
+
+int sepol_module_package_info(struct sepol_policy_file *spf, int *type,
+ char **name, char **version)
+{
+ struct policy_file *file = &spf->pf;
+ sepol_module_package_t *mod = NULL;
+ uint32_t buf[5], len, nsec;
+ size_t *offsets = NULL;
+ unsigned i, seen = 0;
+ char *id;
+ int rc;
+
+ if (sepol_module_package_create(&mod))
+ return -1;
+
+ if (module_package_read_offsets(mod, file, &offsets, &nsec)) {
+ goto cleanup;
+ }
+
+ for (i = 0; i < nsec; i++) {
+
+ if (policy_file_seek(file, offsets[i])) {
+ ERR(file->handle, "error seeking to offset "
+ "%zu for module package section %u", offsets[i], i);
+ goto cleanup;
+ }
+
+ len = offsets[i + 1] - offsets[i];
+
+ if (len < sizeof(uint32_t)) {
+ ERR(file->handle,
+ "module package section %u has too small length %u",
+ i, len);
+ goto cleanup;
+ }
+
+ /* read the magic number, so that we know which function to call */
+ rc = next_entry(buf, file, sizeof(uint32_t) * 2);
+ if (rc < 0) {
+ ERR(file->handle,
+ "module package section %u truncated, lacks magic number",
+ i);
+ goto cleanup;
+ }
+
+ switch (le32_to_cpu(buf[0])) {
+ case SEPOL_PACKAGE_SECTION_FC:
+ /* skip file contexts */
+ if (seen & SEEN_FC) {
+ ERR(file->handle,
+ "found multiple file contexts sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ seen |= SEEN_FC;
+ break;
+ case SEPOL_PACKAGE_SECTION_SEUSER:
+ /* skip seuser */
+ if (seen & SEEN_SEUSER) {
+ ERR(file->handle,
+ "found seuser sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ seen |= SEEN_SEUSER;
+ break;
+ case SEPOL_PACKAGE_SECTION_USER_EXTRA:
+ /* skip user_extra */
+ if (seen & SEEN_USER_EXTRA) {
+ ERR(file->handle,
+ "found user_extra sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ seen |= SEEN_USER_EXTRA;
+ break;
+ case SEPOL_PACKAGE_SECTION_NETFILTER:
+ /* skip netfilter contexts */
+ if (seen & SEEN_NETFILTER) {
+ ERR(file->handle,
+ "found multiple netfilter contexts sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ seen |= SEEN_NETFILTER;
+ break;
+ case POLICYDB_MOD_MAGIC:
+ if (seen & SEEN_MOD) {
+ ERR(file->handle,
+ "found multiple module sections in module package (at section %u)",
+ i);
+ goto cleanup;
+ }
+ len = le32_to_cpu(buf[1]);
+ if (len != strlen(POLICYDB_MOD_STRING)) {
+ ERR(file->handle,
+ "module string length is wrong (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ /* skip id */
+ id = malloc(len + 1);
+ if (!id) {
+ ERR(file->handle,
+ "out of memory (at section %u)",
+ i);
+ goto cleanup;
+ }
+ rc = next_entry(id, file, len);
+ free(id);
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module string (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ rc = next_entry(buf, file, sizeof(uint32_t) * 5);
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module header (at section %u)",
+ i);
+ goto cleanup;
+ }
+
+ *type = le32_to_cpu(buf[0]);
+ /* if base - we're done */
+ if (*type == POLICY_BASE) {
+ *name = NULL;
+ *version = NULL;
+ seen |= SEEN_MOD;
+ break;
+ } else if (*type != POLICY_MOD) {
+ ERR(file->handle,
+ "module has invalid type %d (at section %u)",
+ *type, i);
+ goto cleanup;
+ }
+
+ /* read the name and version */
+ rc = next_entry(buf, file, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module name len (at section %u)",
+ i);
+ goto cleanup;
+ }
+ len = le32_to_cpu(buf[0]);
+ *name = malloc(len + 1);
+ if (!*name) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ rc = next_entry(*name, file, len);
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module name string (at section %u)",
+ i);
+ goto cleanup;
+ }
+ (*name)[len] = '\0';
+ rc = next_entry(buf, file, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module version len (at section %u)",
+ i);
+ goto cleanup;
+ }
+ len = le32_to_cpu(buf[0]);
+ *version = malloc(len + 1);
+ if (!*version) {
+ ERR(file->handle, "out of memory");
+ goto cleanup;
+ }
+ rc = next_entry(*version, file, len);
+ if (rc < 0) {
+ ERR(file->handle,
+ "cannot get module version string (at section %u)",
+ i);
+ goto cleanup;
+ }
+ (*version)[len] = '\0';
+ seen |= SEEN_MOD;
+ break;
+ default:
+ break;
+ }
+
+ }
+
+ if ((seen & SEEN_MOD) == 0) {
+ ERR(file->handle, "missing module in module package");
+ goto cleanup;
+ }
+
+ sepol_module_package_free(mod);
+ free(offsets);
+ return 0;
+
+ cleanup:
+ sepol_module_package_free(mod);
+ free(offsets);
+ return -1;
+}
+
+static int write_helper(char *data, size_t len, struct policy_file *file)
+{
+ int idx = 0;
+ size_t len2;
+
+ while (len) {
+ if (len > BUFSIZ)
+ len2 = BUFSIZ;
+ else
+ len2 = len;
+
+ if (put_entry(&data[idx], 1, len2, file) != len2) {
+ return -1;
+ }
+ len -= len2;
+ idx += len2;
+ }
+ return 0;
+}
+
+int sepol_module_package_write(sepol_module_package_t * p,
+ struct sepol_policy_file *spf)
+{
+ struct policy_file *file = &spf->pf;
+ policy_file_t polfile;
+ uint32_t buf[5], offsets[5], len, nsec = 0;
+ int i;
+
+ if (p->policy) {
+ /* compute policy length */
+ policy_file_init(&polfile);
+ polfile.type = PF_LEN;
+ polfile.handle = file->handle;
+ if (policydb_write(&p->policy->p, &polfile))
+ return -1;
+ len = polfile.len;
+ if (!polfile.len)
+ return -1;
+ nsec++;
+
+ } else {
+ /* We don't support writing a package without a module at this point */
+ return -1;
+ }
+
+ /* seusers and user_extra only supported in base at the moment */
+ if ((p->seusers || p->user_extra)
+ && (p->policy->p.policy_type != SEPOL_POLICY_BASE)) {
+ ERR(file->handle,
+ "seuser and user_extra sections only supported in base");
+ return -1;
+ }
+
+ if (p->file_contexts)
+ nsec++;
+
+ if (p->seusers)
+ nsec++;
+
+ if (p->user_extra)
+ nsec++;
+
+ if (p->netfilter_contexts)
+ nsec++;
+
+ buf[0] = cpu_to_le32(SEPOL_MODULE_PACKAGE_MAGIC);
+ buf[1] = cpu_to_le32(p->version);
+ buf[2] = cpu_to_le32(nsec);
+ if (put_entry(buf, sizeof(uint32_t), 3, file) != 3)
+ return -1;
+
+ /* calculate offsets */
+ offsets[0] = (nsec + 3) * sizeof(uint32_t);
+ buf[0] = cpu_to_le32(offsets[0]);
+
+ i = 1;
+ if (p->file_contexts) {
+ offsets[i] = offsets[i - 1] + len;
+ buf[i] = cpu_to_le32(offsets[i]);
+ /* add a uint32_t to compensate for the magic number */
+ len = p->file_contexts_len + sizeof(uint32_t);
+ i++;
+ }
+ if (p->seusers) {
+ offsets[i] = offsets[i - 1] + len;
+ buf[i] = cpu_to_le32(offsets[i]);
+ len = p->seusers_len + sizeof(uint32_t);
+ i++;
+ }
+ if (p->user_extra) {
+ offsets[i] = offsets[i - 1] + len;
+ buf[i] = cpu_to_le32(offsets[i]);
+ len = p->user_extra_len + sizeof(uint32_t);
+ i++;
+ }
+ if (p->netfilter_contexts) {
+ offsets[i] = offsets[i - 1] + len;
+ buf[i] = cpu_to_le32(offsets[i]);
+ len = p->netfilter_contexts_len + sizeof(uint32_t);
+ i++;
+ }
+ if (put_entry(buf, sizeof(uint32_t), nsec, file) != nsec)
+ return -1;
+
+ /* write sections */
+
+ if (policydb_write(&p->policy->p, file))
+ return -1;
+
+ if (p->file_contexts) {
+ buf[0] = cpu_to_le32(SEPOL_PACKAGE_SECTION_FC);
+ if (put_entry(buf, sizeof(uint32_t), 1, file) != 1)
+ return -1;
+ if (write_helper(p->file_contexts, p->file_contexts_len, file))
+ return -1;
+ }
+ if (p->seusers) {
+ buf[0] = cpu_to_le32(SEPOL_PACKAGE_SECTION_SEUSER);
+ if (put_entry(buf, sizeof(uint32_t), 1, file) != 1)
+ return -1;
+ if (write_helper(p->seusers, p->seusers_len, file))
+ return -1;
+
+ }
+ if (p->user_extra) {
+ buf[0] = cpu_to_le32(SEPOL_PACKAGE_SECTION_USER_EXTRA);
+ if (put_entry(buf, sizeof(uint32_t), 1, file) != 1)
+ return -1;
+ if (write_helper(p->user_extra, p->user_extra_len, file))
+ return -1;
+ }
+ if (p->netfilter_contexts) {
+ buf[0] = cpu_to_le32(SEPOL_PACKAGE_SECTION_NETFILTER);
+ if (put_entry(buf, sizeof(uint32_t), 1, file) != 1)
+ return -1;
+ if (write_helper
+ (p->netfilter_contexts, p->netfilter_contexts_len, file))
+ return -1;
+ }
+ return 0;
+}
+
+int sepol_link_modules(sepol_handle_t * handle,
+ sepol_policydb_t * base,
+ sepol_policydb_t ** modules, size_t len, int verbose)
+{
+ return link_modules(handle, &base->p, (policydb_t **) modules, len,
+ verbose);
+}
+
+int sepol_expand_module(sepol_handle_t * handle,
+ sepol_policydb_t * base,
+ sepol_policydb_t * out, int verbose, int check)
+{
+ return expand_module(handle, &base->p, &out->p, verbose, check);
+}
diff --git a/libsepol/src/module_internal.h b/libsepol/src/module_internal.h
new file mode 100644
index 0000000..cdd5ec6
--- /dev/null
+++ b/libsepol/src/module_internal.h
@@ -0,0 +1,5 @@
+#include <sepol/module.h>
+#include "dso.h"
+
+hidden_proto(sepol_module_package_create)
+ hidden_proto(sepol_module_package_free)
diff --git a/libsepol/src/node_internal.h b/libsepol/src/node_internal.h
new file mode 100644
index 0000000..802cda9
--- /dev/null
+++ b/libsepol/src/node_internal.h
@@ -0,0 +1,26 @@
+#ifndef _SEPOL_NODE_INTERNAL_H_
+#define _SEPOL_NODE_INTERNAL_H_
+
+#include <sepol/node_record.h>
+#include <sepol/nodes.h>
+#include "dso.h"
+
+hidden_proto(sepol_node_create)
+ hidden_proto(sepol_node_key_free)
+ hidden_proto(sepol_node_free)
+ hidden_proto(sepol_node_get_con)
+ hidden_proto(sepol_node_get_addr)
+ hidden_proto(sepol_node_get_addr_bytes)
+ hidden_proto(sepol_node_get_mask)
+ hidden_proto(sepol_node_get_mask_bytes)
+ hidden_proto(sepol_node_get_proto)
+ hidden_proto(sepol_node_get_proto_str)
+ hidden_proto(sepol_node_key_create)
+ hidden_proto(sepol_node_key_unpack)
+ hidden_proto(sepol_node_set_con)
+ hidden_proto(sepol_node_set_addr)
+ hidden_proto(sepol_node_set_addr_bytes)
+ hidden_proto(sepol_node_set_mask)
+ hidden_proto(sepol_node_set_mask_bytes)
+ hidden_proto(sepol_node_set_proto)
+#endif
diff --git a/libsepol/src/node_record.c b/libsepol/src/node_record.c
new file mode 100644
index 0000000..b1bd370
--- /dev/null
+++ b/libsepol/src/node_record.c
@@ -0,0 +1,668 @@
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <errno.h>
+
+#include "node_internal.h"
+#include "context_internal.h"
+#include "debug.h"
+
+struct sepol_node {
+
+ /* Network address and mask */
+ char *addr;
+ size_t addr_sz;
+
+ char *mask;
+ size_t mask_sz;
+
+ /* Protocol */
+ int proto;
+
+ /* Context */
+ sepol_context_t *con;
+};
+
+struct sepol_node_key {
+
+ /* Network address and mask */
+ char *addr;
+ size_t addr_sz;
+
+ char *mask;
+ size_t mask_sz;
+
+ /* Protocol */
+ int proto;
+};
+
+/* Converts a string represtation (addr_str)
+ * to a numeric representation (addr_bytes) */
+
+static int node_parse_addr(sepol_handle_t * handle,
+ const char *addr_str, int proto, char *addr_bytes)
+{
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ {
+ struct in_addr in_addr;
+
+ if (inet_pton(AF_INET, addr_str, &in_addr) <= 0) {
+ ERR(handle, "could not parse IPv4 address "
+ "%s: %s", addr_str, strerror(errno));
+ return STATUS_ERR;
+ }
+
+ memcpy(addr_bytes, &in_addr.s_addr, 4);
+ break;
+ }
+ case SEPOL_PROTO_IP6:
+ {
+ struct in6_addr in_addr;
+
+ if (inet_pton(AF_INET6, addr_str, &in_addr) <= 0) {
+ ERR(handle, "could not parse IPv6 address "
+ "%s: %s", addr_str, strerror(errno));
+ return STATUS_ERR;
+ }
+
+ memcpy(addr_bytes, in_addr.s6_addr32, 16);
+ break;
+ }
+ default:
+ ERR(handle, "unsupported protocol %u, could not "
+ "parse address", proto);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/* Allocates a sufficiently large buffer (addr, addr_sz)
+ * according the the protocol */
+
+static int node_alloc_addr(sepol_handle_t * handle,
+ int proto, char **addr, size_t * addr_sz)
+{
+
+ char *tmp_addr = NULL;
+ size_t tmp_addr_sz;
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ tmp_addr_sz = 4;
+ tmp_addr = malloc(4);
+ if (!tmp_addr)
+ goto omem;
+ break;
+
+ case SEPOL_PROTO_IP6:
+ tmp_addr_sz = 16;
+ tmp_addr = malloc(16);
+ if (!tmp_addr)
+ goto omem;
+ break;
+
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+
+ *addr = tmp_addr;
+ *addr_sz = tmp_addr_sz;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ free(tmp_addr);
+ ERR(handle, "could not allocate address of protocol %s",
+ sepol_node_get_proto_str(proto));
+ return STATUS_ERR;
+}
+
+/* Converts a numeric representation (addr_bytes)
+ * to a string representation (addr_str), according to
+ * the protocol */
+
+static int node_expand_addr(sepol_handle_t * handle,
+ char *addr_bytes, int proto, char *addr_str)
+{
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ {
+ struct in_addr addr;
+ memset(&addr, 0, sizeof(struct in_addr));
+ memcpy(&addr.s_addr, addr_bytes, 4);
+
+ if (inet_ntop(AF_INET, &addr, addr_str,
+ INET_ADDRSTRLEN) == NULL) {
+
+ ERR(handle,
+ "could not expand IPv4 address to string: %s",
+ strerror(errno));
+ return STATUS_ERR;
+ }
+ break;
+ }
+
+ case SEPOL_PROTO_IP6:
+ {
+ struct in6_addr addr;
+ memset(&addr, 0, sizeof(struct in6_addr));
+ memcpy(&addr.s6_addr32[0], addr_bytes, 16);
+
+ if (inet_ntop(AF_INET6, &addr, addr_str,
+ INET6_ADDRSTRLEN) == NULL) {
+
+ ERR(handle,
+ "could not expand IPv6 address to string: %s",
+ strerror(errno));
+ return STATUS_ERR;
+ }
+ break;
+ }
+
+ default:
+ ERR(handle, "unsupported protocol %u, could not"
+ " expand address to string", proto);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/* Allocates a sufficiently large address string (addr)
+ * according to the protocol */
+
+static int node_alloc_addr_string(sepol_handle_t * handle,
+ int proto, char **addr)
+{
+
+ char *tmp_addr = NULL;
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ tmp_addr = malloc(INET_ADDRSTRLEN);
+ if (!tmp_addr)
+ goto omem;
+ break;
+
+ case SEPOL_PROTO_IP6:
+ tmp_addr = malloc(INET6_ADDRSTRLEN);
+ if (!tmp_addr)
+ goto omem;
+ break;
+
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+
+ *addr = tmp_addr;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ free(tmp_addr);
+ ERR(handle, "could not allocate string buffer for "
+ "address of protocol %s", sepol_node_get_proto_str(proto));
+ return STATUS_ERR;
+}
+
+/* Key */
+int sepol_node_key_create(sepol_handle_t * handle,
+ const char *addr,
+ const char *mask,
+ int proto, sepol_node_key_t ** key_ptr)
+{
+
+ sepol_node_key_t *tmp_key =
+ (sepol_node_key_t *) calloc(1, sizeof(sepol_node_key_t));
+ if (!tmp_key)
+ goto omem;
+
+ if (node_alloc_addr(handle, proto, &tmp_key->addr, &tmp_key->addr_sz) <
+ 0)
+ goto err;
+ if (node_parse_addr(handle, addr, proto, tmp_key->addr) < 0)
+ goto err;
+
+ if (node_alloc_addr(handle, proto, &tmp_key->mask, &tmp_key->mask_sz) <
+ 0)
+ goto err;
+ if (node_parse_addr(handle, mask, proto, tmp_key->mask) < 0)
+ goto err;
+
+ tmp_key->proto = proto;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ sepol_node_key_free(tmp_key);
+ ERR(handle, "could not create node key for (%s, %s, %s)",
+ addr, mask, sepol_node_get_proto_str(proto));
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_node_key_create)
+
+void sepol_node_key_unpack(const sepol_node_key_t * key,
+ const char **addr, const char **mask, int *proto)
+{
+
+ *addr = key->addr;
+ *mask = key->mask;
+ *proto = key->proto;
+}
+
+hidden_def(sepol_node_key_unpack)
+
+int sepol_node_key_extract(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ sepol_node_key_t ** key_ptr)
+{
+
+ sepol_node_key_t *tmp_key =
+ (sepol_node_key_t *) calloc(1, sizeof(sepol_node_key_t));
+ if (!tmp_key)
+ goto omem;
+
+ tmp_key->addr = malloc(node->addr_sz);
+ tmp_key->mask = malloc(node->mask_sz);
+
+ if (!tmp_key->addr || !tmp_key->mask)
+ goto omem;
+
+ memcpy(tmp_key->addr, node->addr, node->addr_sz);
+ memcpy(tmp_key->mask, node->mask, node->mask_sz);
+ tmp_key->addr_sz = node->addr_sz;
+ tmp_key->mask_sz = node->mask_sz;
+ tmp_key->proto = node->proto;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+
+ omem:
+ sepol_node_key_free(tmp_key);
+ ERR(handle, "out of memory, could not extract node key");
+ return STATUS_ERR;
+}
+
+void sepol_node_key_free(sepol_node_key_t * key)
+{
+
+ if (!key)
+ return;
+
+ free(key->addr);
+ free(key->mask);
+ free(key);
+}
+
+hidden_def(sepol_node_key_free)
+
+int sepol_node_compare(const sepol_node_t * node, const sepol_node_key_t * key)
+{
+
+ int rc1, rc2;
+
+ if ((node->addr_sz < key->addr_sz) || (node->mask_sz < key->mask_sz))
+ return -1;
+
+ else if ((node->addr_sz > key->addr_sz) ||
+ (node->mask_sz > key->mask_sz))
+ return 1;
+
+ rc1 = memcmp(node->addr, key->addr, node->addr_sz);
+ rc2 = memcmp(node->mask, key->mask, node->mask_sz);
+
+ return (rc2 != 0) ? rc2 : rc1;
+}
+
+int sepol_node_compare2(const sepol_node_t * node, const sepol_node_t * node2)
+{
+
+ int rc1, rc2;
+
+ if ((node->addr_sz < node2->addr_sz) ||
+ (node->mask_sz < node2->mask_sz))
+ return -1;
+
+ else if ((node->addr_sz > node2->addr_sz) ||
+ (node->mask_sz > node2->mask_sz))
+ return 1;
+
+ rc1 = memcmp(node->addr, node2->addr, node->addr_sz);
+ rc2 = memcmp(node->mask, node2->mask, node->mask_sz);
+
+ return (rc2 != 0) ? rc2 : rc1;
+}
+
+/* Addr */
+int sepol_node_get_addr(sepol_handle_t * handle,
+ const sepol_node_t * node, char **addr)
+{
+
+ char *tmp_addr = NULL;
+
+ if (node_alloc_addr_string(handle, node->proto, &tmp_addr) < 0)
+ goto err;
+
+ if (node_expand_addr(handle, node->addr, node->proto, tmp_addr) < 0)
+ goto err;
+
+ *addr = tmp_addr;
+ return STATUS_SUCCESS;
+
+ err:
+ free(tmp_addr);
+ ERR(handle, "could not get node address");
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_node_get_addr)
+
+int sepol_node_get_addr_bytes(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ char **buffer, size_t * bsize)
+{
+
+ char *tmp_buf = malloc(node->addr_sz);
+ if (!tmp_buf) {
+ ERR(handle, "out of memory, could not get address bytes");
+ return STATUS_ERR;
+ }
+
+ memcpy(tmp_buf, node->addr, node->addr_sz);
+ *buffer = tmp_buf;
+ *bsize = node->addr_sz;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_get_addr_bytes)
+
+int sepol_node_set_addr(sepol_handle_t * handle,
+ sepol_node_t * node, int proto, const char *addr)
+{
+
+ char *tmp_addr = NULL;
+ size_t tmp_addr_sz;
+
+ if (node_alloc_addr(handle, proto, &tmp_addr, &tmp_addr_sz) < 0)
+ goto err;
+
+ if (node_parse_addr(handle, addr, proto, tmp_addr) < 0)
+ goto err;
+
+ free(node->addr);
+ node->addr = tmp_addr;
+ node->addr_sz = tmp_addr_sz;
+ return STATUS_SUCCESS;
+
+ err:
+ free(tmp_addr);
+ ERR(handle, "could not set node address to %s", addr);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_node_set_addr)
+
+int sepol_node_set_addr_bytes(sepol_handle_t * handle,
+ sepol_node_t * node,
+ const char *addr, size_t addr_sz)
+{
+
+ char *tmp_addr = malloc(addr_sz);
+ if (!tmp_addr) {
+ ERR(handle, "out of memory, could not " "set node address");
+ return STATUS_ERR;
+ }
+
+ memcpy(tmp_addr, addr, addr_sz);
+ free(node->addr);
+ node->addr = tmp_addr;
+ node->addr_sz = addr_sz;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_set_addr_bytes)
+
+/* Mask */
+int sepol_node_get_mask(sepol_handle_t * handle,
+ const sepol_node_t * node, char **mask)
+{
+
+ char *tmp_mask = NULL;
+
+ if (node_alloc_addr_string(handle, node->proto, &tmp_mask) < 0)
+ goto err;
+
+ if (node_expand_addr(handle, node->mask, node->proto, tmp_mask) < 0)
+ goto err;
+
+ *mask = tmp_mask;
+ return STATUS_SUCCESS;
+
+ err:
+ free(tmp_mask);
+ ERR(handle, "could not get node netmask");
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_node_get_mask)
+
+int sepol_node_get_mask_bytes(sepol_handle_t * handle,
+ const sepol_node_t * node,
+ char **buffer, size_t * bsize)
+{
+
+ char *tmp_buf = malloc(node->mask_sz);
+ if (!tmp_buf) {
+ ERR(handle, "out of memory, could not get netmask bytes");
+ return STATUS_ERR;
+ }
+
+ memcpy(tmp_buf, node->mask, node->mask_sz);
+ *buffer = tmp_buf;
+ *bsize = node->mask_sz;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_get_mask_bytes)
+
+int sepol_node_set_mask(sepol_handle_t * handle,
+ sepol_node_t * node, int proto, const char *mask)
+{
+
+ char *tmp_mask = NULL;
+ size_t tmp_mask_sz;
+
+ if (node_alloc_addr(handle, proto, &tmp_mask, &tmp_mask_sz) < 0)
+ goto err;
+
+ if (node_parse_addr(handle, mask, proto, tmp_mask) < 0)
+ goto err;
+
+ free(node->mask);
+ node->mask = tmp_mask;
+ node->mask_sz = tmp_mask_sz;
+ return STATUS_SUCCESS;
+
+ err:
+ free(tmp_mask);
+ ERR(handle, "could not set node netmask to %s", mask);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_node_set_mask)
+
+int sepol_node_set_mask_bytes(sepol_handle_t * handle,
+ sepol_node_t * node,
+ const char *mask, size_t mask_sz)
+{
+
+ char *tmp_mask = malloc(mask_sz);
+ if (!tmp_mask) {
+ ERR(handle, "out of memory, could not " "set node netmask");
+ return STATUS_ERR;
+ }
+ memcpy(tmp_mask, mask, mask_sz);
+ free(node->mask);
+ node->mask = tmp_mask;
+ node->mask_sz = mask_sz;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_set_mask_bytes)
+
+/* Protocol */
+int sepol_node_get_proto(const sepol_node_t * node)
+{
+
+ return node->proto;
+}
+
+hidden_def(sepol_node_get_proto)
+
+void sepol_node_set_proto(sepol_node_t * node, int proto)
+{
+
+ node->proto = proto;
+}
+
+hidden_def(sepol_node_set_proto)
+
+const char *sepol_node_get_proto_str(int proto)
+{
+
+ switch (proto) {
+ case SEPOL_PROTO_IP4:
+ return "ipv4";
+ case SEPOL_PROTO_IP6:
+ return "ipv6";
+ default:
+ return "???";
+ }
+}
+
+hidden_def(sepol_node_get_proto_str)
+
+/* Create */
+int sepol_node_create(sepol_handle_t * handle, sepol_node_t ** node)
+{
+
+ sepol_node_t *tmp_node = (sepol_node_t *) malloc(sizeof(sepol_node_t));
+
+ if (!tmp_node) {
+ ERR(handle, "out of memory, could not create " "node record");
+ return STATUS_ERR;
+ }
+
+ tmp_node->addr = NULL;
+ tmp_node->addr_sz = 0;
+ tmp_node->mask = NULL;
+ tmp_node->mask_sz = 0;
+ tmp_node->proto = SEPOL_PROTO_IP4;
+ tmp_node->con = NULL;
+ *node = tmp_node;
+
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_create)
+
+/* Deep copy clone */
+int sepol_node_clone(sepol_handle_t * handle,
+ const sepol_node_t * node, sepol_node_t ** node_ptr)
+{
+
+ sepol_node_t *new_node = NULL;
+ if (sepol_node_create(handle, &new_node) < 0)
+ goto err;
+
+ /* Copy address, mask, protocol */
+ new_node->addr = malloc(node->addr_sz);
+ new_node->mask = malloc(node->mask_sz);
+ if (!new_node->addr || !new_node->mask)
+ goto omem;
+
+ memcpy(new_node->addr, node->addr, node->addr_sz);
+ memcpy(new_node->mask, node->mask, node->mask_sz);
+ new_node->addr_sz = node->addr_sz;
+ new_node->mask_sz = node->mask_sz;
+ new_node->proto = node->proto;
+
+ /* Copy context */
+ if (node->con &&
+ (sepol_context_clone(handle, node->con, &new_node->con) < 0))
+ goto err;
+
+ *node_ptr = new_node;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not clone node record");
+ sepol_node_free(new_node);
+ return STATUS_ERR;
+}
+
+/* Destroy */
+void sepol_node_free(sepol_node_t * node)
+{
+
+ if (!node)
+ return;
+
+ sepol_context_free(node->con);
+ free(node->addr);
+ free(node->mask);
+ free(node);
+}
+
+hidden_def(sepol_node_free)
+
+/* Context */
+sepol_context_t *sepol_node_get_con(const sepol_node_t * node)
+{
+
+ return node->con;
+}
+
+hidden_def(sepol_node_get_con)
+
+int sepol_node_set_con(sepol_handle_t * handle,
+ sepol_node_t * node, sepol_context_t * con)
+{
+
+ sepol_context_t *newcon;
+
+ if (sepol_context_clone(handle, con, &newcon) < 0) {
+ ERR(handle, "out of memory, could not set node context");
+ return STATUS_ERR;
+ }
+
+ sepol_context_free(node->con);
+ node->con = newcon;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_node_set_con)
diff --git a/libsepol/src/nodes.c b/libsepol/src/nodes.c
new file mode 100644
index 0000000..ba2934d
--- /dev/null
+++ b/libsepol/src/nodes.c
@@ -0,0 +1,400 @@
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdlib.h>
+
+#include "debug.h"
+#include "context.h"
+#include "handle.h"
+
+#include <sepol/policydb/policydb.h>
+#include "node_internal.h"
+
+/* Create a low level node structure from
+ * a high level representation */
+static int node_from_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t ** node, const sepol_node_t * data)
+{
+
+ ocontext_t *tmp_node = NULL;
+ context_struct_t *tmp_con = NULL;
+ char *addr_buf = NULL, *mask_buf = NULL;
+
+ tmp_node = (ocontext_t *) calloc(1, sizeof(ocontext_t));
+ if (!tmp_node)
+ goto omem;
+
+ size_t addr_bsize, mask_bsize;
+
+ /* Address and netmask */
+ if (sepol_node_get_addr_bytes(handle, data, &addr_buf, &addr_bsize) < 0)
+ goto err;
+ if (sepol_node_get_mask_bytes(handle, data, &mask_buf, &mask_bsize) < 0)
+ goto err;
+
+ int proto = sepol_node_get_proto(data);
+
+ switch (proto) {
+ case SEPOL_PROTO_IP4:
+ memcpy(&tmp_node->u.node.addr, addr_buf, addr_bsize);
+ memcpy(&tmp_node->u.node.mask, mask_buf, mask_bsize);
+ break;
+ case SEPOL_PROTO_IP6:
+ memcpy(tmp_node->u.node6.addr, addr_buf, addr_bsize);
+ memcpy(tmp_node->u.node6.mask, mask_buf, mask_bsize);
+ break;
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+ free(addr_buf);
+ free(mask_buf);
+ addr_buf = NULL;
+ mask_buf = NULL;
+
+ /* Context */
+ if (context_from_record(handle, policydb, &tmp_con,
+ sepol_node_get_con(data)) < 0)
+ goto err;
+ context_cpy(&tmp_node->context[0], tmp_con);
+ context_destroy(tmp_con);
+ free(tmp_con);
+ tmp_con = NULL;
+
+ *node = tmp_node;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ if (tmp_node != NULL) {
+ context_destroy(&tmp_node->context[0]);
+ free(tmp_node);
+ }
+ context_destroy(tmp_con);
+ free(tmp_con);
+ free(addr_buf);
+ free(mask_buf);
+ ERR(handle, "could not create node structure");
+ return STATUS_ERR;
+}
+
+static int node_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t * node, int proto, sepol_node_t ** record)
+{
+
+ context_struct_t *con = &node->context[0];
+
+ sepol_context_t *tmp_con = NULL;
+ sepol_node_t *tmp_record = NULL;
+
+ if (sepol_node_create(handle, &tmp_record) < 0)
+ goto err;
+
+ sepol_node_set_proto(tmp_record, proto);
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ if (sepol_node_set_addr_bytes(handle, tmp_record,
+ (const char *)&node->u.node.addr,
+ 4) < 0)
+ goto err;
+
+ if (sepol_node_set_mask_bytes(handle, tmp_record,
+ (const char *)&node->u.node.mask,
+ 4) < 0)
+ goto err;
+ break;
+
+ case SEPOL_PROTO_IP6:
+ if (sepol_node_set_addr_bytes(handle, tmp_record,
+ (const char *)&node->u.node6.addr,
+ 16) < 0)
+ goto err;
+
+ if (sepol_node_set_mask_bytes(handle, tmp_record,
+ (const char *)&node->u.node6.mask,
+ 16) < 0)
+ goto err;
+ break;
+
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+
+ if (context_to_record(handle, policydb, con, &tmp_con) < 0)
+ goto err;
+
+ if (sepol_node_set_con(handle, tmp_record, tmp_con) < 0)
+ goto err;
+
+ sepol_context_free(tmp_con);
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not convert node to record");
+ sepol_context_free(tmp_con);
+ sepol_node_free(tmp_record);
+ return STATUS_ERR;
+}
+
+/* Return the number of nodes */
+extern int sepol_node_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response)
+{
+
+ unsigned int count = 0;
+ ocontext_t *c, *head;
+ const policydb_t *policydb = &p->p;
+
+ head = policydb->ocontexts[OCON_NODE];
+ for (c = head; c != NULL; c = c->next)
+ count++;
+
+ head = policydb->ocontexts[OCON_NODE6];
+ for (c = head; c != NULL; c = c->next)
+ count++;
+
+ *response = count;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+/* Check if a node exists */
+int sepol_node_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_node_key_t * key, int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ int proto;
+ const char *addr, *mask;
+ sepol_node_key_unpack(key, &addr, &mask, &proto);
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ {
+ head = policydb->ocontexts[OCON_NODE];
+ for (c = head; c; c = c->next) {
+ unsigned int *addr2 = &c->u.node.addr;
+ unsigned int *mask2 = &c->u.node.mask;
+
+ if (!memcmp(addr, addr2, 4) &&
+ !memcmp(mask, mask2, 4)) {
+
+ *response = 1;
+ return STATUS_SUCCESS;
+ }
+ }
+ break;
+ }
+ case SEPOL_PROTO_IP6:
+ {
+ head = policydb->ocontexts[OCON_NODE6];
+ for (c = head; c; c = c->next) {
+ unsigned int *addr2 = c->u.node6.addr;
+ unsigned int *mask2 = c->u.node6.mask;
+
+ if (!memcmp(addr, addr2, 16) &&
+ !memcmp(mask, mask2, 16)) {
+ *response = 1;
+ return STATUS_SUCCESS;
+ }
+ }
+ break;
+ }
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+
+ *response = 0;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not check if node %s/%s (%s) exists",
+ addr, mask, sepol_node_get_proto_str(proto));
+ return STATUS_ERR;
+}
+
+/* Query a node */
+int sepol_node_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_node_key_t * key, sepol_node_t ** response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ int proto;
+ const char *addr, *mask;
+ sepol_node_key_unpack(key, &addr, &mask, &proto);
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ {
+ head = policydb->ocontexts[OCON_NODE];
+ for (c = head; c; c = c->next) {
+ unsigned int *addr2 = &c->u.node.addr;
+ unsigned int *mask2 = &c->u.node.mask;
+
+ if (!memcmp(addr, addr2, 4) &&
+ !memcmp(mask, mask2, 4)) {
+
+ if (node_to_record(handle, policydb,
+ c, SEPOL_PROTO_IP4,
+ response) < 0)
+ goto err;
+ return STATUS_SUCCESS;
+ }
+ }
+ break;
+ }
+ case SEPOL_PROTO_IP6:
+ {
+ head = policydb->ocontexts[OCON_NODE6];
+ for (c = head; c; c = c->next) {
+ unsigned int *addr2 = c->u.node6.addr;
+ unsigned int *mask2 = c->u.node6.mask;
+
+ if (!memcmp(addr, addr2, 16) &&
+ !memcmp(mask, mask2, 16)) {
+
+ if (node_to_record(handle, policydb,
+ c, SEPOL_PROTO_IP6,
+ response) < 0)
+ goto err;
+ }
+ }
+ break;
+ }
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+ *response = NULL;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query node %s/%s (%s)",
+ addr, mask, sepol_node_get_proto_str(proto));
+ return STATUS_ERR;
+
+}
+
+/* Load a node into policy */
+int sepol_node_modify(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ const sepol_node_key_t * key, const sepol_node_t * data)
+{
+
+ policydb_t *policydb = &p->p;
+ ocontext_t *node = NULL;
+
+ int proto;
+ const char *addr, *mask;
+
+ sepol_node_key_unpack(key, &addr, &mask, &proto);
+
+ if (node_from_record(handle, policydb, &node, data) < 0)
+ goto err;
+
+ switch (proto) {
+
+ case SEPOL_PROTO_IP4:
+ {
+ /* Attach to context list */
+ node->next = policydb->ocontexts[OCON_NODE];
+ policydb->ocontexts[OCON_NODE] = node;
+ break;
+ }
+ case SEPOL_PROTO_IP6:
+ {
+ /* Attach to context list */
+ node->next = policydb->ocontexts[OCON_NODE6];
+ policydb->ocontexts[OCON_NODE6] = node;
+ break;
+ }
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ goto err;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not load node %s/%s (%s)",
+ addr, mask, sepol_node_get_proto_str(proto));
+ if (node != NULL) {
+ context_destroy(&node->context[0]);
+ free(node);
+ }
+ return STATUS_ERR;
+}
+
+int sepol_node_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ int (*fn) (const sepol_node_t * node,
+ void *fn_arg), void *arg)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+ sepol_node_t *node = NULL;
+ int status;
+
+ head = policydb->ocontexts[OCON_NODE];
+ for (c = head; c; c = c->next) {
+ if (node_to_record(handle, policydb, c, SEPOL_PROTO_IP4, &node)
+ < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(node, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_node_free(node);
+ node = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ head = policydb->ocontexts[OCON_NODE6];
+ for (c = head; c; c = c->next) {
+ if (node_to_record(handle, policydb, c, SEPOL_PROTO_IP6, &node)
+ < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(node, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_node_free(node);
+ node = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over nodes");
+ sepol_node_free(node);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
new file mode 100644
index 0000000..71970b1
--- /dev/null
+++ b/libsepol/src/polcaps.c
@@ -0,0 +1,33 @@
+/*
+ * Policy capability support functions
+ */
+
+#include <string.h>
+#include <sepol/policydb/polcaps.h>
+
+static const char *polcap_names[] = {
+ "network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
+ "open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
+ NULL
+};
+
+int sepol_polcap_getnum(const char *name)
+{
+ int capnum;
+
+ for (capnum = 0; capnum <= POLICYDB_CAPABILITY_MAX; capnum++) {
+ if (polcap_names[capnum] == NULL)
+ continue;
+ if (strcasecmp(polcap_names[capnum], name) == 0)
+ return capnum;
+ }
+ return -1;
+}
+
+const char *sepol_polcap_getname(int capnum)
+{
+ if (capnum > POLICYDB_CAPABILITY_MAX)
+ return NULL;
+
+ return polcap_names[capnum];
+}
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
new file mode 100644
index 0000000..91699bf
--- /dev/null
+++ b/libsepol/src/policydb.c
@@ -0,0 +1,3315 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
+ * Fine-grained netlink support
+ * IPv6 support
+ * Code cleanup
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2005 Tresys Technology, LLC
+ * Copyright (C) 2003 - 2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the policy database.
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/avrule_block.h>
+#include <sepol/policydb/util.h>
+#include <sepol/policydb/flask.h>
+
+#include "private.h"
+#include "debug.h"
+#include "mls.h"
+
+/* These need to be updated if SYM_NUM or OCON_NUM changes */
+static struct policydb_compat_info policydb_compat[] = {
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_BASE,
+ .sym_num = SYM_NUM - 3,
+ .ocon_num = OCON_FSUSE + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_BOOL,
+ .sym_num = SYM_NUM - 2,
+ .ocon_num = OCON_FSUSE + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_IPV6,
+ .sym_num = SYM_NUM - 2,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_NLCLASS,
+ .sym_num = SYM_NUM - 2,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_MLS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_AVTAB,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_RANGETRANS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_POLCAP,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_BASE,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_MLS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_MLS_USERS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_POLCAP,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_BASE,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0,
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_MLS,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0,
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_MLS_USERS,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_POLCAP,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0
+ },
+};
+
+#if 0
+static char *symtab_name[SYM_NUM] = {
+ "common prefixes",
+ "classes",
+ "roles",
+ "types",
+ "users",
+ "bools" mls_symtab_names cond_symtab_names
+};
+#endif
+
+static unsigned int symtab_sizes[SYM_NUM] = {
+ 2,
+ 32,
+ 16,
+ 512,
+ 128,
+ 16,
+ 16,
+ 16,
+};
+
+struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
+ unsigned int type)
+{
+ unsigned int i;
+ struct policydb_compat_info *info = NULL;
+
+ for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
+ if (policydb_compat[i].version == version &&
+ policydb_compat[i].type == type) {
+ info = &policydb_compat[i];
+ break;
+ }
+ }
+ return info;
+}
+
+void type_set_init(type_set_t * x)
+{
+ memset(x, 0, sizeof(type_set_t));
+ ebitmap_init(&x->types);
+ ebitmap_init(&x->negset);
+}
+
+void type_set_destroy(type_set_t * x)
+{
+ if (x != NULL) {
+ ebitmap_destroy(&x->types);
+ ebitmap_destroy(&x->negset);
+ }
+}
+
+void role_set_init(role_set_t * x)
+{
+ memset(x, 0, sizeof(role_set_t));
+ ebitmap_init(&x->roles);
+}
+
+void role_set_destroy(role_set_t * x)
+{
+ ebitmap_destroy(&x->roles);
+}
+
+void role_datum_init(role_datum_t * x)
+{
+ memset(x, 0, sizeof(role_datum_t));
+ ebitmap_init(&x->dominates);
+ type_set_init(&x->types);
+ ebitmap_init(&x->cache);
+}
+
+void role_datum_destroy(role_datum_t * x)
+{
+ if (x != NULL) {
+ ebitmap_destroy(&x->dominates);
+ type_set_destroy(&x->types);
+ ebitmap_destroy(&x->cache);
+ }
+}
+
+void type_datum_init(type_datum_t * x)
+{
+ memset(x, 0, sizeof(*x));
+ ebitmap_init(&x->types);
+}
+
+void type_datum_destroy(type_datum_t * x)
+{
+ if (x != NULL) {
+ ebitmap_destroy(&x->types);
+ }
+}
+
+void user_datum_init(user_datum_t * x)
+{
+ memset(x, 0, sizeof(user_datum_t));
+ role_set_init(&x->roles);
+ mls_semantic_range_init(&x->range);
+ mls_semantic_level_init(&x->dfltlevel);
+ ebitmap_init(&x->cache);
+ mls_range_init(&x->exp_range);
+ mls_level_init(&x->exp_dfltlevel);
+}
+
+void user_datum_destroy(user_datum_t * x)
+{
+ if (x != NULL) {
+ role_set_destroy(&x->roles);
+ mls_semantic_range_destroy(&x->range);
+ mls_semantic_level_destroy(&x->dfltlevel);
+ ebitmap_destroy(&x->cache);
+ mls_range_destroy(&x->exp_range);
+ mls_level_destroy(&x->exp_dfltlevel);
+ }
+}
+
+void level_datum_init(level_datum_t * x)
+{
+ memset(x, 0, sizeof(level_datum_t));
+}
+
+void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
+{
+ /* the mls_level_t referenced by the level_datum is managed
+ * separately for now, so there is nothing to destroy */
+ return;
+}
+
+void cat_datum_init(cat_datum_t * x)
+{
+ memset(x, 0, sizeof(cat_datum_t));
+}
+
+void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
+{
+ /* it's currently a simple struct - really nothing to destroy */
+ return;
+}
+
+void class_perm_node_init(class_perm_node_t * x)
+{
+ memset(x, 0, sizeof(class_perm_node_t));
+}
+
+void avrule_init(avrule_t * x)
+{
+ memset(x, 0, sizeof(avrule_t));
+ type_set_init(&x->stypes);
+ type_set_init(&x->ttypes);
+}
+
+void avrule_destroy(avrule_t * x)
+{
+ class_perm_node_t *cur, *next;
+
+ if (x == NULL) {
+ return;
+ }
+ type_set_destroy(&x->stypes);
+ type_set_destroy(&x->ttypes);
+
+ next = x->perms;
+ while (next) {
+ cur = next;
+ next = cur->next;
+ free(cur);
+ }
+}
+
+void role_trans_rule_init(role_trans_rule_t * x)
+{
+ memset(x, 0, sizeof(*x));
+ role_set_init(&x->roles);
+ type_set_init(&x->types);
+}
+
+void role_trans_rule_destroy(role_trans_rule_t * x)
+{
+ if (x != NULL) {
+ role_set_destroy(&x->roles);
+ type_set_destroy(&x->types);
+ }
+}
+
+void role_trans_rule_list_destroy(role_trans_rule_t * x)
+{
+ while (x != NULL) {
+ role_trans_rule_t *next = x->next;
+ role_trans_rule_destroy(x);
+ free(x);
+ x = next;
+ }
+}
+
+void role_allow_rule_init(role_allow_rule_t * x)
+{
+ memset(x, 0, sizeof(role_allow_rule_t));
+ role_set_init(&x->roles);
+ role_set_init(&x->new_roles);
+}
+
+void role_allow_rule_destroy(role_allow_rule_t * x)
+{
+ role_set_destroy(&x->roles);
+ role_set_destroy(&x->new_roles);
+}
+
+void role_allow_rule_list_destroy(role_allow_rule_t * x)
+{
+ while (x != NULL) {
+ role_allow_rule_t *next = x->next;
+ role_allow_rule_destroy(x);
+ free(x);
+ x = next;
+ }
+}
+
+void range_trans_rule_init(range_trans_rule_t * x)
+{
+ type_set_init(&x->stypes);
+ type_set_init(&x->ttypes);
+ ebitmap_init(&x->tclasses);
+ mls_semantic_range_init(&x->trange);
+ x->next = NULL;
+}
+
+void range_trans_rule_destroy(range_trans_rule_t * x)
+{
+ type_set_destroy(&x->stypes);
+ type_set_destroy(&x->ttypes);
+ ebitmap_destroy(&x->tclasses);
+ mls_semantic_range_destroy(&x->trange);
+}
+
+void range_trans_rule_list_destroy(range_trans_rule_t * x)
+{
+ while (x != NULL) {
+ range_trans_rule_t *next = x->next;
+ range_trans_rule_destroy(x);
+ free(x);
+ x = next;
+ }
+}
+
+void avrule_list_destroy(avrule_t * x)
+{
+ avrule_t *next, *cur;
+
+ if (!x)
+ return;
+
+ next = x;
+ while (next) {
+ cur = next;
+ next = next->next;
+ avrule_destroy(cur);
+ free(cur);
+ }
+}
+
+/*
+ * Initialize the role table by implicitly adding role 'object_r'. If
+ * the policy is a module, set object_r's scope to be SCOPE_REQ,
+ * otherwise set it to SCOPE_DECL.
+ */
+static int roles_init(policydb_t * p)
+{
+ char *key = 0;
+ int rc;
+ role_datum_t *role;
+
+ role = calloc(1, sizeof(role_datum_t));
+ if (!role) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ key = malloc(strlen(OBJECT_R) + 1);
+ if (!key) {
+ rc = -ENOMEM;
+ goto out_free_role;
+ }
+ strcpy(key, OBJECT_R);
+ rc = symtab_insert(p, SYM_ROLES, key, role,
+ (p->policy_type ==
+ POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
+ &role->s.value);
+ if (rc)
+ goto out_free_key;
+ if (role->s.value != OBJECT_R_VAL) {
+ rc = -EINVAL;
+ goto out_free_role;
+ }
+ out:
+ return rc;
+
+ out_free_key:
+ free(key);
+ out_free_role:
+ free(role);
+ goto out;
+}
+
+/*
+ * Initialize a policy database structure.
+ */
+int policydb_init(policydb_t * p)
+{
+ int i, rc;
+
+ memset(p, 0, sizeof(policydb_t));
+
+ ebitmap_init(&p->policycaps);
+
+ ebitmap_init(&p->permissive_map);
+
+ for (i = 0; i < SYM_NUM; i++) {
+ p->sym_val_to_name[i] = NULL;
+ rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
+ if (rc)
+ goto out_free_symtab;
+ }
+
+ /* initialize the module stuff */
+ for (i = 0; i < SYM_NUM; i++) {
+ if (symtab_init(&p->scope[i], symtab_sizes[i])) {
+ goto out_free_symtab;
+ }
+ }
+ if ((p->global = avrule_block_create()) == NULL ||
+ (p->global->branch_list = avrule_decl_create(1)) == NULL) {
+ goto out_free_symtab;
+ }
+ p->decl_val_to_struct = NULL;
+
+ rc = avtab_init(&p->te_avtab);
+ if (rc)
+ goto out_free_symtab;
+
+ rc = roles_init(p);
+ if (rc)
+ goto out_free_symtab;
+
+ rc = cond_policydb_init(p);
+ if (rc)
+ goto out_free_symtab;
+ out:
+ return rc;
+
+ out_free_symtab:
+ for (i = 0; i < SYM_NUM; i++) {
+ hashtab_destroy(p->symtab[i].table);
+ hashtab_destroy(p->scope[i].table);
+ }
+ avrule_block_list_destroy(p->global);
+ goto out;
+}
+
+int policydb_role_cache(hashtab_key_t key
+ __attribute__ ((unused)), hashtab_datum_t datum,
+ void *arg)
+{
+ policydb_t *p;
+ role_datum_t *role;
+
+ role = (role_datum_t *) datum;
+ p = (policydb_t *) arg;
+
+ ebitmap_destroy(&role->cache);
+ if (type_set_expand(&role->types, &role->cache, p, 1)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int policydb_user_cache(hashtab_key_t key
+ __attribute__ ((unused)), hashtab_datum_t datum,
+ void *arg)
+{
+ policydb_t *p;
+ user_datum_t *user;
+
+ user = (user_datum_t *) datum;
+ p = (policydb_t *) arg;
+
+ ebitmap_destroy(&user->cache);
+ if (role_set_expand(&user->roles, &user->cache, p, NULL)) {
+ return -1;
+ }
+
+ /* we do not expand user's MLS info in kernel policies because the
+ * semantic representation is not present and we do not expand user's
+ * MLS info in module policies because all of the necessary mls
+ * information is not present */
+ if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
+ mls_range_destroy(&user->exp_range);
+ if (mls_semantic_range_expand(&user->range,
+ &user->exp_range, p, NULL)) {
+ return -1;
+ }
+
+ mls_level_destroy(&user->exp_dfltlevel);
+ if (mls_semantic_level_expand(&user->dfltlevel,
+ &user->exp_dfltlevel, p, NULL)) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * The following *_index functions are used to
+ * define the val_to_name and val_to_struct arrays
+ * in a policy database structure. The val_to_name
+ * arrays are used when converting security context
+ * structures into string representations. The
+ * val_to_struct arrays are used when the attributes
+ * of a class, role, or user are needed.
+ */
+
+static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ common_datum_t *comdatum;
+
+ comdatum = (common_datum_t *) datum;
+ p = (policydb_t *) datap;
+ if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim)
+ return -EINVAL;
+ p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
+
+ return 0;
+}
+
+static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ class_datum_t *cladatum;
+
+ cladatum = (class_datum_t *) datum;
+ p = (policydb_t *) datap;
+ if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim)
+ return -EINVAL;
+ p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
+ p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
+
+ return 0;
+}
+
+static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ role_datum_t *role;
+
+ role = (role_datum_t *) datum;
+ p = (policydb_t *) datap;
+ if (!role->s.value || role->s.value > p->p_roles.nprim)
+ return -EINVAL;
+ p->p_role_val_to_name[role->s.value - 1] = (char *)key;
+ p->role_val_to_struct[role->s.value - 1] = role;
+
+ return 0;
+}
+
+static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ type_datum_t *typdatum;
+
+ typdatum = (type_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (typdatum->primary) {
+ if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim)
+ return -EINVAL;
+ p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
+ p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
+ }
+
+ return 0;
+}
+
+static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ user_datum_t *usrdatum;
+
+ usrdatum = (user_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim)
+ return -EINVAL;
+
+ p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
+ p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
+
+ return 0;
+}
+
+static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ level_datum_t *levdatum;
+
+ levdatum = (level_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (!levdatum->isalias) {
+ if (!levdatum->level->sens ||
+ levdatum->level->sens > p->p_levels.nprim)
+ return -EINVAL;
+ p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
+ }
+
+ return 0;
+}
+
+static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
+{
+ policydb_t *p;
+ cat_datum_t *catdatum;
+
+ catdatum = (cat_datum_t *) datum;
+ p = (policydb_t *) datap;
+
+ if (!catdatum->isalias) {
+ if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim)
+ return -EINVAL;
+ p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
+ }
+
+ return 0;
+}
+
+static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
+ void *datap) = {
+common_index, class_index, role_index, type_index, user_index,
+ cond_index_bool, sens_index, cat_index,};
+
+/*
+ * Define the common val_to_name array and the class
+ * val_to_name and val_to_struct arrays in a policy
+ * database structure.
+ */
+int policydb_index_classes(policydb_t * p)
+{
+ free(p->p_common_val_to_name);
+ p->p_common_val_to_name = (char **)
+ malloc(p->p_commons.nprim * sizeof(char *));
+ if (!p->p_common_val_to_name)
+ return -1;
+
+ if (hashtab_map(p->p_commons.table, common_index, p))
+ return -1;
+
+ free(p->class_val_to_struct);
+ p->class_val_to_struct = (class_datum_t **)
+ malloc(p->p_classes.nprim * sizeof(class_datum_t *));
+ if (!p->class_val_to_struct)
+ return -1;
+
+ free(p->p_class_val_to_name);
+ p->p_class_val_to_name = (char **)
+ malloc(p->p_classes.nprim * sizeof(char *));
+ if (!p->p_class_val_to_name)
+ return -1;
+
+ if (hashtab_map(p->p_classes.table, class_index, p))
+ return -1;
+
+ return 0;
+}
+
+int policydb_index_bools(policydb_t * p)
+{
+
+ if (cond_init_bool_indexes(p) == -1)
+ return -1;
+ p->p_bool_val_to_name = (char **)
+ malloc(p->p_bools.nprim * sizeof(char *));
+ if (!p->p_bool_val_to_name)
+ return -1;
+ if (hashtab_map(p->p_bools.table, cond_index_bool, p))
+ return -1;
+ return 0;
+}
+
+int policydb_index_decls(policydb_t * p)
+{
+ avrule_block_t *curblock;
+ avrule_decl_t *decl;
+ int num_decls = 0;
+
+ free(p->decl_val_to_struct);
+
+ for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
+ for (decl = curblock->branch_list; decl != NULL;
+ decl = decl->next) {
+ num_decls++;
+ }
+ }
+
+ p->decl_val_to_struct =
+ calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
+ if (!p->decl_val_to_struct) {
+ return -1;
+ }
+
+ for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
+ for (decl = curblock->branch_list; decl != NULL;
+ decl = decl->next) {
+ p->decl_val_to_struct[decl->decl_id - 1] = decl;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Define the other val_to_name and val_to_struct arrays
+ * in a policy database structure.
+ */
+int policydb_index_others(sepol_handle_t * handle,
+ policydb_t * p, unsigned verbose)
+{
+ int i;
+
+ if (verbose) {
+ INFO(handle,
+ "security: %d users, %d roles, %d types, %d bools",
+ p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
+ p->p_bools.nprim);
+
+ if (p->mls)
+ INFO(handle, "security: %d sens, %d cats",
+ p->p_levels.nprim, p->p_cats.nprim);
+
+ INFO(handle, "security: %d classes, %d rules, %d cond rules",
+ p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
+ }
+#if 0
+ avtab_hash_eval(&p->te_avtab, "rules");
+ for (i = 0; i < SYM_NUM; i++)
+ hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
+#endif
+
+ free(p->role_val_to_struct);
+ p->role_val_to_struct = (role_datum_t **)
+ malloc(p->p_roles.nprim * sizeof(role_datum_t *));
+ if (!p->role_val_to_struct)
+ return -1;
+
+ free(p->user_val_to_struct);
+ p->user_val_to_struct = (user_datum_t **)
+ malloc(p->p_users.nprim * sizeof(user_datum_t *));
+ if (!p->user_val_to_struct)
+ return -1;
+
+ free(p->type_val_to_struct);
+ p->type_val_to_struct = (type_datum_t **)
+ calloc(p->p_types.nprim, sizeof(type_datum_t *));
+ if (!p->type_val_to_struct)
+ return -1;
+
+ cond_init_bool_indexes(p);
+
+ for (i = SYM_ROLES; i < SYM_NUM; i++) {
+ free(p->sym_val_to_name[i]);
+ p->sym_val_to_name[i] = NULL;
+ if (p->symtab[i].nprim) {
+ p->sym_val_to_name[i] = (char **)
+ calloc(p->symtab[i].nprim, sizeof(char *));
+ if (!p->sym_val_to_name[i])
+ return -1;
+ if (hashtab_map(p->symtab[i].table, index_f[i], p))
+ return -1;
+ }
+ }
+
+ /* This pre-expands the roles and users for context validity checking */
+ if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
+ return -1;
+
+ if (hashtab_map(p->p_users.table, policydb_user_cache, p))
+ return -1;
+
+ return 0;
+}
+
+/*
+ * The following *_destroy functions are used to
+ * free any memory allocated for each kind of
+ * symbol data in the policy database.
+ */
+
+static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ if (key)
+ free(key);
+ free(datum);
+ return 0;
+}
+
+static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ common_datum_t *comdatum;
+
+ if (key)
+ free(key);
+ comdatum = (common_datum_t *) datum;
+ hashtab_map(comdatum->permissions.table, perm_destroy, 0);
+ hashtab_destroy(comdatum->permissions.table);
+ free(datum);
+ return 0;
+}
+
+static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ class_datum_t *cladatum;
+ constraint_node_t *constraint, *ctemp;
+ constraint_expr_t *e, *etmp;
+
+ if (key)
+ free(key);
+ cladatum = (class_datum_t *) datum;
+ if (cladatum == NULL) {
+ return 0;
+ }
+ hashtab_map(cladatum->permissions.table, perm_destroy, 0);
+ hashtab_destroy(cladatum->permissions.table);
+ constraint = cladatum->constraints;
+ while (constraint) {
+ e = constraint->expr;
+ while (e) {
+ etmp = e;
+ e = e->next;
+ constraint_expr_destroy(etmp);
+ }
+ ctemp = constraint;
+ constraint = constraint->next;
+ free(ctemp);
+ }
+
+ constraint = cladatum->validatetrans;
+ while (constraint) {
+ e = constraint->expr;
+ while (e) {
+ etmp = e;
+ e = e->next;
+ constraint_expr_destroy(etmp);
+ }
+ ctemp = constraint;
+ constraint = constraint->next;
+ free(ctemp);
+ }
+
+ if (cladatum->comkey)
+ free(cladatum->comkey);
+ free(datum);
+ return 0;
+}
+
+static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ free(key);
+ role_datum_destroy((role_datum_t *) datum);
+ free(datum);
+ return 0;
+}
+
+static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ free(key);
+ type_datum_destroy((type_datum_t *) datum);
+ free(datum);
+ return 0;
+}
+
+static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ free(key);
+ user_datum_destroy((user_datum_t *) datum);
+ free(datum);
+ return 0;
+}
+
+static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ level_datum_t *levdatum;
+
+ if (key)
+ free(key);
+ levdatum = (level_datum_t *) datum;
+ mls_level_destroy(levdatum->level);
+ free(levdatum->level);
+ level_datum_destroy(levdatum);
+ free(levdatum);
+ return 0;
+}
+
+static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ if (key)
+ free(key);
+ cat_datum_destroy((cat_datum_t *) datum);
+ free(datum);
+ return 0;
+}
+
+static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
+ void *datap) = {
+common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
+ cond_destroy_bool, sens_destroy, cat_destroy,};
+
+/*
+ * Free any memory allocated by a policy database structure.
+ */
+void policydb_destroy(policydb_t * p)
+{
+ ocontext_t *c, *ctmp;
+ genfs_t *g, *gtmp;
+ unsigned int i;
+ role_allow_t *ra, *lra = NULL;
+ role_trans_t *tr, *ltr = NULL;
+ range_trans_t *rt, *lrt = NULL;
+
+ if (!p)
+ return;
+
+ ebitmap_destroy(&p->policycaps);
+
+ ebitmap_destroy(&p->permissive_map);
+
+ symtabs_destroy(p->symtab);
+
+ for (i = 0; i < SYM_NUM; i++) {
+ if (p->sym_val_to_name[i])
+ free(p->sym_val_to_name[i]);
+ }
+
+ if (p->class_val_to_struct)
+ free(p->class_val_to_struct);
+ if (p->role_val_to_struct)
+ free(p->role_val_to_struct);
+ if (p->user_val_to_struct)
+ free(p->user_val_to_struct);
+ if (p->type_val_to_struct)
+ free(p->type_val_to_struct);
+ free(p->decl_val_to_struct);
+
+ for (i = 0; i < SYM_NUM; i++) {
+ hashtab_map(p->scope[i].table, scope_destroy, 0);
+ hashtab_destroy(p->scope[i].table);
+ }
+ avrule_block_list_destroy(p->global);
+ free(p->name);
+ free(p->version);
+
+ avtab_destroy(&p->te_avtab);
+
+ for (i = 0; i < OCON_NUM; i++) {
+ c = p->ocontexts[i];
+ while (c) {
+ ctmp = c;
+ c = c->next;
+ context_destroy(&ctmp->context[0]);
+ context_destroy(&ctmp->context[1]);
+ if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
+ || i == OCON_FSUSE)
+ free(ctmp->u.name);
+ free(ctmp);
+ }
+ }
+
+ g = p->genfs;
+ while (g) {
+ free(g->fstype);
+ c = g->head;
+ while (c) {
+ ctmp = c;
+ c = c->next;
+ context_destroy(&ctmp->context[0]);
+ free(ctmp->u.name);
+ free(ctmp);
+ }
+ gtmp = g;
+ g = g->next;
+ free(gtmp);
+ }
+ cond_policydb_destroy(p);
+
+ for (tr = p->role_tr; tr; tr = tr->next) {
+ if (ltr)
+ free(ltr);
+ ltr = tr;
+ }
+ if (ltr)
+ free(ltr);
+
+ for (ra = p->role_allow; ra; ra = ra->next) {
+ if (lra)
+ free(lra);
+ lra = ra;
+ }
+ if (lra)
+ free(lra);
+
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+ lrt = rt;
+ }
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+
+ if (p->type_attr_map) {
+ for (i = 0; i < p->p_types.nprim; i++) {
+ ebitmap_destroy(&p->type_attr_map[i]);
+ }
+ free(p->type_attr_map);
+ }
+
+ if (p->attr_type_map) {
+ for (i = 0; i < p->p_types.nprim; i++) {
+ ebitmap_destroy(&p->attr_type_map[i]);
+ }
+ free(p->attr_type_map);
+ }
+
+ return;
+}
+
+void symtabs_destroy(symtab_t * symtab)
+{
+ int i;
+ for (i = 0; i < SYM_NUM; i++) {
+ hashtab_map(symtab[i].table, destroy_f[i], 0);
+ hashtab_destroy(symtab[i].table);
+ }
+}
+
+int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
+ __attribute__ ((unused)))
+{
+ scope_datum_t *cur = (scope_datum_t *) datum;
+ free(key);
+ if (cur != NULL) {
+ free(cur->decl_ids);
+ }
+ free(cur);
+ return 0;
+}
+
+hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
+{
+ if (sym_num < 0 || sym_num >= SYM_NUM) {
+ return NULL;
+ }
+ return (hashtab_destroy_func_t) destroy_f[sym_num];
+}
+
+/*
+ * Load the initial SIDs specified in a policy database
+ * structure into a SID table.
+ */
+int policydb_load_isids(policydb_t * p, sidtab_t * s)
+{
+ ocontext_t *head, *c;
+
+ if (sepol_sidtab_init(s)) {
+ ERR(NULL, "out of memory on SID table init");
+ return -1;
+ }
+
+ head = p->ocontexts[OCON_ISID];
+ for (c = head; c; c = c->next) {
+ if (!c->context[0].user) {
+ ERR(NULL, "SID %s was never defined", c->u.name);
+ return -1;
+ }
+ if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
+ ERR(NULL, "unable to load initial SID %s", c->u.name);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/* Declare a symbol for a certain avrule_block context. Insert it
+ * into a symbol table for a policy. This function will handle
+ * inserting the appropriate scope information in addition to
+ * inserting the symbol into the hash table.
+ *
+ * arguments:
+ * policydb_t *pol module policy to modify
+ * uint32_t sym the symbole table for insertion (SYM_*)
+ * hashtab_key_t key the key for the symbol - not cloned
+ * hashtab_datum_t data the data for the symbol - not cloned
+ * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
+ * avrule_decl_id identifier for this symbol's encapsulating declaration
+ * value (out) assigned value to the symbol (if value is not NULL)
+ *
+ * returns:
+ * 0 success
+ * 1 success, but symbol already existed as a requirement
+ * (datum was not inserted and needs to be free()d)
+ * -1 general error
+ * -2 scope conflicted
+ * -ENOMEM memory error
+ * error codes from hashtab_insert
+ */
+int symtab_insert(policydb_t * pol, uint32_t sym,
+ hashtab_key_t key, hashtab_datum_t datum,
+ uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
+{
+ int rc, retval = 0;
+ unsigned int i;
+ scope_datum_t *scope_datum;
+
+ /* check if the symbol is already there. multiple
+ * declarations of non-roles/non-users are illegal, but
+ * multiple requires are allowed. */
+
+ /* FIX ME - the failures after the hashtab_insert will leave
+ * the policy in a inconsistent state. */
+ rc = hashtab_insert(pol->symtab[sym].table, key, datum);
+ if (rc == SEPOL_OK) {
+ /* if no value is passed in the symbol is not primary
+ * (i.e. aliases) */
+ if (value)
+ *value = ++pol->symtab[sym].nprim;
+ } else if (rc == SEPOL_EEXIST) {
+ retval = 1; /* symbol not added -- need to free() later */
+ } else {
+ return rc;
+ }
+
+ /* get existing scope information; if there is not one then
+ * create it */
+ scope_datum =
+ (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
+ if (scope_datum == NULL) {
+ hashtab_key_t key2 = strdup((char *)key);
+ if (!key2)
+ return -ENOMEM;
+ if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
+ free(key2);
+ return -ENOMEM;
+ }
+ scope_datum->scope = scope;
+ scope_datum->decl_ids = NULL;
+ scope_datum->decl_ids_len = 0;
+ if ((rc =
+ hashtab_insert(pol->scope[sym].table, key2,
+ scope_datum)) != 0) {
+ free(key2);
+ free(scope_datum);
+ return rc;
+ }
+ } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
+ /* disallow multiple declarations for non-roles/users */
+ if (sym != SYM_ROLES && sym != SYM_USERS) {
+ return -2;
+ }
+ } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
+ scope_datum->scope = SCOPE_DECL;
+ } else if (scope_datum->scope != scope) {
+ /* This only happens in DECL then REQUIRE case, which is handled by caller */
+ return -2;
+ }
+
+ /* search through the pre-existing list to avoid adding duplicates */
+ for (i = 0; i < scope_datum->decl_ids_len; i++) {
+ if (scope_datum->decl_ids[i] == avrule_decl_id) {
+ /* already there, so don't modify its scope */
+ return retval;
+ }
+ }
+
+ if (add_i_to_a(avrule_decl_id,
+ &scope_datum->decl_ids_len,
+ &scope_datum->decl_ids) == -1) {
+ return -ENOMEM;
+ }
+
+ return retval;
+}
+
+int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b)
+{
+ type_set_init(dst);
+
+ if (ebitmap_or(&dst->types, &a->types, &b->types)) {
+ return -1;
+ }
+ if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
+ return -1;
+ }
+
+ dst->flags |= a->flags;
+ dst->flags |= b->flags;
+
+ return 0;
+}
+
+int type_set_cpy(type_set_t * dst, type_set_t * src)
+{
+ type_set_init(dst);
+
+ dst->flags = src->flags;
+ if (ebitmap_cpy(&dst->types, &src->types))
+ return -1;
+ if (ebitmap_cpy(&dst->negset, &src->negset))
+ return -1;
+
+ return 0;
+}
+
+int type_set_or_eq(type_set_t * dst, type_set_t * other)
+{
+ int ret;
+ type_set_t tmp;
+
+ if (type_set_or(&tmp, dst, other))
+ return -1;
+ type_set_destroy(dst);
+ ret = type_set_cpy(dst, &tmp);
+ type_set_destroy(&tmp);
+
+ return ret;
+}
+
+int role_set_get_role(role_set_t * x, uint32_t role)
+{
+ if (x->flags & ROLE_STAR)
+ return 1;
+
+ if (ebitmap_get_bit(&x->roles, role - 1)) {
+ if (x->flags & ROLE_COMP)
+ return 0;
+ else
+ return 1;
+ } else {
+ if (x->flags & ROLE_COMP)
+ return 1;
+ else
+ return 0;
+ }
+}
+
+/***********************************************************************/
+/* everything below is for policy reads */
+
+/* The following are read functions for module structures */
+
+static int role_set_read(role_set_t * r, struct policy_file *fp)
+{
+ uint32_t buf[1];
+ int rc;
+
+ if (ebitmap_read(&r->roles, fp))
+ return -1;
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ r->flags = le32_to_cpu(buf[0]);
+
+ return 0;
+}
+
+static int type_set_read(type_set_t * t, struct policy_file *fp)
+{
+ uint32_t buf[1];
+ int rc;
+
+ if (ebitmap_read(&t->types, fp))
+ return -1;
+ if (ebitmap_read(&t->negset, fp))
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ t->flags = le32_to_cpu(buf[0]);
+
+ return 0;
+}
+
+/*
+ * Read a MLS range structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
+{
+ uint32_t buf[2], items;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto out;
+
+ items = le32_to_cpu(buf[0]);
+ if (items > ARRAY_SIZE(buf)) {
+ ERR(fp->handle, "range overflow");
+ rc = -EINVAL;
+ goto out;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t) * items);
+ if (rc < 0) {
+ ERR(fp->handle, "truncated range");
+ goto out;
+ }
+ r->level[0].sens = le32_to_cpu(buf[0]);
+ if (items > 1)
+ r->level[1].sens = le32_to_cpu(buf[1]);
+ else
+ r->level[1].sens = r->level[0].sens;
+
+ rc = ebitmap_read(&r->level[0].cat, fp);
+ if (rc) {
+ ERR(fp->handle, "error reading low categories");
+ goto out;
+ }
+ if (items > 1) {
+ rc = ebitmap_read(&r->level[1].cat, fp);
+ if (rc) {
+ ERR(fp->handle, "error reading high categories");
+ goto bad_high;
+ }
+ } else {
+ rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
+ if (rc) {
+ ERR(fp->handle, "out of memory");
+ goto bad_high;
+ }
+ }
+
+ rc = 0;
+ out:
+ return rc;
+ bad_high:
+ ebitmap_destroy(&r->level[0].cat);
+ goto out;
+}
+
+/*
+ * Read a semantic MLS level structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
+ struct policy_file *fp)
+{
+ uint32_t buf[2], ncat;
+ unsigned int i;
+ mls_semantic_cat_t *cat;
+ int rc;
+
+ mls_semantic_level_init(l);
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0) {
+ ERR(fp->handle, "truncated level");
+ goto bad;
+ }
+ l->sens = le32_to_cpu(buf[0]);
+
+ ncat = le32_to_cpu(buf[1]);
+ for (i = 0; i < ncat; i++) {
+ cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!cat) {
+ ERR(fp->handle, "out of memory");
+ goto bad;
+ }
+
+ mls_semantic_cat_init(cat);
+ cat->next = l->cat;
+ l->cat = cat;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0) {
+ ERR(fp->handle, "error reading level categories");
+ goto bad;
+ }
+ cat->low = le32_to_cpu(buf[0]);
+ cat->high = le32_to_cpu(buf[1]);
+ }
+
+ return 0;
+
+ bad:
+ return -EINVAL;
+}
+
+/*
+ * Read a semantic MLS range structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
+ struct policy_file *fp)
+{
+ int rc;
+
+ rc = mls_read_semantic_level_helper(&r->level[0], fp);
+ if (rc)
+ return rc;
+
+ rc = mls_read_semantic_level_helper(&r->level[1], fp);
+
+ return rc;
+}
+
+static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
+{
+ unsigned int i;
+ ebitmap_node_t *cnode;
+ mls_semantic_cat_t *open_cat = NULL;
+
+ mls_semantic_level_init(sl);
+ sl->sens = l->sens;
+ ebitmap_for_each_bit(&l->cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ if (open_cat)
+ continue;
+ open_cat = (mls_semantic_cat_t *)
+ malloc(sizeof(mls_semantic_cat_t));
+ if (!open_cat)
+ return -1;
+
+ mls_semantic_cat_init(open_cat);
+ open_cat->low = i + 1;
+ open_cat->next = sl->cat;
+ sl->cat = open_cat;
+ } else {
+ if (!open_cat)
+ continue;
+ open_cat->high = i;
+ open_cat = NULL;
+ }
+ }
+ if (open_cat)
+ open_cat->high = i;
+
+ return 0;
+}
+
+static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
+{
+ if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
+ return -1;
+
+ if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
+ return -1;
+
+ return 0;
+}
+
+/*
+ * Read and validate a security context structure
+ * from a policydb binary representation file.
+ */
+static int context_read_and_validate(context_struct_t * c,
+ policydb_t * p, struct policy_file *fp)
+{
+ uint32_t buf[3];
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
+ if (rc < 0) {
+ ERR(fp->handle, "context truncated");
+ return -1;
+ }
+ c->user = le32_to_cpu(buf[0]);
+ c->role = le32_to_cpu(buf[1]);
+ c->type = le32_to_cpu(buf[2]);
+ if ((p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_MLS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
+ if (mls_read_range_helper(&c->range, fp)) {
+ ERR(fp->handle, "error reading MLS range "
+ "of context");
+ return -1;
+ }
+ }
+
+ if (!policydb_context_isvalid(p, c)) {
+ ERR(fp->handle, "invalid security context");
+ context_destroy(c);
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * The following *_read functions are used to
+ * read the symbol data from a policy database
+ * binary representation file.
+ */
+
+static int perm_read(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ perm_datum_t *perdatum;
+ uint32_t buf[2];
+ size_t len;
+ int rc;
+
+ perdatum = calloc(1, sizeof(perm_datum_t));
+ if (!perdatum)
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ perdatum->s.value = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, perdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ perm_destroy(key, perdatum, NULL);
+ return -1;
+}
+
+static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
+{
+ char *key = 0;
+ common_datum_t *comdatum;
+ uint32_t buf[4];
+ size_t len, nel;
+ unsigned int i;
+ int rc;
+
+ comdatum = calloc(1, sizeof(common_datum_t));
+ if (!comdatum)
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ comdatum->s.value = le32_to_cpu(buf[1]);
+
+ if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
+ goto bad;
+ comdatum->permissions.nprim = le32_to_cpu(buf[2]);
+ nel = le32_to_cpu(buf[3]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ for (i = 0; i < nel; i++) {
+ if (perm_read(p, comdatum->permissions.table, fp))
+ goto bad;
+ }
+
+ if (hashtab_insert(h, key, comdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ common_destroy(key, comdatum, NULL);
+ return -1;
+}
+
+static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
+ unsigned int ncons,
+ int allowxtarget, struct policy_file *fp)
+{
+ constraint_node_t *c, *lc;
+ constraint_expr_t *e, *le;
+ uint32_t buf[3];
+ size_t nexpr;
+ unsigned int i, j;
+ int rc, depth;
+
+ lc = NULL;
+ for (i = 0; i < ncons; i++) {
+ c = calloc(1, sizeof(constraint_node_t));
+ if (!c)
+ return -1;
+
+ if (lc)
+ lc->next = c;
+ else
+ *nodep = c;
+
+ rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
+ if (rc < 0)
+ return -1;
+ c->permissions = le32_to_cpu(buf[0]);
+ nexpr = le32_to_cpu(buf[1]);
+ le = NULL;
+ depth = -1;
+ for (j = 0; j < nexpr; j++) {
+ e = malloc(sizeof(constraint_expr_t));
+ if (!e)
+ return -1;
+ if (constraint_expr_init(e) == -1) {
+ free(e);
+ return -1;
+ }
+ if (le) {
+ le->next = e;
+ } else {
+ c->expr = e;
+ }
+
+ rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
+ if (rc < 0)
+ return -1;
+ e->expr_type = le32_to_cpu(buf[0]);
+ e->attr = le32_to_cpu(buf[1]);
+ e->op = le32_to_cpu(buf[2]);
+
+ switch (e->expr_type) {
+ case CEXPR_NOT:
+ if (depth < 0)
+ return -1;
+ break;
+ case CEXPR_AND:
+ case CEXPR_OR:
+ if (depth < 1)
+ return -1;
+ depth--;
+ break;
+ case CEXPR_ATTR:
+ if (depth == (CEXPR_MAXDEPTH - 1))
+ return -1;
+ depth++;
+ break;
+ case CEXPR_NAMES:
+ if (!allowxtarget && (e->attr & CEXPR_XTARGET))
+ return -1;
+ if (depth == (CEXPR_MAXDEPTH - 1))
+ return -1;
+ depth++;
+ if (ebitmap_read(&e->names, fp))
+ return -1;
+ if (p->policy_type != POLICY_KERN &&
+ type_set_read(e->type_names, fp))
+ return -1;
+ break;
+ default:
+ return -1;
+ }
+ le = e;
+ }
+ if (depth != 0)
+ return -1;
+ lc = c;
+ }
+
+ return 0;
+}
+
+static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
+{
+ char *key = 0;
+ class_datum_t *cladatum;
+ uint32_t buf[6];
+ size_t len, len2, ncons, nel;
+ unsigned int i;
+ int rc;
+
+ cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
+ if (!cladatum)
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ len2 = le32_to_cpu(buf[1]);
+ cladatum->s.value = le32_to_cpu(buf[2]);
+
+ if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
+ goto bad;
+ cladatum->permissions.nprim = le32_to_cpu(buf[3]);
+ nel = le32_to_cpu(buf[4]);
+
+ ncons = le32_to_cpu(buf[5]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (len2) {
+ cladatum->comkey = malloc(len2 + 1);
+ if (!cladatum->comkey)
+ goto bad;
+ rc = next_entry(cladatum->comkey, fp, len2);
+ if (rc < 0)
+ goto bad;
+ cladatum->comkey[len2] = 0;
+
+ cladatum->comdatum = hashtab_search(p->p_commons.table,
+ cladatum->comkey);
+ if (!cladatum->comdatum) {
+ ERR(fp->handle, "unknown common %s", cladatum->comkey);
+ goto bad;
+ }
+ }
+ for (i = 0; i < nel; i++) {
+ if (perm_read(p, cladatum->permissions.table, fp))
+ goto bad;
+ }
+
+ if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
+ goto bad;
+
+ if ((p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
+ /* grab the validatetrans rules */
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ ncons = le32_to_cpu(buf[0]);
+ if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
+ goto bad;
+ }
+
+ if (hashtab_insert(h, key, cladatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ class_destroy(key, cladatum, NULL);
+ return -1;
+}
+
+static int role_read(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ role_datum_t *role;
+ uint32_t buf[2];
+ size_t len;
+ int rc;
+
+ role = calloc(1, sizeof(role_datum_t));
+ if (!role)
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ role->s.value = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (ebitmap_read(&role->dominates, fp))
+ goto bad;
+
+ if (p->policy_type == POLICY_KERN) {
+ if (ebitmap_read(&role->types.types, fp))
+ goto bad;
+ } else {
+ if (type_set_read(&role->types, fp))
+ goto bad;
+ }
+
+ if (strcmp(key, OBJECT_R) == 0) {
+ if (role->s.value != OBJECT_R_VAL) {
+ ERR(fp->handle, "role %s has wrong value %d",
+ OBJECT_R, role->s.value);
+ role_destroy(key, role, NULL);
+ return -1;
+ }
+ role_destroy(key, role, NULL);
+ return 0;
+ }
+
+ if (hashtab_insert(h, key, role))
+ goto bad;
+
+ return 0;
+
+ bad:
+ role_destroy(key, role, NULL);
+ return -1;
+}
+
+static int type_read(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ type_datum_t *typdatum;
+ uint32_t buf[5];
+ size_t len;
+ int rc, to_read;
+
+ typdatum = calloc(1, sizeof(type_datum_t));
+ if (!typdatum)
+ return -1;
+
+ if (p->policy_type == POLICY_KERN)
+ to_read = 3;
+ else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ to_read = 5;
+ else
+ to_read = 4;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ typdatum->s.value = le32_to_cpu(buf[1]);
+ typdatum->primary = le32_to_cpu(buf[2]);
+ if (p->policy_type != POLICY_KERN) {
+ typdatum->flavor = le32_to_cpu(buf[3]);
+ if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ typdatum->flags = le32_to_cpu(buf[4]);
+ if (ebitmap_read(&typdatum->types, fp))
+ goto bad;
+ }
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, typdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ type_destroy(key, typdatum, NULL);
+ return -1;
+}
+
+int role_trans_read(role_trans_t ** t, struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[3], nel;
+ role_trans_t *tr, *ltr;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ ltr = NULL;
+ for (i = 0; i < nel; i++) {
+ tr = calloc(1, sizeof(struct role_trans));
+ if (!tr) {
+ return -1;
+ }
+ if (ltr) {
+ ltr->next = tr;
+ } else {
+ *t = tr;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
+ if (rc < 0)
+ return -1;
+ tr->role = le32_to_cpu(buf[0]);
+ tr->type = le32_to_cpu(buf[1]);
+ tr->new_role = le32_to_cpu(buf[2]);
+ ltr = tr;
+ }
+ return 0;
+}
+
+int role_allow_read(role_allow_t ** r, struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[2], nel;
+ role_allow_t *ra, *lra;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ lra = NULL;
+ for (i = 0; i < nel; i++) {
+ ra = calloc(1, sizeof(struct role_allow));
+ if (!ra) {
+ return -1;
+ }
+ if (lra) {
+ lra->next = ra;
+ } else {
+ *r = ra;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return -1;
+ ra->role = le32_to_cpu(buf[0]);
+ ra->new_role = le32_to_cpu(buf[1]);
+ lra = ra;
+ }
+ return 0;
+}
+
+static int ocontext_read(struct policydb_compat_info *info,
+ policydb_t * p, struct policy_file *fp)
+{
+ unsigned int i, j;
+ size_t nel, len;
+ ocontext_t *l, *c;
+ uint32_t buf[8];
+ int rc;
+
+ for (i = 0; i < info->ocon_num; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ l = NULL;
+ for (j = 0; j < nel; j++) {
+ c = calloc(1, sizeof(ocontext_t));
+ if (!c) {
+ return -1;
+ }
+ if (l) {
+ l->next = c;
+ } else {
+ p->ocontexts[i] = c;
+ }
+ l = c;
+ switch (i) {
+ case OCON_ISID:
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ c->sid[0] = le32_to_cpu(buf[0]);
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ break;
+ case OCON_FS:
+ case OCON_NETIF:
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ len = le32_to_cpu(buf[0]);
+ c->u.name = malloc(len + 1);
+ if (!c->u.name)
+ return -1;
+ rc = next_entry(c->u.name, fp, len);
+ if (rc < 0)
+ return -1;
+ c->u.name[len] = 0;
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ if (context_read_and_validate
+ (&c->context[1], p, fp))
+ return -1;
+ break;
+ case OCON_PORT:
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
+ if (rc < 0)
+ return -1;
+ c->u.port.protocol = le32_to_cpu(buf[0]);
+ c->u.port.low_port = le32_to_cpu(buf[1]);
+ c->u.port.high_port = le32_to_cpu(buf[2]);
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ break;
+ case OCON_NODE:
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return -1;
+ c->u.node.addr = buf[0]; /* network order */
+ c->u.node.mask = buf[1]; /* network order */
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ break;
+ case OCON_FSUSE:
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return -1;
+ c->v.behavior = le32_to_cpu(buf[0]);
+ len = le32_to_cpu(buf[1]);
+ c->u.name = malloc(len + 1);
+ if (!c->u.name)
+ return -1;
+ rc = next_entry(c->u.name, fp, len);
+ if (rc < 0)
+ return -1;
+ c->u.name[len] = 0;
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ break;
+ case OCON_NODE6:{
+ int k;
+
+ rc = next_entry(buf, fp,
+ sizeof(uint32_t) * 8);
+ if (rc < 0)
+ return -1;
+ for (k = 0; k < 4; k++)
+ c->u.node6.addr[k] = buf[k]; /* network order */
+ for (k = 0; k < 4; k++)
+ c->u.node6.mask[k] = buf[k + 4]; /* network order */
+ if (context_read_and_validate
+ (&c->context[0], p, fp))
+ return -1;
+ break;
+ }
+ default:{
+ assert(0); /* should never get here */
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+static int genfs_read(policydb_t * p, struct policy_file *fp)
+{
+ uint32_t buf[1];
+ size_t nel, nel2, len, len2;
+ genfs_t *genfs_p, *newgenfs, *genfs;
+ unsigned int i, j;
+ ocontext_t *l, *c, *newc = NULL;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ nel = le32_to_cpu(buf[0]);
+ genfs_p = NULL;
+ for (i = 0; i < nel; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ len = le32_to_cpu(buf[0]);
+ newgenfs = calloc(1, sizeof(genfs_t));
+ if (!newgenfs)
+ goto bad;
+ newgenfs->fstype = malloc(len + 1);
+ if (!newgenfs->fstype) {
+ free(newgenfs);
+ goto bad;
+ }
+ rc = next_entry(newgenfs->fstype, fp, len);
+ if (rc < 0) {
+ free(newgenfs->fstype);
+ free(newgenfs);
+ goto bad;
+ }
+ newgenfs->fstype[len] = 0;
+ for (genfs_p = NULL, genfs = p->genfs; genfs;
+ genfs_p = genfs, genfs = genfs->next) {
+ if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
+ ERR(fp->handle, "dup genfs fstype %s",
+ newgenfs->fstype);
+ free(newgenfs->fstype);
+ free(newgenfs);
+ goto bad;
+ }
+ if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
+ break;
+ }
+ newgenfs->next = genfs;
+ if (genfs_p)
+ genfs_p->next = newgenfs;
+ else
+ p->genfs = newgenfs;
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ nel2 = le32_to_cpu(buf[0]);
+ for (j = 0; j < nel2; j++) {
+ newc = calloc(1, sizeof(ocontext_t));
+ if (!newc) {
+ goto bad;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ len = le32_to_cpu(buf[0]);
+ newc->u.name = malloc(len + 1);
+ if (!newc->u.name) {
+ goto bad;
+ }
+ rc = next_entry(newc->u.name, fp, len);
+ if (rc < 0)
+ goto bad;
+ newc->u.name[len] = 0;
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ newc->v.sclass = le32_to_cpu(buf[0]);
+ if (context_read_and_validate(&newc->context[0], p, fp))
+ goto bad;
+ for (l = NULL, c = newgenfs->head; c;
+ l = c, c = c->next) {
+ if (!strcmp(newc->u.name, c->u.name) &&
+ (!c->v.sclass || !newc->v.sclass ||
+ newc->v.sclass == c->v.sclass)) {
+ ERR(fp->handle, "dup genfs entry "
+ "(%s,%s)", newgenfs->fstype,
+ c->u.name);
+ goto bad;
+ }
+ len = strlen(newc->u.name);
+ len2 = strlen(c->u.name);
+ if (len > len2)
+ break;
+ }
+ newc->next = c;
+ if (l)
+ l->next = newc;
+ else
+ newgenfs->head = newc;
+ }
+ }
+
+ return 0;
+
+ bad:
+ if (newc) {
+ context_destroy(&newc->context[0]);
+ context_destroy(&newc->context[1]);
+ free(newc->u.name);
+ free(newc);
+ }
+ return -1;
+}
+
+/*
+ * Read a MLS level structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
+{
+ uint32_t buf[1];
+ int rc;
+
+ mls_level_init(lp);
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ ERR(fp->handle, "truncated level");
+ goto bad;
+ }
+ lp->sens = le32_to_cpu(buf[0]);
+
+ if (ebitmap_read(&lp->cat, fp)) {
+ ERR(fp->handle, "error reading level categories");
+ goto bad;
+ }
+ return 0;
+
+ bad:
+ return -EINVAL;
+}
+
+static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
+{
+ char *key = 0;
+ user_datum_t *usrdatum;
+ uint32_t buf[2];
+ size_t len;
+ int rc;
+
+ usrdatum = calloc(1, sizeof(user_datum_t));
+ if (!usrdatum)
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ usrdatum->s.value = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (p->policy_type == POLICY_KERN) {
+ if (ebitmap_read(&usrdatum->roles.roles, fp))
+ goto bad;
+ } else {
+ if (role_set_read(&usrdatum->roles, fp))
+ goto bad;
+ }
+
+ /* users were not allowed in mls modules before version
+ * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
+ * required - the mls fields will be empty. user declarations in
+ * non-mls modules will also have empty mls fields */
+ if ((p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_MLS)
+ || (p->policy_type == POLICY_MOD
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
+ if (mls_read_range_helper(&usrdatum->exp_range, fp))
+ goto bad;
+ if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
+ goto bad;
+ if (p->policy_type != POLICY_KERN) {
+ if (mls_range_to_semantic(&usrdatum->exp_range,
+ &usrdatum->range))
+ goto bad;
+ if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
+ &usrdatum->dfltlevel))
+ goto bad;
+ }
+ } else if ((p->policy_type == POLICY_MOD
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
+ if (mls_read_semantic_range_helper(&usrdatum->range, fp))
+ goto bad;
+ if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
+ goto bad;
+ }
+
+ if (hashtab_insert(h, key, usrdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ user_destroy(key, usrdatum, NULL);
+ return -1;
+}
+
+static int sens_read(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ level_datum_t *levdatum;
+ uint32_t buf[2], len;
+ int rc;
+
+ levdatum = malloc(sizeof(level_datum_t));
+ if (!levdatum)
+ return -1;
+ level_datum_init(levdatum);
+
+ rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ levdatum->isalias = le32_to_cpu(buf[1]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ levdatum->level = malloc(sizeof(mls_level_t));
+ if (!levdatum->level || mls_read_level(levdatum->level, fp))
+ goto bad;
+
+ if (hashtab_insert(h, key, levdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ sens_destroy(key, levdatum, NULL);
+ return -1;
+}
+
+static int cat_read(policydb_t * p
+ __attribute__ ((unused)), hashtab_t h,
+ struct policy_file *fp)
+{
+ char *key = 0;
+ cat_datum_t *catdatum;
+ uint32_t buf[3], len;
+ int rc;
+
+ catdatum = malloc(sizeof(cat_datum_t));
+ if (!catdatum)
+ return -1;
+ cat_datum_init(catdatum);
+
+ rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
+ if (rc < 0)
+ goto bad;
+
+ len = le32_to_cpu(buf[0]);
+ catdatum->s.value = le32_to_cpu(buf[1]);
+ catdatum->isalias = le32_to_cpu(buf[2]);
+
+ key = malloc(len + 1);
+ if (!key)
+ goto bad;
+ rc = next_entry(key, fp, len);
+ if (rc < 0)
+ goto bad;
+ key[len] = 0;
+
+ if (hashtab_insert(h, key, catdatum))
+ goto bad;
+
+ return 0;
+
+ bad:
+ cat_destroy(key, catdatum, NULL);
+ return -1;
+}
+
+static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
+ struct policy_file * fp) = {
+common_read, class_read, role_read, type_read, user_read,
+ cond_read_bool, sens_read, cat_read,};
+
+/************** module reading functions below **************/
+
+static avrule_t *avrule_read(policydb_t * p
+ __attribute__ ((unused)), struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[2], len;
+ class_perm_node_t *cur, *tail = NULL;
+ avrule_t *avrule;
+ int rc;
+
+ avrule = (avrule_t *) malloc(sizeof(avrule_t));
+ if (!avrule)
+ return NULL;
+
+ avrule_init(avrule);
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto bad;
+
+ (avrule)->specified = le32_to_cpu(buf[0]);
+ (avrule)->flags = le32_to_cpu(buf[1]);
+
+ if (type_set_read(&avrule->stypes, fp))
+ goto bad;
+
+ if (type_set_read(&avrule->ttypes, fp))
+ goto bad;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto bad;
+ len = le32_to_cpu(buf[0]);
+
+ for (i = 0; i < len; i++) {
+ cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
+ if (!cur)
+ goto bad;
+ class_perm_node_init(cur);
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0) {
+ free(cur);
+ goto bad;
+ }
+
+ cur->class = le32_to_cpu(buf[0]);
+ cur->data = le32_to_cpu(buf[1]);
+
+ if (!tail) {
+ avrule->perms = cur;
+ } else {
+ tail->next = cur;
+ }
+ tail = cur;
+ }
+
+ return avrule;
+ bad:
+ if (avrule) {
+ avrule_destroy(avrule);
+ free(avrule);
+ }
+ return NULL;
+}
+
+static int range_read(policydb_t * p, struct policy_file *fp)
+{
+ uint32_t buf[2], nel;
+ range_trans_t *rt, *lrt;
+ range_trans_rule_t *rtr, *lrtr = NULL;
+ unsigned int i;
+ int new_rangetr = (p->policy_type == POLICY_KERN &&
+ p->policyvers >= POLICYDB_VERSION_RANGETRANS);
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ lrt = NULL;
+ for (i = 0; i < nel; i++) {
+ rt = calloc(1, sizeof(range_trans_t));
+ if (!rt)
+ return -1;
+ if (lrt)
+ lrt->next = rt;
+ else
+ p->range_tr = rt;
+ rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
+ if (rc < 0)
+ return -1;
+ rt->source_type = le32_to_cpu(buf[0]);
+ rt->target_type = le32_to_cpu(buf[1]);
+ if (new_rangetr) {
+ rc = next_entry(buf, fp, (sizeof(uint32_t)));
+ if (rc < 0)
+ return -1;
+ rt->target_class = le32_to_cpu(buf[0]);
+ } else
+ rt->target_class = SECCLASS_PROCESS;
+ if (mls_read_range_helper(&rt->target_range, fp))
+ return -1;
+ lrt = rt;
+ }
+
+ /* if this is a kernel policy, we are done - otherwise we need to
+ * convert these structs to range_trans_rule_ts */
+ if (p->policy_type == POLICY_KERN)
+ return 0;
+
+ /* create range_trans_rules_ts that correspond to the range_trans_ts
+ * that were just read in from an older policy */
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ rtr = malloc(sizeof(range_trans_rule_t));
+ if (!rtr) {
+ return -1;
+ }
+ range_trans_rule_init(rtr);
+
+ if (lrtr)
+ lrtr->next = rtr;
+ else
+ p->global->enabled->range_tr_rules = rtr;
+
+ if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
+ return -1;
+
+ if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
+ return -1;
+
+ if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
+ return -1;
+
+ if (mls_range_to_semantic(&rt->target_range, &rtr->trange))
+ return -1;
+
+ lrtr = rtr;
+ }
+
+ /* now destroy the range_trans_ts */
+ lrt = NULL;
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+ lrt = rt;
+ }
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+ p->range_tr = NULL;
+
+ return 0;
+}
+
+int avrule_read_list(policydb_t * p, avrule_t ** avrules,
+ struct policy_file *fp)
+{
+ unsigned int i;
+ avrule_t *cur, *tail;
+ uint32_t buf[1], len;
+ int rc;
+
+ *avrules = tail = NULL;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ return -1;
+ }
+ len = le32_to_cpu(buf[0]);
+
+ for (i = 0; i < len; i++) {
+ cur = avrule_read(p, fp);
+ if (!cur) {
+ return -1;
+ }
+
+ if (!tail) {
+ *avrules = cur;
+ } else {
+ tail->next = cur;
+ }
+ tail = cur;
+ }
+
+ return 0;
+}
+
+static int role_trans_rule_read(role_trans_rule_t ** r, struct policy_file *fp)
+{
+ uint32_t buf[1], nel;
+ unsigned int i;
+ role_trans_rule_t *tr, *ltr;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ ltr = NULL;
+ for (i = 0; i < nel; i++) {
+ tr = malloc(sizeof(role_trans_rule_t));
+ if (!tr) {
+ return -1;
+ }
+ role_trans_rule_init(tr);
+
+ if (ltr) {
+ ltr->next = tr;
+ } else {
+ *r = tr;
+ }
+
+ if (role_set_read(&tr->roles, fp))
+ return -1;
+
+ if (type_set_read(&tr->types, fp))
+ return -1;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ tr->new_role = le32_to_cpu(buf[0]);
+ ltr = tr;
+ }
+
+ return 0;
+}
+
+static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[1], nel;
+ role_allow_rule_t *ra, *lra;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ lra = NULL;
+ for (i = 0; i < nel; i++) {
+ ra = malloc(sizeof(role_allow_rule_t));
+ if (!ra) {
+ return -1;
+ }
+ role_allow_rule_init(ra);
+
+ if (lra) {
+ lra->next = ra;
+ } else {
+ *r = ra;
+ }
+
+ if (role_set_read(&ra->roles, fp))
+ return -1;
+
+ if (role_set_read(&ra->new_roles, fp))
+ return -1;
+
+ lra = ra;
+ }
+ return 0;
+}
+
+static int range_trans_rule_read(range_trans_rule_t ** r,
+ struct policy_file *fp)
+{
+ uint32_t buf[1], nel;
+ unsigned int i;
+ range_trans_rule_t *rt, *lrt = NULL;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ for (i = 0; i < nel; i++) {
+ rt = malloc(sizeof(range_trans_rule_t));
+ if (!rt) {
+ return -1;
+ }
+ range_trans_rule_init(rt);
+
+ if (lrt)
+ lrt->next = rt;
+ else
+ *r = rt;
+
+ if (type_set_read(&rt->stypes, fp))
+ return -1;
+
+ if (type_set_read(&rt->ttypes, fp))
+ return -1;
+
+ if (ebitmap_read(&rt->tclasses, fp))
+ return -1;
+
+ if (mls_read_semantic_range_helper(&rt->trange, fp))
+ return -1;
+
+ lrt = rt;
+ }
+
+ return 0;
+}
+
+static int scope_index_read(scope_index_t * scope_index,
+ unsigned int num_scope_syms, struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[1];
+ int rc;
+
+ for (i = 0; i < num_scope_syms; i++) {
+ if (ebitmap_read(scope_index->scope + i, fp) == -1) {
+ return -1;
+ }
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ scope_index->class_perms_len = le32_to_cpu(buf[0]);
+ if (scope_index->class_perms_len == 0) {
+ scope_index->class_perms_map = NULL;
+ return 0;
+ }
+ if ((scope_index->class_perms_map =
+ calloc(scope_index->class_perms_len,
+ sizeof(*scope_index->class_perms_map))) == NULL) {
+ return -1;
+ }
+ for (i = 0; i < scope_index->class_perms_len; i++) {
+ if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
+ unsigned int num_scope_syms, struct policy_file *fp)
+{
+ uint32_t buf[2], nprim, nel;
+ unsigned int i, j;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return -1;
+ decl->decl_id = le32_to_cpu(buf[0]);
+ decl->enabled = le32_to_cpu(buf[1]);
+ if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
+ avrule_read_list(p, &decl->avrules, fp) == -1 ||
+ role_trans_rule_read(&decl->role_tr_rules, fp) == -1 ||
+ role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
+ return -1;
+ }
+ if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
+ range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
+ return -1;
+ }
+ if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
+ scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
+ return -1;
+ }
+
+ for (i = 0; i < num_scope_syms; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return -1;
+ nprim = le32_to_cpu(buf[0]);
+ nel = le32_to_cpu(buf[1]);
+ for (j = 0; j < nel; j++) {
+ if (read_f[i] (p, decl->symtab[i].table, fp)) {
+ return -1;
+ }
+ }
+ decl->symtab[i].nprim = nprim;
+ }
+ return 0;
+}
+
+static int avrule_block_read(policydb_t * p,
+ avrule_block_t ** block,
+ unsigned int num_scope_syms,
+ struct policy_file *fp)
+{
+ avrule_block_t *last_block = NULL, *curblock;
+ uint32_t buf[1], num_blocks, nel;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ return -1;
+ num_blocks = le32_to_cpu(buf[0]);
+ nel = num_blocks;
+ while (num_blocks > 0) {
+ avrule_decl_t *last_decl = NULL, *curdecl;
+ uint32_t num_decls;
+ if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
+ return -1;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0) {
+ free(curblock);
+ return -1;
+ }
+ /* if this is the first block its non-optional, else its optional */
+ if (num_blocks != nel)
+ curblock->flags |= AVRULE_OPTIONAL;
+
+ num_decls = le32_to_cpu(buf[0]);
+ while (num_decls > 0) {
+ if ((curdecl = avrule_decl_create(0)) == NULL) {
+ avrule_block_destroy(curblock);
+ return -1;
+ }
+ if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
+ -1) {
+ avrule_decl_destroy(curdecl);
+ avrule_block_destroy(curblock);
+ return -1;
+ }
+ if (curdecl->enabled) {
+ if (curblock->enabled != NULL) {
+ /* probably a corrupt file */
+ avrule_decl_destroy(curdecl);
+ avrule_block_destroy(curblock);
+ return -1;
+ }
+ curblock->enabled = curdecl;
+ }
+ /* one must be careful to reconstruct the
+ * decl chain in its correct order */
+ if (curblock->branch_list == NULL) {
+ curblock->branch_list = curdecl;
+ } else {
+ last_decl->next = curdecl;
+ }
+ last_decl = curdecl;
+ num_decls--;
+ }
+
+ if (*block == NULL) {
+ *block = curblock;
+ } else {
+ last_block->next = curblock;
+ }
+ last_block = curblock;
+
+ num_blocks--;
+ }
+
+ return 0;
+}
+
+static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
+{
+ scope_datum_t *scope = NULL;
+ uint32_t buf[2];
+ char *key = NULL;
+ size_t key_len;
+ unsigned int i;
+ hashtab_t h = p->scope[symnum].table;
+ int rc;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t));
+ if (rc < 0)
+ goto cleanup;
+ key_len = le32_to_cpu(buf[0]);
+ key = malloc(key_len + 1);
+ if (!key)
+ goto cleanup;
+ rc = next_entry(key, fp, key_len);
+ if (rc < 0)
+ goto cleanup;
+ key[key_len] = '\0';
+
+ /* ensure that there already exists a symbol with this key */
+ if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
+ goto cleanup;
+ }
+
+ if ((scope = calloc(1, sizeof(*scope))) == NULL) {
+ goto cleanup;
+ }
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto cleanup;
+ scope->scope = le32_to_cpu(buf[0]);
+ scope->decl_ids_len = le32_to_cpu(buf[1]);
+ assert(scope->decl_ids_len > 0);
+ if ((scope->decl_ids =
+ malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
+ goto cleanup;
+ }
+ rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
+ if (rc < 0)
+ goto cleanup;
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
+ }
+
+ if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
+ /* object_r was already added to this table in roles_init() */
+ scope_destroy(key, scope, NULL);
+ } else {
+ if (hashtab_insert(h, key, scope)) {
+ goto cleanup;
+ }
+ }
+
+ return 0;
+
+ cleanup:
+ scope_destroy(key, scope, NULL);
+ return -1;
+}
+
+/*
+ * Read the configuration data from a policy database binary
+ * representation file into a policy database structure.
+ */
+int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
+{
+
+ unsigned int i, j, r_policyvers;
+ uint32_t buf[5], config;
+ size_t len, nprim, nel;
+ char *policydb_str, *target_str = NULL, *alt_target_str = NULL;
+ struct policydb_compat_info *info;
+ unsigned int policy_type, bufindex;
+ ebitmap_node_t *tnode;
+ int rc;
+
+ config = 0;
+
+ /* Read the magic number and string length. */
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ return POLICYDB_ERROR;
+ for (i = 0; i < 2; i++)
+ buf[i] = le32_to_cpu(buf[i]);
+
+ if (buf[0] == POLICYDB_MAGIC) {
+ policy_type = POLICY_KERN;
+ target_str = POLICYDB_STRING;
+ alt_target_str = POLICYDB_ALT_STRING;
+ } else if (buf[0] == POLICYDB_MOD_MAGIC) {
+ policy_type = POLICY_MOD;
+ target_str = POLICYDB_MOD_STRING;
+ } else {
+ ERR(fp->handle, "policydb magic number %#08x does not "
+ "match expected magic number %#08x or %#08x",
+ buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
+ return POLICYDB_ERROR;
+ }
+
+ len = buf[1];
+ if (len != strlen(target_str) &&
+ (!alt_target_str || len != strlen(alt_target_str))) {
+ ERR(fp->handle, "policydb string length %zu does not match "
+ "expected length %zu", len, strlen(target_str));
+ return POLICYDB_ERROR;
+ }
+
+ policydb_str = malloc(len + 1);
+ if (!policydb_str) {
+ ERR(fp->handle, "unable to allocate memory for policydb "
+ "string of length %zu", len);
+ return POLICYDB_ERROR;
+ }
+ rc = next_entry(policydb_str, fp, len);
+ if (rc < 0) {
+ ERR(fp->handle, "truncated policydb string identifier");
+ free(policydb_str);
+ return POLICYDB_ERROR;
+ }
+ policydb_str[len] = 0;
+ if (strcmp(policydb_str, target_str) &&
+ (!alt_target_str || strcmp(policydb_str, alt_target_str))) {
+ ERR(fp->handle, "policydb string %s does not match "
+ "my string %s", policydb_str, target_str);
+ free(policydb_str);
+ return POLICYDB_ERROR;
+ }
+ /* Done with policydb_str. */
+ free(policydb_str);
+ policydb_str = NULL;
+
+ /* Read the version, config, and table sizes (and policy type if it's a module). */
+ if (policy_type == POLICY_KERN)
+ nel = 4;
+ else
+ nel = 5;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
+ if (rc < 0)
+ return POLICYDB_ERROR;
+ for (i = 0; i < nel; i++)
+ buf[i] = le32_to_cpu(buf[i]);
+
+ bufindex = 0;
+
+ if (policy_type == POLICY_MOD) {
+ /* We know it's a module but not whether it's a base
+ module or regular binary policy module. buf[0]
+ tells us which. */
+ policy_type = buf[bufindex];
+ if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
+ ERR(fp->handle, "unknown module type: %#08x",
+ policy_type);
+ return POLICYDB_ERROR;
+ }
+ bufindex++;
+ }
+
+ r_policyvers = buf[bufindex];
+ if (policy_type == POLICY_KERN) {
+ if (r_policyvers < POLICYDB_VERSION_MIN ||
+ r_policyvers > POLICYDB_VERSION_MAX) {
+ ERR(fp->handle, "policydb version %d does not match "
+ "my version range %d-%d", buf[bufindex],
+ POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
+ return POLICYDB_ERROR;
+ }
+ } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
+ if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
+ r_policyvers > MOD_POLICYDB_VERSION_MAX) {
+ ERR(fp->handle, "policydb module version %d does "
+ "not match my version range %d-%d",
+ buf[bufindex], MOD_POLICYDB_VERSION_MIN,
+ MOD_POLICYDB_VERSION_MAX);
+ return POLICYDB_ERROR;
+ }
+ } else {
+ assert(0);
+ }
+ bufindex++;
+
+ /* Set the policy type and version from the read values. */
+ p->policy_type = policy_type;
+ p->policyvers = r_policyvers;
+
+ if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
+ p->mls = 1;
+ } else {
+ p->mls = 0;
+ }
+
+ p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
+
+ bufindex++;
+
+ info = policydb_lookup_compat(r_policyvers, policy_type);
+ if (!info) {
+ ERR(fp->handle, "unable to find policy compat info "
+ "for version %d", r_policyvers);
+ goto bad;
+ }
+
+ if (buf[bufindex] != info->sym_num
+ || buf[bufindex + 1] != info->ocon_num) {
+ ERR(fp->handle,
+ "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
+ buf[bufindex], buf[bufindex + 1], info->sym_num,
+ info->ocon_num);
+ goto bad;
+ }
+
+ if (p->policy_type == POLICY_MOD) {
+ /* Get the module name and version */
+ if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
+ goto bad;
+ }
+ len = le32_to_cpu(buf[0]);
+ if ((p->name = malloc(len + 1)) == NULL) {
+ goto bad;
+ }
+ if ((rc = next_entry(p->name, fp, len)) < 0) {
+ goto bad;
+ }
+ p->name[len] = '\0';
+ if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
+ goto bad;
+ }
+ len = le32_to_cpu(buf[0]);
+ if ((p->version = malloc(len + 1)) == NULL) {
+ goto bad;
+ }
+ if ((rc = next_entry(p->version, fp, len)) < 0) {
+ goto bad;
+ }
+ p->version[len] = '\0';
+ }
+
+ if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_KERN) ||
+ (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_BASE) ||
+ (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_MOD)) {
+ if (ebitmap_read(&p->policycaps, fp))
+ goto bad;
+ }
+
+ if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ if (ebitmap_read(&p->permissive_map, fp))
+ goto bad;
+ }
+
+ for (i = 0; i < info->sym_num; i++) {
+ rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
+ if (rc < 0)
+ goto bad;
+ nprim = le32_to_cpu(buf[0]);
+ nel = le32_to_cpu(buf[1]);
+ for (j = 0; j < nel; j++) {
+ if (read_f[i] (p, p->symtab[i].table, fp))
+ goto bad;
+ }
+
+ p->symtab[i].nprim = nprim;
+ }
+
+ if (policy_type == POLICY_KERN) {
+ if (avtab_read(&p->te_avtab, fp, r_policyvers))
+ goto bad;
+ if (r_policyvers >= POLICYDB_VERSION_BOOL)
+ if (cond_read_list(p, &p->cond_list, fp))
+ goto bad;
+ if (role_trans_read(&p->role_tr, fp))
+ goto bad;
+ if (role_allow_read(&p->role_allow, fp))
+ goto bad;
+ } else {
+ /* first read the AV rule blocks, then the scope tables */
+ avrule_block_destroy(p->global);
+ p->global = NULL;
+ if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
+ goto bad;
+ }
+ for (i = 0; i < info->sym_num; i++) {
+ if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
+ goto bad;
+ }
+ nel = le32_to_cpu(buf[0]);
+ for (j = 0; j < nel; j++) {
+ if (scope_read(p, i, fp))
+ goto bad;
+ }
+ }
+
+ }
+
+ if (policydb_index_decls(p))
+ goto bad;
+
+ if (policydb_index_classes(p))
+ goto bad;
+
+ if (policydb_index_others(fp->handle, p, verbose))
+ goto bad;
+
+ if (ocontext_read(info, p, fp) == -1) {
+ goto bad;
+ }
+
+ if (genfs_read(p, fp) == -1) {
+ goto bad;
+ }
+
+ if ((p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_MLS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
+ if (range_read(p, fp)) {
+ goto bad;
+ }
+ }
+
+ if (policy_type == POLICY_KERN) {
+ p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
+ p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
+ if (!p->type_attr_map || !p->attr_type_map)
+ goto bad;
+ for (i = 0; i < p->p_types.nprim; i++) {
+ ebitmap_init(&p->type_attr_map[i]);
+ ebitmap_init(&p->attr_type_map[i]);
+ }
+ for (i = 0; i < p->p_types.nprim; i++) {
+ if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
+ if (ebitmap_read(&p->type_attr_map[i], fp))
+ goto bad;
+ ebitmap_for_each_bit(&p->type_attr_map[i],
+ tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j)
+ || i == j)
+ continue;
+ if (ebitmap_set_bit
+ (&p->attr_type_map[j], i, 1))
+ goto bad;
+ }
+ }
+ /* add the type itself as the degenerate case */
+ if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
+ goto bad;
+ }
+ }
+
+ return POLICYDB_SUCCESS;
+ bad:
+ return POLICYDB_ERROR;
+}
+
+int policydb_reindex_users(policydb_t * p)
+{
+ unsigned int i = SYM_USERS;
+
+ if (p->user_val_to_struct)
+ free(p->user_val_to_struct);
+ if (p->sym_val_to_name[i])
+ free(p->sym_val_to_name[i]);
+
+ p->user_val_to_struct = (user_datum_t **)
+ malloc(p->p_users.nprim * sizeof(user_datum_t *));
+ if (!p->user_val_to_struct)
+ return -1;
+
+ p->sym_val_to_name[i] = (char **)
+ malloc(p->symtab[i].nprim * sizeof(char *));
+ if (!p->sym_val_to_name[i])
+ return -1;
+
+ if (hashtab_map(p->symtab[i].table, index_f[i], p))
+ return -1;
+
+ /* Expand user roles for context validity checking */
+ if (hashtab_map(p->p_users.table, policydb_user_cache, p))
+ return -1;
+
+ return 0;
+}
+
+void policy_file_init(policy_file_t *pf)
+{
+ memset(pf, 0, sizeof(policy_file_t));
+}
diff --git a/libsepol/src/policydb_convert.c b/libsepol/src/policydb_convert.c
new file mode 100644
index 0000000..32832bb
--- /dev/null
+++ b/libsepol/src/policydb_convert.c
@@ -0,0 +1,100 @@
+#include <stdlib.h>
+
+#include "private.h"
+#include "debug.h"
+
+#include <sepol/policydb/policydb.h>
+
+/* Construct a policydb from the supplied (data, len) pair */
+
+int policydb_from_image(sepol_handle_t * handle,
+ void *data, size_t len, policydb_t * policydb)
+{
+
+ policy_file_t pf;
+
+ policy_file_init(&pf);
+ pf.type = PF_USE_MEMORY;
+ pf.data = data;
+ pf.len = len;
+ pf.handle = handle;
+
+ if (policydb_read(policydb, &pf, 0)) {
+ ERR(handle, "policy image is invalid");
+ errno = EINVAL;
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/* Write a policydb to a memory region, and return the (data, len) pair. */
+
+int policydb_to_image(sepol_handle_t * handle,
+ policydb_t * policydb, void **newdata, size_t * newlen)
+{
+
+ void *tmp_data = NULL;
+ size_t tmp_len;
+ policy_file_t pf;
+ struct policydb tmp_policydb;
+
+ /* Compute the length for the new policy image. */
+ policy_file_init(&pf);
+ pf.type = PF_LEN;
+ pf.handle = handle;
+ if (policydb_write(policydb, &pf)) {
+ ERR(handle, "could not compute policy length");
+ errno = EINVAL;
+ goto err;
+ }
+
+ /* Allocate the new policy image. */
+ pf.type = PF_USE_MEMORY;
+ pf.data = malloc(pf.len);
+ if (!pf.data) {
+ ERR(handle, "out of memory");
+ goto err;
+ }
+
+ /* Need to save len and data prior to modification by policydb_write. */
+ tmp_len = pf.len;
+ tmp_data = pf.data;
+
+ /* Write out the new policy image. */
+ if (policydb_write(policydb, &pf)) {
+ ERR(handle, "could not write policy");
+ errno = EINVAL;
+ goto err;
+ }
+
+ /* Verify the new policy image. */
+ pf.type = PF_USE_MEMORY;
+ pf.data = tmp_data;
+ pf.len = tmp_len;
+ if (policydb_init(&tmp_policydb)) {
+ ERR(handle, "Out of memory");
+ errno = ENOMEM;
+ goto err;
+ }
+ if (policydb_read(&tmp_policydb, &pf, 0)) {
+ ERR(handle, "new policy image is invalid");
+ errno = EINVAL;
+ goto err;
+ }
+ policydb_destroy(&tmp_policydb);
+
+ /* Update (newdata, newlen) */
+ *newdata = tmp_data;
+ *newlen = tmp_len;
+
+ /* Recover */
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not create policy image");
+
+ /* Recover */
+ free(tmp_data);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h
new file mode 100644
index 0000000..1eb99e5
--- /dev/null
+++ b/libsepol/src/policydb_internal.h
@@ -0,0 +1,9 @@
+#ifndef _SEPOL_POLICYDB_INTERNAL_H_
+#define _SEPOL_POLICYDB_INTERNAL_H_
+
+#include <sepol/policydb.h>
+#include "dso.h"
+
+hidden_proto(sepol_policydb_create)
+ hidden_proto(sepol_policydb_free)
+#endif
diff --git a/libsepol/src/policydb_public.c b/libsepol/src/policydb_public.c
new file mode 100644
index 0000000..f6ae793
--- /dev/null
+++ b/libsepol/src/policydb_public.c
@@ -0,0 +1,193 @@
+#include <stdlib.h>
+
+#include "debug.h"
+#include <sepol/policydb/policydb.h>
+#include "policydb_internal.h"
+
+/* Policy file interfaces. */
+
+int sepol_policy_file_create(sepol_policy_file_t ** pf)
+{
+ *pf = calloc(1, sizeof(sepol_policy_file_t));
+ if (!(*pf))
+ return -1;
+ return 0;
+}
+
+void sepol_policy_file_set_mem(sepol_policy_file_t * spf,
+ char *data, size_t len)
+{
+ struct policy_file *pf = &spf->pf;
+ if (!len) {
+ pf->type = PF_LEN;
+ return;
+ }
+ pf->type = PF_USE_MEMORY;
+ pf->data = data;
+ pf->len = len;
+ pf->size = len;
+ return;
+}
+
+void sepol_policy_file_set_fp(sepol_policy_file_t * spf, FILE * fp)
+{
+ struct policy_file *pf = &spf->pf;
+ pf->type = PF_USE_STDIO;
+ pf->fp = fp;
+ return;
+}
+
+int sepol_policy_file_get_len(sepol_policy_file_t * spf, size_t * len)
+{
+ struct policy_file *pf = &spf->pf;
+ if (pf->type != PF_LEN)
+ return -1;
+ *len = pf->len;
+ return 0;
+}
+
+void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
+ sepol_handle_t * handle)
+{
+ pf->pf.handle = handle;
+}
+
+void sepol_policy_file_free(sepol_policy_file_t * pf)
+{
+ free(pf);
+}
+
+/* Policydb interfaces. */
+
+int sepol_policydb_create(sepol_policydb_t ** sp)
+{
+ policydb_t *p;
+ *sp = malloc(sizeof(sepol_policydb_t));
+ if (!(*sp))
+ return -1;
+ p = &(*sp)->p;
+ if (policydb_init(p)) {
+ free(*sp);
+ return -1;
+ }
+ return 0;
+}
+
+hidden_def(sepol_policydb_create)
+
+void sepol_policydb_free(sepol_policydb_t * p)
+{
+ if (!p)
+ return;
+ policydb_destroy(&p->p);
+ free(p);
+}
+
+hidden_def(sepol_policydb_free)
+
+int sepol_policy_kern_vers_min(void)
+{
+ return POLICYDB_VERSION_MIN;
+}
+
+int sepol_policy_kern_vers_max(void)
+{
+ return POLICYDB_VERSION_MAX;
+}
+
+int sepol_policydb_set_typevers(sepol_policydb_t * sp, unsigned int type)
+{
+ struct policydb *p = &sp->p;
+ switch (type) {
+ case POLICY_KERN:
+ p->policyvers = POLICYDB_VERSION_MAX;
+ break;
+ case POLICY_BASE:
+ case POLICY_MOD:
+ p->policyvers = MOD_POLICYDB_VERSION_MAX;
+ break;
+ default:
+ return -1;
+ }
+ p->policy_type = type;
+ return 0;
+}
+
+int sepol_policydb_set_vers(sepol_policydb_t * sp, unsigned int vers)
+{
+ struct policydb *p = &sp->p;
+ switch (p->policy_type) {
+ case POLICY_KERN:
+ if (vers < POLICYDB_VERSION_MIN || vers > POLICYDB_VERSION_MAX)
+ return -1;
+ break;
+ case POLICY_BASE:
+ case POLICY_MOD:
+ if (vers < MOD_POLICYDB_VERSION_MIN
+ || vers > MOD_POLICYDB_VERSION_MAX)
+ return -1;
+ break;
+ default:
+ return -1;
+ }
+ p->policyvers = vers;
+ return 0;
+}
+
+int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
+ unsigned int handle_unknown)
+{
+ struct policydb *p = &sp->p;
+
+ switch (handle_unknown) {
+ case SEPOL_DENY_UNKNOWN:
+ case SEPOL_REJECT_UNKNOWN:
+ case SEPOL_ALLOW_UNKNOWN:
+ break;
+ default:
+ return -1;
+ }
+
+ p->handle_unknown = handle_unknown;
+ return 0;
+}
+
+int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
+{
+ return policydb_read(&p->p, &pf->pf, 0);
+}
+
+int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf)
+{
+ return policydb_write(&p->p, &pf->pf);
+}
+
+int sepol_policydb_from_image(sepol_handle_t * handle,
+ void *data, size_t len, sepol_policydb_t * p)
+{
+ return policydb_from_image(handle, data, len, &p->p);
+}
+
+int sepol_policydb_to_image(sepol_handle_t * handle,
+ sepol_policydb_t * p, void **newdata,
+ size_t * newlen)
+{
+ return policydb_to_image(handle, &p->p, newdata, newlen);
+}
+
+int sepol_policydb_mls_enabled(const sepol_policydb_t * p)
+{
+
+ return p->p.mls;
+}
+
+/*
+ * Enable compatibility mode for SELinux network checks iff
+ * the packet class is not defined in the policy.
+ */
+#define PACKET_CLASS_NAME "packet"
+int sepol_policydb_compat_net(const sepol_policydb_t * p)
+{
+ return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) ==
+ NULL);
+}
diff --git a/libsepol/src/port_internal.h b/libsepol/src/port_internal.h
new file mode 100644
index 0000000..ffb5f65
--- /dev/null
+++ b/libsepol/src/port_internal.h
@@ -0,0 +1,20 @@
+#ifndef _SEPOL_PORT_INTERNAL_H_
+#define _SEPOL_PORT_INTERNAL_H_
+
+#include <sepol/port_record.h>
+#include <sepol/ports.h>
+#include "dso.h"
+
+hidden_proto(sepol_port_create)
+ hidden_proto(sepol_port_free)
+ hidden_proto(sepol_port_get_con)
+ hidden_proto(sepol_port_get_high)
+ hidden_proto(sepol_port_get_low)
+ hidden_proto(sepol_port_get_proto)
+ hidden_proto(sepol_port_get_proto_str)
+ hidden_proto(sepol_port_key_create)
+ hidden_proto(sepol_port_key_unpack)
+ hidden_proto(sepol_port_set_con)
+ hidden_proto(sepol_port_set_proto)
+ hidden_proto(sepol_port_set_range)
+#endif
diff --git a/libsepol/src/port_record.c b/libsepol/src/port_record.c
new file mode 100644
index 0000000..6a33d93
--- /dev/null
+++ b/libsepol/src/port_record.c
@@ -0,0 +1,288 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "port_internal.h"
+#include "context_internal.h"
+#include "debug.h"
+
+struct sepol_port {
+ /* Low - High range. Same for single ports. */
+ int low, high;
+
+ /* Protocol */
+ int proto;
+
+ /* Context */
+ sepol_context_t *con;
+};
+
+struct sepol_port_key {
+ /* Low - High range. Same for single ports. */
+ int low, high;
+
+ /* Protocol */
+ int proto;
+};
+
+/* Key */
+int sepol_port_key_create(sepol_handle_t * handle,
+ int low, int high, int proto,
+ sepol_port_key_t ** key_ptr)
+{
+
+ sepol_port_key_t *tmp_key =
+ (sepol_port_key_t *) malloc(sizeof(sepol_port_key_t));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, could not create " "port key");
+ return STATUS_ERR;
+ }
+
+ tmp_key->low = low;
+ tmp_key->high = high;
+ tmp_key->proto = proto;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_port_key_create)
+
+void sepol_port_key_unpack(const sepol_port_key_t * key,
+ int *low, int *high, int *proto)
+{
+
+ *low = key->low;
+ *high = key->high;
+ *proto = key->proto;
+}
+
+hidden_def(sepol_port_key_unpack)
+
+int sepol_port_key_extract(sepol_handle_t * handle,
+ const sepol_port_t * port,
+ sepol_port_key_t ** key_ptr)
+{
+
+ if (sepol_port_key_create
+ (handle, port->low, port->high, port->proto, key_ptr) < 0) {
+
+ ERR(handle, "could not extract key from port %s %d:%d",
+ sepol_port_get_proto_str(port->proto),
+ port->low, port->high);
+
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+void sepol_port_key_free(sepol_port_key_t * key)
+{
+ free(key);
+}
+
+int sepol_port_compare(const sepol_port_t * port, const sepol_port_key_t * key)
+{
+
+ if ((port->low == key->low) &&
+ (port->high == key->high) && (port->proto == key->proto))
+ return 0;
+
+ if (port->low < key->low)
+ return -1;
+
+ else if (key->low < port->low)
+ return 1;
+
+ else if (port->high < key->high)
+ return -1;
+
+ else if (key->high < port->high)
+ return 1;
+
+ else if (port->proto < key->proto)
+ return -1;
+
+ else
+ return 1;
+}
+
+int sepol_port_compare2(const sepol_port_t * port, const sepol_port_t * port2)
+{
+
+ if ((port->low == port2->low) &&
+ (port->high == port2->high) && (port->proto == port2->proto))
+ return 0;
+
+ if (port->low < port2->low)
+ return -1;
+
+ else if (port2->low < port->low)
+ return 1;
+
+ else if (port->high < port2->high)
+ return -1;
+
+ else if (port2->high < port->high)
+ return 1;
+
+ else if (port->proto < port2->proto)
+ return -1;
+
+ else
+ return 1;
+}
+
+/* Port */
+int sepol_port_get_low(const sepol_port_t * port)
+{
+
+ return port->low;
+}
+
+hidden_def(sepol_port_get_low)
+
+int sepol_port_get_high(const sepol_port_t * port)
+{
+
+ return port->high;
+}
+
+hidden_def(sepol_port_get_high)
+
+void sepol_port_set_port(sepol_port_t * port, int port_num)
+{
+
+ port->low = port_num;
+ port->high = port_num;
+}
+
+void sepol_port_set_range(sepol_port_t * port, int low, int high)
+{
+
+ port->low = low;
+ port->high = high;
+}
+
+hidden_def(sepol_port_set_range)
+
+/* Protocol */
+int sepol_port_get_proto(const sepol_port_t * port)
+{
+
+ return port->proto;
+}
+
+hidden_def(sepol_port_get_proto)
+
+const char *sepol_port_get_proto_str(int proto)
+{
+
+ switch (proto) {
+ case SEPOL_PROTO_UDP:
+ return "udp";
+ case SEPOL_PROTO_TCP:
+ return "tcp";
+ default:
+ return "???";
+ }
+}
+
+hidden_def(sepol_port_get_proto_str)
+
+void sepol_port_set_proto(sepol_port_t * port, int proto)
+{
+
+ port->proto = proto;
+}
+
+hidden_def(sepol_port_set_proto)
+
+/* Create */
+int sepol_port_create(sepol_handle_t * handle, sepol_port_t ** port)
+{
+
+ sepol_port_t *tmp_port = (sepol_port_t *) malloc(sizeof(sepol_port_t));
+
+ if (!tmp_port) {
+ ERR(handle, "out of memory, could not create " "port record");
+ return STATUS_ERR;
+ }
+
+ tmp_port->low = 0;
+ tmp_port->high = 0;
+ tmp_port->proto = SEPOL_PROTO_UDP;
+ tmp_port->con = NULL;
+ *port = tmp_port;
+
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_port_create)
+
+/* Deep copy clone */
+int sepol_port_clone(sepol_handle_t * handle,
+ const sepol_port_t * port, sepol_port_t ** port_ptr)
+{
+
+ sepol_port_t *new_port = NULL;
+ if (sepol_port_create(handle, &new_port) < 0)
+ goto err;
+
+ new_port->low = port->low;
+ new_port->high = port->high;
+ new_port->proto = port->proto;
+
+ if (port->con &&
+ (sepol_context_clone(handle, port->con, &new_port->con) < 0))
+ goto err;
+
+ *port_ptr = new_port;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone port record");
+ sepol_port_free(new_port);
+ return STATUS_ERR;
+}
+
+/* Destroy */
+void sepol_port_free(sepol_port_t * port)
+{
+
+ if (!port)
+ return;
+
+ sepol_context_free(port->con);
+ free(port);
+}
+
+hidden_def(sepol_port_free)
+
+/* Context */
+sepol_context_t *sepol_port_get_con(const sepol_port_t * port)
+{
+
+ return port->con;
+}
+
+hidden_def(sepol_port_get_con)
+
+int sepol_port_set_con(sepol_handle_t * handle,
+ sepol_port_t * port, sepol_context_t * con)
+{
+
+ sepol_context_t *newcon;
+
+ if (sepol_context_clone(handle, con, &newcon) < 0) {
+ ERR(handle, "out of memory, could not set port context");
+ return STATUS_ERR;
+ }
+
+ sepol_context_free(port->con);
+ port->con = newcon;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_port_set_con)
diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
new file mode 100644
index 0000000..06a0743
--- /dev/null
+++ b/libsepol/src/ports.c
@@ -0,0 +1,312 @@
+#include <netinet/in.h>
+#include <stdlib.h>
+
+#include "debug.h"
+#include "context.h"
+#include "handle.h"
+
+#include <sepol/policydb/policydb.h>
+#include "port_internal.h"
+
+static inline int sepol2ipproto(sepol_handle_t * handle, int proto)
+{
+
+ switch (proto) {
+ case SEPOL_PROTO_TCP:
+ return IPPROTO_TCP;
+ case SEPOL_PROTO_UDP:
+ return IPPROTO_UDP;
+ default:
+ ERR(handle, "unsupported protocol %u", proto);
+ return STATUS_ERR;
+ }
+}
+
+static inline int ipproto2sepol(sepol_handle_t * handle, int proto)
+{
+
+ switch (proto) {
+ case IPPROTO_TCP:
+ return SEPOL_PROTO_TCP;
+ case IPPROTO_UDP:
+ return SEPOL_PROTO_UDP;
+ default:
+ ERR(handle, "invalid protocol %u " "found in policy", proto);
+ return STATUS_ERR;
+ }
+}
+
+/* Create a low level port structure from
+ * a high level representation */
+static int port_from_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t ** port, const sepol_port_t * data)
+{
+
+ ocontext_t *tmp_port = NULL;
+ context_struct_t *tmp_con = NULL;
+ int tmp_proto;
+
+ int low = sepol_port_get_low(data);
+ int high = sepol_port_get_high(data);
+ int proto = sepol_port_get_proto(data);
+
+ tmp_port = (ocontext_t *) calloc(1, sizeof(ocontext_t));
+ if (!tmp_port)
+ goto omem;
+
+ /* Process protocol */
+ tmp_proto = sepol2ipproto(handle, proto);
+ if (tmp_proto < 0)
+ goto err;
+ tmp_port->u.port.protocol = tmp_proto;
+
+ /* Port range */
+ tmp_port->u.port.low_port = low;
+ tmp_port->u.port.high_port = high;
+ if (tmp_port->u.port.low_port > tmp_port->u.port.high_port) {
+ ERR(handle, "low port %d exceeds high port %d",
+ tmp_port->u.port.low_port, tmp_port->u.port.high_port);
+ goto err;
+ }
+
+ /* Context */
+ if (context_from_record(handle, policydb, &tmp_con,
+ sepol_port_get_con(data)) < 0)
+ goto err;
+ context_cpy(&tmp_port->context[0], tmp_con);
+ context_destroy(tmp_con);
+ free(tmp_con);
+ tmp_con = NULL;
+
+ *port = tmp_port;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ if (tmp_port != NULL) {
+ context_destroy(&tmp_port->context[0]);
+ free(tmp_port);
+ }
+ context_destroy(tmp_con);
+ free(tmp_con);
+ ERR(handle, "could not create port structure for range %u:%u (%s)",
+ low, high, sepol_port_get_proto_str(proto));
+ return STATUS_ERR;
+}
+
+static int port_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ ocontext_t * port, sepol_port_t ** record)
+{
+
+ int proto = port->u.port.protocol;
+ int low = port->u.port.low_port;
+ int high = port->u.port.high_port;
+ context_struct_t *con = &port->context[0];
+ int rec_proto = -1;
+
+ sepol_context_t *tmp_con = NULL;
+ sepol_port_t *tmp_record = NULL;
+
+ if (sepol_port_create(handle, &tmp_record) < 0)
+ goto err;
+
+ rec_proto = ipproto2sepol(handle, proto);
+ if (rec_proto < 0)
+ goto err;
+
+ sepol_port_set_proto(tmp_record, rec_proto);
+ sepol_port_set_range(tmp_record, low, high);
+
+ if (context_to_record(handle, policydb, con, &tmp_con) < 0)
+ goto err;
+
+ if (sepol_port_set_con(handle, tmp_record, tmp_con) < 0)
+ goto err;
+
+ sepol_context_free(tmp_con);
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not convert port range %u - %u (%s) "
+ "to record", low, high, sepol_port_get_proto_str(rec_proto));
+ sepol_context_free(tmp_con);
+ sepol_port_free(tmp_record);
+ return STATUS_ERR;
+}
+
+/* Return the number of ports */
+extern int sepol_port_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response)
+{
+
+ unsigned int count = 0;
+ ocontext_t *c, *head;
+ const policydb_t *policydb = &p->p;
+
+ head = policydb->ocontexts[OCON_PORT];
+ for (c = head; c != NULL; c = c->next)
+ count++;
+
+ *response = count;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+/* Check if a port exists */
+int sepol_port_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_port_key_t * key, int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ int low, high, proto;
+ const char *proto_str;
+ sepol_port_key_unpack(key, &low, &high, &proto);
+ proto_str = sepol_port_get_proto_str(proto);
+ proto = sepol2ipproto(handle, proto);
+ if (proto < 0)
+ goto err;
+
+ head = policydb->ocontexts[OCON_PORT];
+ for (c = head; c; c = c->next) {
+ int proto2 = c->u.port.protocol;
+ int low2 = c->u.port.low_port;
+ int high2 = c->u.port.high_port;
+
+ if (proto == proto2 && low2 == low && high2 == high) {
+ *response = 1;
+ return STATUS_SUCCESS;
+ }
+ }
+
+ *response = 0;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not check if port range %u - %u (%s) exists",
+ low, high, proto_str);
+ return STATUS_ERR;
+}
+
+/* Query a port */
+int sepol_port_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_port_key_t * key, sepol_port_t ** response)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+
+ int low, high, proto;
+ const char *proto_str;
+ sepol_port_key_unpack(key, &low, &high, &proto);
+ proto_str = sepol_port_get_proto_str(proto);
+ proto = sepol2ipproto(handle, proto);
+ if (proto < 0)
+ goto err;
+
+ head = policydb->ocontexts[OCON_PORT];
+ for (c = head; c; c = c->next) {
+ int proto2 = c->u.port.protocol;
+ int low2 = c->u.port.low_port;
+ int high2 = c->u.port.high_port;
+
+ if (proto == proto2 && low2 == low && high2 == high) {
+ if (port_to_record(handle, policydb, c, response) < 0)
+ goto err;
+ return STATUS_SUCCESS;
+ }
+ }
+
+ *response = NULL;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query port range %u - %u (%s)",
+ low, high, proto_str);
+ return STATUS_ERR;
+
+}
+
+/* Load a port into policy */
+int sepol_port_modify(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ const sepol_port_key_t * key, const sepol_port_t * data)
+{
+
+ policydb_t *policydb = &p->p;
+ ocontext_t *port = NULL;
+
+ int low, high, proto;
+ const char *proto_str;
+
+ sepol_port_key_unpack(key, &low, &high, &proto);
+ proto_str = sepol_port_get_proto_str(proto);
+ proto = sepol2ipproto(handle, proto);
+ if (proto < 0)
+ goto err;
+
+ if (port_from_record(handle, policydb, &port, data) < 0)
+ goto err;
+
+ /* Attach to context list */
+ port->next = policydb->ocontexts[OCON_PORT];
+ policydb->ocontexts[OCON_PORT] = port;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not load port range %u - %u (%s)",
+ low, high, proto_str);
+ if (port != NULL) {
+ context_destroy(&port->context[0]);
+ free(port);
+ }
+ return STATUS_ERR;
+}
+
+int sepol_port_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ int (*fn) (const sepol_port_t * port,
+ void *fn_arg), void *arg)
+{
+
+ const policydb_t *policydb = &p->p;
+ ocontext_t *c, *head;
+ sepol_port_t *port = NULL;
+
+ head = policydb->ocontexts[OCON_PORT];
+ for (c = head; c; c = c->next) {
+ int status;
+
+ if (port_to_record(handle, policydb, c, &port) < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(port, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_port_free(port);
+ port = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over ports");
+ sepol_port_free(port);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
new file mode 100644
index 0000000..594f736
--- /dev/null
+++ b/libsepol/src/private.h
@@ -0,0 +1,47 @@
+/* Private definitions for libsepol. */
+
+/* Endian conversion for reading and writing binary policies */
+
+#include <sepol/policydb/policydb.h>
+
+#include <byteswap.h>
+#include <endian.h>
+#include <errno.h>
+#include <dso.h>
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define cpu_to_le16(x) (x)
+#define le16_to_cpu(x) (x)
+#define cpu_to_le32(x) (x)
+#define le32_to_cpu(x) (x)
+#define cpu_to_le64(x) (x)
+#define le64_to_cpu(x) (x)
+#else
+#define cpu_to_le16(x) bswap_16(x)
+#define le16_to_cpu(x) bswap_16(x)
+#define cpu_to_le32(x) bswap_32(x)
+#define le32_to_cpu(x) bswap_32(x)
+#define cpu_to_le64(x) bswap_64(x)
+#define le64_to_cpu(x) bswap_64(x)
+#endif
+
+#undef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
+#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
+
+/* Policy compatibility information. */
+struct policydb_compat_info {
+ unsigned int type;
+ unsigned int version;
+ unsigned int sym_num;
+ unsigned int ocon_num;
+};
+
+extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
+ unsigned int type);
+
+/* Reading from a policy "file". */
+extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden;
+extern size_t put_entry(const void *ptr, size_t size, size_t n,
+ struct policy_file *fp) hidden;
diff --git a/libsepol/src/roles.c b/libsepol/src/roles.c
new file mode 100644
index 0000000..47aed15
--- /dev/null
+++ b/libsepol/src/roles.c
@@ -0,0 +1,55 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/policydb.h>
+
+#include "debug.h"
+#include "handle.h"
+
+/* Check if a role exists */
+int sepol_role_exists(sepol_handle_t * handle,
+ sepol_policydb_t * p, const char *role, int *response)
+{
+
+ policydb_t *policydb = &p->p;
+ *response = (hashtab_search(policydb->p_roles.table,
+ (const hashtab_key_t)role) != NULL);
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+/* Fill an array with all valid roles */
+int sepol_role_list(sepol_handle_t * handle,
+ sepol_policydb_t * p, char ***roles, unsigned int *nroles)
+{
+
+ policydb_t *policydb = &p->p;
+ unsigned int tmp_nroles = policydb->p_roles.nprim;
+ char **tmp_roles = (char **)malloc(tmp_nroles * sizeof(char *));
+ char **ptr;
+ unsigned int i;
+ if (!tmp_roles)
+ goto omem;
+
+ for (i = 0; i < tmp_nroles; i++) {
+ tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
+ if (!tmp_roles[i])
+ goto omem;
+ }
+
+ *nroles = tmp_nroles;
+ *roles = tmp_roles;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not list roles");
+
+ ptr = tmp_roles;
+ while (ptr && *ptr)
+ free(*ptr++);
+ free(tmp_roles);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
new file mode 100644
index 0000000..eed413f
--- /dev/null
+++ b/libsepol/src/services.c
@@ -0,0 +1,1471 @@
+
+/*
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Frank Mayer <mayerf@tresys.com>
+ * and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
+ *
+ * Fine-grained netlink support
+ * IPv6 support
+ * Code cleanup
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ * Copyright (C) 2003 - 2004 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* FLASK */
+
+/*
+ * Implementation of the security services.
+ */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/sidtab.h>
+#include <sepol/policydb/services.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/flask.h>
+
+#include "debug.h"
+#include "private.h"
+#include "context.h"
+#include "av_permissions.h"
+#include "dso.h"
+#include "mls.h"
+
+#define BUG() do { ERR(NULL, "Badness at %s:%d", __FILE__, __LINE__); } while (0)
+#define BUG_ON(x) do { if (x) ERR(NULL, "Badness at %s:%d", __FILE__, __LINE__); } while (0)
+
+static int selinux_enforcing = 1;
+
+static sidtab_t mysidtab, *sidtab = &mysidtab;
+static policydb_t mypolicydb, *policydb = &mypolicydb;
+
+int hidden sepol_set_sidtab(sidtab_t * s)
+{
+ sidtab = s;
+ return 0;
+}
+
+int hidden sepol_set_policydb(policydb_t * p)
+{
+ policydb = p;
+ return 0;
+}
+
+int sepol_set_policydb_from_file(FILE * fp)
+{
+ struct policy_file pf;
+
+ policy_file_init(&pf);
+ pf.fp = fp;
+ pf.type = PF_USE_STDIO;
+ if (mypolicydb.policy_type)
+ policydb_destroy(&mypolicydb);
+ if (policydb_init(&mypolicydb)) {
+ ERR(NULL, "Out of memory!");
+ return -1;
+ }
+ if (policydb_read(&mypolicydb, &pf, 0)) {
+ ERR(NULL, "can't read binary policy: %s", strerror(errno));
+ return -1;
+ }
+ policydb = &mypolicydb;
+ return sepol_sidtab_init(sidtab);
+}
+
+/*
+ * The largest sequence number that has been used when
+ * providing an access decision to the access vector cache.
+ * The sequence number only changes when a policy change
+ * occurs.
+ */
+static uint32_t latest_granting = 0;
+
+/*
+ * Return the boolean value of a constraint expression
+ * when it is applied to the specified source and target
+ * security contexts.
+ *
+ * xcontext is a special beast... It is used by the validatetrans rules
+ * only. For these rules, scontext is the context before the transition,
+ * tcontext is the context after the transition, and xcontext is the context
+ * of the process performing the transition. All other callers of
+ * constraint_expr_eval should pass in NULL for xcontext.
+ */
+static int constraint_expr_eval(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ context_struct_t * xcontext,
+ constraint_expr_t * cexpr)
+{
+ uint32_t val1, val2;
+ context_struct_t *c;
+ role_datum_t *r1, *r2;
+ mls_level_t *l1, *l2;
+ constraint_expr_t *e;
+ int s[CEXPR_MAXDEPTH];
+ int sp = -1;
+
+ for (e = cexpr; e; e = e->next) {
+ switch (e->expr_type) {
+ case CEXPR_NOT:
+ BUG_ON(sp < 0);
+ s[sp] = !s[sp];
+ break;
+ case CEXPR_AND:
+ BUG_ON(sp < 1);
+ sp--;
+ s[sp] &= s[sp + 1];
+ break;
+ case CEXPR_OR:
+ BUG_ON(sp < 1);
+ sp--;
+ s[sp] |= s[sp + 1];
+ break;
+ case CEXPR_ATTR:
+ if (sp == (CEXPR_MAXDEPTH - 1))
+ return 0;
+ switch (e->attr) {
+ case CEXPR_USER:
+ val1 = scontext->user;
+ val2 = tcontext->user;
+ break;
+ case CEXPR_TYPE:
+ val1 = scontext->type;
+ val2 = tcontext->type;
+ break;
+ case CEXPR_ROLE:
+ val1 = scontext->role;
+ val2 = tcontext->role;
+ r1 = policydb->role_val_to_struct[val1 - 1];
+ r2 = policydb->role_val_to_struct[val2 - 1];
+ switch (e->op) {
+ case CEXPR_DOM:
+ s[++sp] =
+ ebitmap_get_bit(&r1->dominates,
+ val2 - 1);
+ continue;
+ case CEXPR_DOMBY:
+ s[++sp] =
+ ebitmap_get_bit(&r2->dominates,
+ val1 - 1);
+ continue;
+ case CEXPR_INCOMP:
+ s[++sp] =
+ (!ebitmap_get_bit
+ (&r1->dominates, val2 - 1)
+ && !ebitmap_get_bit(&r2->dominates,
+ val1 - 1));
+ continue;
+ default:
+ break;
+ }
+ break;
+ case CEXPR_L1L2:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(tcontext->range.level[0]);
+ goto mls_ops;
+ case CEXPR_L1H2:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(tcontext->range.level[1]);
+ goto mls_ops;
+ case CEXPR_H1L2:
+ l1 = &(scontext->range.level[1]);
+ l2 = &(tcontext->range.level[0]);
+ goto mls_ops;
+ case CEXPR_H1H2:
+ l1 = &(scontext->range.level[1]);
+ l2 = &(tcontext->range.level[1]);
+ goto mls_ops;
+ case CEXPR_L1H1:
+ l1 = &(scontext->range.level[0]);
+ l2 = &(scontext->range.level[1]);
+ goto mls_ops;
+ case CEXPR_L2H2:
+ l1 = &(tcontext->range.level[0]);
+ l2 = &(tcontext->range.level[1]);
+ goto mls_ops;
+ mls_ops:
+ switch (e->op) {
+ case CEXPR_EQ:
+ s[++sp] = mls_level_eq(l1, l2);
+ continue;
+ case CEXPR_NEQ:
+ s[++sp] = !mls_level_eq(l1, l2);
+ continue;
+ case CEXPR_DOM:
+ s[++sp] = mls_level_dom(l1, l2);
+ continue;
+ case CEXPR_DOMBY:
+ s[++sp] = mls_level_dom(l2, l1);
+ continue;
+ case CEXPR_INCOMP:
+ s[++sp] = mls_level_incomp(l2, l1);
+ continue;
+ default:
+ BUG();
+ return 0;
+ }
+ break;
+ default:
+ BUG();
+ return 0;
+ }
+
+ switch (e->op) {
+ case CEXPR_EQ:
+ s[++sp] = (val1 == val2);
+ break;
+ case CEXPR_NEQ:
+ s[++sp] = (val1 != val2);
+ break;
+ default:
+ BUG();
+ return 0;
+ }
+ break;
+ case CEXPR_NAMES:
+ if (sp == (CEXPR_MAXDEPTH - 1))
+ return 0;
+ c = scontext;
+ if (e->attr & CEXPR_TARGET)
+ c = tcontext;
+ else if (e->attr & CEXPR_XTARGET) {
+ c = xcontext;
+ if (!c) {
+ BUG();
+ return 0;
+ }
+ }
+ if (e->attr & CEXPR_USER)
+ val1 = c->user;
+ else if (e->attr & CEXPR_ROLE)
+ val1 = c->role;
+ else if (e->attr & CEXPR_TYPE)
+ val1 = c->type;
+ else {
+ BUG();
+ return 0;
+ }
+
+ switch (e->op) {
+ case CEXPR_EQ:
+ s[++sp] = ebitmap_get_bit(&e->names, val1 - 1);
+ break;
+ case CEXPR_NEQ:
+ s[++sp] = !ebitmap_get_bit(&e->names, val1 - 1);
+ break;
+ default:
+ BUG();
+ return 0;
+ }
+ break;
+ default:
+ BUG();
+ return 0;
+ }
+ }
+
+ BUG_ON(sp != 0);
+ return s[0];
+}
+
+/*
+ * Compute access vectors based on a context structure pair for
+ * the permissions in a particular class.
+ */
+static int context_struct_compute_av(context_struct_t * scontext,
+ context_struct_t * tcontext,
+ sepol_security_class_t tclass,
+ sepol_access_vector_t requested,
+ struct sepol_av_decision *avd,
+ unsigned int *reason)
+{
+ constraint_node_t *constraint;
+ struct role_allow *ra;
+ avtab_key_t avkey;
+ class_datum_t *tclass_datum;
+ avtab_ptr_t node;
+ ebitmap_t *sattr, *tattr;
+ ebitmap_node_t *snode, *tnode;
+ unsigned int i, j;
+
+ if (!tclass || tclass > policydb->p_classes.nprim) {
+ ERR(NULL, "unrecognized class %d", tclass);
+ return -EINVAL;
+ }
+ tclass_datum = policydb->class_val_to_struct[tclass - 1];
+
+ /*
+ * Initialize the access vectors to the default values.
+ */
+ avd->allowed = 0;
+ avd->decided = 0xffffffff;
+ avd->auditallow = 0;
+ avd->auditdeny = 0xffffffff;
+ avd->seqno = latest_granting;
+ *reason = 0;
+
+ /*
+ * If a specific type enforcement rule was defined for
+ * this permission check, then use it.
+ */
+ avkey.target_class = tclass;
+ avkey.specified = AVTAB_AV;
+ sattr = &policydb->type_attr_map[scontext->type - 1];
+ tattr = &policydb->type_attr_map[tcontext->type - 1];
+ ebitmap_for_each_bit(sattr, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ ebitmap_for_each_bit(tattr, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ avkey.source_type = i + 1;
+ avkey.target_type = j + 1;
+ for (node =
+ avtab_search_node(&policydb->te_avtab, &avkey);
+ node != NULL;
+ node =
+ avtab_search_node_next(node, avkey.specified)) {
+ if (node->key.specified == AVTAB_ALLOWED)
+ avd->allowed |= node->datum.data;
+ else if (node->key.specified ==
+ AVTAB_AUDITALLOW)
+ avd->auditallow |= node->datum.data;
+ else if (node->key.specified == AVTAB_AUDITDENY)
+ avd->auditdeny &= node->datum.data;
+ }
+
+ /* Check conditional av table for additional permissions */
+ cond_compute_av(&policydb->te_cond_avtab, &avkey, avd);
+
+ }
+ }
+
+ if (requested & ~avd->allowed) {
+ *reason |= SEPOL_COMPUTEAV_TE;
+ requested &= avd->allowed;
+ }
+
+ /*
+ * Remove any permissions prohibited by a constraint (this includes
+ * the MLS policy).
+ */
+ constraint = tclass_datum->constraints;
+ while (constraint) {
+ if ((constraint->permissions & (avd->allowed)) &&
+ !constraint_expr_eval(scontext, tcontext, NULL,
+ constraint->expr)) {
+ avd->allowed =
+ (avd->allowed) & ~(constraint->permissions);
+ }
+ constraint = constraint->next;
+ }
+
+ if (requested & ~avd->allowed) {
+ *reason |= SEPOL_COMPUTEAV_CONS;
+ requested &= avd->allowed;
+ }
+
+ /*
+ * If checking process transition permission and the
+ * role is changing, then check the (current_role, new_role)
+ * pair.
+ */
+ if (tclass == SECCLASS_PROCESS &&
+ (avd->allowed & (PROCESS__TRANSITION | PROCESS__DYNTRANSITION)) &&
+ scontext->role != tcontext->role) {
+ for (ra = policydb->role_allow; ra; ra = ra->next) {
+ if (scontext->role == ra->role &&
+ tcontext->role == ra->new_role)
+ break;
+ }
+ if (!ra)
+ avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
+ PROCESS__DYNTRANSITION);
+ }
+
+ if (requested & ~avd->allowed) {
+ *reason |= SEPOL_COMPUTEAV_RBAC;
+ requested &= avd->allowed;
+ }
+
+ return 0;
+}
+
+int hidden sepol_validate_transition(sepol_security_id_t oldsid,
+ sepol_security_id_t newsid,
+ sepol_security_id_t tasksid,
+ sepol_security_class_t tclass)
+{
+ context_struct_t *ocontext;
+ context_struct_t *ncontext;
+ context_struct_t *tcontext;
+ class_datum_t *tclass_datum;
+ constraint_node_t *constraint;
+
+ if (!tclass || tclass > policydb->p_classes.nprim) {
+ ERR(NULL, "unrecognized class %d", tclass);
+ return -EINVAL;
+ }
+ tclass_datum = policydb->class_val_to_struct[tclass - 1];
+
+ ocontext = sepol_sidtab_search(sidtab, oldsid);
+ if (!ocontext) {
+ ERR(NULL, "unrecognized SID %d", oldsid);
+ return -EINVAL;
+ }
+
+ ncontext = sepol_sidtab_search(sidtab, newsid);
+ if (!ncontext) {
+ ERR(NULL, "unrecognized SID %d", newsid);
+ return -EINVAL;
+ }
+
+ tcontext = sepol_sidtab_search(sidtab, tasksid);
+ if (!tcontext) {
+ ERR(NULL, "unrecognized SID %d", tasksid);
+ return -EINVAL;
+ }
+
+ constraint = tclass_datum->validatetrans;
+ while (constraint) {
+ if (!constraint_expr_eval(ocontext, ncontext, tcontext,
+ constraint->expr)) {
+ return -EPERM;
+ }
+ constraint = constraint->next;
+ }
+
+ return 0;
+}
+
+int hidden sepol_compute_av_reason(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_access_vector_t requested,
+ struct sepol_av_decision *avd,
+ unsigned int *reason)
+{
+ context_struct_t *scontext = 0, *tcontext = 0;
+ int rc = 0;
+
+ scontext = sepol_sidtab_search(sidtab, ssid);
+ if (!scontext) {
+ ERR(NULL, "unrecognized SID %d", ssid);
+ rc = -EINVAL;
+ goto out;
+ }
+ tcontext = sepol_sidtab_search(sidtab, tsid);
+ if (!tcontext) {
+ ERR(NULL, "unrecognized SID %d", tsid);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ rc = context_struct_compute_av(scontext, tcontext, tclass,
+ requested, avd, reason);
+ out:
+ return rc;
+}
+
+int hidden sepol_compute_av(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_access_vector_t requested,
+ struct sepol_av_decision *avd)
+{
+ unsigned int reason = 0;
+ return sepol_compute_av_reason(ssid, tsid, tclass, requested, avd,
+ &reason);
+}
+
+/*
+ * Write the security context string representation of
+ * the context associated with `sid' into a dynamically
+ * allocated string of the correct size. Set `*scontext'
+ * to point to this string and set `*scontext_len' to
+ * the length of the string.
+ */
+int hidden sepol_sid_to_context(sepol_security_id_t sid,
+ sepol_security_context_t * scontext,
+ size_t * scontext_len)
+{
+ context_struct_t *context;
+ int rc = 0;
+
+ context = sepol_sidtab_search(sidtab, sid);
+ if (!context) {
+ ERR(NULL, "unrecognized SID %d", sid);
+ rc = -EINVAL;
+ goto out;
+ }
+ rc = context_to_string(NULL, policydb, context, scontext, scontext_len);
+ out:
+ return rc;
+
+}
+
+/*
+ * Return a SID associated with the security context that
+ * has the string representation specified by `scontext'.
+ */
+int hidden sepol_context_to_sid(const sepol_security_context_t scontext,
+ size_t scontext_len, sepol_security_id_t * sid)
+{
+
+ context_struct_t *context = NULL;
+
+ /* First, create the context */
+ if (context_from_string(NULL, policydb, &context,
+ scontext, scontext_len) < 0)
+ goto err;
+
+ /* Obtain the new sid */
+ if (sid && (sepol_sidtab_context_to_sid(sidtab, context, sid) < 0))
+ goto err;
+
+ context_destroy(context);
+ free(context);
+ return STATUS_SUCCESS;
+
+ err:
+ if (context) {
+ context_destroy(context);
+ free(context);
+ }
+ ERR(NULL, "could not convert %s to sid", scontext);
+ return STATUS_ERR;
+}
+
+static inline int compute_sid_handle_invalid_context(context_struct_t *
+ scontext,
+ context_struct_t *
+ tcontext,
+ sepol_security_class_t
+ tclass,
+ context_struct_t *
+ newcontext)
+{
+ if (selinux_enforcing) {
+ return -EACCES;
+ } else {
+ sepol_security_context_t s, t, n;
+ size_t slen, tlen, nlen;
+
+ context_to_string(NULL, policydb, scontext, &s, &slen);
+ context_to_string(NULL, policydb, tcontext, &t, &tlen);
+ context_to_string(NULL, policydb, newcontext, &n, &nlen);
+ ERR(NULL, "invalid context %s for "
+ "scontext=%s tcontext=%s tclass=%s",
+ n, s, t, policydb->p_class_val_to_name[tclass - 1]);
+ free(s);
+ free(t);
+ free(n);
+ return 0;
+ }
+}
+
+static int sepol_compute_sid(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ uint32_t specified, sepol_security_id_t * out_sid)
+{
+ context_struct_t *scontext = 0, *tcontext = 0, newcontext;
+ struct role_trans *roletr = 0;
+ avtab_key_t avkey;
+ avtab_datum_t *avdatum;
+ avtab_ptr_t node;
+ int rc = 0;
+
+ scontext = sepol_sidtab_search(sidtab, ssid);
+ if (!scontext) {
+ ERR(NULL, "unrecognized SID %d", ssid);
+ rc = -EINVAL;
+ goto out;
+ }
+ tcontext = sepol_sidtab_search(sidtab, tsid);
+ if (!tcontext) {
+ ERR(NULL, "unrecognized SID %d", tsid);
+ rc = -EINVAL;
+ goto out;
+ }
+
+ context_init(&newcontext);
+
+ /* Set the user identity. */
+ switch (specified) {
+ case AVTAB_TRANSITION:
+ case AVTAB_CHANGE:
+ /* Use the process user identity. */
+ newcontext.user = scontext->user;
+ break;
+ case AVTAB_MEMBER:
+ /* Use the related object owner. */
+ newcontext.user = tcontext->user;
+ break;
+ }
+
+ /* Set the role and type to default values. */
+ switch (tclass) {
+ case SECCLASS_PROCESS:
+ /* Use the current role and type of process. */
+ newcontext.role = scontext->role;
+ newcontext.type = scontext->type;
+ break;
+ default:
+ /* Use the well-defined object role. */
+ newcontext.role = OBJECT_R_VAL;
+ /* Use the type of the related object. */
+ newcontext.type = tcontext->type;
+ }
+
+ /* Look for a type transition/member/change rule. */
+ avkey.source_type = scontext->type;
+ avkey.target_type = tcontext->type;
+ avkey.target_class = tclass;
+ avkey.specified = specified;
+ avdatum = avtab_search(&policydb->te_avtab, &avkey);
+
+ /* If no permanent rule, also check for enabled conditional rules */
+ if (!avdatum) {
+ node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
+ for (; node != NULL;
+ node = avtab_search_node_next(node, specified)) {
+ if (node->key.specified & AVTAB_ENABLED) {
+ avdatum = &node->datum;
+ break;
+ }
+ }
+ }
+
+ if (avdatum) {
+ /* Use the type from the type transition/member/change rule. */
+ newcontext.type = avdatum->data;
+ }
+
+ /* Check for class-specific changes. */
+ switch (tclass) {
+ case SECCLASS_PROCESS:
+ if (specified & AVTAB_TRANSITION) {
+ /* Look for a role transition rule. */
+ for (roletr = policydb->role_tr; roletr;
+ roletr = roletr->next) {
+ if (roletr->role == scontext->role &&
+ roletr->type == tcontext->type) {
+ /* Use the role transition rule. */
+ newcontext.role = roletr->new_role;
+ break;
+ }
+ }
+ }
+ break;
+ default:
+ break;
+ }
+
+ /* Set the MLS attributes.
+ This is done last because it may allocate memory. */
+ rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
+ &newcontext);
+ if (rc)
+ goto out;
+
+ /* Check the validity of the context. */
+ if (!policydb_context_isvalid(policydb, &newcontext)) {
+ rc = compute_sid_handle_invalid_context(scontext,
+ tcontext,
+ tclass, &newcontext);
+ if (rc)
+ goto out;
+ }
+ /* Obtain the sid for the context. */
+ rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);
+ out:
+ context_destroy(&newcontext);
+ return rc;
+}
+
+/*
+ * Compute a SID to use for labeling a new object in the
+ * class `tclass' based on a SID pair.
+ */
+int hidden sepol_transition_sid(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_security_id_t * out_sid)
+{
+ return sepol_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);
+}
+
+/*
+ * Compute a SID to use when selecting a member of a
+ * polyinstantiated object of class `tclass' based on
+ * a SID pair.
+ */
+int hidden sepol_member_sid(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_security_id_t * out_sid)
+{
+ return sepol_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);
+}
+
+/*
+ * Compute a SID to use for relabeling an object in the
+ * class `tclass' based on a SID pair.
+ */
+int hidden sepol_change_sid(sepol_security_id_t ssid,
+ sepol_security_id_t tsid,
+ sepol_security_class_t tclass,
+ sepol_security_id_t * out_sid)
+{
+ return sepol_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
+}
+
+/*
+ * Verify that each permission that is defined under the
+ * existing policy is still defined with the same value
+ * in the new policy.
+ */
+static int validate_perm(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ hashtab_t h;
+ perm_datum_t *perdatum, *perdatum2;
+
+ h = (hashtab_t) p;
+ perdatum = (perm_datum_t *) datum;
+
+ perdatum2 = (perm_datum_t *) hashtab_search(h, key);
+ if (!perdatum2) {
+ ERR(NULL, "permission %s disappeared", key);
+ return -1;
+ }
+ if (perdatum->s.value != perdatum2->s.value) {
+ ERR(NULL, "the value of permissions %s changed", key);
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same
+ * attributes in the new policy.
+ */
+static int validate_class(hashtab_key_t key, hashtab_datum_t datum, void *p)
+{
+ policydb_t *newp;
+ class_datum_t *cladatum, *cladatum2;
+
+ newp = (policydb_t *) p;
+ cladatum = (class_datum_t *) datum;
+
+ cladatum2 =
+ (class_datum_t *) hashtab_search(newp->p_classes.table, key);
+ if (!cladatum2) {
+ ERR(NULL, "class %s disappeared", key);
+ return -1;
+ }
+ if (cladatum->s.value != cladatum2->s.value) {
+ ERR(NULL, "the value of class %s changed", key);
+ return -1;
+ }
+ if ((cladatum->comdatum && !cladatum2->comdatum) ||
+ (!cladatum->comdatum && cladatum2->comdatum)) {
+ ERR(NULL, "the inherits clause for the access "
+ "vector definition for class %s changed", key);
+ return -1;
+ }
+ if (cladatum->comdatum) {
+ if (hashtab_map
+ (cladatum->comdatum->permissions.table, validate_perm,
+ cladatum2->comdatum->permissions.table)) {
+ ERR(NULL,
+ " in the access vector definition "
+ "for class %s\n", key);
+ return -1;
+ }
+ }
+ if (hashtab_map(cladatum->permissions.table, validate_perm,
+ cladatum2->permissions.table)) {
+ ERR(NULL, " in access vector definition for class %s", key);
+ return -1;
+ }
+ return 0;
+}
+
+/* Clone the SID into the new SID table. */
+static int clone_sid(sepol_security_id_t sid,
+ context_struct_t * context, void *arg)
+{
+ sidtab_t *s = arg;
+
+ return sepol_sidtab_insert(s, sid, context);
+}
+
+static inline int convert_context_handle_invalid_context(context_struct_t *
+ context)
+{
+ if (selinux_enforcing) {
+ return -EINVAL;
+ } else {
+ sepol_security_context_t s;
+ size_t len;
+
+ context_to_string(NULL, policydb, context, &s, &len);
+ ERR(NULL, "context %s is invalid", s);
+ free(s);
+ return 0;
+ }
+}
+
+typedef struct {
+ policydb_t *oldp;
+ policydb_t *newp;
+} convert_context_args_t;
+
+/*
+ * Convert the values in the security context
+ * structure `c' from the values specified
+ * in the policy `p->oldp' to the values specified
+ * in the policy `p->newp'. Verify that the
+ * context is valid under the new policy.
+ */
+static int convert_context(sepol_security_id_t key __attribute__ ((unused)),
+ context_struct_t * c, void *p)
+{
+ convert_context_args_t *args;
+ context_struct_t oldc;
+ role_datum_t *role;
+ type_datum_t *typdatum;
+ user_datum_t *usrdatum;
+ sepol_security_context_t s;
+ size_t len;
+ int rc = -EINVAL;
+
+ args = (convert_context_args_t *) p;
+
+ if (context_cpy(&oldc, c))
+ return -ENOMEM;
+
+ /* Convert the user. */
+ usrdatum = (user_datum_t *) hashtab_search(args->newp->p_users.table,
+ args->oldp->
+ p_user_val_to_name[c->user -
+ 1]);
+
+ if (!usrdatum) {
+ goto bad;
+ }
+ c->user = usrdatum->s.value;
+
+ /* Convert the role. */
+ role = (role_datum_t *) hashtab_search(args->newp->p_roles.table,
+ args->oldp->
+ p_role_val_to_name[c->role - 1]);
+ if (!role) {
+ goto bad;
+ }
+ c->role = role->s.value;
+
+ /* Convert the type. */
+ typdatum = (type_datum_t *)
+ hashtab_search(args->newp->p_types.table,
+ args->oldp->p_type_val_to_name[c->type - 1]);
+ if (!typdatum) {
+ goto bad;
+ }
+ c->type = typdatum->s.value;
+
+ rc = mls_convert_context(args->oldp, args->newp, c);
+ if (rc)
+ goto bad;
+
+ /* Check the validity of the new context. */
+ if (!policydb_context_isvalid(args->newp, c)) {
+ rc = convert_context_handle_invalid_context(&oldc);
+ if (rc)
+ goto bad;
+ }
+
+ context_destroy(&oldc);
+ return 0;
+
+ bad:
+ context_to_string(NULL, policydb, &oldc, &s, &len);
+ context_destroy(&oldc);
+ ERR(NULL, "invalidating context %s", s);
+ free(s);
+ return rc;
+}
+
+/* Reading from a policy "file". */
+int hidden next_entry(void *buf, struct policy_file *fp, size_t bytes)
+{
+ size_t nread;
+
+ switch (fp->type) {
+ case PF_USE_STDIO:
+ nread = fread(buf, bytes, 1, fp->fp);
+
+ if (nread != 1)
+ return -1;
+ break;
+ case PF_USE_MEMORY:
+ if (bytes > fp->len)
+ return -1;
+ memcpy(buf, fp->data, bytes);
+ fp->data += bytes;
+ fp->len -= bytes;
+ break;
+ default:
+ return -1;
+ }
+ return 0;
+}
+
+size_t hidden put_entry(const void *ptr, size_t size, size_t n,
+ struct policy_file *fp)
+{
+ size_t bytes = size * n;
+
+ switch (fp->type) {
+ case PF_USE_STDIO:
+ return fwrite(ptr, size, n, fp->fp);
+ case PF_USE_MEMORY:
+ if (bytes > fp->len) {
+ errno = ENOSPC;
+ return 0;
+ }
+
+ memcpy(fp->data, ptr, bytes);
+ fp->data += bytes;
+ fp->len -= bytes;
+ return n;
+ case PF_LEN:
+ fp->len += bytes;
+ return n;
+ default:
+ return 0;
+ }
+ return 0;
+}
+
+/*
+ * Read a new set of configuration data from
+ * a policy database binary representation file.
+ *
+ * Verify that each class that is defined under the
+ * existing policy is still defined with the same
+ * attributes in the new policy.
+ *
+ * Convert the context structures in the SID table to the
+ * new representation and verify that all entries
+ * in the SID table are valid under the new policy.
+ *
+ * Change the active policy database to use the new
+ * configuration data.
+ *
+ * Reset the access vector cache.
+ */
+int hidden sepol_load_policy(void *data, size_t len)
+{
+ policydb_t oldpolicydb, newpolicydb;
+ sidtab_t oldsidtab, newsidtab;
+ convert_context_args_t args;
+ uint32_t seqno;
+ int rc = 0;
+ struct policy_file file, *fp;
+
+ policy_file_init(&file);
+ file.type = PF_USE_MEMORY;
+ file.data = data;
+ file.len = len;
+ fp = &file;
+
+ if (policydb_init(&newpolicydb))
+ return -ENOMEM;
+
+ if (policydb_read(&newpolicydb, fp, 1)) {
+ return -EINVAL;
+ }
+
+ sepol_sidtab_init(&newsidtab);
+
+ /* Verify that the existing classes did not change. */
+ if (hashtab_map
+ (policydb->p_classes.table, validate_class, &newpolicydb)) {
+ ERR(NULL, "the definition of an existing class changed");
+ rc = -EINVAL;
+ goto err;
+ }
+
+ /* Clone the SID table. */
+ sepol_sidtab_shutdown(sidtab);
+ if (sepol_sidtab_map(sidtab, clone_sid, &newsidtab)) {
+ rc = -ENOMEM;
+ goto err;
+ }
+
+ /* Convert the internal representations of contexts
+ in the new SID table and remove invalid SIDs. */
+ args.oldp = policydb;
+ args.newp = &newpolicydb;
+ sepol_sidtab_map_remove_on_error(&newsidtab, convert_context, &args);
+
+ /* Save the old policydb and SID table to free later. */
+ memcpy(&oldpolicydb, policydb, sizeof *policydb);
+ sepol_sidtab_set(&oldsidtab, sidtab);
+
+ /* Install the new policydb and SID table. */
+ memcpy(policydb, &newpolicydb, sizeof *policydb);
+ sepol_sidtab_set(sidtab, &newsidtab);
+ seqno = ++latest_granting;
+
+ /* Free the old policydb and SID table. */
+ policydb_destroy(&oldpolicydb);
+ sepol_sidtab_destroy(&oldsidtab);
+
+ return 0;
+
+ err:
+ sepol_sidtab_destroy(&newsidtab);
+ policydb_destroy(&newpolicydb);
+ return rc;
+
+}
+
+/*
+ * Return the SIDs to use for an unlabeled file system
+ * that is being mounted from the device with the
+ * the kdevname `name'. The `fs_sid' SID is returned for
+ * the file system and the `file_sid' SID is returned
+ * for all files within that file system.
+ */
+int hidden sepol_fs_sid(char *name,
+ sepol_security_id_t * fs_sid,
+ sepol_security_id_t * file_sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ c = policydb->ocontexts[OCON_FS];
+ while (c) {
+ if (strcmp(c->u.name, name) == 0)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0] || !c->sid[1]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[1],
+ &c->sid[1]);
+ if (rc)
+ goto out;
+ }
+ *fs_sid = c->sid[0];
+ *file_sid = c->sid[1];
+ } else {
+ *fs_sid = SECINITSID_FS;
+ *file_sid = SECINITSID_FILE;
+ }
+
+ out:
+ return rc;
+}
+
+/*
+ * Return the SID of the port specified by
+ * `domain', `type', `protocol', and `port'.
+ */
+int hidden sepol_port_sid(uint16_t domain __attribute__ ((unused)),
+ uint16_t type __attribute__ ((unused)),
+ uint8_t protocol,
+ uint16_t port, sepol_security_id_t * out_sid)
+{
+ ocontext_t *c;
+ int rc = 0;
+
+ c = policydb->ocontexts[OCON_PORT];
+ while (c) {
+ if (c->u.port.protocol == protocol &&
+ c->u.port.low_port <= port && c->u.port.high_port >= port)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else {
+ *out_sid = SECINITSID_PORT;
+ }
+
+ out:
+ return rc;
+}
+
+/*
+ * Return the SIDs to use for a network interface
+ * with the name `name'. The `if_sid' SID is returned for
+ * the interface and the `msg_sid' SID is returned as
+ * the default SID for messages received on the
+ * interface.
+ */
+int hidden sepol_netif_sid(char *name,
+ sepol_security_id_t * if_sid,
+ sepol_security_id_t * msg_sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ c = policydb->ocontexts[OCON_NETIF];
+ while (c) {
+ if (strcmp(name, c->u.name) == 0)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ if (!c->sid[0] || !c->sid[1]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[1],
+ &c->sid[1]);
+ if (rc)
+ goto out;
+ }
+ *if_sid = c->sid[0];
+ *msg_sid = c->sid[1];
+ } else {
+ *if_sid = SECINITSID_NETIF;
+ *msg_sid = SECINITSID_NETMSG;
+ }
+
+ out:
+ return rc;
+}
+
+static int match_ipv6_addrmask(uint32_t * input, uint32_t * addr,
+ uint32_t * mask)
+{
+ int i, fail = 0;
+
+ for (i = 0; i < 4; i++)
+ if (addr[i] != (input[i] & mask[i])) {
+ fail = 1;
+ break;
+ }
+
+ return !fail;
+}
+
+/*
+ * Return the SID of the node specified by the address
+ * `addrp' where `addrlen' is the length of the address
+ * in bytes and `domain' is the communications domain or
+ * address family in which the address should be interpreted.
+ */
+int hidden sepol_node_sid(uint16_t domain,
+ void *addrp,
+ size_t addrlen, sepol_security_id_t * out_sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ switch (domain) {
+ case AF_INET:{
+ uint32_t addr;
+
+ if (addrlen != sizeof(uint32_t)) {
+ rc = -EINVAL;
+ goto out;
+ }
+
+ addr = *((uint32_t *) addrp);
+
+ c = policydb->ocontexts[OCON_NODE];
+ while (c) {
+ if (c->u.node.addr == (addr & c->u.node.mask))
+ break;
+ c = c->next;
+ }
+ break;
+ }
+
+ case AF_INET6:
+ if (addrlen != sizeof(uint64_t) * 2) {
+ rc = -EINVAL;
+ goto out;
+ }
+
+ c = policydb->ocontexts[OCON_NODE6];
+ while (c) {
+ if (match_ipv6_addrmask(addrp, c->u.node6.addr,
+ c->u.node6.mask))
+ break;
+ c = c->next;
+ }
+ break;
+
+ default:
+ *out_sid = SECINITSID_NODE;
+ goto out;
+ }
+
+ if (c) {
+ if (!c->sid[0]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *out_sid = c->sid[0];
+ } else {
+ *out_sid = SECINITSID_NODE;
+ }
+
+ out:
+ return rc;
+}
+
+/*
+ * Generate the set of SIDs for legal security contexts
+ * for a given user that can be reached by `fromsid'.
+ * Set `*sids' to point to a dynamically allocated
+ * array containing the set of SIDs. Set `*nel' to the
+ * number of elements in the array.
+ */
+#define SIDS_NEL 25
+
+int hidden sepol_get_user_sids(sepol_security_id_t fromsid,
+ char *username,
+ sepol_security_id_t ** sids, uint32_t * nel)
+{
+ context_struct_t *fromcon, usercon;
+ sepol_security_id_t *mysids, *mysids2, sid;
+ uint32_t mynel = 0, maxnel = SIDS_NEL;
+ user_datum_t *user;
+ role_datum_t *role;
+ struct sepol_av_decision avd;
+ int rc = 0;
+ unsigned int i, j, reason;
+ ebitmap_node_t *rnode, *tnode;
+
+ fromcon = sepol_sidtab_search(sidtab, fromsid);
+ if (!fromcon) {
+ rc = -EINVAL;
+ goto out;
+ }
+
+ user = (user_datum_t *) hashtab_search(policydb->p_users.table,
+ username);
+ if (!user) {
+ rc = -EINVAL;
+ goto out;
+ }
+ usercon.user = user->s.value;
+
+ mysids = malloc(maxnel * sizeof(sepol_security_id_t));
+ if (!mysids) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ memset(mysids, 0, maxnel * sizeof(sepol_security_id_t));
+
+ ebitmap_for_each_bit(&user->roles.roles, rnode, i) {
+ if (!ebitmap_node_get_bit(rnode, i))
+ continue;
+ role = policydb->role_val_to_struct[i];
+ usercon.role = i + 1;
+ ebitmap_for_each_bit(&role->types.types, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ usercon.type = j + 1;
+ if (usercon.type == fromcon->type)
+ continue;
+
+ if (mls_setup_user_range
+ (fromcon, user, &usercon, policydb->mls))
+ continue;
+
+ rc = context_struct_compute_av(fromcon, &usercon,
+ SECCLASS_PROCESS,
+ PROCESS__TRANSITION,
+ &avd, &reason);
+ if (rc || !(avd.allowed & PROCESS__TRANSITION))
+ continue;
+ rc = sepol_sidtab_context_to_sid(sidtab, &usercon,
+ &sid);
+ if (rc) {
+ free(mysids);
+ goto out;
+ }
+ if (mynel < maxnel) {
+ mysids[mynel++] = sid;
+ } else {
+ maxnel += SIDS_NEL;
+ mysids2 =
+ malloc(maxnel *
+ sizeof(sepol_security_id_t));
+
+ if (!mysids2) {
+ rc = -ENOMEM;
+ free(mysids);
+ goto out;
+ }
+ memset(mysids2, 0,
+ maxnel * sizeof(sepol_security_id_t));
+ memcpy(mysids2, mysids,
+ mynel * sizeof(sepol_security_id_t));
+ free(mysids);
+ mysids = mysids2;
+ mysids[mynel++] = sid;
+ }
+ }
+ }
+
+ *sids = mysids;
+ *nel = mynel;
+
+ out:
+ return rc;
+}
+
+/*
+ * Return the SID to use for a file in a filesystem
+ * that cannot support a persistent label mapping or use another
+ * fixed labeling behavior like transition SIDs or task SIDs.
+ */
+int hidden sepol_genfs_sid(const char *fstype,
+ char *path,
+ sepol_security_class_t sclass,
+ sepol_security_id_t * sid)
+{
+ size_t len;
+ genfs_t *genfs;
+ ocontext_t *c;
+ int rc = 0, cmp = 0;
+
+ for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
+ cmp = strcmp(fstype, genfs->fstype);
+ if (cmp <= 0)
+ break;
+ }
+
+ if (!genfs || cmp) {
+ *sid = SECINITSID_UNLABELED;
+ rc = -ENOENT;
+ goto out;
+ }
+
+ for (c = genfs->head; c; c = c->next) {
+ len = strlen(c->u.name);
+ if ((!c->v.sclass || sclass == c->v.sclass) &&
+ (strncmp(c->u.name, path, len) == 0))
+ break;
+ }
+
+ if (!c) {
+ *sid = SECINITSID_UNLABELED;
+ rc = -ENOENT;
+ goto out;
+ }
+
+ if (!c->sid[0]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0], &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+
+ *sid = c->sid[0];
+ out:
+ return rc;
+}
+
+int hidden sepol_fs_use(const char *fstype,
+ unsigned int *behavior, sepol_security_id_t * sid)
+{
+ int rc = 0;
+ ocontext_t *c;
+
+ c = policydb->ocontexts[OCON_FSUSE];
+ while (c) {
+ if (strcmp(fstype, c->u.name) == 0)
+ break;
+ c = c->next;
+ }
+
+ if (c) {
+ *behavior = c->v.behavior;
+ if (!c->sid[0]) {
+ rc = sepol_sidtab_context_to_sid(sidtab,
+ &c->context[0],
+ &c->sid[0]);
+ if (rc)
+ goto out;
+ }
+ *sid = c->sid[0];
+ } else {
+ rc = sepol_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
+ if (rc) {
+ *behavior = SECURITY_FS_USE_NONE;
+ rc = 0;
+ } else {
+ *behavior = SECURITY_FS_USE_GENFS;
+ }
+ }
+
+ out:
+ return rc;
+}
+
+/* FLASK */
diff --git a/libsepol/src/sidtab.c b/libsepol/src/sidtab.c
new file mode 100644
index 0000000..5bd7999
--- /dev/null
+++ b/libsepol/src/sidtab.c
@@ -0,0 +1,328 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * Implementation of the SID table type.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+
+#include <sepol/policydb/sidtab.h>
+
+#include <sepol/policydb/flask.h>
+
+#define SIDTAB_HASH(sid) \
+(sid & SIDTAB_HASH_MASK)
+
+#define INIT_SIDTAB_LOCK(s)
+#define SIDTAB_LOCK(s)
+#define SIDTAB_UNLOCK(s)
+
+int sepol_sidtab_init(sidtab_t * s)
+{
+ int i;
+
+ s->htable = malloc(sizeof(sidtab_ptr_t) * SIDTAB_SIZE);
+ if (!s->htable)
+ return -ENOMEM;
+ for (i = 0; i < SIDTAB_SIZE; i++)
+ s->htable[i] = (sidtab_ptr_t) NULL;
+ s->nel = 0;
+ s->next_sid = 1;
+ s->shutdown = 0;
+ INIT_SIDTAB_LOCK(s);
+ return 0;
+}
+
+int sepol_sidtab_insert(sidtab_t * s, sepol_security_id_t sid,
+ context_struct_t * context)
+{
+ int hvalue;
+ sidtab_node_t *prev, *cur, *newnode;
+
+ if (!s || !s->htable)
+ return -ENOMEM;
+
+ hvalue = SIDTAB_HASH(sid);
+ prev = NULL;
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && sid == cur->sid) {
+ errno = EEXIST;
+ return -EEXIST;
+ }
+
+ newnode = (sidtab_node_t *) malloc(sizeof(sidtab_node_t));
+ if (newnode == NULL)
+ return -ENOMEM;
+ newnode->sid = sid;
+ if (context_cpy(&newnode->context, context)) {
+ free(newnode);
+ return -ENOMEM;
+ }
+
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = s->htable[hvalue];
+ s->htable[hvalue] = newnode;
+ }
+
+ s->nel++;
+ if (sid >= s->next_sid)
+ s->next_sid = sid + 1;
+ return 0;
+}
+
+int sepol_sidtab_remove(sidtab_t * s, sepol_security_id_t sid)
+{
+ int hvalue;
+ sidtab_node_t *cur, *last;
+
+ if (!s || !s->htable)
+ return -ENOENT;
+
+ hvalue = SIDTAB_HASH(sid);
+ last = NULL;
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid) {
+ last = cur;
+ cur = cur->next;
+ }
+
+ if (cur == NULL || sid != cur->sid)
+ return -ENOENT;
+
+ if (last == NULL)
+ s->htable[hvalue] = cur->next;
+ else
+ last->next = cur->next;
+
+ context_destroy(&cur->context);
+
+ free(cur);
+ s->nel--;
+ return 0;
+}
+
+context_struct_t *sepol_sidtab_search(sidtab_t * s, sepol_security_id_t sid)
+{
+ int hvalue;
+ sidtab_node_t *cur;
+
+ if (!s || !s->htable)
+ return NULL;
+
+ hvalue = SIDTAB_HASH(sid);
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid)
+ cur = cur->next;
+
+ if (cur == NULL || sid != cur->sid) {
+ /* Remap invalid SIDs to the unlabeled SID. */
+ sid = SECINITSID_UNLABELED;
+ hvalue = SIDTAB_HASH(sid);
+ cur = s->htable[hvalue];
+ while (cur != NULL && sid > cur->sid)
+ cur = cur->next;
+ if (!cur || sid != cur->sid)
+ return NULL;
+ }
+
+ return &cur->context;
+}
+
+int sepol_sidtab_map(sidtab_t * s,
+ int (*apply) (sepol_security_id_t sid,
+ context_struct_t * context,
+ void *args), void *args)
+{
+ int i, ret;
+ sidtab_node_t *cur;
+
+ if (!s || !s->htable)
+ return 0;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->sid, &cur->context, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+void sepol_sidtab_map_remove_on_error(sidtab_t * s,
+ int (*apply) (sepol_security_id_t sid,
+ context_struct_t * context,
+ void *args), void *args)
+{
+ int i, ret;
+ sidtab_node_t *last, *cur, *temp;
+
+ if (!s || !s->htable)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ last = NULL;
+ cur = s->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->sid, &cur->context, args);
+ if (ret) {
+ if (last) {
+ last->next = cur->next;
+ } else {
+ s->htable[i] = cur->next;
+ }
+
+ temp = cur;
+ cur = cur->next;
+ context_destroy(&temp->context);
+ free(temp);
+ s->nel--;
+ } else {
+ last = cur;
+ cur = cur->next;
+ }
+ }
+ }
+
+ return;
+}
+
+static inline sepol_security_id_t sepol_sidtab_search_context(sidtab_t * s,
+ context_struct_t *
+ context)
+{
+ int i;
+ sidtab_node_t *cur;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ if (context_cmp(&cur->context, context))
+ return cur->sid;
+ cur = cur->next;
+ }
+ }
+ return 0;
+}
+
+int sepol_sidtab_context_to_sid(sidtab_t * s,
+ context_struct_t * context,
+ sepol_security_id_t * out_sid)
+{
+ sepol_security_id_t sid;
+ int ret = 0;
+
+ *out_sid = SEPOL_SECSID_NULL;
+
+ sid = sepol_sidtab_search_context(s, context);
+ if (!sid) {
+ SIDTAB_LOCK(s);
+ /* Rescan now that we hold the lock. */
+ sid = sepol_sidtab_search_context(s, context);
+ if (sid)
+ goto unlock_out;
+ /* No SID exists for the context. Allocate a new one. */
+ if (s->next_sid == UINT_MAX || s->shutdown) {
+ ret = -ENOMEM;
+ goto unlock_out;
+ }
+ sid = s->next_sid++;
+ ret = sepol_sidtab_insert(s, sid, context);
+ if (ret)
+ s->next_sid--;
+ unlock_out:
+ SIDTAB_UNLOCK(s);
+ }
+
+ if (ret)
+ return ret;
+
+ *out_sid = sid;
+ return 0;
+}
+
+void sepol_sidtab_hash_eval(sidtab_t * h, char *tag)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ sidtab_node_t *cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf
+ ("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, SIDTAB_SIZE, max_chain_len);
+}
+
+void sepol_sidtab_destroy(sidtab_t * s)
+{
+ int i;
+ sidtab_ptr_t cur, temp;
+
+ if (!s || !s->htable)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ context_destroy(&temp->context);
+ free(temp);
+ }
+ s->htable[i] = NULL;
+ }
+ free(s->htable);
+ s->htable = NULL;
+ s->nel = 0;
+ s->next_sid = 1;
+}
+
+void sepol_sidtab_set(sidtab_t * dst, sidtab_t * src)
+{
+ SIDTAB_LOCK(src);
+ dst->htable = src->htable;
+ dst->nel = src->nel;
+ dst->next_sid = src->next_sid;
+ dst->shutdown = 0;
+ SIDTAB_UNLOCK(src);
+}
+
+void sepol_sidtab_shutdown(sidtab_t * s)
+{
+ SIDTAB_LOCK(s);
+ s->shutdown = 1;
+ SIDTAB_UNLOCK(s);
+}
+
+/* FLASK */
diff --git a/libsepol/src/symtab.c b/libsepol/src/symtab.c
new file mode 100644
index 0000000..b3a7aa8
--- /dev/null
+++ b/libsepol/src/symtab.c
@@ -0,0 +1,49 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * Implementation of the symbol table type.
+ */
+
+#include <string.h>
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/symtab.h>
+
+static unsigned int symhash(hashtab_t h, hashtab_key_t key)
+{
+ char *p, *keyp;
+ size_t size;
+ unsigned int val;
+
+ val = 0;
+ keyp = (char *)key;
+ size = strlen(keyp);
+ for (p = keyp; ((size_t) (p - keyp)) < size; p++)
+ val =
+ (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
+ return val & (h->size - 1);
+}
+
+static int symcmp(hashtab_t h
+ __attribute__ ((unused)), hashtab_key_t key1,
+ hashtab_key_t key2)
+{
+ char *keyp1, *keyp2;
+
+ keyp1 = (char *)key1;
+ keyp2 = (char *)key2;
+ return strcmp(keyp1, keyp2);
+}
+
+int symtab_init(symtab_t * s, unsigned int size)
+{
+ s->table = hashtab_create(symhash, symcmp, size);
+ if (!s->table)
+ return -1;
+ s->nprim = 0;
+ return 0;
+}
+
+/* FLASK */
diff --git a/libsepol/src/user_internal.h b/libsepol/src/user_internal.h
new file mode 100644
index 0000000..7523b7d
--- /dev/null
+++ b/libsepol/src/user_internal.h
@@ -0,0 +1,20 @@
+#ifndef _SEPOL_USER_INTERNAL_H_
+#define _SEPOL_USER_INTERNAL_H_
+
+#include <sepol/user_record.h>
+#include <sepol/users.h>
+#include "dso.h"
+
+hidden_proto(sepol_user_add_role)
+ hidden_proto(sepol_user_create)
+ hidden_proto(sepol_user_free)
+ hidden_proto(sepol_user_get_mlslevel)
+ hidden_proto(sepol_user_get_mlsrange)
+ hidden_proto(sepol_user_get_roles)
+ hidden_proto(sepol_user_has_role)
+ hidden_proto(sepol_user_key_create)
+ hidden_proto(sepol_user_key_unpack)
+ hidden_proto(sepol_user_set_mlslevel)
+ hidden_proto(sepol_user_set_mlsrange)
+ hidden_proto(sepol_user_set_name)
+#endif
diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c
new file mode 100644
index 0000000..c59c54b
--- /dev/null
+++ b/libsepol/src/user_record.c
@@ -0,0 +1,379 @@
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "user_internal.h"
+#include "debug.h"
+
+struct sepol_user {
+ /* This user's name */
+ char *name;
+
+ /* This user's mls level (only required for mls) */
+ char *mls_level;
+
+ /* This user's mls range (only required for mls) */
+ char *mls_range;
+
+ /* The role array */
+ char **roles;
+
+ /* The number of roles */
+ unsigned int num_roles;
+};
+
+struct sepol_user_key {
+ /* This user's name */
+ const char *name;
+};
+
+int sepol_user_key_create(sepol_handle_t * handle,
+ const char *name, sepol_user_key_t ** key_ptr)
+{
+
+ sepol_user_key_t *tmp_key =
+ (sepol_user_key_t *) malloc(sizeof(sepol_user_key_t));
+
+ if (!tmp_key) {
+ ERR(handle, "out of memory, "
+ "could not create selinux user key");
+ return STATUS_ERR;
+ }
+
+ tmp_key->name = name;
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_user_key_create)
+
+void sepol_user_key_unpack(const sepol_user_key_t * key, const char **name)
+{
+
+ *name = key->name;
+}
+
+hidden_def(sepol_user_key_unpack)
+
+int sepol_user_key_extract(sepol_handle_t * handle,
+ const sepol_user_t * user,
+ sepol_user_key_t ** key_ptr)
+{
+
+ if (sepol_user_key_create(handle, user->name, key_ptr) < 0) {
+ ERR(handle, "could not extract key from user %s", user->name);
+ return STATUS_ERR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+void sepol_user_key_free(sepol_user_key_t * key)
+{
+ free(key);
+}
+
+int sepol_user_compare(const sepol_user_t * user, const sepol_user_key_t * key)
+{
+
+ return strcmp(user->name, key->name);
+}
+
+int sepol_user_compare2(const sepol_user_t * user, const sepol_user_t * user2)
+{
+
+ return strcmp(user->name, user2->name);
+}
+
+/* Name */
+const char *sepol_user_get_name(const sepol_user_t * user)
+{
+
+ return user->name;
+}
+
+int sepol_user_set_name(sepol_handle_t * handle,
+ sepol_user_t * user, const char *name)
+{
+
+ char *tmp_name = strdup(name);
+ if (!tmp_name) {
+ ERR(handle, "out of memory, could not set name");
+ return STATUS_ERR;
+ }
+ free(user->name);
+ user->name = tmp_name;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_user_set_name)
+
+/* MLS */
+const char *sepol_user_get_mlslevel(const sepol_user_t * user)
+{
+
+ return user->mls_level;
+}
+
+hidden_def(sepol_user_get_mlslevel)
+
+int sepol_user_set_mlslevel(sepol_handle_t * handle,
+ sepol_user_t * user, const char *mls_level)
+{
+
+ char *tmp_mls_level = strdup(mls_level);
+ if (!tmp_mls_level) {
+ ERR(handle, "out of memory, "
+ "could not set MLS default level");
+ return STATUS_ERR;
+ }
+ free(user->mls_level);
+ user->mls_level = tmp_mls_level;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_user_set_mlslevel)
+
+const char *sepol_user_get_mlsrange(const sepol_user_t * user)
+{
+
+ return user->mls_range;
+}
+
+hidden_def(sepol_user_get_mlsrange)
+
+int sepol_user_set_mlsrange(sepol_handle_t * handle,
+ sepol_user_t * user, const char *mls_range)
+{
+
+ char *tmp_mls_range = strdup(mls_range);
+ if (!tmp_mls_range) {
+ ERR(handle, "out of memory, "
+ "could not set MLS allowed range");
+ return STATUS_ERR;
+ }
+ free(user->mls_range);
+ user->mls_range = tmp_mls_range;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_user_set_mlsrange)
+
+/* Roles */
+int sepol_user_get_num_roles(const sepol_user_t * user)
+{
+
+ return user->num_roles;
+}
+
+int sepol_user_add_role(sepol_handle_t * handle,
+ sepol_user_t * user, const char *role)
+{
+
+ char *role_cp;
+ char **roles_realloc;
+
+ if (sepol_user_has_role(user, role))
+ return STATUS_SUCCESS;
+
+ role_cp = strdup(role);
+ roles_realloc = realloc(user->roles,
+ sizeof(char *) * (user->num_roles + 1));
+
+ if (!role_cp || !roles_realloc)
+ goto omem;
+
+ user->num_roles++;
+ user->roles = roles_realloc;
+ user->roles[user->num_roles - 1] = role_cp;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not add role %s", role);
+ free(role_cp);
+ free(roles_realloc);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_user_add_role)
+
+int sepol_user_has_role(const sepol_user_t * user, const char *role)
+{
+
+ unsigned int i;
+
+ for (i = 0; i < user->num_roles; i++)
+ if (!strcmp(user->roles[i], role))
+ return 1;
+ return 0;
+}
+
+hidden_def(sepol_user_has_role)
+
+int sepol_user_set_roles(sepol_handle_t * handle,
+ sepol_user_t * user,
+ const char **roles_arr, unsigned int num_roles)
+{
+
+ unsigned int i;
+ char **tmp_roles = NULL;
+
+ if (num_roles > 0) {
+
+ /* First, make a copy */
+ tmp_roles = (char **)calloc(1, sizeof(char *) * num_roles);
+ if (!tmp_roles)
+ goto omem;
+
+ for (i = 0; i < num_roles; i++) {
+ tmp_roles[i] = strdup(roles_arr[i]);
+ if (!tmp_roles[i])
+ goto omem;
+ }
+ }
+
+ /* Apply other changes */
+ for (i = 0; i < user->num_roles; i++)
+ free(user->roles[i]);
+ free(user->roles);
+ user->roles = tmp_roles;
+ user->num_roles = num_roles;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not allocate roles array for"
+ "user %s", user->name);
+
+ if (tmp_roles) {
+ for (i = 0; i < num_roles; i++) {
+ if (!tmp_roles[i])
+ break;
+ free(tmp_roles[i]);
+ }
+ }
+ free(tmp_roles);
+ return STATUS_ERR;
+}
+
+int sepol_user_get_roles(sepol_handle_t * handle,
+ const sepol_user_t * user,
+ const char ***roles_arr, unsigned int *num_roles)
+{
+
+ unsigned int i;
+ const char **tmp_roles =
+ (const char **)malloc(sizeof(char *) * user->num_roles);
+ if (!tmp_roles)
+ goto omem;
+
+ for (i = 0; i < user->num_roles; i++)
+ tmp_roles[i] = user->roles[i];
+
+ *roles_arr = tmp_roles;
+ *num_roles = user->num_roles;
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory, could not "
+ "allocate roles array for user %s", user->name);
+ free(tmp_roles);
+ return STATUS_ERR;
+}
+
+hidden_def(sepol_user_get_roles)
+
+void sepol_user_del_role(sepol_user_t * user, const char *role)
+{
+
+ unsigned int i;
+ for (i = 0; i < user->num_roles; i++) {
+ if (!strcmp(user->roles[i], role)) {
+ free(user->roles[i]);
+ user->roles[i] = NULL;
+ user->roles[i] = user->roles[user->num_roles - 1];
+ user->num_roles--;
+ }
+ }
+}
+
+/* Create */
+int sepol_user_create(sepol_handle_t * handle, sepol_user_t ** user_ptr)
+{
+
+ sepol_user_t *user = (sepol_user_t *) malloc(sizeof(sepol_user_t));
+
+ if (!user) {
+ ERR(handle, "out of memory, "
+ "could not create selinux user record");
+ return STATUS_ERR;
+ }
+
+ user->roles = NULL;
+ user->num_roles = 0;
+ user->name = NULL;
+ user->mls_level = NULL;
+ user->mls_range = NULL;
+
+ *user_ptr = user;
+ return STATUS_SUCCESS;
+}
+
+hidden_def(sepol_user_create)
+
+/* Deep copy clone */
+int sepol_user_clone(sepol_handle_t * handle,
+ const sepol_user_t * user, sepol_user_t ** user_ptr)
+{
+
+ sepol_user_t *new_user = NULL;
+ unsigned int i;
+
+ if (sepol_user_create(handle, &new_user) < 0)
+ goto err;
+
+ if (sepol_user_set_name(handle, new_user, user->name) < 0)
+ goto err;
+
+ for (i = 0; i < user->num_roles; i++) {
+ if (sepol_user_add_role(handle, new_user, user->roles[i]) < 0)
+ goto err;
+ }
+
+ if (user->mls_level &&
+ (sepol_user_set_mlslevel(handle, new_user, user->mls_level) < 0))
+ goto err;
+
+ if (user->mls_range &&
+ (sepol_user_set_mlsrange(handle, new_user, user->mls_range) < 0))
+ goto err;
+
+ *user_ptr = new_user;
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not clone selinux user record");
+ sepol_user_free(new_user);
+ return STATUS_ERR;
+}
+
+/* Destroy */
+void sepol_user_free(sepol_user_t * user)
+{
+
+ unsigned int i;
+
+ if (!user)
+ return;
+
+ free(user->name);
+ for (i = 0; i < user->num_roles; i++)
+ free(user->roles[i]);
+ free(user->roles);
+ free(user->mls_level);
+ free(user->mls_range);
+ free(user);
+}
+
+hidden_def(sepol_user_free)
diff --git a/libsepol/src/users.c b/libsepol/src/users.c
new file mode 100644
index 0000000..903fc62
--- /dev/null
+++ b/libsepol/src/users.c
@@ -0,0 +1,383 @@
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+
+#include "private.h"
+#include "debug.h"
+#include "handle.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/hashtab.h>
+#include <sepol/policydb/expand.h>
+#include "user_internal.h"
+#include "mls.h"
+
+static int user_to_record(sepol_handle_t * handle,
+ const policydb_t * policydb,
+ int user_idx, sepol_user_t ** record)
+{
+
+ const char *name = policydb->p_user_val_to_name[user_idx];
+ user_datum_t *usrdatum = policydb->user_val_to_struct[user_idx];
+ ebitmap_t *roles = &(usrdatum->roles.roles);
+ ebitmap_node_t *rnode;
+ unsigned bit;
+
+ sepol_user_t *tmp_record = NULL;
+
+ if (sepol_user_create(handle, &tmp_record) < 0)
+ goto err;
+
+ if (sepol_user_set_name(handle, tmp_record, name) < 0)
+ goto err;
+
+ /* Extract roles */
+ ebitmap_for_each_bit(roles, rnode, bit) {
+ if (ebitmap_node_get_bit(rnode, bit)) {
+ char *role = policydb->p_role_val_to_name[bit];
+ if (sepol_user_add_role(handle, tmp_record, role) < 0)
+ goto err;
+ }
+ }
+
+ /* Extract MLS info */
+ if (policydb->mls) {
+ context_struct_t context;
+ char *str;
+
+ context_init(&context);
+ if (mls_level_cpy(&context.range.level[0],
+ &usrdatum->exp_dfltlevel) < 0) {
+ ERR(handle, "could not copy MLS level");
+ context_destroy(&context);
+ goto err;
+ }
+ if (mls_level_cpy(&context.range.level[1],
+ &usrdatum->exp_dfltlevel) < 0) {
+ ERR(handle, "could not copy MLS level");
+ context_destroy(&context);
+ goto err;
+ }
+ if (mls_to_string(handle, policydb, &context, &str) < 0) {
+ context_destroy(&context);
+ goto err;
+ }
+ context_destroy(&context);
+
+ if (sepol_user_set_mlslevel(handle, tmp_record, str) < 0) {
+ free(str);
+ goto err;
+ }
+ free(str);
+
+ context_init(&context);
+ if (mls_range_cpy(&context.range, &usrdatum->exp_range) < 0) {
+ ERR(handle, "could not copy MLS range");
+ context_destroy(&context);
+ goto err;
+ }
+ if (mls_to_string(handle, policydb, &context, &str) < 0) {
+ context_destroy(&context);
+ goto err;
+ }
+ context_destroy(&context);
+
+ if (sepol_user_set_mlsrange(handle, tmp_record, str) < 0) {
+ free(str);
+ goto err;
+ }
+ free(str);
+ }
+
+ *record = tmp_record;
+ return STATUS_SUCCESS;
+
+ err:
+ /* FIXME: handle error */
+ sepol_user_free(tmp_record);
+ return STATUS_ERR;
+}
+
+int sepol_user_modify(sepol_handle_t * handle,
+ sepol_policydb_t * p,
+ const sepol_user_key_t * key, const sepol_user_t * user)
+{
+
+ policydb_t *policydb = &p->p;
+
+ /* For user data */
+ const char *cname, *cmls_level, *cmls_range;
+ char *name = NULL;
+
+ const char **roles = NULL;
+ unsigned int num_roles = 0;
+
+ /* Low-level representation */
+ user_datum_t *usrdatum = NULL;
+ role_datum_t *roldatum;
+ unsigned int i;
+
+ context_struct_t context;
+ unsigned bit;
+ int new = 0;
+
+ ebitmap_node_t *rnode;
+
+ /* First, extract all the data */
+ sepol_user_key_unpack(key, &cname);
+
+ cmls_level = sepol_user_get_mlslevel(user);
+ cmls_range = sepol_user_get_mlsrange(user);
+
+ /* Make sure that worked properly */
+ if (sepol_user_get_roles(handle, user, &roles, &num_roles) < 0)
+ goto err;
+
+ /* Now, see if a user exists */
+ usrdatum = hashtab_search(policydb->p_users.table,
+ (const hashtab_key_t)cname);
+
+ /* If it does, we will modify it */
+ if (usrdatum) {
+
+ int value_cp = usrdatum->s.value;
+ user_datum_destroy(usrdatum);
+ user_datum_init(usrdatum);
+ usrdatum->s.value = value_cp;
+
+ /* Otherwise, create a new one */
+ } else {
+ usrdatum = (user_datum_t *) malloc(sizeof(user_datum_t));
+ if (!usrdatum)
+ goto omem;
+ user_datum_init(usrdatum);
+ new = 1;
+ }
+
+ /* For every role */
+ for (i = 0; i < num_roles; i++) {
+
+ /* Search for the role */
+ roldatum = hashtab_search(policydb->p_roles.table,
+ (const hashtab_key_t)roles[i]);
+ if (!roldatum) {
+ ERR(handle, "undefined role %s for user %s",
+ roles[i], cname);
+ goto err;
+ }
+
+ /* Set the role and every role it dominates */
+ ebitmap_for_each_bit(&roldatum->dominates, rnode, bit) {
+ if (ebitmap_node_get_bit(rnode, bit)) {
+ if (ebitmap_set_bit
+ (&(usrdatum->roles.roles), bit, 1))
+ goto omem;
+ }
+ }
+ }
+
+ /* For MLS systems */
+ if (policydb->mls) {
+
+ /* MLS level */
+ if (cmls_level == NULL) {
+ ERR(handle, "MLS is enabled, but no MLS "
+ "default level was defined for user %s", cname);
+ goto err;
+ }
+
+ context_init(&context);
+ if (mls_from_string(handle, policydb, cmls_level, &context) < 0) {
+ context_destroy(&context);
+ goto err;
+ }
+ if (mls_level_cpy(&usrdatum->exp_dfltlevel,
+ &context.range.level[0]) < 0) {
+ ERR(handle, "could not copy MLS level %s", cmls_level);
+ context_destroy(&context);
+ goto err;
+ }
+ context_destroy(&context);
+
+ /* MLS range */
+ if (cmls_range == NULL) {
+ ERR(handle, "MLS is enabled, but no MLS"
+ "range was defined for user %s", cname);
+ goto err;
+ }
+
+ context_init(&context);
+ if (mls_from_string(handle, policydb, cmls_range, &context) < 0) {
+ context_destroy(&context);
+ goto err;
+ }
+ if (mls_range_cpy(&usrdatum->exp_range, &context.range) < 0) {
+ ERR(handle, "could not copy MLS range %s", cmls_range);
+ context_destroy(&context);
+ goto err;
+ }
+ context_destroy(&context);
+ } else if (cmls_level != NULL || cmls_range != NULL) {
+ ERR(handle, "MLS is disabled, but MLS level/range "
+ "was found for user %s", cname);
+ goto err;
+ }
+
+ /* If there are no errors, and this is a new user, add the user to policy */
+ if (new) {
+ void *tmp_ptr;
+
+ /* Ensure reverse lookup array has enough space */
+ tmp_ptr = realloc(policydb->user_val_to_struct,
+ (policydb->p_users.nprim +
+ 1) * sizeof(user_datum_t *));
+ if (!tmp_ptr)
+ goto omem;
+ policydb->user_val_to_struct = tmp_ptr;
+
+ tmp_ptr = realloc(policydb->sym_val_to_name[SYM_USERS],
+ (policydb->p_users.nprim +
+ 1) * sizeof(char *));
+ if (!tmp_ptr)
+ goto omem;
+ policydb->sym_val_to_name[SYM_USERS] = tmp_ptr;
+
+ /* Need to copy the user name */
+ name = strdup(cname);
+ if (!name)
+ goto omem;
+
+ /* Store user */
+ usrdatum->s.value = ++policydb->p_users.nprim;
+ if (hashtab_insert(policydb->p_users.table, name,
+ (hashtab_datum_t) usrdatum) < 0)
+ goto omem;
+
+ /* Set up reverse entry */
+ policydb->p_user_val_to_name[usrdatum->s.value - 1] = name;
+ policydb->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
+ name = NULL;
+
+ /* Expand roles */
+ if (role_set_expand
+ (&usrdatum->roles, &usrdatum->cache, policydb, NULL)) {
+ ERR(handle, "unable to expand role set");
+ goto err;
+ }
+ }
+
+ free(roles);
+ return STATUS_SUCCESS;
+
+ omem:
+ ERR(handle, "out of memory");
+
+ err:
+ ERR(handle, "could not load %s into policy", name);
+
+ free(name);
+ free(roles);
+ if (new && usrdatum) {
+ role_set_destroy(&usrdatum->roles);
+ free(usrdatum);
+ }
+ return STATUS_ERR;
+}
+
+int sepol_user_exists(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_user_key_t * key, int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+
+ const char *cname;
+ sepol_user_key_unpack(key, &cname);
+
+ *response = (hashtab_search(policydb->p_users.table,
+ (const hashtab_key_t)cname) != NULL);
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int sepol_user_count(sepol_handle_t * handle,
+ const sepol_policydb_t * p, unsigned int *response)
+{
+
+ const policydb_t *policydb = &p->p;
+ *response = policydb->p_users.nprim;
+
+ handle = NULL;
+ return STATUS_SUCCESS;
+}
+
+int sepol_user_query(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ const sepol_user_key_t * key, sepol_user_t ** response)
+{
+
+ const policydb_t *policydb = &p->p;
+ user_datum_t *usrdatum = NULL;
+
+ const char *cname;
+ sepol_user_key_unpack(key, &cname);
+
+ usrdatum = hashtab_search(policydb->p_users.table,
+ (const hashtab_key_t)cname);
+
+ if (!usrdatum) {
+ *response = NULL;
+ return STATUS_SUCCESS;
+ }
+
+ if (user_to_record(handle, policydb, usrdatum->s.value - 1, response) <
+ 0)
+ goto err;
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not query user %s", cname);
+ return STATUS_ERR;
+}
+
+int sepol_user_iterate(sepol_handle_t * handle,
+ const sepol_policydb_t * p,
+ int (*fn) (const sepol_user_t * user,
+ void *fn_arg), void *arg)
+{
+
+ const policydb_t *policydb = &p->p;
+ unsigned int nusers = policydb->p_users.nprim;
+ sepol_user_t *user = NULL;
+ unsigned int i;
+
+ /* For each user */
+ for (i = 0; i < nusers; i++) {
+
+ int status;
+
+ if (user_to_record(handle, policydb, i, &user) < 0)
+ goto err;
+
+ /* Invoke handler */
+ status = fn(user, arg);
+ if (status < 0)
+ goto err;
+
+ sepol_user_free(user);
+ user = NULL;
+
+ /* Handler requested exit */
+ if (status > 0)
+ break;
+ }
+
+ return STATUS_SUCCESS;
+
+ err:
+ ERR(handle, "could not iterate over users");
+ sepol_user_free(user);
+ return STATUS_ERR;
+}
diff --git a/libsepol/src/util.c b/libsepol/src/util.c
new file mode 100644
index 0000000..a824e61
--- /dev/null
+++ b/libsepol/src/util.c
@@ -0,0 +1,116 @@
+/* Authors: Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2005-2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sepol/policydb/flask_types.h>
+#include <sepol/policydb/policydb.h>
+
+struct val_to_name {
+ unsigned int val;
+ char *name;
+};
+
+/* Add an unsigned integer to a dynamically reallocated array. *cnt
+ * is a reference pointer to the number of values already within array
+ * *a; it will be incremented upon successfully appending i. If *a is
+ * NULL then this function will create a new array (*cnt is reset to
+ * 0). Return 0 on success, -1 on out of memory. */
+int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a)
+{
+ if (cnt == NULL || a == NULL)
+ return -1;
+
+ /* FIX ME: This is not very elegant! We use an array that we
+ * grow as new uint32_t are added to an array. But rather
+ * than be smart about it, for now we realloc() the array each
+ * time a new uint32_t is added! */
+ if (*a != NULL)
+ *a = (uint32_t *) realloc(*a, (*cnt + 1) * sizeof(uint32_t));
+ else { /* empty list */
+
+ *cnt = 0;
+ *a = (uint32_t *) malloc(sizeof(uint32_t));
+ }
+ if (*a == NULL) {
+ return -1;
+ }
+ (*a)[*cnt] = i;
+ (*cnt)++;
+ return 0;
+}
+
+static int perm_name(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ struct val_to_name *v = data;
+ perm_datum_t *perdatum;
+
+ perdatum = (perm_datum_t *) datum;
+
+ if (v->val == perdatum->s.value) {
+ v->name = key;
+ return 1;
+ }
+
+ return 0;
+}
+
+char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
+ sepol_access_vector_t av)
+{
+ struct val_to_name v;
+ static char avbuf[1024];
+ class_datum_t *cladatum;
+ char *perm = NULL, *p;
+ unsigned int i;
+ int rc;
+ int avlen = 0, len;
+
+ cladatum = policydbp->class_val_to_struct[tclass - 1];
+ p = avbuf;
+ for (i = 0; i < cladatum->permissions.nprim; i++) {
+ if (av & (1 << i)) {
+ v.val = i + 1;
+ rc = hashtab_map(cladatum->permissions.table,
+ perm_name, &v);
+ if (!rc && cladatum->comdatum) {
+ rc = hashtab_map(cladatum->comdatum->
+ permissions.table, perm_name,
+ &v);
+ }
+ if (rc)
+ perm = v.name;
+ if (perm) {
+ len =
+ snprintf(p, sizeof(avbuf) - avlen, " %s",
+ perm);
+ if (len < 0
+ || (size_t) len >= (sizeof(avbuf) - avlen))
+ return NULL;
+ p += len;
+ avlen += len;
+ }
+ }
+ }
+
+ return avbuf;
+}
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
new file mode 100644
index 0000000..0e6acc8
--- /dev/null
+++ b/libsepol/src/write.c
@@ -0,0 +1,1709 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Added conditional policy language extensions
+ *
+ * Updated: Joshua Brindle <jbrindle@tresys.com> and Jason Tang <jtang@tresys.org>
+ *
+ * Module writing support
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2003-2005 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <assert.h>
+#include <stdlib.h>
+
+#include <sepol/policydb/ebitmap.h>
+#include <sepol/policydb/avtab.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/flask.h>
+
+#include "debug.h"
+#include "private.h"
+#include "mls.h"
+
+struct policy_data {
+ struct policy_file *fp;
+ struct policydb *p;
+};
+
+static int avrule_write_list(avrule_t * avrules, struct policy_file *fp);
+
+static int ebitmap_write(ebitmap_t * e, struct policy_file *fp)
+{
+ ebitmap_node_t *n;
+ uint32_t buf[32], bit, count;
+ uint64_t map;
+ size_t items;
+
+ buf[0] = cpu_to_le32(MAPSIZE);
+ buf[1] = cpu_to_le32(e->highbit);
+
+ count = 0;
+ for (n = e->node; n; n = n->next)
+ count++;
+ buf[2] = cpu_to_le32(count);
+
+ items = put_entry(buf, sizeof(uint32_t), 3, fp);
+ if (items != 3)
+ return POLICYDB_ERROR;
+
+ for (n = e->node; n; n = n->next) {
+ bit = cpu_to_le32(n->startbit);
+ items = put_entry(&bit, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ map = cpu_to_le64(n->map);
+ items = put_entry(&map, sizeof(uint64_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+/* Ordering of datums in the original avtab format in the policy file. */
+static uint16_t spec_order[] = {
+ AVTAB_ALLOWED,
+ AVTAB_AUDITDENY,
+ AVTAB_AUDITALLOW,
+ AVTAB_TRANSITION,
+ AVTAB_CHANGE,
+ AVTAB_MEMBER
+};
+
+static int avtab_write_item(policydb_t * p,
+ avtab_ptr_t cur, struct policy_file *fp,
+ unsigned merge, unsigned commit, uint32_t * nel)
+{
+ avtab_ptr_t node;
+ uint16_t buf16[4];
+ uint32_t buf32[10], lookup, val;
+ size_t items, items2;
+ unsigned set;
+ unsigned int oldvers = (p->policy_type == POLICY_KERN
+ && p->policyvers < POLICYDB_VERSION_AVTAB);
+ unsigned int i;
+
+ if (oldvers) {
+ /* Generate the old avtab format.
+ Requires merging similar entries if uncond avtab. */
+ if (merge) {
+ if (cur->merged)
+ return POLICYDB_SUCCESS; /* already merged by prior merge */
+ }
+
+ items = 1; /* item 0 is used for the item count */
+ val = cur->key.source_type;
+ buf32[items++] = cpu_to_le32(val);
+ val = cur->key.target_type;
+ buf32[items++] = cpu_to_le32(val);
+ val = cur->key.target_class;
+ buf32[items++] = cpu_to_le32(val);
+
+ val = cur->key.specified & ~AVTAB_ENABLED;
+ if (cur->key.specified & AVTAB_ENABLED)
+ val |= AVTAB_ENABLED_OLD;
+ set = 1;
+
+ if (merge) {
+ /* Merge specifier values for all similar (av or type)
+ entries that have the same key. */
+ if (val & AVTAB_AV)
+ lookup = AVTAB_AV;
+ else if (val & AVTAB_TYPE)
+ lookup = AVTAB_TYPE;
+ else
+ return POLICYDB_ERROR;
+ for (node = avtab_search_node_next(cur, lookup);
+ node;
+ node = avtab_search_node_next(node, lookup)) {
+ val |= (node->key.specified & ~AVTAB_ENABLED);
+ set++;
+ if (node->key.specified & AVTAB_ENABLED)
+ val |= AVTAB_ENABLED_OLD;
+ }
+ }
+
+ if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
+ ERR(fp->handle, "null entry");
+ return POLICYDB_ERROR;
+ }
+ if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) {
+ ERR(fp->handle, "entry has both access "
+ "vectors and types");
+ return POLICYDB_ERROR;
+ }
+
+ buf32[items++] = cpu_to_le32(val);
+
+ if (merge) {
+ /* Include datums for all similar (av or type)
+ entries that have the same key. */
+ for (i = 0;
+ i < (sizeof(spec_order) / sizeof(spec_order[0]));
+ i++) {
+ if (val & spec_order[i]) {
+ if (cur->key.specified & spec_order[i])
+ node = cur;
+ else {
+ node =
+ avtab_search_node_next(cur,
+ spec_order
+ [i]);
+ if (nel)
+ (*nel)--; /* one less node */
+ }
+
+ if (!node) {
+ ERR(fp->handle, "missing node");
+ return POLICYDB_ERROR;
+ }
+ buf32[items++] =
+ cpu_to_le32(node->datum.data);
+ set--;
+ node->merged = 1;
+ }
+ }
+ } else {
+ buf32[items++] = cpu_to_le32(cur->datum.data);
+ cur->merged = 1;
+ set--;
+ }
+
+ if (set) {
+ ERR(fp->handle, "data count wrong");
+ return POLICYDB_ERROR;
+ }
+
+ buf32[0] = cpu_to_le32(items - 1);
+
+ if (commit) {
+ /* Commit this item to the policy file. */
+ items2 = put_entry(buf32, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+ }
+
+ /* Generate the new avtab format. */
+ buf16[0] = cpu_to_le16(cur->key.source_type);
+ buf16[1] = cpu_to_le16(cur->key.target_type);
+ buf16[2] = cpu_to_le16(cur->key.target_class);
+ buf16[3] = cpu_to_le16(cur->key.specified);
+ items = put_entry(buf16, sizeof(uint16_t), 4, fp);
+ if (items != 4)
+ return POLICYDB_ERROR;
+ buf32[0] = cpu_to_le32(cur->datum.data);
+ items = put_entry(buf32, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ return POLICYDB_SUCCESS;
+}
+
+static inline void avtab_reset_merged(avtab_t * a)
+{
+ unsigned int i;
+ avtab_ptr_t cur;
+ for (i = 0; i < a->nslot; i++) {
+ for (cur = a->htable[i]; cur; cur = cur->next)
+ cur->merged = 0;
+ }
+}
+
+static int avtab_write(struct policydb *p, avtab_t * a, struct policy_file *fp)
+{
+ unsigned int i;
+ int rc;
+ avtab_t expa;
+ avtab_ptr_t cur;
+ uint32_t nel;
+ size_t items;
+ unsigned int oldvers = (p->policy_type == POLICY_KERN
+ && p->policyvers < POLICYDB_VERSION_AVTAB);
+
+ if (oldvers) {
+ /* Old avtab format.
+ First, we need to expand attributes. Then, we need to
+ merge similar entries, so we need to track merged nodes
+ and compute the final nel. */
+ if (avtab_init(&expa))
+ return POLICYDB_ERROR;
+ if (expand_avtab(p, a, &expa)) {
+ rc = -1;
+ goto out;
+ }
+ a = &expa;
+ avtab_reset_merged(a);
+ nel = a->nel;
+ } else {
+ /* New avtab format. nel is good to go. */
+ nel = cpu_to_le32(a->nel);
+ items = put_entry(&nel, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+
+ for (i = 0; i < a->nslot; i++) {
+ for (cur = a->htable[i]; cur; cur = cur->next) {
+ /* If old format, compute final nel.
+ If new format, write out the items. */
+ if (avtab_write_item(p, cur, fp, 1, !oldvers, &nel)) {
+ rc = -1;
+ goto out;
+ }
+ }
+ }
+
+ if (oldvers) {
+ /* Old avtab format.
+ Write the computed nel value, then write the items. */
+ nel = cpu_to_le32(nel);
+ items = put_entry(&nel, sizeof(uint32_t), 1, fp);
+ if (items != 1) {
+ rc = -1;
+ goto out;
+ }
+ avtab_reset_merged(a);
+ for (i = 0; i < a->nslot; i++) {
+ for (cur = a->htable[i]; cur; cur = cur->next) {
+ if (avtab_write_item(p, cur, fp, 1, 1, NULL)) {
+ rc = -1;
+ goto out;
+ }
+ }
+ }
+ }
+
+ rc = 0;
+ out:
+ if (oldvers)
+ avtab_destroy(&expa);
+ return rc;
+}
+
+/*
+ * Write a semantic MLS level structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_semantic_level_helper(mls_semantic_level_t * l,
+ struct policy_file *fp)
+{
+ uint32_t buf[2], ncat = 0;
+ size_t items;
+ mls_semantic_cat_t *cat;
+
+ for (cat = l->cat; cat; cat = cat->next)
+ ncat++;
+
+ buf[0] = cpu_to_le32(l->sens);
+ buf[1] = cpu_to_le32(ncat);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+
+ for (cat = l->cat; cat; cat = cat->next) {
+ buf[0] = cpu_to_le32(cat->low);
+ buf[1] = cpu_to_le32(cat->high);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * Read a semantic MLS range structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_semantic_range_helper(mls_semantic_range_t * r,
+ struct policy_file *fp)
+{
+ int rc;
+
+ rc = mls_write_semantic_level_helper(&r->level[0], fp);
+ if (rc)
+ return rc;
+
+ rc = mls_write_semantic_level_helper(&r->level[1], fp);
+
+ return rc;
+}
+
+/*
+ * Write a MLS level structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_level(mls_level_t * l, struct policy_file *fp)
+{
+ uint32_t sens;
+ size_t items;
+
+ sens = cpu_to_le32(l->sens);
+ items = put_entry(&sens, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ if (ebitmap_write(&l->cat, fp))
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * Write a MLS range structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_range_helper(mls_range_t * r, struct policy_file *fp)
+{
+ uint32_t buf[3];
+ size_t items, items2;
+ int eq;
+
+ eq = mls_level_eq(&r->level[1], &r->level[0]);
+
+ items = 1; /* item 0 is used for the item count */
+ buf[items++] = cpu_to_le32(r->level[0].sens);
+ if (!eq)
+ buf[items++] = cpu_to_le32(r->level[1].sens);
+ buf[0] = cpu_to_le32(items - 1);
+
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+
+ if (ebitmap_write(&r->level[0].cat, fp))
+ return POLICYDB_ERROR;
+ if (!eq)
+ if (ebitmap_write(&r->level[1].cat, fp))
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int sens_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ level_datum_t *levdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+
+ levdatum = (level_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(levdatum->isalias);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ if (mls_write_level(levdatum->level, fp))
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int cat_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ cat_datum_t *catdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+
+ catdatum = (cat_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(catdatum->s.value);
+ buf[items++] = cpu_to_le32(catdatum->isalias);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int role_trans_write(role_trans_t * r, struct policy_file *fp)
+{
+ role_trans_t *tr;
+ uint32_t buf[3];
+ size_t nel, items;
+
+ nel = 0;
+ for (tr = r; tr; tr = tr->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (tr = r; tr; tr = tr->next) {
+ buf[0] = cpu_to_le32(tr->role);
+ buf[1] = cpu_to_le32(tr->type);
+ buf[2] = cpu_to_le32(tr->new_role);
+ items = put_entry(buf, sizeof(uint32_t), 3, fp);
+ if (items != 3)
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int role_allow_write(role_allow_t * r, struct policy_file *fp)
+{
+ role_allow_t *ra;
+ uint32_t buf[2];
+ size_t nel, items;
+
+ nel = 0;
+ for (ra = r; ra; ra = ra->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (ra = r; ra; ra = ra->next) {
+ buf[0] = cpu_to_le32(ra->role);
+ buf[1] = cpu_to_le32(ra->new_role);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int role_set_write(role_set_t * x, struct policy_file *fp)
+{
+ size_t items;
+ uint32_t buf[1];
+
+ if (ebitmap_write(&x->roles, fp))
+ return POLICYDB_ERROR;
+
+ buf[0] = cpu_to_le32(x->flags);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int type_set_write(type_set_t * x, struct policy_file *fp)
+{
+ size_t items;
+ uint32_t buf[1];
+
+ if (ebitmap_write(&x->types, fp))
+ return POLICYDB_ERROR;
+ if (ebitmap_write(&x->negset, fp))
+ return POLICYDB_ERROR;
+
+ buf[0] = cpu_to_le32(x->flags);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int cond_write_bool(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ cond_bool_datum_t *booldatum;
+ uint32_t buf[3], len;
+ unsigned int items, items2;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+
+ booldatum = (cond_bool_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(booldatum->s.value);
+ buf[items++] = cpu_to_le32(booldatum->state);
+ buf[items++] = cpu_to_le32(len);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * cond_write_cond_av_list doesn't write out the av_list nodes.
+ * Instead it writes out the key/value pairs from the avtab. This
+ * is necessary because there is no way to uniquely identifying rules
+ * in the avtab so it is not possible to associate individual rules
+ * in the avtab with a conditional without saving them as part of
+ * the conditional. This means that the avtab with the conditional
+ * rules will not be saved but will be rebuilt on policy load.
+ */
+static int cond_write_av_list(policydb_t * p,
+ cond_av_list_t * list, struct policy_file *fp)
+{
+ uint32_t buf[4];
+ cond_av_list_t *cur_list, *new_list = NULL;
+ avtab_t expa;
+ uint32_t len, items;
+ unsigned int oldvers = (p->policy_type == POLICY_KERN
+ && p->policyvers < POLICYDB_VERSION_AVTAB);
+ int rc = -1;
+
+ if (oldvers) {
+ if (avtab_init(&expa))
+ return POLICYDB_ERROR;
+ if (expand_cond_av_list(p, list, &new_list, &expa))
+ goto out;
+ list = new_list;
+ }
+
+ len = 0;
+ for (cur_list = list; cur_list != NULL; cur_list = cur_list->next) {
+ if (cur_list->node->parse_context)
+ len++;
+ }
+
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ goto out;
+
+ if (len == 0) {
+ rc = 0;
+ goto out;
+ }
+
+ for (cur_list = list; cur_list != NULL; cur_list = cur_list->next) {
+ if (cur_list->node->parse_context)
+ if (avtab_write_item(p, cur_list->node, fp, 0, 1, NULL))
+ goto out;
+ }
+
+ rc = 0;
+ out:
+ if (oldvers) {
+ cond_av_list_destroy(new_list);
+ avtab_destroy(&expa);
+ }
+
+ return rc;
+}
+
+static int cond_write_node(policydb_t * p,
+ cond_node_t * node, struct policy_file *fp)
+{
+ cond_expr_t *cur_expr;
+ uint32_t buf[2];
+ uint32_t items, items2, len;
+
+ buf[0] = cpu_to_le32(node->cur_state);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ /* expr */
+ len = 0;
+ for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next)
+ len++;
+
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
+ items = 0;
+ buf[items++] = cpu_to_le32(cur_expr->expr_type);
+ buf[items++] = cpu_to_le32(cur_expr->bool);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+ }
+
+ if (p->policy_type == POLICY_KERN) {
+ if (cond_write_av_list(p, node->true_list, fp) != 0)
+ return POLICYDB_ERROR;
+ if (cond_write_av_list(p, node->false_list, fp) != 0)
+ return POLICYDB_ERROR;
+ } else {
+ if (avrule_write_list(node->avtrue_list, fp))
+ return POLICYDB_ERROR;
+ if (avrule_write_list(node->avfalse_list, fp))
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int cond_write_list(policydb_t * p, cond_list_t * list,
+ struct policy_file *fp)
+{
+ cond_node_t *cur;
+ uint32_t len, items;
+ uint32_t buf[1];
+
+ len = 0;
+ for (cur = list; cur != NULL; cur = cur->next)
+ len++;
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+
+ for (cur = list; cur != NULL; cur = cur->next) {
+ if (cond_write_node(p, cur, fp) != 0)
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * Write a security context structure
+ * to a policydb binary representation file.
+ */
+static int context_write(struct policydb *p, context_struct_t * c,
+ struct policy_file *fp)
+{
+ uint32_t buf[32];
+ size_t items, items2;
+
+ items = 0;
+ buf[items++] = cpu_to_le32(c->user);
+ buf[items++] = cpu_to_le32(c->role);
+ buf[items++] = cpu_to_le32(c->type);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+ if ((p->policyvers >= POLICYDB_VERSION_MLS
+ && p->policy_type == POLICY_KERN)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policy_type == POLICY_BASE))
+ if (mls_write_range_helper(&c->range, fp))
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * The following *_write functions are used to
+ * write the symbol data to a policy database
+ * binary representation file.
+ */
+
+static int perm_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ perm_datum_t *perdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+
+ perdatum = (perm_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(perdatum->s.value);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int common_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ common_datum_t *comdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+
+ comdatum = (common_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(comdatum->s.value);
+ buf[items++] = cpu_to_le32(comdatum->permissions.nprim);
+ buf[items++] = cpu_to_le32(comdatum->permissions.table->nel);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ if (hashtab_map(comdatum->permissions.table, perm_write, pd))
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int write_cons_helper(policydb_t * p,
+ constraint_node_t * node, int allowxtarget,
+ struct policy_file *fp)
+{
+ constraint_node_t *c;
+ constraint_expr_t *e;
+ uint32_t buf[3], nexpr;
+ int items;
+
+ for (c = node; c; c = c->next) {
+ nexpr = 0;
+ for (e = c->expr; e; e = e->next) {
+ nexpr++;
+ }
+ buf[0] = cpu_to_le32(c->permissions);
+ buf[1] = cpu_to_le32(nexpr);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ for (e = c->expr; e; e = e->next) {
+ items = 0;
+ buf[0] = cpu_to_le32(e->expr_type);
+ buf[1] = cpu_to_le32(e->attr);
+ buf[2] = cpu_to_le32(e->op);
+ items = put_entry(buf, sizeof(uint32_t), 3, fp);
+ if (items != 3)
+ return POLICYDB_ERROR;
+
+ switch (e->expr_type) {
+ case CEXPR_NAMES:
+ if (!allowxtarget && (e->attr & CEXPR_XTARGET))
+ return POLICYDB_ERROR;
+ if (ebitmap_write(&e->names, fp)) {
+ return POLICYDB_ERROR;
+ }
+ if (p->policy_type != POLICY_KERN &&
+ type_set_write(e->type_names, fp)) {
+ return POLICYDB_ERROR;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ class_datum_t *cladatum;
+ constraint_node_t *c;
+ uint32_t buf[32], ncons;
+ size_t items, items2, len, len2;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+ struct policydb *p = pd->p;
+
+ cladatum = (class_datum_t *) datum;
+
+ len = strlen(key);
+ if (cladatum->comkey)
+ len2 = strlen(cladatum->comkey);
+ else
+ len2 = 0;
+
+ ncons = 0;
+ for (c = cladatum->constraints; c; c = c->next) {
+ ncons++;
+ }
+
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(len2);
+ buf[items++] = cpu_to_le32(cladatum->s.value);
+ buf[items++] = cpu_to_le32(cladatum->permissions.nprim);
+ if (cladatum->permissions.table)
+ buf[items++] = cpu_to_le32(cladatum->permissions.table->nel);
+ else
+ buf[items++] = 0;
+ buf[items++] = cpu_to_le32(ncons);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ if (cladatum->comkey) {
+ items = put_entry(cladatum->comkey, 1, len2, fp);
+ if (items != len2)
+ return POLICYDB_ERROR;
+ }
+ if (hashtab_map(cladatum->permissions.table, perm_write, pd))
+ return POLICYDB_ERROR;
+
+ if (write_cons_helper(p, cladatum->constraints, 0, fp))
+ return POLICYDB_ERROR;
+
+ if ((p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
+ /* write out the validatetrans rule */
+ ncons = 0;
+ for (c = cladatum->validatetrans; c; c = c->next) {
+ ncons++;
+ }
+ buf[0] = cpu_to_le32(ncons);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ if (write_cons_helper(p, cladatum->validatetrans, 1, fp))
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ role_datum_t *role;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+ struct policydb *p = pd->p;
+
+ role = (role_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(role->s.value);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ if (ebitmap_write(&role->dominates, fp))
+ return POLICYDB_ERROR;
+ if (p->policy_type == POLICY_KERN) {
+ if (ebitmap_write(&role->types.types, fp))
+ return POLICYDB_ERROR;
+ } else {
+ if (type_set_write(&role->types, fp))
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int type_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ type_datum_t *typdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+ struct policydb *p = pd->p;
+
+ typdatum = (type_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(typdatum->s.value);
+ buf[items++] = cpu_to_le32(typdatum->primary);
+ if (p->policy_type != POLICY_KERN) {
+ buf[items++] = cpu_to_le32(typdatum->flavor);
+ if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ buf[items++] = cpu_to_le32(typdatum->flags);
+ else if (typdatum->flags & TYPE_FLAGS_PERMISSIVE)
+ WARN(fp->handle, "Warning! Module policy version %d cannnot "
+ "support permissive types, but one was defined",
+ p->policyvers);
+ }
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ if (p->policy_type != POLICY_KERN) {
+ if (ebitmap_write(&typdatum->types, fp))
+ return POLICYDB_ERROR;
+ }
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ return POLICYDB_SUCCESS;
+}
+
+static int user_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ user_datum_t *usrdatum;
+ uint32_t buf[32];
+ size_t items, items2, len;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+ struct policydb *p = pd->p;
+
+ usrdatum = (user_datum_t *) datum;
+
+ len = strlen(key);
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ buf[items++] = cpu_to_le32(usrdatum->s.value);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ items = put_entry(key, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ if (p->policy_type == POLICY_KERN) {
+ if (ebitmap_write(&usrdatum->roles.roles, fp))
+ return POLICYDB_ERROR;
+ } else {
+ if (role_set_write(&usrdatum->roles, fp))
+ return POLICYDB_ERROR;
+ }
+
+ if ((p->policyvers >= POLICYDB_VERSION_MLS
+ && p->policy_type == POLICY_KERN)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_MOD)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_BASE)) {
+ if (mls_write_range_helper(&usrdatum->exp_range, fp))
+ return POLICYDB_ERROR;
+ if (mls_write_level(&usrdatum->exp_dfltlevel, fp))
+ return POLICYDB_ERROR;
+ } else if ((p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_MOD)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_BASE)) {
+ if (mls_write_semantic_range_helper(&usrdatum->range, fp))
+ return -1;
+ if (mls_write_semantic_level_helper(&usrdatum->dfltlevel, fp))
+ return -1;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
+ void *datap) = {
+common_write, class_write, role_write, type_write, user_write,
+ cond_write_bool, sens_write, cat_write,};
+
+static int ocontext_write(struct policydb_compat_info *info, policydb_t * p,
+ struct policy_file *fp)
+{
+ unsigned int i, j;
+ size_t nel, items, len;
+ uint32_t buf[32];
+ ocontext_t *c;
+ for (i = 0; i < info->ocon_num; i++) {
+ nel = 0;
+ for (c = p->ocontexts[i]; c; c = c->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (c = p->ocontexts[i]; c; c = c->next) {
+ switch (i) {
+ case OCON_ISID:
+ buf[0] = cpu_to_le32(c->sid[0]);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ break;
+ case OCON_FS:
+ case OCON_NETIF:
+ len = strlen(c->u.name);
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ items = put_entry(c->u.name, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[1], fp))
+ return POLICYDB_ERROR;
+ break;
+ case OCON_PORT:
+ buf[0] = c->u.port.protocol;
+ buf[1] = c->u.port.low_port;
+ buf[2] = c->u.port.high_port;
+ for (j = 0; j < 3; j++) {
+ buf[j] = cpu_to_le32(buf[j]);
+ }
+ items = put_entry(buf, sizeof(uint32_t), 3, fp);
+ if (items != 3)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ break;
+ case OCON_NODE:
+ buf[0] = c->u.node.addr; /* network order */
+ buf[1] = c->u.node.mask; /* network order */
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ break;
+ case OCON_FSUSE:
+ buf[0] = cpu_to_le32(c->v.behavior);
+ len = strlen(c->u.name);
+ buf[1] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ items = put_entry(c->u.name, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ break;
+ case OCON_NODE6:
+ for (j = 0; j < 4; j++)
+ buf[j] = c->u.node6.addr[j]; /* network order */
+ for (j = 0; j < 4; j++)
+ buf[j + 4] = c->u.node6.mask[j]; /* network order */
+ items = put_entry(buf, sizeof(uint32_t), 8, fp);
+ if (items != 8)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ break;
+ }
+ }
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int genfs_write(policydb_t * p, struct policy_file *fp)
+{
+ genfs_t *genfs;
+ ocontext_t *c;
+ size_t nel = 0, items, len;
+ uint32_t buf[32];
+
+ for (genfs = p->genfs; genfs; genfs = genfs->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (genfs = p->genfs; genfs; genfs = genfs->next) {
+ len = strlen(genfs->fstype);
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ items = put_entry(genfs->fstype, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ nel = 0;
+ for (c = genfs->head; c; c = c->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (c = genfs->head; c; c = c->next) {
+ len = strlen(c->u.name);
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ items = put_entry(c->u.name, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ buf[0] = cpu_to_le32(c->v.sclass);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ if (context_write(p, &c->context[0], fp))
+ return POLICYDB_ERROR;
+ }
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int range_write(policydb_t * p, struct policy_file *fp)
+{
+ size_t nel, items;
+ struct range_trans *rt;
+ uint32_t buf[2];
+ int new_rangetr = (p->policy_type == POLICY_KERN &&
+ p->policyvers >= POLICYDB_VERSION_RANGETRANS);
+ int warning_issued = 0;
+
+ nel = 0;
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ /* all range_transitions are written for the new format, only
+ process related range_transitions are written for the old
+ format, so count accordingly */
+ if (new_rangetr || rt->target_class == SECCLASS_PROCESS)
+ nel++;
+ }
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ if (!new_rangetr && rt->target_class != SECCLASS_PROCESS) {
+ if (!warning_issued)
+ WARN(fp->handle, "Discarding range_transition "
+ "rules for security classes other than "
+ "\"process\"");
+ warning_issued = 1;
+ continue;
+ }
+ buf[0] = cpu_to_le32(rt->source_type);
+ buf[1] = cpu_to_le32(rt->target_type);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ if (new_rangetr) {
+ buf[0] = cpu_to_le32(rt->target_class);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+ if (mls_write_range_helper(&rt->target_range, fp))
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+/************** module writing functions below **************/
+
+static int avrule_write(avrule_t * avrule, struct policy_file *fp)
+{
+ size_t items, items2;
+ uint32_t buf[32], len;
+ class_perm_node_t *cur;
+
+ items = 0;
+ buf[items++] = cpu_to_le32(avrule->specified);
+ buf[items++] = cpu_to_le32(avrule->flags);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+
+ if (type_set_write(&avrule->stypes, fp))
+ return POLICYDB_ERROR;
+
+ if (type_set_write(&avrule->ttypes, fp))
+ return POLICYDB_ERROR;
+
+ cur = avrule->perms;
+ len = 0;
+ while (cur) {
+ len++;
+ cur = cur->next;
+ }
+ items = 0;
+ buf[items++] = cpu_to_le32(len);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+ cur = avrule->perms;
+ while (cur) {
+ items = 0;
+ buf[items++] = cpu_to_le32(cur->class);
+ buf[items++] = cpu_to_le32(cur->data);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items2 != items)
+ return POLICYDB_ERROR;
+
+ cur = cur->next;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int avrule_write_list(avrule_t * avrules, struct policy_file *fp)
+{
+ uint32_t buf[32], len;
+ avrule_t *avrule;
+
+ avrule = avrules;
+ len = 0;
+ while (avrule) {
+ len++;
+ avrule = avrule->next;
+ }
+
+ buf[0] = cpu_to_le32(len);
+ if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1)
+ return POLICYDB_ERROR;
+
+ avrule = avrules;
+ while (avrule) {
+ avrule_write(avrule, fp);
+ avrule = avrule->next;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+static int role_trans_rule_write(role_trans_rule_t * t, struct policy_file *fp)
+{
+ int nel = 0;
+ size_t items;
+ uint32_t buf[1];
+ role_trans_rule_t *tr;
+
+ for (tr = t; tr; tr = tr->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (tr = t; tr; tr = tr->next) {
+ if (role_set_write(&tr->roles, fp))
+ return POLICYDB_ERROR;
+ if (type_set_write(&tr->types, fp))
+ return POLICYDB_ERROR;
+ buf[0] = cpu_to_le32(tr->new_role);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
+{
+ int nel = 0;
+ size_t items;
+ uint32_t buf[1];
+ role_allow_rule_t *ra;
+
+ for (ra = r; ra; ra = ra->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (ra = r; ra; ra = ra->next) {
+ if (role_set_write(&ra->roles, fp))
+ return POLICYDB_ERROR;
+ if (role_set_write(&ra->new_roles, fp))
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int range_trans_rule_write(range_trans_rule_t * t,
+ struct policy_file *fp)
+{
+ int nel = 0;
+ size_t items;
+ uint32_t buf[1];
+ range_trans_rule_t *rt;
+
+ for (rt = t; rt; rt = rt->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (rt = t; rt; rt = rt->next) {
+ if (type_set_write(&rt->stypes, fp))
+ return POLICYDB_ERROR;
+ if (type_set_write(&rt->ttypes, fp))
+ return POLICYDB_ERROR;
+ if (ebitmap_write(&rt->tclasses, fp))
+ return POLICYDB_ERROR;
+ if (mls_write_semantic_range_helper(&rt->trange, fp))
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int scope_index_write(scope_index_t * scope_index,
+ unsigned int num_scope_syms,
+ struct policy_file *fp)
+{
+ unsigned int i;
+ uint32_t buf[1];
+ for (i = 0; i < num_scope_syms; i++) {
+ if (ebitmap_write(scope_index->scope + i, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+ }
+ buf[0] = cpu_to_le32(scope_index->class_perms_len);
+ if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) {
+ return POLICYDB_ERROR;
+ }
+ for (i = 0; i < scope_index->class_perms_len; i++) {
+ if (ebitmap_write(scope_index->class_perms_map + i, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
+ policydb_t * p, struct policy_file *fp)
+{
+ struct policy_data pd;
+ uint32_t buf[2];
+ int i;
+ buf[0] = cpu_to_le32(decl->decl_id);
+ buf[1] = cpu_to_le32(decl->enabled);
+ if (put_entry(buf, sizeof(uint32_t), 2, fp) != 2) {
+ return POLICYDB_ERROR;
+ }
+ if (cond_write_list(p, decl->cond_list, fp) == -1 ||
+ avrule_write_list(decl->avrules, fp) == -1 ||
+ role_trans_rule_write(decl->role_tr_rules, fp) == -1 ||
+ role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+ if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
+ range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+ if (scope_index_write(&decl->required, num_scope_syms, fp) == -1 ||
+ scope_index_write(&decl->declared, num_scope_syms, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+ pd.fp = fp;
+ pd.p = p;
+ for (i = 0; i < num_scope_syms; i++) {
+ buf[0] = cpu_to_le32(decl->symtab[i].nprim);
+ buf[1] = cpu_to_le32(decl->symtab[i].table->nel);
+ if (put_entry(buf, sizeof(uint32_t), 2, fp) != 2) {
+ return POLICYDB_ERROR;
+ }
+ if (hashtab_map(decl->symtab[i].table, write_f[i], &pd)) {
+ return POLICYDB_ERROR;
+ }
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int avrule_block_write(avrule_block_t * block, int num_scope_syms,
+ policydb_t * p, struct policy_file *fp)
+{
+ /* first write a count of the total number of blocks */
+ uint32_t buf[1], num_blocks = 0;
+ avrule_block_t *cur;
+ for (cur = block; cur != NULL; cur = cur->next) {
+ num_blocks++;
+ }
+ buf[0] = cpu_to_le32(num_blocks);
+ if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) {
+ return POLICYDB_ERROR;
+ }
+
+ /* now write each block */
+ for (cur = block; cur != NULL; cur = cur->next) {
+ uint32_t num_decls = 0;
+ avrule_decl_t *decl;
+ /* write a count of number of branches */
+ for (decl = cur->branch_list; decl != NULL; decl = decl->next) {
+ num_decls++;
+ }
+ buf[0] = cpu_to_le32(num_decls);
+ if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) {
+ return POLICYDB_ERROR;
+ }
+ for (decl = cur->branch_list; decl != NULL; decl = decl->next) {
+ if (avrule_decl_write(decl, num_scope_syms, p, fp) ==
+ -1) {
+ return POLICYDB_ERROR;
+ }
+ }
+ }
+ return POLICYDB_SUCCESS;
+}
+
+static int scope_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+{
+ scope_datum_t *scope = (scope_datum_t *) datum;
+ struct policy_data *pd = ptr;
+ struct policy_file *fp = pd->fp;
+ uint32_t static_buf[32], *dyn_buf = NULL, *buf;
+ size_t key_len = strlen(key);
+ unsigned int items = 2 + scope->decl_ids_len, i;
+
+ if (items >= (sizeof(static_buf) / 4)) {
+ /* too many things required, so dynamically create a
+ * buffer. this would have been easier with C99's
+ * dynamic arrays... */
+ if ((dyn_buf = malloc(items * sizeof(*dyn_buf))) == NULL) {
+ return POLICYDB_ERROR;
+ }
+ buf = dyn_buf;
+ } else {
+ buf = static_buf;
+ }
+ buf[0] = cpu_to_le32(key_len);
+ if (put_entry(buf, sizeof(*buf), 1, fp) != 1 ||
+ put_entry(key, 1, key_len, fp) != key_len) {
+ return POLICYDB_ERROR;
+ }
+ buf[0] = cpu_to_le32(scope->scope);
+ buf[1] = cpu_to_le32(scope->decl_ids_len);
+ for (i = 0; i < scope->decl_ids_len; i++) {
+ buf[2 + i] = cpu_to_le32(scope->decl_ids[i]);
+ }
+ if (put_entry(buf, sizeof(*buf), items, fp) != items) {
+ free(dyn_buf);
+ return POLICYDB_ERROR;
+ }
+ free(dyn_buf);
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * Write the configuration data in a policy database
+ * structure to a policy database binary representation
+ * file.
+ */
+int policydb_write(policydb_t * p, struct policy_file *fp)
+{
+ unsigned int i, num_syms;
+ uint32_t buf[32], config;
+ size_t items, items2, len;
+ struct policydb_compat_info *info;
+ struct policy_data pd;
+ char *policydb_str;
+
+ if (p->unsupported_format)
+ return POLICYDB_UNSUPPORTED;
+
+ pd.fp = fp;
+ pd.p = p;
+
+ config = 0;
+ if (p->mls) {
+ if ((p->policyvers < POLICYDB_VERSION_MLS &&
+ p->policy_type == POLICY_KERN) ||
+ (p->policyvers < MOD_POLICYDB_VERSION_MLS &&
+ p->policy_type == POLICY_BASE) ||
+ (p->policyvers < MOD_POLICYDB_VERSION_MLS &&
+ p->policy_type == POLICY_MOD)) {
+ ERR(fp->handle, "policy version %d cannot support MLS",
+ p->policyvers);
+ return POLICYDB_ERROR;
+ }
+ config |= POLICYDB_CONFIG_MLS;
+ }
+
+ config |= (POLICYDB_CONFIG_UNKNOWN_MASK & p->handle_unknown);
+
+ /* Write the magic number and string identifiers. */
+ items = 0;
+ if (p->policy_type == POLICY_KERN) {
+ buf[items++] = cpu_to_le32(POLICYDB_MAGIC);
+ len = strlen(POLICYDB_STRING);
+ policydb_str = POLICYDB_STRING;
+ } else {
+ buf[items++] = cpu_to_le32(POLICYDB_MOD_MAGIC);
+ len = strlen(POLICYDB_MOD_STRING);
+ policydb_str = POLICYDB_MOD_STRING;
+ }
+ buf[items++] = cpu_to_le32(len);
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+ items = put_entry(policydb_str, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+
+ /* Write the version, config, and table sizes. */
+ items = 0;
+ info = policydb_lookup_compat(p->policyvers, p->policy_type);
+ if (!info) {
+ ERR(fp->handle, "compatibility lookup failed for policy "
+ "version %d", p->policyvers);
+ return POLICYDB_ERROR;
+ }
+
+ if (p->policy_type != POLICY_KERN) {
+ buf[items++] = cpu_to_le32(p->policy_type);
+ }
+ buf[items++] = cpu_to_le32(p->policyvers);
+ buf[items++] = cpu_to_le32(config);
+ buf[items++] = cpu_to_le32(info->sym_num);
+ buf[items++] = cpu_to_le32(info->ocon_num);
+
+ items2 = put_entry(buf, sizeof(uint32_t), items, fp);
+ if (items != items2)
+ return POLICYDB_ERROR;
+
+ if (p->policy_type == POLICY_MOD) {
+ /* Write module name and version */
+ len = strlen(p->name);
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ items = put_entry(p->name, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ len = strlen(p->version);
+ buf[0] = cpu_to_le32(len);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ items = put_entry(p->version, 1, len, fp);
+ if (items != len)
+ return POLICYDB_ERROR;
+ }
+
+ if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_KERN) ||
+ (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_BASE) ||
+ (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
+ p->policy_type == POLICY_MOD)) {
+ if (ebitmap_write(&p->policycaps, fp) == -1)
+ return POLICYDB_ERROR;
+ }
+
+ if (p->policyvers < POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ ebitmap_node_t *tnode;
+
+ ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ WARN(fp->handle, "Warning! Policy version %d cannot "
+ "support permissive types, but some were defined",
+ p->policyvers);
+ break;
+ }
+ }
+ }
+
+ if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ if (ebitmap_write(&p->permissive_map, fp) == -1)
+ return POLICYDB_ERROR;
+ }
+
+ num_syms = info->sym_num;
+ for (i = 0; i < num_syms; i++) {
+ buf[0] = cpu_to_le32(p->symtab[i].nprim);
+ buf[1] = cpu_to_le32(p->symtab[i].table->nel);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ if (hashtab_map(p->symtab[i].table, write_f[i], &pd))
+ return POLICYDB_ERROR;
+ }
+
+ if (p->policy_type == POLICY_KERN) {
+ if (avtab_write(p, &p->te_avtab, fp))
+ return POLICYDB_ERROR;
+ if (p->policyvers < POLICYDB_VERSION_BOOL) {
+ if (p->p_bools.nprim)
+ WARN(fp->handle, "Discarding "
+ "booleans and conditional rules");
+ } else {
+ if (cond_write_list(p, p->cond_list, fp))
+ return POLICYDB_ERROR;
+ }
+ if (role_trans_write(p->role_tr, fp))
+ return POLICYDB_ERROR;
+ if (role_allow_write(p->role_allow, fp))
+ return POLICYDB_ERROR;
+ } else {
+ if (avrule_block_write(p->global, num_syms, p, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+
+ for (i = 0; i < num_syms; i++) {
+ buf[0] = cpu_to_le32(p->scope[i].table->nel);
+ if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) {
+ return POLICYDB_ERROR;
+ }
+ if (hashtab_map(p->scope[i].table, scope_write, &pd))
+ return POLICYDB_ERROR;
+ }
+ }
+
+ if (ocontext_write(info, p, fp) == -1 || genfs_write(p, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
+
+ if ((p->policyvers >= POLICYDB_VERSION_MLS
+ && p->policy_type == POLICY_KERN)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS
+ && p->policy_type == POLICY_BASE)) {
+ if (range_write(p, fp)) {
+ return POLICYDB_ERROR;
+ }
+ }
+
+ if (p->policy_type == POLICY_KERN
+ && p->policyvers >= POLICYDB_VERSION_AVTAB) {
+ for (i = 0; i < p->p_types.nprim; i++) {
+ if (ebitmap_write(&p->type_attr_map[i], fp) == -1)
+ return POLICYDB_ERROR;
+ }
+ }
+
+ return POLICYDB_SUCCESS;
+}
diff --git a/libsepol/tests/Makefile b/libsepol/tests/Makefile
new file mode 100644
index 0000000..dd7bd33
--- /dev/null
+++ b/libsepol/tests/Makefile
@@ -0,0 +1,54 @@
+M4 ?= m4
+MKDIR ?= mkdir
+EXE ?= libsepol-tests
+
+CFLAGS += -g3 -gdwarf-2 -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter -Werror
+
+# Statically link libsepol on the assumption that we are going to
+# be testing internal functions.
+LIBSEPOL := ../src/libsepol.a
+
+# In order to load source policies we need to link in the checkpolicy/checkmodule parser and util code.
+# This is less than ideal, but it makes the tests easier to maintain by allowing source policies
+# to be loaded directly.
+CHECKPOLICY := ../../checkpolicy/
+CPPFLAGS += -I../include/ -I$(CHECKPOLICY)
+
+# test program object files
+objs := $(patsubst %.c,%.o,$(wildcard *.c))
+parserobjs := $(CHECKPOLICY)queue.o $(CHECKPOLICY)y.tab.o \
+ $(CHECKPOLICY)parse_util.o $(CHECKPOLICY)lex.yy.o \
+ $(CHECKPOLICY)policy_define.o $(CHECKPOLICY)module_compiler.o
+
+# test policy pieces
+m4support := $(wildcard policies/support/*.spt)
+testsuites := $(wildcard policies/test-*)
+policysrc := $(foreach path,$(testsuites),$(wildcard $(path)/*.conf))
+stdpol := $(addsuffix .std,$(policysrc))
+mlspol := $(addsuffix .mls,$(policysrc))
+policies := $(stdpol) $(mlspol)
+
+all: $(EXE) $(policies)
+policies: $(policies)
+
+$(EXE): $(objs) $(parserobjs) $(LIBSEPOL)
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(objs) $(parserobjs) -lfl -lcunit -lcurses $(LIBSEPOL) -o $@
+
+%.conf.std: $(m4support) %.conf
+ $(M4) $(M4PARAMS) $^ > $@
+
+%.conf.mls: $(m4support) %.conf
+ $(M4) $(M4PARAMS) -D enable_mls $^ > $@
+
+clean:
+ rm -f $(objs) $(EXE)
+ rm -f $(policies)
+ rm -f policies/test-downgrade/policy.hi policies/test-downgrade/policy.lo
+
+
+test: $(EXE) $(policies)
+ $(MKDIR) -p policies/test-downgrade
+ ../../checkpolicy/checkpolicy -M policies/test-cond/refpolicy-base.conf -o policies/test-downgrade/policy.hi
+ ./$(EXE)
+
+.PHONY: all policies clean test
diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
new file mode 100644
index 0000000..90aa6e0
--- /dev/null
+++ b/libsepol/tests/debug.c
@@ -0,0 +1,69 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This includes functions used to debug tests (display bitmaps, conditional expressions, etc */
+
+#include "debug.h"
+
+#include <stdlib.h>
+
+void print_ebitmap(ebitmap_t * bitmap, FILE * fp)
+{
+ uint32_t i;
+ for (i = 0; i < bitmap->highbit; i++) {
+ fprintf(fp, "%d", ebitmap_get_bit(bitmap, i));
+ }
+ fprintf(fp, "\n");
+}
+
+/* stolen from dispol.c */
+void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
+{
+
+ cond_expr_t *cur;
+ for (cur = exp; cur != NULL; cur = cur->next) {
+ switch (cur->expr_type) {
+ case COND_BOOL:
+ fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
+ break;
+ case COND_NOT:
+ fprintf(fp, "! ");
+ break;
+ case COND_OR:
+ fprintf(fp, "|| ");
+ break;
+ case COND_AND:
+ fprintf(fp, "&& ");
+ break;
+ case COND_XOR:
+ fprintf(fp, "^ ");
+ break;
+ case COND_EQ:
+ fprintf(fp, "== ");
+ break;
+ case COND_NEQ:
+ fprintf(fp, "!= ");
+ break;
+ default:
+ fprintf(fp, "error! (%d)", cur->expr_type);
+ break;
+ }
+ }
+}
diff --git a/libsepol/tests/debug.h b/libsepol/tests/debug.h
new file mode 100644
index 0000000..c25ebd4
--- /dev/null
+++ b/libsepol/tests/debug.h
@@ -0,0 +1,27 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This includes functions used to debug tests (display bitmaps, conditional expressions, etc */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+
+extern void print_ebitmap(ebitmap_t * bitmap, FILE * fp);
+extern void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp);
diff --git a/libsepol/tests/helpers.c b/libsepol/tests/helpers.c
new file mode 100644
index 0000000..542e467
--- /dev/null
+++ b/libsepol/tests/helpers.c
@@ -0,0 +1,81 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This has helper functions that are common between tests */
+
+#include "helpers.h"
+#include "parse_util.h"
+
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/avrule_block.h>
+
+#include <CUnit/Basic.h>
+
+#include <stdlib.h>
+#include <limits.h>
+
+int test_load_policy(policydb_t * p, int policy_type, int mls, const char *test_name, const char *policy_name)
+{
+ char filename[PATH_MAX];
+
+ if (mls) {
+ if (snprintf(filename, PATH_MAX, "policies/%s/%s.mls", test_name, policy_name) < 0) {
+ return -1;
+ }
+ } else {
+ if (snprintf(filename, PATH_MAX, "policies/%s/%s.std", test_name, policy_name) < 0) {
+ return -1;
+ }
+ }
+
+ if (policydb_init(p)) {
+ fprintf(stderr, "Out of memory");
+ return -1;
+ }
+
+ p->policy_type = policy_type;
+ p->mls = mls;
+
+ if (read_source_policy(p, filename, test_name)) {
+ fprintf(stderr, "failed to read policy %s\n", filename);
+ policydb_destroy(p);
+ return -1;
+ }
+
+ return 0;
+}
+
+avrule_decl_t *test_find_decl_by_sym(policydb_t * p, int symtab, char *sym)
+{
+ scope_datum_t *scope = (scope_datum_t *) hashtab_search(p->scope[symtab].table, sym);
+
+ if (scope == NULL) {
+ return NULL;
+ }
+ if (scope->scope != SCOPE_DECL) {
+ return NULL;
+ }
+ if (scope->decl_ids_len != 1) {
+ return NULL;
+ }
+
+ return p->decl_val_to_struct[scope->decl_ids[0] - 1];
+}
diff --git a/libsepol/tests/helpers.h b/libsepol/tests/helpers.h
new file mode 100644
index 0000000..418ee95
--- /dev/null
+++ b/libsepol/tests/helpers.h
@@ -0,0 +1,59 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __COMMON_H__
+#define __COMMON_H__
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+
+/* helper functions */
+
+/* Load a source policy into p. policydb_init will called within this function.
+ *
+ * Example: test_load_policy(p, POLICY_BASE, 1, "foo", "base.conf") will load the
+ * policy "policies/foo/mls/base.conf" into p.
+ *
+ * Arguments:
+ * p policydb_t into which the policy will be read. This should be
+ * malloc'd but not passed to policydb_init.
+ * policy_type Type of policy expected - POLICY_BASE or POLICY_MOD.
+ * mls Boolean value indicating whether an mls policy is expected.
+ * test_name Name of the test which will be the name of the directory in
+ * which the policies are stored.
+ * policy_name Name of the policy in the directory.
+ *
+ * Returns:
+ * 0 success
+ * -1 error - the policydb will be destroyed but not freed.
+ */
+extern int test_load_policy(policydb_t * p, int policy_type, int mls, const char *test_name, const char *policy_name);
+
+/* Find an avrule_decl_t by a unique symbol. If the symbol is declared in more
+ * than one decl an error is returned.
+ *
+ * Returns:
+ * decl success
+ * NULL error (including more than one declaration)
+ */
+extern avrule_decl_t *test_find_decl_by_sym(policydb_t * p, int symtab, char *sym);
+
+#endif
diff --git a/libsepol/tests/libsepol-tests.c b/libsepol/tests/libsepol-tests.c
new file mode 100644
index 0000000..9302f72
--- /dev/null
+++ b/libsepol/tests/libsepol-tests.c
@@ -0,0 +1,118 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-cond.h"
+#include "test-linker.h"
+#include "test-expander.h"
+#include "test-deps.h"
+#include "test-downgrade.h"
+
+#include <CUnit/Basic.h>
+#include <CUnit/Console.h>
+#include <CUnit/TestDB.h>
+
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+
+int mls;
+
+#define DECLARE_SUITE(name) \
+ suite = CU_add_suite(#name, name##_test_init, name##_test_cleanup); \
+ if (NULL == suite) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); } \
+ if (name##_add_tests(suite)) { \
+ CU_cleanup_registry(); \
+ return CU_get_error(); }
+
+static void usage(char *progname)
+{
+ printf("usage: %s [options]\n", progname);
+ printf("options:\n");
+ printf("\t-v, --verbose\t\t\tverbose output\n");
+ printf("\t-i, --interactive\t\tinteractive console\n");
+}
+
+static int do_tests(int interactive, int verbose)
+{
+ CU_pSuite suite = NULL;
+
+ if (CUE_SUCCESS != CU_initialize_registry())
+ return CU_get_error();
+
+ DECLARE_SUITE(cond);
+ DECLARE_SUITE(linker);
+ DECLARE_SUITE(expander);
+ DECLARE_SUITE(deps);
+ DECLARE_SUITE(downgrade);
+
+ if (verbose)
+ CU_basic_set_mode(CU_BRM_VERBOSE);
+ else
+ CU_basic_set_mode(CU_BRM_NORMAL);
+
+ if (interactive)
+ CU_console_run_tests();
+ else
+ CU_basic_run_tests();
+ CU_cleanup_registry();
+ return CU_get_error();
+
+}
+
+int main(int argc, char **argv)
+{
+ int i, verbose = 1, interactive = 0;
+
+ struct option opts[] = {
+ {"verbose", 0, NULL, 'v'},
+ {"interactive", 0, NULL, 'i'},
+ {NULL, 0, NULL, 0}
+ };
+
+ while ((i = getopt_long(argc, argv, "vi", opts, NULL)) != -1) {
+ switch (i) {
+ case 'v':
+ verbose = 1;
+ break;
+ case 'i':
+ interactive = 1;
+ break;
+ case 'h':
+ default:{
+ usage(argv[0]);
+ exit(1);
+ }
+ }
+ }
+
+ /* first do the non-mls tests */
+ mls = 0;
+ if (do_tests(interactive, verbose))
+ return -1;
+
+ /* then with mls */
+ mls = 1;
+ if (do_tests(interactive, verbose))
+ return -1;
+
+ return 0;
+}
diff --git a/libsepol/tests/policies/support/misc_macros.spt b/libsepol/tests/policies/support/misc_macros.spt
new file mode 100644
index 0000000..5fadd0f
--- /dev/null
+++ b/libsepol/tests/policies/support/misc_macros.spt
@@ -0,0 +1,23 @@
+
+########################################
+#
+# Helper macros
+#
+
+########################################
+#
+# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories])
+#
+define(`gen_user',`dnl
+ifdef(`users_extra',`dnl
+ifelse(`$2',,,`user $1 prefix $2;')
+',`dnl
+user $1 roles { $3 }`'ifdef(`enable_mls', ` level $4 range $5')`'ifdef(`enable_mcs',` level s0 range s0`'ifelse(`$6',,,` - s0:$6')');
+')dnl
+')
+
+########################################
+#
+# gen_context(context,mls_sensitivity,[mcs_categories])
+#
+define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl
diff --git a/libsepol/tests/policies/test-cond/refpolicy-base.conf b/libsepol/tests/policies/test-cond/refpolicy-base.conf
new file mode 100644
index 0000000..60da11a
--- /dev/null
+++ b/libsepol/tests/policies/test-cond/refpolicy-base.conf
@@ -0,0 +1,1939 @@
+class security
+class process
+class system
+class capability
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+class sem
+class msg
+class msgq
+class shm
+class ipc
+class passwd # userspace
+class drawable # userspace
+class window # userspace
+class gc # userspace
+class font # userspace
+class colormap # userspace
+class property # userspace
+class cursor # userspace
+class xclient # userspace
+class xinput # userspace
+class xserver # userspace
+class xextension # userspace
+class pax
+class netlink_route_socket
+class netlink_firewall_socket
+class netlink_tcpdiag_socket
+class netlink_nflog_socket
+class netlink_xfrm_socket
+class netlink_selinux_socket
+class netlink_audit_socket
+class netlink_ip6fw_socket
+class netlink_dnrt_socket
+class dbus # userspace
+class nscd # userspace
+class association
+class netlink_kobject_uevent_socket
+sid kernel
+sid security
+sid unlabeled
+sid fs
+sid file
+sid file_labels
+sid init
+sid any_socket
+sid port
+sid netif
+sid netmsg
+sid node
+sid igmp_packet
+sid icmp_socket
+sid tcp_socket
+sid sysctl_modprobe
+sid sysctl
+sid sysctl_fs
+sid sysctl_kernel
+sid sysctl_net
+sid sysctl_net_unix
+sid sysctl_vm
+sid sysctl_dev
+sid kmod
+sid policy
+sid scmp_packet
+sid devnull
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+common socket
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+ execmod
+}
+class lnk_file
+inherits file
+class chr_file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+ execmod
+}
+class blk_file
+inherits file
+class sock_file
+inherits file
+class fifo_file
+inherits file
+class fd
+{
+ use
+}
+class socket
+inherits socket
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+ node_bind
+ name_connect
+}
+class udp_socket
+inherits socket
+{
+ node_bind
+}
+class rawip_socket
+inherits socket
+{
+ node_bind
+}
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+class netlink_socket
+inherits socket
+class packet_socket
+inherits socket
+class key_socket
+inherits socket
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+class unix_dgram_socket
+inherits socket
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+ getattr
+ setexec
+ setfscreate
+ noatsecure
+ siginh
+ setrlimit
+ rlimitinh
+ dyntransition
+ setcurrent
+ execmem
+ execstack
+ execheap
+}
+class ipc
+inherits ipc
+class sem
+inherits ipc
+class msgq
+inherits ipc
+{
+ enqueue
+}
+class msg
+{
+ send
+ receive
+}
+class shm
+inherits ipc
+{
+ lock
+}
+class security
+{
+ compute_av
+ compute_create
+ compute_member
+ check_context
+ load_policy
+ compute_relabel
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
+ setsecparam
+ setcheckreqprot
+}
+class system
+{
+ ipc_info
+ syslog_read
+ syslog_mod
+ syslog_console
+}
+class capability
+{
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+ audit_write
+ audit_control
+}
+class passwd
+{
+ passwd # change another user passwd
+ chfn # change another user finger info
+ chsh # change another user shell
+ rootok # pam_rootok check (skip auth)
+ crontab # crontab on another user
+}
+class drawable
+{
+ create
+ destroy
+ draw
+ copy
+ getattr
+}
+class gc
+{
+ create
+ free
+ getattr
+ setattr
+}
+class window
+{
+ addchild
+ create
+ destroy
+ map
+ unmap
+ chstack
+ chproplist
+ chprop
+ listprop
+ getattr
+ setattr
+ setfocus
+ move
+ chselection
+ chparent
+ ctrllife
+ enumerate
+ transparent
+ mousemotion
+ clientcomevent
+ inputevent
+ drawevent
+ windowchangeevent
+ windowchangerequest
+ serverchangeevent
+ extensionevent
+}
+class font
+{
+ load
+ free
+ getattr
+ use
+}
+class colormap
+{
+ create
+ free
+ install
+ uninstall
+ list
+ read
+ store
+ getattr
+ setattr
+}
+class property
+{
+ create
+ free
+ read
+ write
+}
+class cursor
+{
+ create
+ createglyph
+ free
+ assign
+ setattr
+}
+class xclient
+{
+ kill
+}
+class xinput
+{
+ lookup
+ getattr
+ setattr
+ setfocus
+ warppointer
+ activegrab
+ passivegrab
+ ungrab
+ bell
+ mousemotion
+ relabelinput
+}
+class xserver
+{
+ screensaver
+ gethostlist
+ sethostlist
+ getfontpath
+ setfontpath
+ getattr
+ grab
+ ungrab
+}
+class xextension
+{
+ query
+ use
+}
+class pax
+{
+ pageexec # Paging based non-executable pages
+ emutramp # Emulate trampolines
+ mprotect # Restrict mprotect()
+ randmmap # Randomize mmap() base
+ randexec # Randomize ET_EXEC base
+ segmexec # Segmentation based non-executable pages
+}
+class netlink_route_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+class netlink_firewall_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+class netlink_tcpdiag_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+class netlink_nflog_socket
+inherits socket
+class netlink_xfrm_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+class netlink_selinux_socket
+inherits socket
+class netlink_audit_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+ nlmsg_relay
+ nlmsg_readpriv
+}
+class netlink_ip6fw_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+class netlink_dnrt_socket
+inherits socket
+class dbus
+{
+ acquire_svc
+ send_msg
+}
+class nscd
+{
+ getpwd
+ getgrp
+ gethost
+ getstat
+ admin
+ shmempwd
+ shmemgrp
+ shmemhost
+}
+class association
+{
+ sendto
+ recvfrom
+ setcontext
+}
+class netlink_kobject_uevent_socket
+inherits socket
+sensitivity s0;
+dominance { s0 }
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+category c24; category c25; category c26; category c27;
+category c28; category c29; category c30; category c31;
+category c32; category c33; category c34; category c35;
+category c36; category c37; category c38; category c39;
+category c40; category c41; category c42; category c43;
+category c44; category c45; category c46; category c47;
+category c48; category c49; category c50; category c51;
+category c52; category c53; category c54; category c55;
+category c56; category c57; category c58; category c59;
+category c60; category c61; category c62; category c63;
+category c64; category c65; category c66; category c67;
+category c68; category c69; category c70; category c71;
+category c72; category c73; category c74; category c75;
+category c76; category c77; category c78; category c79;
+category c80; category c81; category c82; category c83;
+category c84; category c85; category c86; category c87;
+category c88; category c89; category c90; category c91;
+category c92; category c93; category c94; category c95;
+category c96; category c97; category c98; category c99;
+category c100; category c101; category c102; category c103;
+category c104; category c105; category c106; category c107;
+category c108; category c109; category c110; category c111;
+category c112; category c113; category c114; category c115;
+category c116; category c117; category c118; category c119;
+category c120; category c121; category c122; category c123;
+category c124; category c125; category c126; category c127;
+category c128; category c129; category c130; category c131;
+category c132; category c133; category c134; category c135;
+category c136; category c137; category c138; category c139;
+category c140; category c141; category c142; category c143;
+category c144; category c145; category c146; category c147;
+category c148; category c149; category c150; category c151;
+category c152; category c153; category c154; category c155;
+category c156; category c157; category c158; category c159;
+category c160; category c161; category c162; category c163;
+category c164; category c165; category c166; category c167;
+category c168; category c169; category c170; category c171;
+category c172; category c173; category c174; category c175;
+category c176; category c177; category c178; category c179;
+category c180; category c181; category c182; category c183;
+category c184; category c185; category c186; category c187;
+category c188; category c189; category c190; category c191;
+category c192; category c193; category c194; category c195;
+category c196; category c197; category c198; category c199;
+category c200; category c201; category c202; category c203;
+category c204; category c205; category c206; category c207;
+category c208; category c209; category c210; category c211;
+category c212; category c213; category c214; category c215;
+category c216; category c217; category c218; category c219;
+category c220; category c221; category c222; category c223;
+category c224; category c225; category c226; category c227;
+category c228; category c229; category c230; category c231;
+category c232; category c233; category c234; category c235;
+category c236; category c237; category c238; category c239;
+category c240; category c241; category c242; category c243;
+category c244; category c245; category c246; category c247;
+category c248; category c249; category c250; category c251;
+category c252; category c253; category c254; category c255;
+level s0:c0.c255;
+mlsconstrain file { write setattr append unlink link rename
+ ioctl lock execute relabelfrom } (h1 dom h2);
+mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
+mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
+mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
+ ( h1 dom h2 );
+mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
+ (( h1 dom h2 ) and ( l2 eq h2 ));
+mlsconstrain process { ptrace } ( h1 dom h2 );
+mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
+ ( t1 == mcskillall );
+mlsconstrain xextension query ( t1 == mlsfileread );
+attribute netif_type;
+attribute node_type;
+attribute port_type;
+attribute reserved_port_type;
+attribute device_node;
+attribute memory_raw_read;
+attribute memory_raw_write;
+attribute domain;
+attribute unconfined_domain_type;
+attribute set_curr_context;
+attribute entry_type;
+attribute privfd;
+attribute can_change_process_identity;
+attribute can_change_process_role;
+attribute can_change_object_identity;
+attribute can_system_change;
+attribute process_user_target;
+attribute cron_source_domain;
+attribute cron_job_domain;
+attribute process_uncond_exempt; # add userhelperdomain to this one
+attribute file_type;
+attribute lockfile;
+attribute mountpoint;
+attribute pidfile;
+attribute polydir;
+attribute usercanread;
+attribute polyparent;
+attribute polymember;
+attribute security_file_type;
+attribute tmpfile;
+attribute tmpfsfile;
+attribute filesystem_type;
+attribute noxattrfs;
+attribute can_load_kernmodule;
+attribute can_receive_kernel_messages;
+attribute kern_unconfined;
+attribute proc_type;
+attribute sysctl_type;
+attribute mcskillall;
+attribute mlsfileread;
+attribute mlsfilereadtoclr;
+attribute mlsfilewrite;
+attribute mlsfilewritetoclr;
+attribute mlsfileupgrade;
+attribute mlsfiledowngrade;
+attribute mlsnetread;
+attribute mlsnetreadtoclr;
+attribute mlsnetwrite;
+attribute mlsnetwritetoclr;
+attribute mlsnetupgrade;
+attribute mlsnetdowngrade;
+attribute mlsnetrecvall;
+attribute mlsipcread;
+attribute mlsipcreadtoclr;
+attribute mlsipcwrite;
+attribute mlsipcwritetoclr;
+attribute mlsprocread;
+attribute mlsprocreadtoclr;
+attribute mlsprocwrite;
+attribute mlsprocwritetoclr;
+attribute mlsprocsetsl;
+attribute mlsxwinread;
+attribute mlsxwinreadtoclr;
+attribute mlsxwinwrite;
+attribute mlsxwinwritetoclr;
+attribute mlsxwinreadproperty;
+attribute mlsxwinwriteproperty;
+attribute mlsxwinreadcolormap;
+attribute mlsxwinwritecolormap;
+attribute mlsxwinwritexinput;
+attribute mlstrustedobject;
+attribute privrangetrans;
+attribute mlsrangetrans;
+attribute can_load_policy;
+attribute can_setenforce;
+attribute can_setsecparam;
+attribute ttynode;
+attribute ptynode;
+attribute server_ptynode;
+attribute serial_device;
+type bin_t;
+type sbin_t;
+type ls_exec_t;
+type shell_exec_t;
+type chroot_exec_t;
+type ppp_device_t;
+type tun_tap_device_t;
+type port_t, port_type;
+type reserved_port_t, port_type, reserved_port_type;
+type afs_bos_port_t, port_type;
+type afs_fs_port_t, port_type;
+type afs_ka_port_t, port_type;
+type afs_pt_port_t, port_type;
+type afs_vl_port_t, port_type;
+type amanda_port_t, port_type;
+type amavisd_recv_port_t, port_type;
+type amavisd_send_port_t, port_type;
+type asterisk_port_t, port_type;
+type auth_port_t, port_type;
+type bgp_port_t, port_type;
+type biff_port_t, port_type, reserved_port_type;
+type clamd_port_t, port_type;
+type clockspeed_port_t, port_type;
+type comsat_port_t, port_type;
+type cvs_port_t, port_type;
+type dcc_port_t, port_type;
+type dbskkd_port_t, port_type;
+type dhcpc_port_t, port_type;
+type dhcpd_port_t, port_type;
+type dict_port_t, port_type;
+type distccd_port_t, port_type;
+type dns_port_t, port_type;
+type fingerd_port_t, port_type;
+type ftp_data_port_t, port_type;
+type ftp_port_t, port_type;
+type gatekeeper_port_t, port_type;
+type giftd_port_t, port_type;
+type gopher_port_t, port_type;
+type http_cache_port_t, port_type;
+type http_port_t, port_type;
+type howl_port_t, port_type;
+type hplip_port_t, port_type;
+type i18n_input_port_t, port_type;
+type imaze_port_t, port_type;
+type inetd_child_port_t, port_type;
+type innd_port_t, port_type;
+type ipp_port_t, port_type;
+type ircd_port_t, port_type;
+type isakmp_port_t, port_type;
+type jabber_client_port_t, port_type;
+type jabber_interserver_port_t, port_type;
+type kerberos_admin_port_t, port_type;
+type kerberos_master_port_t, port_type;
+type kerberos_port_t, port_type;
+type ktalkd_port_t, port_type;
+type ldap_port_t, port_type;
+type lrrd_port_t, port_type;
+type mail_port_t, port_type;
+type monopd_port_t, port_type;
+type mysqld_port_t, port_type;
+type nessus_port_t, port_type;
+type nmbd_port_t, port_type;
+type ntp_port_t, port_type;
+type openvpn_port_t, port_type;
+type pegasus_http_port_t, port_type;
+type pegasus_https_port_t, port_type;
+type pop_port_t, port_type;
+type portmap_port_t, port_type;
+type postgresql_port_t, port_type;
+type postgrey_port_t, port_type;
+type printer_port_t, port_type;
+type ptal_port_t, port_type;
+type pxe_port_t, port_type;
+type pyzor_port_t, port_type;
+type radacct_port_t, port_type;
+type radius_port_t, port_type;
+type razor_port_t, port_type;
+type rlogind_port_t, port_type;
+type rndc_port_t, port_type;
+type router_port_t, port_type;
+type rsh_port_t, port_type;
+type rsync_port_t, port_type;
+type smbd_port_t, port_type;
+type smtp_port_t, port_type;
+type snmp_port_t, port_type;
+type spamd_port_t, port_type;
+type ssh_port_t, port_type;
+type soundd_port_t, port_type;
+type socks_port_t, port_type; type stunnel_port_t, port_type;
+type swat_port_t, port_type;
+type syslogd_port_t, port_type;
+type telnetd_port_t, port_type;
+type tftp_port_t, port_type;
+type transproxy_port_t, port_type;
+type utcpserver_port_t, port_type;
+type uucpd_port_t, port_type;
+type vnc_port_t, port_type;
+type xserver_port_t, port_type;
+type xen_port_t, port_type;
+type zebra_port_t, port_type;
+type zope_port_t, port_type;
+type node_t, node_type;
+type compat_ipv4_node_t alias node_compat_ipv4_t, node_type;
+type inaddr_any_node_t alias node_inaddr_any_t, node_type;
+type node_internal_t, node_type;
+type link_local_node_t alias node_link_local_t, node_type;
+type lo_node_t alias node_lo_t, node_type;
+type mapped_ipv4_node_t alias node_mapped_ipv4_t, node_type;
+type multicast_node_t alias node_multicast_t, node_type;
+type site_local_node_t alias node_site_local_t, node_type;
+type unspec_node_t alias node_unspec_t, node_type;
+type netif_t, netif_type;
+type device_t;
+type agp_device_t;
+type apm_bios_t;
+type cardmgr_dev_t;
+type clock_device_t;
+type cpu_device_t;
+type crypt_device_t;
+type dri_device_t;
+type event_device_t;
+type framebuf_device_t;
+type lvm_control_t;
+type memory_device_t;
+type misc_device_t;
+type mouse_device_t;
+type mtrr_device_t;
+type null_device_t;
+type power_device_t;
+type printer_device_t;
+type random_device_t;
+type scanner_device_t;
+type sound_device_t;
+type sysfs_t;
+type urandom_device_t;
+type usbfs_t alias usbdevfs_t;
+type usb_device_t;
+type v4l_device_t;
+type xserver_misc_device_t;
+type zero_device_t;
+type xconsole_device_t;
+type devfs_control_t;
+type boot_t;
+type default_t, file_type, mountpoint;
+type etc_t, file_type;
+type etc_runtime_t, file_type;
+type file_t, file_type, mountpoint;
+type home_root_t, file_type, mountpoint;
+type lost_found_t, file_type;
+type mnt_t, file_type, mountpoint;
+type modules_object_t;
+type no_access_t, file_type;
+type poly_t, file_type;
+type readable_t, file_type;
+type root_t, file_type, mountpoint;
+type src_t, file_type, mountpoint;
+type system_map_t;
+type tmp_t, mountpoint; #, polydir
+type usr_t, file_type, mountpoint;
+type var_t, file_type, mountpoint;
+type var_lib_t, file_type, mountpoint;
+type var_lock_t, file_type, lockfile;
+type var_run_t, file_type, pidfile;
+type var_spool_t;
+type fs_t;
+type bdev_t;
+type binfmt_misc_fs_t;
+type capifs_t;
+type configfs_t;
+type eventpollfs_t;
+type futexfs_t;
+type hugetlbfs_t;
+type inotifyfs_t;
+type nfsd_fs_t;
+type ramfs_t;
+type romfs_t;
+type rpc_pipefs_t;
+type tmpfs_t;
+type autofs_t, noxattrfs;
+type cifs_t alias sambafs_t, noxattrfs;
+type dosfs_t, noxattrfs;
+type iso9660_t, filesystem_type, noxattrfs;
+type removable_t, noxattrfs;
+type nfs_t, filesystem_type, noxattrfs;
+type kernel_t, can_load_kernmodule;
+type debugfs_t;
+type proc_t, proc_type;
+type proc_kmsg_t, proc_type;
+type proc_kcore_t, proc_type;
+type proc_mdstat_t, proc_type;
+type proc_net_t, proc_type;
+type proc_xen_t, proc_type;
+type sysctl_t, sysctl_type;
+type sysctl_irq_t, sysctl_type;
+type sysctl_rpc_t, sysctl_type;
+type sysctl_fs_t, sysctl_type;
+type sysctl_kernel_t, sysctl_type;
+type sysctl_modprobe_t, sysctl_type;
+type sysctl_hotplug_t, sysctl_type;
+type sysctl_net_t, sysctl_type;
+type sysctl_net_unix_t, sysctl_type;
+type sysctl_vm_t, sysctl_type;
+type sysctl_dev_t, sysctl_type;
+type unlabeled_t;
+type auditd_exec_t;
+type crond_exec_t;
+type cupsd_exec_t;
+type getty_t;
+type init_t;
+type init_exec_t;
+type initrc_t;
+type initrc_exec_t;
+type login_exec_t;
+type sshd_exec_t;
+type su_exec_t;
+type udev_exec_t;
+type unconfined_t;
+type xdm_exec_t;
+type lvm_exec_t;
+type security_t;
+type bsdpty_device_t;
+type console_device_t;
+type devpts_t;
+type devtty_t;
+type ptmx_t;
+type tty_device_t, serial_device;
+type usbtty_device_t, serial_device;
+ bool secure_mode false;
+ bool secure_mode_insmod false;
+ bool secure_mode_policyload false;
+ bool allow_cvs_read_shadow false;
+ bool allow_execheap false;
+ bool allow_execmem true;
+ bool allow_execmod false;
+ bool allow_execstack true;
+ bool allow_ftpd_anon_write false;
+ bool allow_gssd_read_tmp true;
+ bool allow_httpd_anon_write false;
+ bool allow_java_execstack false;
+ bool allow_kerberos true;
+ bool allow_rsync_anon_write false;
+ bool allow_saslauthd_read_shadow false;
+ bool allow_smbd_anon_write false;
+ bool allow_ptrace false;
+ bool allow_ypbind false;
+ bool fcron_crond false;
+ bool ftp_home_dir false;
+ bool ftpd_is_daemon true;
+ bool httpd_builtin_scripting true;
+ bool httpd_can_network_connect false;
+ bool httpd_can_network_connect_db false;
+ bool httpd_can_network_relay false;
+ bool httpd_enable_cgi true;
+ bool httpd_enable_ftp_server false;
+ bool httpd_enable_homedirs true;
+ bool httpd_ssi_exec true;
+ bool httpd_tty_comm false;
+ bool httpd_unified true;
+ bool named_write_master_zones false;
+ bool nfs_export_all_rw true;
+ bool nfs_export_all_ro true;
+ bool pppd_can_insmod false;
+ bool read_default_t true;
+ bool run_ssh_inetd false;
+ bool samba_enable_home_dirs false;
+ bool spamassasin_can_network false;
+ bool squid_connect_any false;
+ bool ssh_sysadm_login false;
+ bool stunnel_is_daemon false;
+ bool use_nfs_home_dirs false;
+ bool use_samba_home_dirs false;
+ bool user_ping true;
+ bool spamd_enable_home_dirs true;
+ allow bin_t fs_t:filesystem associate;
+ allow bin_t noxattrfs:filesystem associate;
+ typeattribute bin_t file_type;
+ allow sbin_t fs_t:filesystem associate;
+ allow sbin_t noxattrfs:filesystem associate;
+ typeattribute sbin_t file_type;
+ allow ls_exec_t fs_t:filesystem associate;
+ allow ls_exec_t noxattrfs:filesystem associate;
+ typeattribute ls_exec_t file_type;
+typeattribute ls_exec_t entry_type;
+ allow shell_exec_t fs_t:filesystem associate;
+ allow shell_exec_t noxattrfs:filesystem associate;
+ typeattribute shell_exec_t file_type;
+ allow chroot_exec_t fs_t:filesystem associate;
+ allow chroot_exec_t noxattrfs:filesystem associate;
+ typeattribute chroot_exec_t file_type;
+ typeattribute ppp_device_t device_node;
+ allow ppp_device_t fs_t:filesystem associate;
+ allow ppp_device_t tmpfs_t:filesystem associate;
+ allow ppp_device_t tmp_t:filesystem associate;
+ typeattribute tun_tap_device_t device_node;
+ allow tun_tap_device_t fs_t:filesystem associate;
+ allow tun_tap_device_t tmpfs_t:filesystem associate;
+ allow tun_tap_device_t tmp_t:filesystem associate;
+typeattribute auth_port_t reserved_port_type;
+typeattribute bgp_port_t reserved_port_type;
+typeattribute bgp_port_t reserved_port_type;
+typeattribute comsat_port_t reserved_port_type;
+typeattribute dhcpc_port_t reserved_port_type;
+typeattribute dhcpd_port_t reserved_port_type;
+typeattribute dhcpd_port_t reserved_port_type;
+typeattribute dhcpd_port_t reserved_port_type;
+typeattribute dhcpd_port_t reserved_port_type;
+typeattribute dhcpd_port_t reserved_port_type;
+typeattribute dns_port_t reserved_port_type;
+typeattribute dns_port_t reserved_port_type;
+typeattribute fingerd_port_t reserved_port_type;
+typeattribute ftp_data_port_t reserved_port_type;
+typeattribute ftp_port_t reserved_port_type;
+typeattribute gopher_port_t reserved_port_type;
+typeattribute gopher_port_t reserved_port_type;
+typeattribute http_port_t reserved_port_type;
+typeattribute http_port_t reserved_port_type;
+typeattribute http_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute inetd_child_port_t reserved_port_type;
+typeattribute innd_port_t reserved_port_type;
+typeattribute ipp_port_t reserved_port_type;
+typeattribute ipp_port_t reserved_port_type;
+typeattribute isakmp_port_t reserved_port_type;
+typeattribute kerberos_admin_port_t reserved_port_type;
+typeattribute kerberos_admin_port_t reserved_port_type;
+typeattribute kerberos_admin_port_t reserved_port_type;
+typeattribute kerberos_port_t reserved_port_type;
+typeattribute kerberos_port_t reserved_port_type;
+typeattribute kerberos_port_t reserved_port_type;
+typeattribute kerberos_port_t reserved_port_type;
+typeattribute ktalkd_port_t reserved_port_type;
+typeattribute ktalkd_port_t reserved_port_type;
+typeattribute ldap_port_t reserved_port_type;
+typeattribute ldap_port_t reserved_port_type;
+typeattribute ldap_port_t reserved_port_type;
+typeattribute ldap_port_t reserved_port_type;
+typeattribute nmbd_port_t reserved_port_type;
+typeattribute nmbd_port_t reserved_port_type;
+typeattribute nmbd_port_t reserved_port_type;
+typeattribute ntp_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute pop_port_t reserved_port_type;
+typeattribute portmap_port_t reserved_port_type;
+typeattribute portmap_port_t reserved_port_type;
+typeattribute printer_port_t reserved_port_type;
+typeattribute rlogind_port_t reserved_port_type;
+typeattribute rndc_port_t reserved_port_type;
+typeattribute router_port_t reserved_port_type;
+typeattribute rsh_port_t reserved_port_type;
+typeattribute rsync_port_t reserved_port_type;
+typeattribute rsync_port_t reserved_port_type;
+typeattribute smbd_port_t reserved_port_type;
+typeattribute smbd_port_t reserved_port_type;
+typeattribute smtp_port_t reserved_port_type;
+typeattribute smtp_port_t reserved_port_type;
+typeattribute smtp_port_t reserved_port_type;
+typeattribute snmp_port_t reserved_port_type;
+typeattribute snmp_port_t reserved_port_type;
+typeattribute snmp_port_t reserved_port_type;
+typeattribute spamd_port_t reserved_port_type;
+typeattribute ssh_port_t reserved_port_type;
+typeattribute swat_port_t reserved_port_type;
+typeattribute syslogd_port_t reserved_port_type;
+typeattribute telnetd_port_t reserved_port_type;
+typeattribute tftp_port_t reserved_port_type;
+typeattribute uucpd_port_t reserved_port_type;
+ allow device_t tmpfs_t:filesystem associate;
+ allow device_t fs_t:filesystem associate;
+ allow device_t noxattrfs:filesystem associate;
+ typeattribute device_t file_type;
+ allow device_t fs_t:filesystem associate;
+ allow device_t noxattrfs:filesystem associate;
+ typeattribute device_t file_type;
+ typeattribute device_t mountpoint;
+ allow device_t tmp_t:filesystem associate;
+ typeattribute agp_device_t device_node;
+ allow agp_device_t fs_t:filesystem associate;
+ allow agp_device_t tmpfs_t:filesystem associate;
+ allow agp_device_t tmp_t:filesystem associate;
+ typeattribute apm_bios_t device_node;
+ allow apm_bios_t fs_t:filesystem associate;
+ allow apm_bios_t tmpfs_t:filesystem associate;
+ allow apm_bios_t tmp_t:filesystem associate;
+ typeattribute cardmgr_dev_t device_node;
+ allow cardmgr_dev_t fs_t:filesystem associate;
+ allow cardmgr_dev_t tmpfs_t:filesystem associate;
+ allow cardmgr_dev_t tmp_t:filesystem associate;
+ allow cardmgr_dev_t fs_t:filesystem associate;
+ allow cardmgr_dev_t noxattrfs:filesystem associate;
+ typeattribute cardmgr_dev_t file_type;
+ allow cardmgr_dev_t fs_t:filesystem associate;
+ allow cardmgr_dev_t noxattrfs:filesystem associate;
+ typeattribute cardmgr_dev_t file_type;
+ typeattribute cardmgr_dev_t polymember;
+ allow cardmgr_dev_t tmpfs_t:filesystem associate;
+ typeattribute cardmgr_dev_t tmpfile;
+ allow cardmgr_dev_t tmp_t:filesystem associate;
+ typeattribute clock_device_t device_node;
+ allow clock_device_t fs_t:filesystem associate;
+ allow clock_device_t tmpfs_t:filesystem associate;
+ allow clock_device_t tmp_t:filesystem associate;
+ typeattribute cpu_device_t device_node;
+ allow cpu_device_t fs_t:filesystem associate;
+ allow cpu_device_t tmpfs_t:filesystem associate;
+ allow cpu_device_t tmp_t:filesystem associate;
+ typeattribute crypt_device_t device_node;
+ allow crypt_device_t fs_t:filesystem associate;
+ allow crypt_device_t tmpfs_t:filesystem associate;
+ allow crypt_device_t tmp_t:filesystem associate;
+ typeattribute dri_device_t device_node;
+ allow dri_device_t fs_t:filesystem associate;
+ allow dri_device_t tmpfs_t:filesystem associate;
+ allow dri_device_t tmp_t:filesystem associate;
+ typeattribute event_device_t device_node;
+ allow event_device_t fs_t:filesystem associate;
+ allow event_device_t tmpfs_t:filesystem associate;
+ allow event_device_t tmp_t:filesystem associate;
+ typeattribute framebuf_device_t device_node;
+ allow framebuf_device_t fs_t:filesystem associate;
+ allow framebuf_device_t tmpfs_t:filesystem associate;
+ allow framebuf_device_t tmp_t:filesystem associate;
+ typeattribute lvm_control_t device_node;
+ allow lvm_control_t fs_t:filesystem associate;
+ allow lvm_control_t tmpfs_t:filesystem associate;
+ allow lvm_control_t tmp_t:filesystem associate;
+ typeattribute memory_device_t device_node;
+ allow memory_device_t fs_t:filesystem associate;
+ allow memory_device_t tmpfs_t:filesystem associate;
+ allow memory_device_t tmp_t:filesystem associate;
+neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read;
+neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write };
+ typeattribute misc_device_t device_node;
+ allow misc_device_t fs_t:filesystem associate;
+ allow misc_device_t tmpfs_t:filesystem associate;
+ allow misc_device_t tmp_t:filesystem associate;
+ typeattribute mouse_device_t device_node;
+ allow mouse_device_t fs_t:filesystem associate;
+ allow mouse_device_t tmpfs_t:filesystem associate;
+ allow mouse_device_t tmp_t:filesystem associate;
+ typeattribute mtrr_device_t device_node;
+ allow mtrr_device_t fs_t:filesystem associate;
+ allow mtrr_device_t tmpfs_t:filesystem associate;
+ allow mtrr_device_t tmp_t:filesystem associate;
+ typeattribute null_device_t device_node;
+ allow null_device_t fs_t:filesystem associate;
+ allow null_device_t tmpfs_t:filesystem associate;
+ allow null_device_t tmp_t:filesystem associate;
+ typeattribute null_device_t mlstrustedobject;
+ typeattribute power_device_t device_node;
+ allow power_device_t fs_t:filesystem associate;
+ allow power_device_t tmpfs_t:filesystem associate;
+ allow power_device_t tmp_t:filesystem associate;
+ typeattribute printer_device_t device_node;
+ allow printer_device_t fs_t:filesystem associate;
+ allow printer_device_t tmpfs_t:filesystem associate;
+ allow printer_device_t tmp_t:filesystem associate;
+ typeattribute random_device_t device_node;
+ allow random_device_t fs_t:filesystem associate;
+ allow random_device_t tmpfs_t:filesystem associate;
+ allow random_device_t tmp_t:filesystem associate;
+ typeattribute scanner_device_t device_node;
+ allow scanner_device_t fs_t:filesystem associate;
+ allow scanner_device_t tmpfs_t:filesystem associate;
+ allow scanner_device_t tmp_t:filesystem associate;
+ typeattribute sound_device_t device_node;
+ allow sound_device_t fs_t:filesystem associate;
+ allow sound_device_t tmpfs_t:filesystem associate;
+ allow sound_device_t tmp_t:filesystem associate;
+ allow sysfs_t fs_t:filesystem associate;
+ allow sysfs_t noxattrfs:filesystem associate;
+ typeattribute sysfs_t file_type;
+ typeattribute sysfs_t mountpoint;
+ typeattribute sysfs_t filesystem_type;
+ allow sysfs_t self:filesystem associate;
+ typeattribute urandom_device_t device_node;
+ allow urandom_device_t fs_t:filesystem associate;
+ allow urandom_device_t tmpfs_t:filesystem associate;
+ allow urandom_device_t tmp_t:filesystem associate;
+ allow usbfs_t fs_t:filesystem associate;
+ allow usbfs_t noxattrfs:filesystem associate;
+ typeattribute usbfs_t file_type;
+ typeattribute usbfs_t mountpoint;
+ typeattribute usbfs_t filesystem_type;
+ allow usbfs_t self:filesystem associate;
+ typeattribute usbfs_t noxattrfs;
+ typeattribute usb_device_t device_node;
+ allow usb_device_t fs_t:filesystem associate;
+ allow usb_device_t tmpfs_t:filesystem associate;
+ allow usb_device_t tmp_t:filesystem associate;
+ typeattribute v4l_device_t device_node;
+ allow v4l_device_t fs_t:filesystem associate;
+ allow v4l_device_t tmpfs_t:filesystem associate;
+ allow v4l_device_t tmp_t:filesystem associate;
+ typeattribute xserver_misc_device_t device_node;
+ allow xserver_misc_device_t fs_t:filesystem associate;
+ allow xserver_misc_device_t tmpfs_t:filesystem associate;
+ allow xserver_misc_device_t tmp_t:filesystem associate;
+ typeattribute zero_device_t device_node;
+ allow zero_device_t fs_t:filesystem associate;
+ allow zero_device_t tmpfs_t:filesystem associate;
+ allow zero_device_t tmp_t:filesystem associate;
+ typeattribute zero_device_t mlstrustedobject;
+ allow xconsole_device_t fs_t:filesystem associate;
+ allow xconsole_device_t noxattrfs:filesystem associate;
+ typeattribute xconsole_device_t file_type;
+ allow xconsole_device_t tmpfs_t:filesystem associate;
+ allow xconsole_device_t tmp_t:filesystem associate;
+ typeattribute devfs_control_t device_node;
+ allow devfs_control_t fs_t:filesystem associate;
+ allow devfs_control_t tmpfs_t:filesystem associate;
+ allow devfs_control_t tmp_t:filesystem associate;
+neverallow domain ~domain:process { transition dyntransition };
+neverallow { domain -set_curr_context } self:process setcurrent;
+neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
+neverallow ~{ domain unlabeled_t } *:process *;
+allow file_type self:filesystem associate;
+ allow boot_t fs_t:filesystem associate;
+ allow boot_t noxattrfs:filesystem associate;
+ typeattribute boot_t file_type;
+ allow boot_t fs_t:filesystem associate;
+ allow boot_t noxattrfs:filesystem associate;
+ typeattribute boot_t file_type;
+ typeattribute boot_t mountpoint;
+ allow default_t fs_t:filesystem associate;
+ allow default_t noxattrfs:filesystem associate;
+ allow etc_t fs_t:filesystem associate;
+ allow etc_t noxattrfs:filesystem associate;
+ allow etc_runtime_t fs_t:filesystem associate;
+ allow etc_runtime_t noxattrfs:filesystem associate;
+ allow file_t fs_t:filesystem associate;
+ allow file_t noxattrfs:filesystem associate;
+ allow kernel_t file_t:dir mounton;
+ allow home_root_t fs_t:filesystem associate;
+ allow home_root_t noxattrfs:filesystem associate;
+ allow home_root_t fs_t:filesystem associate;
+ allow home_root_t noxattrfs:filesystem associate;
+ typeattribute home_root_t file_type;
+ typeattribute home_root_t polyparent;
+ allow lost_found_t fs_t:filesystem associate;
+ allow lost_found_t noxattrfs:filesystem associate;
+ allow mnt_t fs_t:filesystem associate;
+ allow mnt_t noxattrfs:filesystem associate;
+ allow modules_object_t fs_t:filesystem associate;
+ allow modules_object_t noxattrfs:filesystem associate;
+ typeattribute modules_object_t file_type;
+ allow no_access_t fs_t:filesystem associate;
+ allow no_access_t noxattrfs:filesystem associate;
+ allow poly_t fs_t:filesystem associate;
+ allow poly_t noxattrfs:filesystem associate;
+ allow readable_t fs_t:filesystem associate;
+ allow readable_t noxattrfs:filesystem associate;
+ allow root_t fs_t:filesystem associate;
+ allow root_t noxattrfs:filesystem associate;
+ allow root_t fs_t:filesystem associate;
+ allow root_t noxattrfs:filesystem associate;
+ typeattribute root_t file_type;
+ typeattribute root_t polyparent;
+ allow kernel_t root_t:dir mounton;
+ allow src_t fs_t:filesystem associate;
+ allow src_t noxattrfs:filesystem associate;
+ allow system_map_t fs_t:filesystem associate;
+ allow system_map_t noxattrfs:filesystem associate;
+ typeattribute system_map_t file_type;
+ allow tmp_t fs_t:filesystem associate;
+ allow tmp_t noxattrfs:filesystem associate;
+ typeattribute tmp_t file_type;
+ allow tmp_t fs_t:filesystem associate;
+ allow tmp_t noxattrfs:filesystem associate;
+ typeattribute tmp_t file_type;
+ typeattribute tmp_t polymember;
+ allow tmp_t tmpfs_t:filesystem associate;
+ typeattribute tmp_t tmpfile;
+ allow tmp_t tmp_t:filesystem associate;
+ allow tmp_t fs_t:filesystem associate;
+ allow tmp_t noxattrfs:filesystem associate;
+ typeattribute tmp_t file_type;
+ typeattribute tmp_t polyparent;
+ allow usr_t fs_t:filesystem associate;
+ allow usr_t noxattrfs:filesystem associate;
+ allow var_t fs_t:filesystem associate;
+ allow var_t noxattrfs:filesystem associate;
+ allow var_lib_t fs_t:filesystem associate;
+ allow var_lib_t noxattrfs:filesystem associate;
+ allow var_lock_t fs_t:filesystem associate;
+ allow var_lock_t noxattrfs:filesystem associate;
+ allow var_run_t fs_t:filesystem associate;
+ allow var_run_t noxattrfs:filesystem associate;
+ allow var_spool_t fs_t:filesystem associate;
+ allow var_spool_t noxattrfs:filesystem associate;
+ typeattribute var_spool_t file_type;
+ allow var_spool_t fs_t:filesystem associate;
+ allow var_spool_t noxattrfs:filesystem associate;
+ typeattribute var_spool_t file_type;
+ typeattribute var_spool_t polymember;
+ allow var_spool_t tmpfs_t:filesystem associate;
+ typeattribute var_spool_t tmpfile;
+ allow var_spool_t tmp_t:filesystem associate;
+ typeattribute fs_t filesystem_type;
+ allow fs_t self:filesystem associate;
+ typeattribute bdev_t filesystem_type;
+ allow bdev_t self:filesystem associate;
+ typeattribute binfmt_misc_fs_t filesystem_type;
+ allow binfmt_misc_fs_t self:filesystem associate;
+ allow binfmt_misc_fs_t fs_t:filesystem associate;
+ allow binfmt_misc_fs_t noxattrfs:filesystem associate;
+ typeattribute binfmt_misc_fs_t file_type;
+ typeattribute binfmt_misc_fs_t mountpoint;
+ typeattribute capifs_t filesystem_type;
+ allow capifs_t self:filesystem associate;
+ typeattribute configfs_t filesystem_type;
+ allow configfs_t self:filesystem associate;
+ typeattribute eventpollfs_t filesystem_type;
+ allow eventpollfs_t self:filesystem associate;
+ typeattribute futexfs_t filesystem_type;
+ allow futexfs_t self:filesystem associate;
+ typeattribute hugetlbfs_t filesystem_type;
+ allow hugetlbfs_t self:filesystem associate;
+ allow hugetlbfs_t fs_t:filesystem associate;
+ allow hugetlbfs_t noxattrfs:filesystem associate;
+ typeattribute hugetlbfs_t file_type;
+ typeattribute hugetlbfs_t mountpoint;
+ typeattribute inotifyfs_t filesystem_type;
+ allow inotifyfs_t self:filesystem associate;
+ typeattribute nfsd_fs_t filesystem_type;
+ allow nfsd_fs_t self:filesystem associate;
+ typeattribute ramfs_t filesystem_type;
+ allow ramfs_t self:filesystem associate;
+ typeattribute romfs_t filesystem_type;
+ allow romfs_t self:filesystem associate;
+ typeattribute rpc_pipefs_t filesystem_type;
+ allow rpc_pipefs_t self:filesystem associate;
+ typeattribute tmpfs_t filesystem_type;
+ allow tmpfs_t self:filesystem associate;
+ allow tmpfs_t fs_t:filesystem associate;
+ allow tmpfs_t noxattrfs:filesystem associate;
+ typeattribute tmpfs_t file_type;
+ allow tmpfs_t fs_t:filesystem associate;
+ allow tmpfs_t noxattrfs:filesystem associate;
+ typeattribute tmpfs_t file_type;
+ typeattribute tmpfs_t mountpoint;
+allow tmpfs_t noxattrfs:filesystem associate;
+ typeattribute autofs_t filesystem_type;
+ allow autofs_t self:filesystem associate;
+ allow autofs_t fs_t:filesystem associate;
+ allow autofs_t noxattrfs:filesystem associate;
+ typeattribute autofs_t file_type;
+ typeattribute autofs_t mountpoint;
+ typeattribute cifs_t filesystem_type;
+ allow cifs_t self:filesystem associate;
+ typeattribute dosfs_t filesystem_type;
+ allow dosfs_t self:filesystem associate;
+allow dosfs_t fs_t:filesystem associate;
+ typeattribute iso9660_t filesystem_type;
+ allow iso9660_t self:filesystem associate;
+allow removable_t noxattrfs:filesystem associate;
+ typeattribute removable_t filesystem_type;
+ allow removable_t self:filesystem associate;
+ allow removable_t fs_t:filesystem associate;
+ allow removable_t noxattrfs:filesystem associate;
+ typeattribute removable_t file_type;
+ typeattribute removable_t usercanread;
+ typeattribute nfs_t filesystem_type;
+ allow nfs_t self:filesystem associate;
+ allow nfs_t fs_t:filesystem associate;
+ allow nfs_t noxattrfs:filesystem associate;
+ typeattribute nfs_t file_type;
+ typeattribute nfs_t mountpoint;
+neverallow ~can_load_kernmodule self:capability sys_module;
+role system_r;
+role sysadm_r;
+role staff_r;
+role user_r;
+ typeattribute kernel_t domain;
+ allow kernel_t self:dir { read getattr lock search ioctl };
+ allow kernel_t self:lnk_file { read getattr lock ioctl };
+ allow kernel_t self:file { getattr read write append ioctl lock };
+ allow kernel_t self:process { fork sigchld };
+ role secadm_r types kernel_t;
+ role sysadm_r types kernel_t;
+ role user_r types kernel_t;
+ role staff_r types kernel_t;
+ typeattribute kernel_t privrangetrans;
+role system_r types kernel_t;
+ typeattribute debugfs_t filesystem_type;
+ allow debugfs_t self:filesystem associate;
+allow debugfs_t self:filesystem associate;
+ allow proc_t fs_t:filesystem associate;
+ allow proc_t noxattrfs:filesystem associate;
+ typeattribute proc_t file_type;
+ typeattribute proc_t mountpoint;
+ typeattribute proc_t filesystem_type;
+ allow proc_t self:filesystem associate;
+neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
+neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
+ allow sysctl_t fs_t:filesystem associate;
+ allow sysctl_t noxattrfs:filesystem associate;
+ typeattribute sysctl_t file_type;
+ typeattribute sysctl_t mountpoint;
+ allow sysctl_fs_t fs_t:filesystem associate;
+ allow sysctl_fs_t noxattrfs:filesystem associate;
+ typeattribute sysctl_fs_t file_type;
+ typeattribute sysctl_fs_t mountpoint;
+allow kernel_t self:capability *;
+allow kernel_t unlabeled_t:dir mounton;
+allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+allow kernel_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
+allow kernel_t self:sem { associate getattr setattr create destroy read write unix_read unix_write };
+allow kernel_t self:msg { send receive };
+allow kernel_t self:msgq { associate getattr setattr create destroy read write enqueue unix_read unix_write };
+allow kernel_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
+allow kernel_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
+allow kernel_t self:unix_dgram_socket sendto;
+allow kernel_t self:unix_stream_socket connectto;
+allow kernel_t self:fifo_file { getattr read write append ioctl lock };
+allow kernel_t self:sock_file { read getattr lock ioctl };
+allow kernel_t self:fd use;
+allow kernel_t proc_t:dir { read getattr lock search ioctl };
+allow kernel_t proc_t:{ lnk_file file } { read getattr lock ioctl };
+allow kernel_t proc_net_t:dir { read getattr lock search ioctl };
+allow kernel_t proc_net_t:file { read getattr lock ioctl };
+allow kernel_t proc_mdstat_t:file { read getattr lock ioctl };
+allow kernel_t proc_kcore_t:file getattr;
+allow kernel_t proc_kmsg_t:file getattr;
+allow kernel_t sysctl_t:dir { read getattr lock search ioctl };
+allow kernel_t sysctl_kernel_t:dir { read getattr lock search ioctl };
+allow kernel_t sysctl_kernel_t:file { read getattr lock ioctl };
+allow kernel_t unlabeled_t:fifo_file { getattr read write append ioctl lock };
+ allow kernel_t unlabeled_t:association { sendto recvfrom };
+ allow kernel_t netif_type:netif rawip_send;
+ allow kernel_t netif_type:netif rawip_recv;
+ allow kernel_t node_type:node rawip_send;
+ allow kernel_t node_type:node rawip_recv;
+ allow kernel_t netif_t:netif rawip_send;
+ allow kernel_t netif_type:netif { tcp_send tcp_recv };
+ allow kernel_t node_type:node { tcp_send tcp_recv };
+ allow kernel_t node_t:node rawip_send;
+ allow kernel_t multicast_node_t:node rawip_send;
+ allow kernel_t sysfs_t:dir { read getattr lock search ioctl };
+ allow kernel_t sysfs_t:{ file lnk_file } { read getattr lock ioctl };
+ allow kernel_t usbfs_t:dir search;
+ allow kernel_t filesystem_type:filesystem mount;
+ allow kernel_t security_t:dir { read search getattr };
+ allow kernel_t security_t:file { getattr read write };
+ typeattribute kernel_t can_load_policy;
+ if(!secure_mode_policyload) {
+ allow kernel_t security_t:security load_policy;
+ auditallow kernel_t security_t:security load_policy;
+ }
+ allow kernel_t device_t:dir { read getattr lock search ioctl };
+ allow kernel_t device_t:lnk_file { getattr read };
+ allow kernel_t console_device_t:chr_file { getattr read write append ioctl lock };
+ allow kernel_t bin_t:dir { read getattr lock search ioctl };
+ allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
+ allow kernel_t shell_exec_t:file { { read getattr lock execute ioctl } execute_no_trans };
+ allow kernel_t sbin_t:dir { read getattr lock search ioctl };
+ allow kernel_t bin_t:dir { read getattr lock search ioctl };
+ allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
+ allow kernel_t bin_t:file { { read getattr lock execute ioctl } execute_no_trans };
+ allow kernel_t domain:process signal;
+ allow kernel_t proc_t:dir search;
+ allow kernel_t domain:dir search;
+ allow kernel_t root_t:dir { read getattr lock search ioctl };
+ allow kernel_t root_t:lnk_file { read getattr lock ioctl };
+ allow kernel_t etc_t:dir { read getattr lock search ioctl };
+ allow kernel_t home_root_t:dir { read getattr lock search ioctl };
+ allow kernel_t usr_t:dir { read getattr lock search ioctl };
+ allow kernel_t usr_t:{ file lnk_file } { read getattr lock ioctl };
+ typeattribute kernel_t mlsprocread;
+ typeattribute kernel_t mlsprocwrite;
+ allow kernel_t self:capability *;
+ allow kernel_t self:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
+ allow kernel_t self:process transition;
+ allow kernel_t self:file { getattr read write append ioctl lock };
+ allow kernel_t self:nscd *;
+ allow kernel_t self:dbus *;
+ allow kernel_t self:passwd *;
+ allow kernel_t proc_type:{ dir file } *;
+ allow kernel_t sysctl_t:{ dir file } *;
+ allow kernel_t kernel_t:system *;
+ allow kernel_t unlabeled_t:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
+ allow kernel_t unlabeled_t:filesystem *;
+ allow kernel_t unlabeled_t:association *;
+ typeattribute kernel_t can_load_kernmodule, can_receive_kernel_messages;
+ typeattribute kernel_t kern_unconfined;
+ allow kernel_t { proc_t proc_net_t }:dir search;
+ allow kernel_t sysctl_type:dir { read getattr lock search ioctl };
+ allow kernel_t sysctl_type:file { { getattr read write append ioctl lock } setattr };
+ allow kernel_t node_type:node *;
+ allow kernel_t netif_type:netif *;
+ allow kernel_t port_type:tcp_socket { send_msg recv_msg name_connect };
+ allow kernel_t port_type:udp_socket { send_msg recv_msg };
+ allow kernel_t port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
+ allow kernel_t node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
+ allow kernel_t unlabeled_t:association { sendto recvfrom };
+ allow kernel_t device_node:{ chr_file blk_file } *;
+ allow kernel_t mtrr_device_t:{ dir file } *;
+ allow kernel_t self:capability sys_rawio;
+ typeattribute kernel_t memory_raw_write, memory_raw_read;
+ typeattribute kernel_t unconfined_domain_type;
+ typeattribute kernel_t can_change_process_identity;
+ typeattribute kernel_t can_change_process_role;
+ typeattribute kernel_t can_change_object_identity;
+ typeattribute kernel_t set_curr_context;
+ allow kernel_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } socket key_socket } *;
+ allow kernel_t domain:fd use;
+ allow kernel_t domain:fifo_file { getattr read write append ioctl lock };
+ allow kernel_t domain:process ~{ transition dyntransition execmem execstack execheap };
+ allow kernel_t domain:{ sem msgq shm } *;
+ allow kernel_t domain:msg { send receive };
+ allow kernel_t domain:dir { read getattr lock search ioctl };
+ allow kernel_t domain:file { read getattr lock ioctl };
+ allow kernel_t domain:lnk_file { read getattr lock ioctl };
+ dontaudit kernel_t domain:dir { read getattr lock search ioctl };
+ dontaudit kernel_t domain:lnk_file { read getattr lock ioctl };
+ dontaudit kernel_t domain:file { read getattr lock ioctl };
+ dontaudit kernel_t domain:sock_file { read getattr lock ioctl };
+ dontaudit kernel_t domain:fifo_file { read getattr lock ioctl };
+ allow kernel_t file_type:{ file chr_file } ~execmod;
+ allow kernel_t file_type:{ dir lnk_file sock_file fifo_file blk_file } *;
+ allow kernel_t file_type:filesystem *;
+ allow kernel_t file_type:{ unix_stream_socket unix_dgram_socket } name_bind;
+ if (allow_execmod) {
+ allow kernel_t file_type:file execmod;
+ }
+ allow kernel_t filesystem_type:filesystem *;
+ allow kernel_t filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
+ allow kernel_t security_t:dir { getattr search read };
+ allow kernel_t security_t:file { getattr read write };
+ typeattribute kernel_t can_load_policy, can_setenforce, can_setsecparam;
+ if(!secure_mode_policyload) {
+ allow kernel_t security_t:security *;
+ auditallow kernel_t security_t:security { load_policy setenforce setbool };
+ }
+ if (allow_execheap) {
+ allow kernel_t self:process execheap;
+ }
+ if (allow_execmem) {
+ allow kernel_t self:process execmem;
+ }
+ if (allow_execmem && allow_execstack) {
+ allow kernel_t self:process execstack;
+ auditallow kernel_t self:process execstack;
+ } else {
+ }
+ if (allow_execheap) {
+ auditallow kernel_t self:process execheap;
+ }
+ if (allow_execmem) {
+ auditallow kernel_t self:process execmem;
+ }
+ if (read_default_t) {
+ allow kernel_t default_t:dir { read getattr lock search ioctl };
+ allow kernel_t default_t:file { read getattr lock ioctl };
+ allow kernel_t default_t:lnk_file { read getattr lock ioctl };
+ allow kernel_t default_t:sock_file { read getattr lock ioctl };
+ allow kernel_t default_t:fifo_file { read getattr lock ioctl };
+ }
+ allow unlabeled_t self:filesystem associate;
+range_transition getty_t login_exec_t s0 - s0:c0.c255;
+range_transition init_t xdm_exec_t s0 - s0:c0.c255;
+range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
+range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
+range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
+range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
+range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
+range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
+range_transition unconfined_t su_exec_t s0 - s0:c0.c255;
+range_transition unconfined_t initrc_exec_t s0;
+ typeattribute security_t filesystem_type;
+ allow security_t self:filesystem associate;
+ typeattribute security_t mlstrustedobject;
+neverallow ~can_load_policy security_t:security load_policy;
+neverallow ~can_setenforce security_t:security setenforce;
+neverallow ~can_setsecparam security_t:security setsecparam;
+ typeattribute bsdpty_device_t device_node;
+ allow bsdpty_device_t fs_t:filesystem associate;
+ allow bsdpty_device_t tmpfs_t:filesystem associate;
+ allow bsdpty_device_t tmp_t:filesystem associate;
+ typeattribute console_device_t device_node;
+ allow console_device_t fs_t:filesystem associate;
+ allow console_device_t tmpfs_t:filesystem associate;
+ allow console_device_t tmp_t:filesystem associate;
+ allow devpts_t fs_t:filesystem associate;
+ allow devpts_t noxattrfs:filesystem associate;
+ typeattribute devpts_t file_type;
+ typeattribute devpts_t mountpoint;
+ allow devpts_t tmpfs_t:filesystem associate;
+ allow devpts_t tmp_t:filesystem associate;
+ typeattribute devpts_t filesystem_type;
+ allow devpts_t self:filesystem associate;
+ typeattribute devpts_t ttynode, ptynode;
+ typeattribute devtty_t device_node;
+ allow devtty_t fs_t:filesystem associate;
+ allow devtty_t tmpfs_t:filesystem associate;
+ allow devtty_t tmp_t:filesystem associate;
+ typeattribute devtty_t mlstrustedobject;
+ typeattribute ptmx_t device_node;
+ allow ptmx_t fs_t:filesystem associate;
+ allow ptmx_t tmpfs_t:filesystem associate;
+ allow ptmx_t tmp_t:filesystem associate;
+ typeattribute ptmx_t mlstrustedobject;
+ typeattribute tty_device_t device_node;
+ allow tty_device_t fs_t:filesystem associate;
+ allow tty_device_t tmpfs_t:filesystem associate;
+ allow tty_device_t tmp_t:filesystem associate;
+ typeattribute tty_device_t ttynode;
+ typeattribute usbtty_device_t device_node;
+ allow usbtty_device_t fs_t:filesystem associate;
+ allow usbtty_device_t tmpfs_t:filesystem associate;
+ allow usbtty_device_t tmp_t:filesystem associate;
+user system_u roles { system_r } level s0 range s0 - s0:c0.c255;
+user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
+ user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
+constrain process transition
+ ( u1 == u2
+ or t1 == can_change_process_identity
+);
+constrain process transition
+ ( r1 == r2
+ or t1 == can_change_process_role
+);
+constrain process dyntransition
+ ( u1 == u2 and r1 == r2 );
+constrain { dir file lnk_file sock_file fifo_file chr_file blk_file } { create relabelto relabelfrom }
+ ( u1 == u2 or t1 == can_change_object_identity );
+constrain { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } { create relabelto relabelfrom }
+ ( u1 == u2 or t1 == can_change_object_identity );
+sid port system_u:object_r:port_t:s0
+sid node system_u:object_r:node_t:s0
+sid netif system_u:object_r:netif_t:s0
+sid devnull system_u:object_r:null_device_t:s0
+sid file system_u:object_r:file_t:s0
+sid fs system_u:object_r:fs_t:s0
+sid kernel system_u:system_r:kernel_t:s0
+sid sysctl system_u:object_r:sysctl_t:s0
+sid unlabeled system_u:object_r:unlabeled_t:s0
+sid any_socket system_u:object_r:unlabeled_t:s0
+sid file_labels system_u:object_r:unlabeled_t:s0
+sid icmp_socket system_u:object_r:unlabeled_t:s0
+sid igmp_packet system_u:object_r:unlabeled_t:s0
+sid init system_u:object_r:unlabeled_t:s0
+sid kmod system_u:object_r:unlabeled_t:s0
+sid netmsg system_u:object_r:unlabeled_t:s0
+sid policy system_u:object_r:unlabeled_t:s0
+sid scmp_packet system_u:object_r:unlabeled_t:s0
+sid sysctl_modprobe system_u:object_r:unlabeled_t:s0
+sid sysctl_fs system_u:object_r:unlabeled_t:s0
+sid sysctl_kernel system_u:object_r:unlabeled_t:s0
+sid sysctl_net system_u:object_r:unlabeled_t:s0
+sid sysctl_net_unix system_u:object_r:unlabeled_t:s0
+sid sysctl_vm system_u:object_r:unlabeled_t:s0
+sid sysctl_dev system_u:object_r:unlabeled_t:s0
+sid tcp_socket system_u:object_r:unlabeled_t:s0
+sid security system_u:object_r:security_t:s0
+fs_use_xattr ext2 system_u:object_r:fs_t:s0;
+fs_use_xattr ext3 system_u:object_r:fs_t:s0;
+fs_use_xattr gfs system_u:object_r:fs_t:s0;
+fs_use_xattr jfs system_u:object_r:fs_t:s0;
+fs_use_xattr reiserfs system_u:object_r:fs_t:s0;
+fs_use_xattr xfs system_u:object_r:fs_t:s0;
+fs_use_task pipefs system_u:object_r:fs_t:s0;
+fs_use_task sockfs system_u:object_r:fs_t:s0;
+fs_use_trans mqueue system_u:object_r:tmpfs_t:s0;
+fs_use_trans shm system_u:object_r:tmpfs_t:s0;
+fs_use_trans tmpfs system_u:object_r:tmpfs_t:s0;
+fs_use_trans devpts system_u:object_r:devpts_t:s0;
+genfscon proc /mtrr system_u:object_r:mtrr_device_t:s0
+genfscon sysfs / system_u:object_r:sysfs_t:s0
+genfscon usbfs / system_u:object_r:usbfs_t:s0
+genfscon usbdevfs / system_u:object_r:usbfs_t:s0
+genfscon rootfs / system_u:object_r:root_t:s0
+genfscon bdev / system_u:object_r:bdev_t:s0
+genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t:s0
+genfscon capifs / system_u:object_r:capifs_t:s0
+genfscon configfs / system_u:object_r:configfs_t:s0
+genfscon eventpollfs / system_u:object_r:eventpollfs_t:s0
+genfscon futexfs / system_u:object_r:futexfs_t:s0
+genfscon hugetlbfs / system_u:object_r:hugetlbfs_t:s0
+genfscon inotifyfs / system_u:object_r:inotifyfs_t:s0
+genfscon nfsd / system_u:object_r:nfsd_fs_t:s0
+genfscon ramfs / system_u:object_r:ramfs_t:s0
+genfscon romfs / system_u:object_r:romfs_t:s0
+genfscon cramfs / system_u:object_r:romfs_t:s0
+genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t:s0
+genfscon autofs / system_u:object_r:autofs_t:s0
+genfscon automount / system_u:object_r:autofs_t:s0
+genfscon cifs / system_u:object_r:cifs_t:s0
+genfscon smbfs / system_u:object_r:cifs_t:s0
+genfscon fat / system_u:object_r:dosfs_t:s0
+genfscon msdos / system_u:object_r:dosfs_t:s0
+genfscon ntfs / system_u:object_r:dosfs_t:s0
+genfscon vfat / system_u:object_r:dosfs_t:s0
+genfscon iso9660 / system_u:object_r:iso9660_t:s0
+genfscon udf / system_u:object_r:iso9660_t:s0
+genfscon nfs / system_u:object_r:nfs_t:s0
+genfscon nfs4 / system_u:object_r:nfs_t:s0
+genfscon afs / system_u:object_r:nfs_t:s0
+genfscon hfsplus / system_u:object_r:nfs_t:s0
+genfscon debugfs / system_u:object_r:debugfs_t:s0
+genfscon proc / system_u:object_r:proc_t:s0
+genfscon proc /sysvipc system_u:object_r:proc_t:s0
+genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s0
+genfscon proc /kcore system_u:object_r:proc_kcore_t:s0
+genfscon proc /mdstat system_u:object_r:proc_mdstat_t:s0
+genfscon proc /net system_u:object_r:proc_net_t:s0
+genfscon proc /xen system_u:object_r:proc_xen_t:s0
+genfscon proc /sys system_u:object_r:sysctl_t:s0
+genfscon proc /irq system_u:object_r:sysctl_irq_t:s0
+genfscon proc /net/rpc system_u:object_r:sysctl_rpc_t:s0
+genfscon proc /sys/fs system_u:object_r:sysctl_fs_t:s0
+genfscon proc /sys/kernel system_u:object_r:sysctl_kernel_t:s0
+genfscon proc /sys/kernel/modprobe system_u:object_r:sysctl_modprobe_t:s0
+genfscon proc /sys/kernel/hotplug system_u:object_r:sysctl_hotplug_t:s0
+genfscon proc /sys/net system_u:object_r:sysctl_net_t:s0
+genfscon proc /sys/net/unix system_u:object_r:sysctl_net_unix_t:s0
+genfscon proc /sys/vm system_u:object_r:sysctl_vm_t:s0
+genfscon proc /sys/dev system_u:object_r:sysctl_dev_t:s0
+genfscon selinuxfs / system_u:object_r:security_t:s0
+portcon udp 7007 system_u:object_r:afs_bos_port_t:s0
+portcon tcp 2040 system_u:object_r:afs_fs_port_t:s0
+portcon udp 7000 system_u:object_r:afs_fs_port_t:s0
+portcon udp 7005 system_u:object_r:afs_fs_port_t:s0
+portcon udp 7004 system_u:object_r:afs_ka_port_t:s0
+portcon udp 7002 system_u:object_r:afs_pt_port_t:s0
+portcon udp 7003 system_u:object_r:afs_vl_port_t:s0
+portcon udp 10080 system_u:object_r:amanda_port_t:s0
+portcon tcp 10080 system_u:object_r:amanda_port_t:s0
+portcon udp 10081 system_u:object_r:amanda_port_t:s0
+portcon tcp 10081 system_u:object_r:amanda_port_t:s0
+portcon tcp 10082 system_u:object_r:amanda_port_t:s0
+portcon tcp 10083 system_u:object_r:amanda_port_t:s0
+portcon tcp 10024 system_u:object_r:amavisd_recv_port_t:s0
+portcon tcp 10025 system_u:object_r:amavisd_send_port_t:s0
+portcon tcp 1720 system_u:object_r:asterisk_port_t:s0
+portcon udp 2427 system_u:object_r:asterisk_port_t:s0
+portcon udp 2727 system_u:object_r:asterisk_port_t:s0
+portcon udp 4569 system_u:object_r:asterisk_port_t:s0
+portcon udp 5060 system_u:object_r:asterisk_port_t:s0
+portcon tcp 113 system_u:object_r:auth_port_t:s0
+portcon tcp 179 system_u:object_r:bgp_port_t:s0
+portcon udp 179 system_u:object_r:bgp_port_t:s0
+portcon tcp 3310 system_u:object_r:clamd_port_t:s0
+portcon udp 4041 system_u:object_r:clockspeed_port_t:s0
+portcon udp 512 system_u:object_r:comsat_port_t:s0
+portcon tcp 2401 system_u:object_r:cvs_port_t:s0
+portcon udp 2401 system_u:object_r:cvs_port_t:s0
+portcon udp 6276 system_u:object_r:dcc_port_t:s0
+portcon udp 6277 system_u:object_r:dcc_port_t:s0
+portcon tcp 1178 system_u:object_r:dbskkd_port_t:s0
+portcon udp 68 system_u:object_r:dhcpc_port_t:s0
+portcon udp 67 system_u:object_r:dhcpd_port_t:s0
+portcon tcp 647 system_u:object_r:dhcpd_port_t:s0
+portcon udp 647 system_u:object_r:dhcpd_port_t:s0
+portcon tcp 847 system_u:object_r:dhcpd_port_t:s0
+portcon udp 847 system_u:object_r:dhcpd_port_t:s0
+portcon tcp 2628 system_u:object_r:dict_port_t:s0
+portcon tcp 3632 system_u:object_r:distccd_port_t:s0
+portcon udp 53 system_u:object_r:dns_port_t:s0
+portcon tcp 53 system_u:object_r:dns_port_t:s0
+portcon tcp 79 system_u:object_r:fingerd_port_t:s0
+portcon tcp 20 system_u:object_r:ftp_data_port_t:s0
+portcon tcp 21 system_u:object_r:ftp_port_t:s0
+portcon udp 1718 system_u:object_r:gatekeeper_port_t:s0
+portcon udp 1719 system_u:object_r:gatekeeper_port_t:s0
+portcon tcp 1721 system_u:object_r:gatekeeper_port_t:s0
+portcon tcp 7000 system_u:object_r:gatekeeper_port_t:s0
+portcon tcp 1213 system_u:object_r:giftd_port_t:s0
+portcon tcp 70 system_u:object_r:gopher_port_t:s0
+portcon udp 70 system_u:object_r:gopher_port_t:s0
+portcon tcp 3128 system_u:object_r:http_cache_port_t:s0
+portcon udp 3130 system_u:object_r:http_cache_port_t:s0
+portcon tcp 8080 system_u:object_r:http_cache_port_t:s0
+portcon tcp 8118 system_u:object_r:http_cache_port_t:s0
+portcon tcp 80 system_u:object_r:http_port_t:s0
+portcon tcp 443 system_u:object_r:http_port_t:s0
+portcon tcp 488 system_u:object_r:http_port_t:s0
+portcon tcp 8008 system_u:object_r:http_port_t:s0
+portcon tcp 9050 system_u:object_r:http_port_t:s0
+portcon tcp 5335 system_u:object_r:howl_port_t:s0
+portcon udp 5353 system_u:object_r:howl_port_t:s0
+portcon tcp 50000 system_u:object_r:hplip_port_t:s0
+portcon tcp 50002 system_u:object_r:hplip_port_t:s0
+portcon tcp 9010 system_u:object_r:i18n_input_port_t:s0
+portcon tcp 5323 system_u:object_r:imaze_port_t:s0
+portcon udp 5323 system_u:object_r:imaze_port_t:s0
+portcon tcp 7 system_u:object_r:inetd_child_port_t:s0
+portcon udp 7 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 9 system_u:object_r:inetd_child_port_t:s0
+portcon udp 9 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 13 system_u:object_r:inetd_child_port_t:s0
+portcon udp 13 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 19 system_u:object_r:inetd_child_port_t:s0
+portcon udp 19 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 37 system_u:object_r:inetd_child_port_t:s0
+portcon udp 37 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 512 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 543 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 544 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 891 system_u:object_r:inetd_child_port_t:s0
+portcon udp 891 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 892 system_u:object_r:inetd_child_port_t:s0
+portcon udp 892 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 2105 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 5666 system_u:object_r:inetd_child_port_t:s0
+portcon tcp 119 system_u:object_r:innd_port_t:s0
+portcon tcp 631 system_u:object_r:ipp_port_t:s0
+portcon udp 631 system_u:object_r:ipp_port_t:s0
+portcon tcp 6667 system_u:object_r:ircd_port_t:s0
+portcon udp 500 system_u:object_r:isakmp_port_t:s0
+portcon tcp 5222 system_u:object_r:jabber_client_port_t:s0
+portcon tcp 5223 system_u:object_r:jabber_client_port_t:s0
+portcon tcp 5269 system_u:object_r:jabber_interserver_port_t:s0
+portcon tcp 464 system_u:object_r:kerberos_admin_port_t:s0
+portcon udp 464 system_u:object_r:kerberos_admin_port_t:s0
+portcon tcp 749 system_u:object_r:kerberos_admin_port_t:s0
+portcon tcp 4444 system_u:object_r:kerberos_master_port_t:s0
+portcon udp 4444 system_u:object_r:kerberos_master_port_t:s0
+portcon tcp 88 system_u:object_r:kerberos_port_t:s0
+portcon udp 88 system_u:object_r:kerberos_port_t:s0
+portcon tcp 750 system_u:object_r:kerberos_port_t:s0
+portcon udp 750 system_u:object_r:kerberos_port_t:s0
+portcon udp 517 system_u:object_r:ktalkd_port_t:s0
+portcon udp 518 system_u:object_r:ktalkd_port_t:s0
+portcon tcp 389 system_u:object_r:ldap_port_t:s0
+portcon udp 389 system_u:object_r:ldap_port_t:s0
+portcon tcp 636 system_u:object_r:ldap_port_t:s0
+portcon udp 636 system_u:object_r:ldap_port_t:s0
+portcon tcp 2000 system_u:object_r:mail_port_t:s0
+portcon tcp 1234 system_u:object_r:monopd_port_t:s0
+portcon tcp 3306 system_u:object_r:mysqld_port_t:s0
+portcon tcp 1241 system_u:object_r:nessus_port_t:s0
+portcon udp 137 system_u:object_r:nmbd_port_t:s0
+portcon udp 138 system_u:object_r:nmbd_port_t:s0
+portcon udp 139 system_u:object_r:nmbd_port_t:s0
+portcon udp 123 system_u:object_r:ntp_port_t:s0
+portcon udp 5000 system_u:object_r:openvpn_port_t:s0
+portcon tcp 5988 system_u:object_r:pegasus_http_port_t:s0
+portcon tcp 5989 system_u:object_r:pegasus_https_port_t:s0
+portcon tcp 106 system_u:object_r:pop_port_t:s0
+portcon tcp 109 system_u:object_r:pop_port_t:s0
+portcon tcp 110 system_u:object_r:pop_port_t:s0
+portcon tcp 143 system_u:object_r:pop_port_t:s0
+portcon tcp 220 system_u:object_r:pop_port_t:s0
+portcon tcp 993 system_u:object_r:pop_port_t:s0
+portcon tcp 995 system_u:object_r:pop_port_t:s0
+portcon tcp 1109 system_u:object_r:pop_port_t:s0
+portcon udp 111 system_u:object_r:portmap_port_t:s0
+portcon tcp 111 system_u:object_r:portmap_port_t:s0
+portcon tcp 5432 system_u:object_r:postgresql_port_t:s0
+portcon tcp 60000 system_u:object_r:postgrey_port_t:s0
+portcon tcp 515 system_u:object_r:printer_port_t:s0
+portcon tcp 5703 system_u:object_r:ptal_port_t:s0
+portcon udp 4011 system_u:object_r:pxe_port_t:s0
+portcon udp 24441 system_u:object_r:pyzor_port_t:s0
+portcon udp 1646 system_u:object_r:radacct_port_t:s0
+portcon udp 1813 system_u:object_r:radacct_port_t:s0
+portcon udp 1645 system_u:object_r:radius_port_t:s0
+portcon udp 1812 system_u:object_r:radius_port_t:s0
+portcon tcp 2703 system_u:object_r:razor_port_t:s0
+portcon tcp 513 system_u:object_r:rlogind_port_t:s0
+portcon tcp 953 system_u:object_r:rndc_port_t:s0
+portcon udp 520 system_u:object_r:router_port_t:s0
+portcon tcp 514 system_u:object_r:rsh_port_t:s0
+portcon tcp 873 system_u:object_r:rsync_port_t:s0
+portcon udp 873 system_u:object_r:rsync_port_t:s0
+portcon tcp 137-139 system_u:object_r:smbd_port_t:s0
+portcon tcp 445 system_u:object_r:smbd_port_t:s0
+portcon tcp 25 system_u:object_r:smtp_port_t:s0
+portcon tcp 465 system_u:object_r:smtp_port_t:s0
+portcon tcp 587 system_u:object_r:smtp_port_t:s0
+portcon udp 161 system_u:object_r:snmp_port_t:s0
+portcon udp 162 system_u:object_r:snmp_port_t:s0
+portcon tcp 199 system_u:object_r:snmp_port_t:s0
+portcon tcp 783 system_u:object_r:spamd_port_t:s0
+portcon tcp 22 system_u:object_r:ssh_port_t:s0
+portcon tcp 8000 system_u:object_r:soundd_port_t:s0
+portcon tcp 9433 system_u:object_r:soundd_port_t:s0
+portcon tcp 901 system_u:object_r:swat_port_t:s0
+portcon udp 514 system_u:object_r:syslogd_port_t:s0
+portcon tcp 23 system_u:object_r:telnetd_port_t:s0
+portcon udp 69 system_u:object_r:tftp_port_t:s0
+portcon tcp 8081 system_u:object_r:transproxy_port_t:s0
+portcon tcp 540 system_u:object_r:uucpd_port_t:s0
+portcon tcp 5900 system_u:object_r:vnc_port_t:s0
+portcon tcp 6001 system_u:object_r:xserver_port_t:s0
+portcon tcp 6002 system_u:object_r:xserver_port_t:s0
+portcon tcp 6003 system_u:object_r:xserver_port_t:s0
+portcon tcp 6004 system_u:object_r:xserver_port_t:s0
+portcon tcp 6005 system_u:object_r:xserver_port_t:s0
+portcon tcp 6006 system_u:object_r:xserver_port_t:s0
+portcon tcp 6007 system_u:object_r:xserver_port_t:s0
+portcon tcp 6008 system_u:object_r:xserver_port_t:s0
+portcon tcp 6009 system_u:object_r:xserver_port_t:s0
+portcon tcp 6010 system_u:object_r:xserver_port_t:s0
+portcon tcp 6011 system_u:object_r:xserver_port_t:s0
+portcon tcp 6012 system_u:object_r:xserver_port_t:s0
+portcon tcp 6013 system_u:object_r:xserver_port_t:s0
+portcon tcp 6014 system_u:object_r:xserver_port_t:s0
+portcon tcp 6015 system_u:object_r:xserver_port_t:s0
+portcon tcp 6016 system_u:object_r:xserver_port_t:s0
+portcon tcp 6017 system_u:object_r:xserver_port_t:s0
+portcon tcp 6018 system_u:object_r:xserver_port_t:s0
+portcon tcp 6019 system_u:object_r:xserver_port_t:s0
+portcon tcp 8002 system_u:object_r:xen_port_t:s0
+portcon tcp 2601 system_u:object_r:zebra_port_t:s0
+portcon tcp 8021 system_u:object_r:zope_port_t:s0
+portcon tcp 1-1023 system_u:object_r:reserved_port_t:s0
+portcon udp 1-1023 system_u:object_r:reserved_port_t:s0
+nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:compat_ipv4_node_t:s0
+nodecon 0.0.0.0 255.255.255.255 system_u:object_r:inaddr_any_node_t:s0
+nodecon fe80:: ffff:ffff:ffff:ffff:: system_u:object_r:link_local_node_t:s0
+nodecon 127.0.0.1 255.255.255.255 system_u:object_r:lo_node_t:s0
+nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:mapped_ipv4_node_t:s0
+nodecon ff00:: ff00:: system_u:object_r:multicast_node_t:s0
+nodecon fec0:: ffc0:: system_u:object_r:site_local_node_t:s0
+nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:unspec_node_t:s0
diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf
new file mode 100644
index 0000000..9b7ade5
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/base-metreq.conf
@@ -0,0 +1,519 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+# TE RULES
+attribute domain;
+attribute system;
+attribute foo;
+attribute num;
+attribute num_exec;
+attribute files;
+
+type net_foo_t, foo;
+type sys_foo_t, foo, system;
+role system_r types sys_foo_t;
+
+type user_t, domain;
+role user_r types user_t;
+
+type sysadm_t, domain, system;
+role sysadm_r types sysadm_t;
+
+type system_t, domain, system, foo;
+role system_r types { system_t sys_foo_t };
+
+type file_t;
+type file_exec_t, files;
+type fs_t;
+
+# Make this decl easy to find
+type base_global_decl_t;
+
+# Actually used in module tests
+type type_req_t;
+attribute attr_req;
+bool bool_req false;
+role role_req_r;
+
+
+allow sysadm_t file_exec_t: file { execute read write ioctl lock entrypoint };
+
+optional {
+ require {
+ type base_optional_1, base_optional_2;
+ }
+ allow base_optional_1 base_optional_2 : file { read write };
+}
+
+#####################################
+# Role Allow
+allow user_r sysadm_r;
+
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:sys_foo_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf
new file mode 100644
index 0000000..cf6aa0a
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf
@@ -0,0 +1,506 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+# TE RULES
+attribute domain;
+attribute system;
+attribute foo;
+attribute num;
+attribute num_exec;
+attribute files;
+
+type net_foo_t, foo;
+type sys_foo_t, foo, system;
+role system_r types sys_foo_t;
+
+type user_t, domain;
+role user_r types user_t;
+
+type sysadm_t, domain, system;
+role sysadm_r types sysadm_t;
+
+type system_t, domain, system, foo;
+role system_r types { system_t sys_foo_t };
+
+type file_t;
+type file_exec_t, files;
+type fs_t;
+type base_optional_1;
+type base_optional_2;
+
+allow sysadm_t file_exec_t: file { execute read write ioctl lock entrypoint };
+
+optional {
+ require {
+ type base_optional_1, base_optional_2;
+ }
+ allow base_optional_1 base_optional_2 : file { read write };
+}
+
+#####################################
+# Role Allow
+allow user_r sysadm_r;
+
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:sys_foo_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-deps/modreq-attr-global.conf b/libsepol/tests/policies/test-deps/modreq-attr-global.conf
new file mode 100644
index 0000000..92f6b30
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-attr-global.conf
@@ -0,0 +1,10 @@
+module modreq_attr_global 1.0;
+
+require {
+ attribute attr_req;
+}
+
+type mod_global_t;
+
+type new_t, attr_req;
+
diff --git a/libsepol/tests/policies/test-deps/modreq-attr-opt.conf b/libsepol/tests/policies/test-deps/modreq-attr-opt.conf
new file mode 100644
index 0000000..b970c1d
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-attr-opt.conf
@@ -0,0 +1,16 @@
+module modreq_attr_opt 1.0;
+
+require {
+ class file {read write};
+
+}
+
+type mod_global_t;
+
+optional {
+ require {
+ attribute attr_req;
+ }
+ type mod_opt_t;
+ type new_t, attr_req;
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-bool-global.conf b/libsepol/tests/policies/test-deps/modreq-bool-global.conf
new file mode 100644
index 0000000..4ef0cc9
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-bool-global.conf
@@ -0,0 +1,15 @@
+module modreq_bool_global 1.0;
+
+require {
+ bool bool_req;
+ class file { read write };
+}
+
+type mod_global_t;
+
+type a_t;
+type b_t;
+
+if (bool_req) {
+ allow a_t b_t : file { read write };
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-bool-opt.conf b/libsepol/tests/policies/test-deps/modreq-bool-opt.conf
new file mode 100644
index 0000000..27af4f2
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-bool-opt.conf
@@ -0,0 +1,22 @@
+module modreq_bool_opt 1.0;
+
+require {
+ class file {read write};
+
+}
+
+type mod_global_t;
+
+optional {
+ require {
+ bool bool_req;
+ }
+
+ type a_t;
+ type b_t;
+ type mod_opt_t;
+
+ if (bool_req) {
+ allow a_t b_t : file { read write };
+ }
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-obj-global.conf b/libsepol/tests/policies/test-deps/modreq-obj-global.conf
new file mode 100644
index 0000000..e9eba77
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-obj-global.conf
@@ -0,0 +1,13 @@
+module modreq_obj_global 1.0;
+
+require {
+ class sem { create destroy };
+}
+
+type mod_global_t;
+
+type mod_foo_t;
+type mod_bar_t;
+
+allow mod_foo_t mod_bar_t : sem { create destroy };
+
diff --git a/libsepol/tests/policies/test-deps/modreq-obj-opt.conf b/libsepol/tests/policies/test-deps/modreq-obj-opt.conf
new file mode 100644
index 0000000..67a41a4
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-obj-opt.conf
@@ -0,0 +1,20 @@
+module modreq_obj_global 1.0;
+
+require {
+ class file { read };
+}
+
+type mod_global_t;
+
+type mod_foo_t;
+type mod_bar_t;
+
+optional {
+ require {
+ class sem { create destroy };
+ }
+
+ type mod_opt_t;
+
+ allow mod_foo_t mod_bar_t : sem { create destroy };
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-perm-global.conf b/libsepol/tests/policies/test-deps/modreq-perm-global.conf
new file mode 100644
index 0000000..941ca96
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-perm-global.conf
@@ -0,0 +1,10 @@
+module modreq_perm_global 1.0;
+
+require {
+ class msg { send receive };
+}
+
+type mod_global_t;
+type a_t;
+type b_t;
+allow a_t b_t: msg { send receive };
diff --git a/libsepol/tests/policies/test-deps/modreq-perm-opt.conf b/libsepol/tests/policies/test-deps/modreq-perm-opt.conf
new file mode 100644
index 0000000..43a3f97
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-perm-opt.conf
@@ -0,0 +1,18 @@
+module modreq_perm_opt 1.0;
+
+require {
+ class file { read write };
+}
+
+type mod_global_t;
+
+optional {
+ require {
+ class msg { send receive };
+ }
+
+ type mod_opt_t;
+ type a_mod_t;
+ type b_mod_t;
+ allow a_mod_t b_mod_t: msg { send receive };
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-role-global.conf b/libsepol/tests/policies/test-deps/modreq-role-global.conf
new file mode 100644
index 0000000..01fd3ec
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-role-global.conf
@@ -0,0 +1,13 @@
+module modreq_role_global 1.0;
+
+require {
+ role role_req_r, user_r;
+}
+
+type mod_global_t;
+
+type a_t;
+
+# role role_req_r types a_t;
+allow role_req_r user_r;
+
diff --git a/libsepol/tests/policies/test-deps/modreq-role-opt.conf b/libsepol/tests/policies/test-deps/modreq-role-opt.conf
new file mode 100644
index 0000000..532a77e
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-role-opt.conf
@@ -0,0 +1,17 @@
+module modreq_role_opt 1.0;
+
+require {
+ class file {read write};
+
+}
+
+type mod_global_t;
+
+optional {
+ require {
+ role role_req_r, user_r;
+ }
+ type mod_opt_t;
+
+ allow role_req_r user_r;
+}
diff --git a/libsepol/tests/policies/test-deps/modreq-type-global.conf b/libsepol/tests/policies/test-deps/modreq-type-global.conf
new file mode 100644
index 0000000..e5704a3
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-type-global.conf
@@ -0,0 +1,12 @@
+module modreq_type_global 1.0;
+
+require {
+ type type_req_t;
+ class file { read write };
+}
+
+type mod_global_t;
+
+type test_t;
+
+allow test_t type_req_t : file { read write };
diff --git a/libsepol/tests/policies/test-deps/modreq-type-opt.conf b/libsepol/tests/policies/test-deps/modreq-type-opt.conf
new file mode 100644
index 0000000..65071d7
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/modreq-type-opt.conf
@@ -0,0 +1,16 @@
+module modreq_type_opt 1.0;
+
+require {
+ type file_t;
+ class file { read write };
+}
+
+type mod_global_t;
+
+optional {
+ require {
+ type type_req_t;
+ }
+ type mod_opt_t;
+ allow type_req_t file_t : file { read write };
+}
\ No newline at end of file
diff --git a/libsepol/tests/policies/test-deps/module.conf b/libsepol/tests/policies/test-deps/module.conf
new file mode 100644
index 0000000..1971e4c
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/module.conf
@@ -0,0 +1,20 @@
+module my_module 1.0;
+
+require {
+ bool secure_mode;
+ type system_t, sysadm_t, file_t;
+ attribute domain;
+ role system_r;
+ class file {read write};
+
+}
+
+type new_t, domain;
+role system_r types new_t;
+
+allow system_t file_t : file { read write };
+
+if (secure_mode)
+{
+ allow sysadm_t file_t : file { read write };
+}
diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf
new file mode 100644
index 0000000..7c1cbe4
--- /dev/null
+++ b/libsepol/tests/policies/test-deps/small-base.conf
@@ -0,0 +1,511 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+# TE RULES
+attribute domain;
+attribute system;
+attribute foo;
+attribute num;
+attribute num_exec;
+attribute files;
+
+type net_foo_t, foo;
+type sys_foo_t, foo, system;
+role system_r types sys_foo_t;
+
+type user_t, domain;
+role user_r types user_t;
+
+type sysadm_t, domain, system;
+role sysadm_r types sysadm_t;
+
+type system_t, domain, system, foo;
+role system_r types { system_t sys_foo_t };
+
+type file_t;
+type file_exec_t, files;
+type fs_t;
+type base_optional_1;
+type base_optional_2;
+
+allow sysadm_t file_exec_t: file { execute read write ioctl lock entrypoint };
+
+optional {
+ require {
+ type base_optional_1, base_optional_2;
+ }
+ allow base_optional_1 base_optional_2 : file { read write };
+}
+
+#####################################
+# Role Allow
+allow user_r sysadm_r;
+
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:sys_foo_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf
new file mode 100644
index 0000000..f3d0a6c
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/alias-base.conf
@@ -0,0 +1,498 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+type enable_optional;
+
+# Alias tests
+type alias_check_1_t;
+type alias_check_2_t;
+type alias_check_3_t;
+
+typealias alias_check_1_t alias alias_check_1_a;
+
+optional {
+ require {
+ type alias_check_2_t;
+ }
+ typealias alias_check_2_t alias alias_check_2_a;
+}
+
+optional {
+ require {
+ type alias_check_3_a;
+ }
+ allow alias_check_3_a enable_optional:file read;
+}
+
+########
+type fs_t;
+type system_t;
+type user_t;
+role system_r types system_t;
+role user_r types user_t;
+role sysadm_r types system_t;
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:system_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:system_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-expander/alias-module.conf b/libsepol/tests/policies/test-expander/alias-module.conf
new file mode 100644
index 0000000..72d791e
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/alias-module.conf
@@ -0,0 +1,8 @@
+module my_module 1.0;
+
+require {
+ type alias_check_3_t;
+}
+
+typealias alias_check_3_t alias alias_check_3_a;
+
diff --git a/libsepol/tests/policies/test-expander/base-base-only.conf b/libsepol/tests/policies/test-expander/base-base-only.conf
new file mode 100644
index 0000000..80b87cc
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/base-base-only.conf
@@ -0,0 +1,43 @@
+class security
+class file
+
+sid kernel
+
+common file
+{
+ read
+}
+
+class file
+inherits file
+{
+ entrypoint
+}
+
+class security
+{
+ compute_av
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+dominance { s0 }
+
+category c0;
+
+level s0:c0;
+
+mlsconstrain file { read }
+ ( h1 dom h2 );
+')
+
+attribute myattr;
+type mytype_t;
+role myrole_r types mytype_t;
+bool mybool true;
+gen_user(myuser_u,, myrole_r, s0, s0 - s0:c0)
+
+sid kernel gen_context(myuser_u:myrole_r:mytype_t, s0)
+
+
diff --git a/libsepol/tests/policies/test-expander/module.conf b/libsepol/tests/policies/test-expander/module.conf
new file mode 100644
index 0000000..6186db7
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/module.conf
@@ -0,0 +1,228 @@
+module my_module 1.0;
+
+require {
+ bool allow_ypbind, secure_mode, allow_execstack;
+ type system_t, sysadm_t;
+ class file {read write};
+ attribute attr_check_base_2, attr_check_base_3;
+ attribute attr_check_base_optional_2;
+}
+
+bool module_1_bool true;
+
+if (module_1_bool && allow_ypbind && secure_mode && allow_execstack) {
+ allow system_t sysadm_t : file { read write };
+}
+
+optional {
+ bool module_1_bool_2 false;
+ require {
+ bool optional_bool_1, optional_bool_2;
+ class file { execute ioctl };
+ }
+ if (optional_bool_1 && optional_bool_2 || module_1_bool_2) {
+ allow system_t sysadm_t : file {execute ioctl};
+ }
+}
+# Type - attribute mapping test
+type module_t;
+attribute attr_check_mod_1;
+attribute attr_check_mod_2;
+attribute attr_check_mod_3;
+attribute attr_check_mod_4;
+attribute attr_check_mod_5;
+attribute attr_check_mod_6;
+attribute attr_check_mod_7;
+attribute attr_check_mod_8;
+attribute attr_check_mod_9;
+attribute attr_check_mod_10;
+attribute attr_check_mod_11;
+optional {
+ require {
+ type base_t;
+ }
+ attribute attr_check_mod_optional_1;
+ attribute attr_check_mod_optional_2;
+ attribute attr_check_mod_optional_3;
+ attribute attr_check_mod_optional_4;
+ attribute attr_check_mod_optional_5;
+ attribute attr_check_mod_optional_6;
+ attribute attr_check_mod_optional_7;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ attribute attr_check_mod_optional_disabled_4;
+ attribute attr_check_mod_optional_disabled_7;
+}
+type attr_check_base_2_1_t, attr_check_base_2;
+type attr_check_base_2_2_t;
+typeattribute attr_check_base_2_2_t attr_check_base_2;
+type attr_check_base_3_3_t, attr_check_base_3;
+type attr_check_base_3_4_t;
+typeattribute attr_check_base_3_4_t attr_check_base_3;
+optional {
+ require {
+ attribute attr_check_base_5;
+ }
+ type attr_check_base_5_1_t, attr_check_base_5;
+ type attr_check_base_5_2_t;
+ typeattribute attr_check_base_5_2_t attr_check_base_5;
+}
+optional {
+ require {
+ attribute attr_check_base_6;
+ }
+ type attr_check_base_6_3_t, attr_check_base_6;
+ type attr_check_base_6_4_t;
+ typeattribute attr_check_base_6_4_t attr_check_base_6;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_base_8;
+ }
+ type attr_check_base_8_1_t, attr_check_base_8;
+ type attr_check_base_8_2_t;
+ typeattribute attr_check_base_8_2_t attr_check_base_8;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_base_9;
+ }
+ type attr_check_base_9_3_t, attr_check_base_9;
+ type attr_check_base_9_4_t;
+ typeattribute attr_check_base_9_4_t attr_check_base_9;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_base_10;
+ }
+ type attr_check_base_10_3_t, attr_check_base_10;
+ type attr_check_base_10_4_t;
+ typeattribute attr_check_base_10_4_t attr_check_base_10;
+}
+optional {
+ require {
+ attribute attr_check_base_11;
+ }
+ type attr_check_base_11_3_t, attr_check_base_11;
+ type attr_check_base_11_4_t;
+ typeattribute attr_check_base_11_4_t attr_check_base_11;
+}
+type attr_check_base_optional_2_1_t, attr_check_base_optional_2;
+type attr_check_base_optional_2_2_t;
+typeattribute attr_check_base_optional_2_2_t attr_check_base_optional_2;
+optional {
+ require {
+ attribute attr_check_base_optional_5;
+ }
+ type attr_check_base_optional_5_1_t, attr_check_base_optional_5;
+ type attr_check_base_optional_5_2_t;
+ typeattribute attr_check_base_optional_5_2_t attr_check_base_optional_5;
+}
+#optional {
+# require {
+# attribute attr_check_base_optional_6;
+# }
+# type attr_check_base_optional_6_3_t, attr_check_base_optional_6;
+# type attr_check_base_optional_6_4_t;
+# typeattribute attr_check_base_optional_6_4_t attr_check_base_optional_6;
+#}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_base_optional_8;
+ }
+ type attr_check_base_optional_8_1_t, attr_check_base_optional_8;
+ type attr_check_base_optional_8_2_t;
+ typeattribute attr_check_base_optional_8_2_t attr_check_base_optional_8;
+}
+type attr_check_mod_2_1_t, attr_check_mod_2;
+type attr_check_mod_2_2_t;
+typeattribute attr_check_mod_2_2_t attr_check_mod_2;
+optional {
+ require {
+ attribute attr_check_mod_5;
+ }
+ type attr_check_mod_5_1_t, attr_check_mod_5;
+ type attr_check_mod_5_2_t;
+ typeattribute attr_check_mod_5_2_t attr_check_mod_5;
+}
+optional {
+ require {
+ attribute attr_check_mod_6;
+ }
+ type attr_check_mod_6_3_t, attr_check_mod_6;
+ type attr_check_mod_6_4_t;
+ typeattribute attr_check_mod_6_4_t attr_check_mod_6;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_mod_8_1_t, attr_check_mod_8;
+ type attr_check_mod_8_2_t;
+ typeattribute attr_check_mod_8_2_t attr_check_mod_8;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_mod_9_3_t, attr_check_mod_9;
+ type attr_check_mod_9_4_t;
+ typeattribute attr_check_mod_9_4_t attr_check_mod_9;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_mod_10_3_t, attr_check_mod_10;
+ type attr_check_mod_10_4_t;
+ typeattribute attr_check_mod_10_4_t attr_check_mod_10;
+}
+optional {
+ require {
+ type base_t;
+ }
+ type attr_check_mod_11_3_t, attr_check_mod_11;
+ type attr_check_mod_11_4_t;
+ typeattribute attr_check_mod_11_4_t attr_check_mod_11;
+}
+#optional {
+# require {
+# attribute attr_check_mod_optional_5;
+# }
+# type attr_check_mod_optional_5_1_t, attr_check_mod_optional_5;
+# type attr_check_mod_optional_5_2_t;
+# typeattribute attr_check_mod_optional_5_2_t attr_check_mod_optional_5;
+#}
+#optional {
+# require {
+# attribute attr_check_mod_optional_6;
+# }
+# type attr_check_mod_optional_6_3_t, attr_check_mod_optional_6;
+# type attr_check_mod_optional_6_4_t;
+# typeattribute attr_check_mod_optional_6_4_t attr_check_mod_optional_6;
+#}
+optional {
+ require {
+ attribute attr_check_base_optional_disabled_5;
+ }
+ type attr_check_base_optional_disabled_5_1_t, attr_check_base_optional_disabled_5;
+ type attr_check_base_optional_disabled_5_2_t;
+ typeattribute attr_check_base_optional_disabled_5_2_t attr_check_base_optional_disabled_5;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_base_optional_disabled_8;
+ }
+ type attr_check_base_optional_disabled_8_1_t, attr_check_base_optional_disabled_8;
+ type attr_check_base_optional_disabled_8_2_t;
+ typeattribute attr_check_base_optional_disabled_8_2_t attr_check_base_optional_disabled_8;
+}
+
diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf
new file mode 100644
index 0000000..219987c
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/role-base.conf
@@ -0,0 +1,479 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+# Role mapping test
+type role_check_1_1_t;
+role role_check_1 types role_check_1_1_t;
+
+########
+type fs_t;
+type system_t;
+type user_t;
+role system_r types system_t;
+role user_r types user_t;
+role sysadm_r types system_t;
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:system_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:system_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-expander/role-module.conf b/libsepol/tests/policies/test-expander/role-module.conf
new file mode 100644
index 0000000..1cc5d22
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/role-module.conf
@@ -0,0 +1,9 @@
+module my_module 1.0;
+
+require {
+ class file {read write};
+ role role_check_1;
+}
+
+type role_check_1_2_t;
+role role_check_1 types role_check_1_2_t;
diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf
new file mode 100644
index 0000000..6f45a28
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/small-base.conf
@@ -0,0 +1,718 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+# TE RULES
+attribute domain;
+attribute system;
+attribute foo;
+attribute num;
+attribute num_exec;
+attribute files;
+
+# Type - attribute mapping test
+# Shorthand tests
+# 1 = types in base, 2 = types in mod, 3 = types in both
+# 4 = types in optional in base, 5 = types in optional in mod
+# 6 = types in optional in both
+# 7 = types in disabled optional in base
+# 8 = types in disabled optional in module
+# 9 = types in disabled optional in both
+# 10 = types in enabled optional in base, disabled optional in module
+# 11 = types in disabled optional in base, enabled optional in module
+attribute attr_check_base_1;
+attribute attr_check_base_2;
+attribute attr_check_base_3;
+attribute attr_check_base_4;
+attribute attr_check_base_5;
+attribute attr_check_base_6;
+attribute attr_check_base_7;
+attribute attr_check_base_8;
+attribute attr_check_base_9;
+attribute attr_check_base_10;
+attribute attr_check_base_11;
+optional {
+ require {
+ type module_t;
+ }
+ attribute attr_check_base_optional_1;
+ attribute attr_check_base_optional_2;
+ attribute attr_check_base_optional_3;
+ attribute attr_check_base_optional_4;
+ attribute attr_check_base_optional_5;
+ attribute attr_check_base_optional_6;
+ attribute attr_check_base_optional_8;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ attribute attr_check_base_optional_disabled_5;
+ attribute attr_check_base_optional_disabled_8;
+}
+
+type net_foo_t, foo;
+type sys_foo_t, foo, system;
+role system_r types sys_foo_t;
+
+type user_t, domain;
+role user_r types user_t;
+
+type sysadm_t, domain, system;
+role sysadm_r types sysadm_t;
+
+type system_t, domain, system, foo;
+role system_r types { system_t sys_foo_t };
+
+type file_t;
+type file_exec_t, files;
+type fs_t;
+type base_optional_1;
+type base_optional_2;
+
+allow sysadm_t file_exec_t: file { execute read write ioctl lock entrypoint };
+
+optional {
+ require {
+ type base_optional_1, base_optional_2;
+ }
+ allow base_optional_1 base_optional_2 : file { read write };
+}
+
+# Type - attribute mapping test
+type base_t;
+type attr_check_base_1_1_t, attr_check_base_1;
+type attr_check_base_1_2_t;
+typeattribute attr_check_base_1_2_t attr_check_base_1;
+type attr_check_base_3_1_t, attr_check_base_3;
+type attr_check_base_3_2_t;
+typeattribute attr_check_base_3_2_t attr_check_base_3;
+optional {
+ require {
+ attribute attr_check_base_4;
+ }
+ type attr_check_base_4_1_t, attr_check_base_4;
+ type attr_check_base_4_2_t;
+ typeattribute attr_check_base_4_2_t attr_check_base_4;
+}
+optional {
+ require {
+ type module_t;
+ }
+ type attr_check_base_6_1_t, attr_check_base_6;
+ type attr_check_base_6_2_t;
+ typeattribute attr_check_base_6_2_t attr_check_base_6;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_base_7_1_t, attr_check_base_7;
+ type attr_check_base_7_2_t;
+ typeattribute attr_check_base_7_2_t attr_check_base_7;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_base_9_1_t, attr_check_base_9;
+ type attr_check_base_9_2_t;
+ typeattribute attr_check_base_9_2_t attr_check_base_9;
+}
+optional {
+ require {
+ type module_t;
+ }
+ type attr_check_base_10_1_t, attr_check_base_10;
+ type attr_check_base_10_2_t;
+ typeattribute attr_check_base_10_2_t attr_check_base_10;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ }
+ type attr_check_base_11_1_t, attr_check_base_11;
+ type attr_check_base_11_2_t;
+ typeattribute attr_check_base_11_2_t attr_check_base_11;
+}
+#optional {
+# require {
+# attribute attr_check_base_optional_4;
+# }
+# type attr_check_base_optional_4_1_t, attr_check_base_optional_4;
+# type attr_check_base_optional_4_2_t;
+# typeattribute attr_check_base_optional_4_2_t attr_check_base_optional_4;
+#}
+#optional {
+# require {
+# attribute attr_check_base_optional_6;
+# }
+# type attr_check_base_optional_6_1_t, attr_check_base_optional_6;
+# type attr_check_base_optional_6_2_t;
+# typeattribute attr_check_base_optional_6_2_t attr_check_base_optional_6;
+#}
+optional {
+ require {
+ attribute attr_check_mod_4;
+ }
+ type attr_check_mod_4_1_t, attr_check_mod_4;
+ type attr_check_mod_4_2_t;
+ typeattribute attr_check_mod_4_2_t attr_check_mod_4;
+}
+optional {
+ require {
+ attribute attr_check_mod_6;
+ }
+ type attr_check_mod_6_1_t, attr_check_mod_6;
+ type attr_check_mod_6_2_t;
+ typeattribute attr_check_mod_6_2_t attr_check_mod_6;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_mod_7;
+ }
+ type attr_check_mod_7_1_t, attr_check_mod_7;
+ type attr_check_mod_7_2_t;
+ typeattribute attr_check_mod_7_2_t attr_check_mod_7;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_mod_9;
+ }
+ type attr_check_mod_9_1_t, attr_check_mod_9;
+ type attr_check_mod_9_2_t;
+ typeattribute attr_check_mod_9_2_t attr_check_mod_9;
+}
+optional {
+ require {
+ attribute attr_check_mod_10;
+ }
+ type attr_check_mod_10_1_t, attr_check_mod_10;
+ type attr_check_mod_10_2_t;
+ typeattribute attr_check_mod_10_2_t attr_check_mod_10;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_mod_11;
+ }
+ type attr_check_mod_11_1_t, attr_check_mod_11;
+ type attr_check_mod_11_2_t;
+ typeattribute attr_check_mod_11_2_t attr_check_mod_11;
+}
+optional {
+ require {
+ attribute attr_check_mod_optional_4;
+ }
+ type attr_check_mod_optional_4_1_t, attr_check_mod_optional_4;
+ type attr_check_mod_optional_4_2_t;
+ typeattribute attr_check_mod_optional_4_2_t attr_check_mod_optional_4;
+}
+optional {
+ require {
+ attribute attr_check_mod_optional_6;
+ }
+ type attr_check_mod_optional_6_1_t, attr_check_mod_optional_6;
+ type attr_check_mod_optional_6_2_t;
+ typeattribute attr_check_mod_optional_6_2_t attr_check_mod_optional_6;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_mod_optional_7;
+ }
+ type attr_check_mod_optional_7_1_t, attr_check_mod_optional_7;
+ type attr_check_mod_optional_7_2_t;
+ typeattribute attr_check_mod_optional_7_2_t attr_check_mod_optional_7;
+}
+optional {
+ require {
+ attribute attr_check_mod_optional_disabled_4;
+ }
+ type attr_check_mod_optional_disabled_4_1_t, attr_check_mod_optional_disabled_4;
+ type attr_check_mod_optional_disabled_4_2_t;
+ typeattribute attr_check_mod_optional_disabled_4_2_t attr_check_mod_optional_disabled_4;
+}
+optional {
+ require {
+ type does_not_exist_t;
+ attribute attr_check_mod_optional_disabled_7;
+ }
+ type attr_check_mod_optional_disabled_7_1_t, attr_check_mod_optional_disabled_7;
+ type attr_check_mod_optional_disabled_7_2_t;
+ typeattribute attr_check_mod_optional_disabled_7_2_t attr_check_mod_optional_disabled_7;
+}
+
+#####################################
+# Role Allow
+allow user_r sysadm_r;
+
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:sys_foo_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:sys_foo_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:net_foo_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf
new file mode 100644
index 0000000..660152e
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/user-base.conf
@@ -0,0 +1,482 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+# User mapping test
+type user_check_1_1_t;
+type user_check_1_2_t;
+role user_check_1_1_r types user_check_1_1_t;
+role user_check_1_2_r types user_check_1_2_t;
+
+########
+type fs_t;
+type system_t;
+type user_t;
+role system_r types system_t;
+role user_r types user_t;
+role sysadm_r types system_t;
+####################################
+# Booleans
+bool allow_ypbind true;
+bool secure_mode false;
+bool allow_execheap false;
+bool allow_execmem true;
+bool allow_execmod false;
+bool allow_execstack true;
+bool optional_bool_1 true;
+bool optional_bool_2 false;
+
+#####################################
+# users
+gen_user(user_check_1,, user_check_1_1_r user_check_1_2_r, s0, s0 - s0:c0.c23)
+gen_user(system_u,, system_r, s0, s0 - s0:c0.c23)
+gen_user(root,, user_r sysadm_r, s0, s0 - s0:c0.c23)
+gen_user(joe,, user_r, s0, s0 - s0:c0.c23)
+
+#####################################
+# constraints
+
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(system_u:system_r:system_t, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr ext3 gen_context(system_u:object_r:fs_t, s0);
+fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t, s0);
+
+
+genfscon proc / gen_context(system_u:object_r:system_t, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 system_u:object_r:net_foo_t:s0
+
+#netifcon lo system_u:object_r:net_foo_t system_u:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 system_u:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(system_u:object_r:system_t, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-expander/user-module.conf b/libsepol/tests/policies/test-expander/user-module.conf
new file mode 100644
index 0000000..4ef3e62
--- /dev/null
+++ b/libsepol/tests/policies/test-expander/user-module.conf
@@ -0,0 +1,9 @@
+module my_module 1.0;
+
+require {
+ class file {read write};
+ifdef(`enable_mls',`
+ user user_check_1;
+')
+}
+
diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf
new file mode 100644
index 0000000..ec1e234
--- /dev/null
+++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf
@@ -0,0 +1,471 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+
+#g_b stands for global base
+
+type g_b_type_1;
+role g_b_role_1 types g_b_type_1;
+
+role g_b_role_2 types g_b_type_1;
+role g_b_role_3 types g_b_type_1;
+type g_b_type_2;
+
+optional {
+ require {
+ type invalid_type;
+ }
+ allow g_b_role_2 g_b_role_3;
+ role_transition g_b_role_2 g_b_type_2 g_b_role_3;
+}
+
+
+gen_user(g_b_user_1,, g_b_role_1, s0, s0 - s0:c0.c23)
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(g_b_user_1:g_b_role_1:g_b_type_1, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr ext3 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr reiserfs gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+
+
+genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 g_b_user_1:object_r:net_foo_t:s0
+
+#netifcon lo g_b_user_1:object_r:net_foo_t g_b_user_1:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-hooks/module_add_role_allow_trans.conf b/libsepol/tests/policies/test-hooks/module_add_role_allow_trans.conf
new file mode 100644
index 0000000..c6ecd83
--- /dev/null
+++ b/libsepol/tests/policies/test-hooks/module_add_role_allow_trans.conf
@@ -0,0 +1,15 @@
+module add_symbol_test 1.0;
+
+require { class file { read }; }
+
+role role_a_1;
+role role_a_2;
+role role_t_1;
+role role_t_2;
+
+type type_rt_1;
+
+
+allow role_a_1 role_a_2;
+
+role_transition role_t_1 type_rt_1 role_t_2;
diff --git a/libsepol/tests/policies/test-hooks/module_add_symbols.conf b/libsepol/tests/policies/test-hooks/module_add_symbols.conf
new file mode 100644
index 0000000..cf56e18
--- /dev/null
+++ b/libsepol/tests/policies/test-hooks/module_add_symbols.conf
@@ -0,0 +1,12 @@
+module add_symbol_test 1.0;
+
+require { class file { read write }; }
+
+type type_add_1;
+attribute attrib_add_1;
+role role_add_1;
+bool bool_add_1 false;
+
+ifdef(`enable_mls',`',`
+user user_add_1 roles { role_add_1 };
+')
diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf
new file mode 100644
index 0000000..ec1e234
--- /dev/null
+++ b/libsepol/tests/policies/test-hooks/small-base.conf
@@ -0,0 +1,471 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+
+#g_b stands for global base
+
+type g_b_type_1;
+role g_b_role_1 types g_b_type_1;
+
+role g_b_role_2 types g_b_type_1;
+role g_b_role_3 types g_b_type_1;
+type g_b_type_2;
+
+optional {
+ require {
+ type invalid_type;
+ }
+ allow g_b_role_2 g_b_role_3;
+ role_transition g_b_role_2 g_b_type_2 g_b_role_3;
+}
+
+
+gen_user(g_b_user_1,, g_b_role_1, s0, s0 - s0:c0.c23)
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(g_b_user_1:g_b_role_1:g_b_type_1, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr ext3 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr reiserfs gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+
+
+genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 g_b_user_1:object_r:net_foo_t:s0
+
+#netifcon lo g_b_user_1:object_r:net_foo_t g_b_user_1:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+
+
diff --git a/libsepol/tests/policies/test-linker/module1.conf b/libsepol/tests/policies/test-linker/module1.conf
new file mode 100644
index 0000000..7cfb6cb
--- /dev/null
+++ b/libsepol/tests/policies/test-linker/module1.conf
@@ -0,0 +1,138 @@
+module linker_test_1 1.0;
+
+require {
+ class file { read write };
+ class lnk_file append;
+ role g_b_role_2;
+ attribute g_b_attr_3;
+ attribute g_b_attr_5;
+ attribute o4_b_attr_1;
+ type g_b_type_3;
+}
+
+type tag_g_m1;
+
+#test for type in module and attr in module, added to in module
+attribute g_m1_attr_1;
+type g_m1_type_1, g_m1_attr_1;
+type g_m1_type_2;
+typeattribute g_m1_type_2 g_m1_attr_1;
+
+#add role in module test
+role g_m1_role_1 types g_m1_type_1;
+
+# test for attr declared in base, added to in module
+type g_m1_type_3;
+typeattribute g_m1_type_3 g_b_attr_3;
+
+# test for attr declared in base, added to in 2 modules
+type g_m1_type_4;
+typeattribute g_m1_type_4 g_b_attr_5;
+
+# test for attr declared in base optional, added to in module
+type g_m1_type_5;
+typeattribute g_m1_type_5 o4_b_attr_1;
+
+# test for attr declared in module, added to in base optional
+attribute g_m1_attr_2;
+
+#add type to base role test
+role g_b_role_2 types g_m1_type_1;
+role g_b_role_3 types g_m1_type_2;
+
+#add type to base optional role test
+role o1_b_role_2 types g_m1_type_1;
+
+#optional base role w/ adds in 2 modules
+role o4_b_role_1 types g_m1_type_2;
+
+# attr a added to in base optional, declared/added to in module, added to in other module
+attribute g_m1_attr_3;
+type g_m1_type_6, g_m1_attr_3;
+
+# attr a added to in base optional, declared/added in module , added to in other module optional
+attribute g_m1_attr_4;
+type g_m1_type_7, g_m1_attr_4;
+
+# alias tests
+typealias g_b_type_3 alias g_m_alias_1;
+
+# single boolean in module
+bool g_m1_bool_1 true;
+if (g_m1_bool_1) {
+ allow g_m1_type_1 g_m1_type_2 : lnk_file append;
+}
+
+
+optional {
+ require {
+ type optional_type;
+ attribute g_b_attr_4;
+ attribute o1_b_attr_2;
+ class lnk_file { ioctl };
+ }
+
+ type tag_o1_m1;
+
+ attribute o1_m1_attr_1;
+ type o1_m1_type_2, o1_m1_attr_1;
+
+ type o1_m1_type_1;
+ role o1_m1_role_1 types o1_m1_type_1;
+
+ type o1_m1_type_3;
+ typeattribute o1_m1_type_3 g_b_attr_4;
+
+ type o1_m1_type_5;
+ typeattribute o1_m1_type_5 o1_b_attr_2;
+
+ bool o1_m1_bool_1 false;
+ if (o1_m1_bool_1) {
+ allow o1_m1_type_2 o1_m1_type_1 : lnk_file ioctl;
+ }
+
+}
+
+optional {
+ require {
+ type optional_type;
+ #role g_b_role_4; // This causes a bug where the role scope doesn't get copied into base
+ }
+
+ type tag_o2_m1;
+
+ role g_b_role_4 types g_m1_type_2;
+}
+
+optional {
+ require {
+ attribute g_b_attr_6;
+ }
+
+ type tag_o3_m1;
+
+ type o3_m1_type_1;
+ role o3_b_role_1 types o3_m1_type_1;
+
+ type o3_m1_type_2, g_b_attr_6;
+
+ attribute o3_m1_attr_1;
+
+ # attr a added to in base optional, declared/added in module optional, added to in other module
+ attribute o3_m1_attr_2;
+ type o3_m1_type_3, o3_m1_attr_2;
+
+}
+
+optional {
+ require {
+ type enable_optional;
+ }
+ type tag_o4_m1;
+
+ attribute o4_m1_attr_1;
+ type o4_m1_type_1;
+ typeattribute o4_m1_type_1 o4_m1_attr_1;
+
+
+}
diff --git a/libsepol/tests/policies/test-linker/module2.conf b/libsepol/tests/policies/test-linker/module2.conf
new file mode 100644
index 0000000..3820cb7
--- /dev/null
+++ b/libsepol/tests/policies/test-linker/module2.conf
@@ -0,0 +1,62 @@
+module linker_test_2 1.0;
+
+require {
+ class file { read write };
+ class lnk_file { unlink };
+ attribute g_b_attr_5;
+ attribute g_b_attr_6;
+ attribute g_m1_attr_3;
+ attribute o3_m1_attr_2;
+}
+
+type tag_g_m2;
+
+type g_m2_type_1;
+role g_m2_role_1 types g_m2_type_1;
+
+type g_m2_type_4, g_b_attr_5;
+type g_m2_type_5, g_b_attr_6;
+
+#add types to role declared in base test
+type g_m2_type_2;
+role g_b_role_3 types g_m2_type_2;
+
+#optional base role w/ adds in 2 modules
+role o4_b_role_1 types g_m2_type_1;
+
+# attr a added to in base optional, declared/added to in module, added to in other module
+type g_m2_type_3, g_m1_attr_3;
+
+# attr a added to in base optional, declared/added in module optional, added to in other module
+type g_m2_type_6, o3_m1_attr_2;
+
+# cond mapping tests
+bool g_m2_bool_1 true;
+bool g_m2_bool_2 false;
+if (g_m2_bool_1 && g_m2_bool_2) {
+ allow g_m2_type_1 g_m2_type_2 : lnk_file unlink;
+}
+
+optional {
+ require {
+ type optional_type;
+ }
+
+ type tag_o1_m2;
+
+ type o1_m2_type_1;
+ role o1_m2_role_1 types o1_m2_type_1;
+}
+
+
+optional {
+ require {
+ attribute g_m1_attr_4;
+ attribute o4_m1_attr_1;
+ }
+ type tag_o2_m2;
+
+ type o2_m2_type_1, g_m1_attr_4;
+ type o2_m2_type_2, o4_m1_attr_1;
+
+}
diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf
new file mode 100644
index 0000000..2f166c9
--- /dev/null
+++ b/libsepol/tests/policies/test-linker/small-base.conf
@@ -0,0 +1,593 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related clases
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# FLASK
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+
+
+# FLASK
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ unlink
+ link
+ rename
+ execute
+ swapon
+ quotaon
+ mounton
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ recv_msg
+ send_msg
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ transition
+ associate
+ quotamod
+ quotaget
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class udp_socket
+inherits socket
+
+class rawip_socket
+inherits socket
+
+class node
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+ enforce_dest
+}
+
+class netif
+{
+ tcp_recv
+ tcp_send
+ udp_recv
+ udp_send
+ rawip_recv
+ rawip_send
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+ newconn
+ acceptfrom
+}
+
+class unix_dgram_socket
+inherits socket
+
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+}
+
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ transition_sid
+ member_sid
+ sid_to_context
+ context_to_sid
+ load_policy
+ get_sids
+ change_sid
+ get_user_sids
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ avc_toggle
+ nfsd_control
+ bdflush
+ syslog_read
+ syslog_mod
+ syslog_console
+ ichsid
+}
+
+#
+# Define the access vector interpretation for controling capabilies
+#
+
+class capability
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+}
+
+ifdef(`enable_mls',`
+sensitivity s0;
+
+#
+# Define the ordering of the sensitivity levels (least to greatest)
+#
+dominance { s0 }
+
+
+#
+# Define the categories
+#
+# Each category has a name and zero or more aliases.
+#
+category c0; category c1; category c2; category c3;
+category c4; category c5; category c6; category c7;
+category c8; category c9; category c10; category c11;
+category c12; category c13; category c14; category c15;
+category c16; category c17; category c18; category c19;
+category c20; category c21; category c22; category c23;
+
+level s0:c0.c23;
+
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+ ( h1 dom h2 );
+')
+
+####################################
+####################################
+#####################################
+
+#g_b stands for global base
+
+type enable_optional;
+
+#decorative type for finding this decl, every block should have one
+type tag_g_b;
+
+attribute g_b_attr_1;
+attribute g_b_attr_2;
+attribute g_b_attr_3;
+attribute g_b_attr_4;
+attribute g_b_attr_5;
+attribute g_b_attr_6;
+
+type g_b_type_1, g_b_attr_1;
+type g_b_type_2, g_b_attr_2;
+type g_b_type_3;
+
+role g_b_role_1 types g_b_type_1;
+role g_b_role_2 types g_b_type_2;
+role g_b_role_3 types g_b_type_2;
+role g_b_role_4 types g_b_type_2;
+
+bool g_b_bool_1 false;
+bool g_b_bool_2 true;
+
+allow g_b_type_1 g_b_type_2 : security { compute_av load_policy };
+allow g_b_type_1 g_b_type_2 : file *; # test *
+allow g_b_type_1 g_b_type_2 : process ~ptrace; #test ~
+
+typealias g_b_type_3 alias g_b_alias_1;
+
+if (g_b_bool_1) {
+ allow g_b_type_1 g_b_type_2: lnk_file read;
+}
+
+
+optional {
+ require {
+ type enable_optional;
+ attribute g_m1_attr_2;
+ }
+ type tag_o1_b;
+
+ attribute o1_b_attr_1;
+ type o1_b_type_1, o1_b_attr_1;
+ bool o1_b_bool_1 true;
+ role o1_b_role_1 types o1_b_type_1;
+
+ role o1_b_role_2 types o1_b_type_1;
+
+ attribute o1_b_attr_2;
+
+ type o1_b_type_2, g_m1_attr_2;
+
+ if (o1_b_bool_1) {
+ allow o1_b_type_1 o1_b_type_2: lnk_file write;
+ }
+
+}
+
+optional {
+ require {
+ # this should be activated by module 1
+ type g_m1_type_1;
+ attribute o3_m1_attr_2;
+ }
+ type tag_o2_b;
+
+ type o2_b_type_1, o3_m1_attr_2;
+}
+
+optional {
+ require {
+ #this block should not come on
+ type invalid_type;
+ }
+ type tag_o3_b;
+
+
+ attribute o3_b_attr_1;
+ type o3_b_type_1;
+ bool o3_b_bool_1 true;
+
+ role o3_b_role_1 types o3_b_type_1;
+
+ allow g_b_type_1 invalid_type : sem { create destroy };
+}
+
+optional {
+ require {
+ # also should be enabled by module 1
+ type enable_optional;
+ type g_m1_type_1;
+ attribute o3_m1_attr_1;
+ attribute g_m1_attr_3;
+ }
+
+ type tag_o4_b;
+
+ attribute o4_b_attr_1;
+
+ role o4_b_role_1 types g_m1_type_1;
+
+ # test for attr declared in module optional, added to in base optional
+ type o4_b_type_1, o3_m1_attr_1;
+
+ type o4_b_type_2, g_m1_attr_3;
+}
+
+optional {
+ require {
+ attribute g_m1_attr_4;
+ attribute o4_m1_attr_1;
+ }
+ type tag_o5_b;
+
+ type o5_b_type_1, g_m1_attr_4;
+ type o5_b_type_2, o4_m1_attr_1;
+}
+
+optional {
+ require {
+ type enable_optional;
+ }
+ type tag_o6_b;
+
+ typealias g_b_type_3 alias g_b_alias_2;
+}
+
+optional {
+ require {
+ type g_m_alias_1;
+ }
+ type tag_o7_b;
+
+ allow g_m_alias_1 enable_optional:file read;
+}
+
+gen_user(g_b_user_1,, g_b_role_1, s0, s0 - s0:c0.c23)
+gen_user(g_b_user_2,, g_b_role_1, s0, s0 - s0:c0, c1, c3, c4, c5)
+
+####################################
+#line 1 "initial_sid_contexts"
+
+sid kernel gen_context(g_b_user_1:g_b_role_1:g_b_type_1, s0)
+
+
+############################################
+#line 1 "fs_use"
+#
+fs_use_xattr ext2 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr ext3 gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+fs_use_xattr reiserfs gen_context(g_b_user_1:object_r:g_b_type_1, s0);
+
+
+genfscon proc / gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+####################################
+#line 1 "net_contexts"
+
+#portcon tcp 21 g_b_user_1:object_r:net_foo_t:s0
+
+#netifcon lo g_b_user_1:object_r:net_foo_t g_b_user_1:object_r:net_foo_t:s0
+
+#
+#nodecon 127.0.0.1 255.255.255.255 g_b_user_1:object_r:net_foo_t:s0
+
+nodecon ::1 FFFF:FFFF:FFFF:FFFF:: gen_context(g_b_user_1:object_r:g_b_type_1, s0)
+
+
+
+
diff --git a/libsepol/tests/test-common.c b/libsepol/tests/test-common.c
new file mode 100644
index 0000000..058b743
--- /dev/null
+++ b/libsepol/tests/test-common.c
@@ -0,0 +1,262 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This has tests that are common between test suites*/
+
+#include <sepol/policydb/avrule_block.h>
+
+#include <CUnit/Basic.h>
+
+void test_sym_presence(policydb_t * p, char *id, int sym_type, unsigned int scope_type, unsigned int *decls, unsigned int len)
+{
+ scope_datum_t *scope;
+ int found;
+ unsigned int i, j;
+ /* make sure it is in global symtab */
+ if (!hashtab_search(p->symtab[sym_type].table, id)) {
+ fprintf(stderr, "symbol %s not found in table %d\n", id, sym_type);
+ CU_FAIL_FATAL();
+ }
+ /* make sure its scope is correct */
+ scope = hashtab_search(p->scope[sym_type].table, id);
+ CU_ASSERT_FATAL(scope != NULL);
+ CU_ASSERT(scope->scope == scope_type);
+ CU_ASSERT(scope->decl_ids_len == len);
+ if (scope->decl_ids_len != len)
+ fprintf(stderr, "sym %s has %d decls, %d expected\n", id, scope->decl_ids_len, len);
+ for (i = 0; i < len; i++) {
+ found = 0;
+ for (j = 0; j < len; j++) {
+ if (decls[i] == scope->decl_ids[j])
+ found++;
+ }
+ CU_ASSERT(found == 1);
+ }
+
+}
+
+static int common_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ common_datum_t *d = (common_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_COMMONS][d->s.value - 1] == (char *)key);
+ return 0;
+}
+
+static int class_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ class_datum_t *d = (class_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_CLASSES][d->s.value - 1] == (char *)key);
+ CU_ASSERT(p->class_val_to_struct[d->s.value - 1] == d);
+ return 0;
+}
+
+static int role_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ role_datum_t *d = (role_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_ROLES][d->s.value - 1] == (char *)key);
+ CU_ASSERT(p->role_val_to_struct[d->s.value - 1] == d);
+ return 0;
+}
+
+static int type_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ type_datum_t *d = (type_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ if (!d->primary)
+ return 0;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_TYPES][d->s.value - 1] == (char *)key);
+ CU_ASSERT(p->type_val_to_struct[d->s.value - 1] == d);
+
+ return 0;
+}
+
+static int user_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ user_datum_t *d = (user_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_USERS][d->s.value - 1] == (char *)key);
+ CU_ASSERT(p->user_val_to_struct[d->s.value - 1] == d);
+ return 0;
+}
+
+static int cond_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ cond_bool_datum_t *d = (cond_bool_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_BOOLS][d->s.value - 1] == (char *)key);
+ CU_ASSERT(p->bool_val_to_struct[d->s.value - 1] == d);
+ return 0;
+}
+
+static int level_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ level_datum_t *d = (level_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_LEVELS][d->level->sens - 1] == (char *)key);
+ return 0;
+}
+
+static int cat_test_index(hashtab_key_t key, hashtab_datum_t datum, void *data)
+{
+ cat_datum_t *d = (cat_datum_t *) datum;
+ policydb_t *p = (policydb_t *) data;
+
+ CU_ASSERT(p->sym_val_to_name[SYM_CATS][d->s.value - 1] == (char *)key);
+ return 0;
+}
+
+static int (*test_index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, void *p) = {
+common_test_index, class_test_index, role_test_index, type_test_index, user_test_index, cond_test_index, level_test_index, cat_test_index,};
+
+void test_policydb_indexes(policydb_t * p)
+{
+ int i;
+
+ for (i = 0; i < SYM_NUM; i++) {
+ hashtab_map(p->symtab[i].table, test_index_f[i], p);
+ }
+}
+
+void test_alias_datum(policydb_t * p, char *id, char *primary_id, char mode, unsigned int flavor)
+{
+ type_datum_t *type, *primary;
+ unsigned int my_primary, my_flavor, my_value;
+
+ type = hashtab_search(p->p_types.table, id);
+ primary = hashtab_search(p->p_types.table, primary_id);
+
+ CU_ASSERT_PTR_NOT_NULL(type);
+ CU_ASSERT_PTR_NOT_NULL(primary);
+
+ if (type && primary) {
+ if (mode) {
+ my_flavor = type->flavor;
+ } else {
+ my_flavor = flavor;
+ }
+
+ if (my_flavor == TYPE_TYPE) {
+ my_primary = 0;
+ my_value = primary->s.value;
+ } else if (my_flavor == TYPE_ALIAS) {
+ my_primary = primary->s.value;
+ CU_ASSERT_NOT_EQUAL(type->s.value, primary->s.value);
+ my_value = type->s.value;
+ } else {
+ CU_FAIL("not an alias");
+ }
+
+ CU_ASSERT(type->primary == my_primary);
+ CU_ASSERT(type->flavor == my_flavor);
+ CU_ASSERT(type->s.value == my_value);
+ }
+}
+
+role_datum_t *test_role_type_set(policydb_t * p, char *id, avrule_decl_t * decl, char **types, unsigned int len, unsigned int flags)
+{
+ ebitmap_node_t *tnode;
+ unsigned int i, j, new, found = 0;
+ role_datum_t *role;
+
+ if (decl)
+ role = hashtab_search(decl->p_roles.table, id);
+ else
+ role = hashtab_search(p->p_roles.table, id);
+
+ if (!role)
+ printf("role %s can't be found! \n", id);
+
+ CU_ASSERT_FATAL(role != NULL);
+
+ ebitmap_for_each_bit(&role->types.types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ new = 0;
+ for (j = 0; j < len; j++) {
+ if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
+ found++;
+ new = 1;
+ }
+ }
+ if (new == 0) {
+ printf("\nRole %s had type %s not in types array\n", id, p->sym_val_to_name[SYM_TYPES][i]);
+ }
+ CU_ASSERT(new == 1);
+ }
+ }
+ CU_ASSERT(found == len);
+ if (found != len)
+ printf("\nrole %s has %d types, %d expected\n", p->sym_val_to_name[SYM_ROLES][role->s.value - 1], found, len);
+ /* roles should never have anything in the negset */
+ CU_ASSERT(role->types.negset.highbit == 0);
+ CU_ASSERT(role->types.flags == flags);
+
+ return role;
+}
+
+void test_attr_types(policydb_t * p, char *id, avrule_decl_t * decl, char **types, int len)
+{
+ ebitmap_node_t *tnode;
+ int j, new, found = 0;
+ unsigned int i;
+ type_datum_t *attr;
+
+ if (decl)
+ attr = hashtab_search(decl->p_types.table, id);
+ else
+ attr = hashtab_search(p->p_types.table, id);
+
+ if (attr == NULL)
+ printf("could not find attr %s in decl %d\n", id, decl->decl_id);
+ CU_ASSERT_FATAL(attr != NULL);
+ CU_ASSERT(attr->flavor == TYPE_ATTRIB);
+ CU_ASSERT(attr->primary == 1);
+
+ ebitmap_for_each_bit(&attr->types, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ new = 0;
+ for (j = 0; j < len; j++) {
+ if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
+ found++;
+ new = 1;
+ }
+ }
+ if (new == 0) {
+ printf("\nattr %s had type %s not in types array\n", id, p->sym_val_to_name[SYM_TYPES][i]);
+ }
+ CU_ASSERT(new == 1);
+ }
+ }
+ CU_ASSERT(found == len);
+ if (found != len)
+ printf("\nattr %s has %d types, %d expected\n", id, found, len);
+}
diff --git a/libsepol/tests/test-common.h b/libsepol/tests/test-common.h
new file mode 100644
index 0000000..5a1e650
--- /dev/null
+++ b/libsepol/tests/test-common.h
@@ -0,0 +1,78 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_COMMON_H__
+#define __TEST_COMMON_H__
+
+#include <sepol/policydb/policydb.h>
+
+/* p the policy being inspected
+ * id string symbol identifier
+ * sym_type symbol type (eg., SYM_ROLES, SYM_TYPES)
+ * scope_type what scope the role should have (eg., SCOPE_DECL or SCOPE_REQ)
+ * decls integer array of decl id's that we expect the role to have in the scope table
+ * len number of elements in decls
+ *
+ * This is a utility function to test for the symbol's presence in the global symbol table,
+ * the scope table, and that the decl blocks we think this symbol is in are correct
+ */
+extern void test_sym_presence(policydb_t * p, char *id, int sym_type, unsigned int scope_type, unsigned int *decls, unsigned int len);
+
+/* Test the indexes in the policydb to ensure their correctness. These include
+ * the sym_val_to_name[], class_val_to_struct, role_val_to_struct, type_val_to_struct,
+ * user_val_to_struct, and bool_val_to_struct indexes.
+ */
+extern void test_policydb_indexes(policydb_t * p);
+
+/* Test alias datum to ensure that it is as expected
+ *
+ * id = the key for the alias
+ * primary_id = the key for its primary
+ * mode: 0 = test the datum according to the flavor value in the call
+ 1 = automatically detect the flavor value and test the datum accordingly
+ * flavor = flavor value if in mode 0
+ */
+extern void test_alias_datum(policydb_t * p, char *id, char *primary_id, char mode, unsigned int flavor);
+
+/* p the policy being inspected
+ * id string role identifier
+ * decl the decl block which we are looking in for the role datum
+ * types the array of string types which we expect the role has in its type ebitmap
+ * len number of elements in types
+ * flags the expected flags in the role typeset (eg., * or ~)
+ *
+ * This is a utility function to test whether the type set associated with a role in a specific
+ * avrule decl block matches our expectations
+ */
+extern role_datum_t *test_role_type_set(policydb_t * p, char *id, avrule_decl_t * decl, char **types, unsigned int len, unsigned int flags);
+
+/* p the policy being inspected
+ * id string attribute identifier
+ * decl the decl block which we are looking in for the attribute datum
+ * types the array of string types which we expect the attribute has in its type ebitmap
+ * len number of elements in types
+ *
+ * This is a utility function to test whether the type set associated with an attribute in a specific
+ * avrule decl block matches our expectations
+ */
+extern void test_attr_types(policydb_t * p, char *id, avrule_decl_t * decl, char **types, int len);
+
+#endif
diff --git a/libsepol/tests/test-cond.c b/libsepol/tests/test-cond.c
new file mode 100644
index 0000000..32bf6f1
--- /dev/null
+++ b/libsepol/tests/test-cond.c
@@ -0,0 +1,95 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-cond.h"
+#include "parse_util.h"
+#include "helpers.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/conditional.h>
+
+static policydb_t basemod;
+static policydb_t base_expanded;
+
+int cond_test_init(void)
+{
+ if (policydb_init(&base_expanded)) {
+ fprintf(stderr, "out of memory!\n");
+ policydb_destroy(&basemod);
+ return -1;
+ }
+
+ if (test_load_policy(&basemod, POLICY_BASE, 1, "test-cond", "refpolicy-base.conf"))
+ goto cleanup;
+
+ if (link_modules(NULL, &basemod, NULL, 0, 0)) {
+ fprintf(stderr, "link modules failed\n");
+ goto cleanup;
+ }
+
+ if (expand_module(NULL, &basemod, &base_expanded, 0, 1)) {
+ fprintf(stderr, "expand module failed\n");
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ policydb_destroy(&basemod);
+ policydb_destroy(&base_expanded);
+ return -1;
+}
+
+int cond_test_cleanup(void)
+{
+ policydb_destroy(&basemod);
+ policydb_destroy(&base_expanded);
+
+ return 0;
+}
+
+static void test_cond_expr_equal(void)
+{
+ cond_node_t *a, *b;
+
+ a = base_expanded.cond_list;
+ while (a) {
+ b = base_expanded.cond_list;
+ while (b) {
+ if (a == b) {
+ CU_ASSERT(cond_expr_equal(a, b));
+ } else {
+ CU_ASSERT(cond_expr_equal(a, b) == 0);
+ }
+ b = b->next;
+ }
+ a = a->next;
+ }
+}
+
+int cond_add_tests(CU_pSuite suite)
+{
+ if (NULL == CU_add_test(suite, "cond_expr_equal", test_cond_expr_equal)) {
+ return CU_get_error();
+ }
+ return 0;
+}
diff --git a/libsepol/tests/test-cond.h b/libsepol/tests/test-cond.h
new file mode 100644
index 0000000..702d9e0
--- /dev/null
+++ b/libsepol/tests/test-cond.h
@@ -0,0 +1,30 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_COND_H__
+#define __TEST_COND_H__
+
+#include <CUnit/Basic.h>
+
+int cond_test_init(void);
+int cond_test_cleanup(void);
+int cond_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsepol/tests/test-deps.c b/libsepol/tests/test-deps.c
new file mode 100644
index 0000000..e7d2beb
--- /dev/null
+++ b/libsepol/tests/test-deps.c
@@ -0,0 +1,302 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-deps.h"
+#include "parse_util.h"
+#include "helpers.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+
+#include <stdlib.h>
+
+/* Tests for dependency checking / handling, specifically:
+ *
+ * 1 type in module global.
+ * 2 attribute in module global.
+ * 3 object class / perm in module global.
+ * 4 boolean in module global.
+ * 5 role in module global.
+ *
+ * 6 type in module optional.
+ * 7 attribute in module optional.
+ * 8 object class / perm in module optional.
+ * 9 boolean in module optional.
+ * 10 role in module optional.
+ *
+ * 11 type in base optional.
+ * 12 attribute in base optional.
+ * 13 object class / perm in base optional.
+ * 14 boolean in base optional.
+ * 15 role in base optional.
+ *
+ * Each of these tests are done with the dependency met and not
+ * met. Additionally, each of the required symbols is used in the
+ * scope it is required.
+ *
+ * In addition to the simple tests, we have test with more complex
+ * modules that test:
+ *
+ * 17 mutual dependencies between two modules.
+ * 18 circular dependency between three modules.
+ * 19 large number of dependencies in a module with a more complex base.
+ * 20 nested optionals with requires.
+ *
+ * Again, each of these tests is done with the requirements met and not
+ * met.
+ */
+
+#include <sepol/debug.h>
+#include <sepol/handle.h>
+
+#define BASE_MODREQ_TYPE_GLOBAL 0
+#define BASE_MODREQ_ATTR_GLOBAL 1
+#define BASE_MODREQ_OBJ_GLOBAL 2
+#define BASE_MODREQ_BOOL_GLOBAL 3
+#define BASE_MODREQ_ROLE_GLOBAL 4
+#define BASE_MODREQ_PERM_GLOBAL 5
+#define BASE_MODREQ_TYPE_OPT 6
+#define BASE_MODREQ_ATTR_OPT 7
+#define BASE_MODREQ_OBJ_OPT 8
+#define BASE_MODREQ_BOOL_OPT 9
+#define BASE_MODREQ_ROLE_OPT 10
+#define BASE_MODREQ_PERM_OPT 11
+#define NUM_BASES 12
+
+static policydb_t bases_met[NUM_BASES];
+static policydb_t bases_notmet[NUM_BASES];
+
+extern int mls;
+
+int deps_test_init(void)
+{
+ int i;
+
+ /* To test linking we need 1 base per link test and in
+ * order to load them in the init function we have
+ * to keep them all around. Not ideal, but it shouldn't
+ * matter too much.
+ */
+ for (i = 0; i < NUM_BASES; i++) {
+ if (test_load_policy(&bases_met[i], POLICY_BASE, mls, "test-deps", "base-metreq.conf"))
+ return -1;
+ }
+
+ for (i = 0; i < NUM_BASES; i++) {
+ if (test_load_policy(&bases_notmet[i], POLICY_BASE, mls, "test-deps", "base-notmetreq.conf"))
+ return -1;
+ }
+
+ return 0;
+}
+
+int deps_test_cleanup(void)
+{
+ int i;
+
+ for (i = 0; i < NUM_BASES; i++) {
+ policydb_destroy(&bases_met[i]);
+ }
+
+ for (i = 0; i < NUM_BASES; i++) {
+ policydb_destroy(&bases_notmet[i]);
+ }
+
+ return 0;
+}
+
+/* This function performs testing of the dependency handles for module global
+ * symbols. It is capable of testing 2 scenarios - the dependencies are met
+ * and the dependencies are not met.
+ *
+ * Paramaters:
+ * req_met boolean indicating whether the base policy meets the
+ * requirements for the modules global block.
+ * b index of the base policy in the global bases_met array.
+ *
+ * policy name of the policy module to load for this test.
+ * decl_type name of the unique type found in the module's global
+ * section is to find that avrule_decl.
+ */
+static void do_deps_modreq_global(int req_met, int b, char *policy, char *decl_type)
+{
+ policydb_t *base;
+ policydb_t mod;
+ policydb_t *mods[] = { &mod };
+ avrule_decl_t *decl;
+ int ret, link_ret;
+ sepol_handle_t *h;
+
+ /* suppress error reporting - this is because we know that we
+ * are going to get errors and don't want libsepol complaining
+ * about it constantly. */
+ h = sepol_handle_create();
+ CU_ASSERT_FATAL(h != NULL);
+ sepol_msg_set_callback(h, NULL, NULL);
+
+ if (req_met) {
+ base = &bases_met[b];
+ link_ret = 0;
+ } else {
+ base = &bases_notmet[b];
+ link_ret = -3;
+ }
+
+ CU_ASSERT_FATAL(test_load_policy(&mod, POLICY_MOD, mls, "test-deps", policy) == 0);
+
+ /* link the modules and check for the correct return value.
+ */
+ ret = link_modules(h, base, mods, 1, 0);
+ CU_ASSERT_FATAL(ret == link_ret);
+ policydb_destroy(&mod);
+
+ if (!req_met)
+ return;
+
+ decl = test_find_decl_by_sym(base, SYM_TYPES, decl_type);
+ CU_ASSERT_FATAL(decl != NULL);
+
+ CU_ASSERT(decl->enabled == 1);
+}
+
+/* Test that symbol require statements in the global scope of a module
+ * work correctly. This will cover tests 1 - 5 (described above).
+ *
+ * Each of these policies will require as few symbols as possible to
+ * use the required symbol in addition requiring (for example, the type
+ * test also requires an object class for an allow rule).
+ */
+static void deps_modreq_global(void)
+{
+ /* object classes */
+ do_deps_modreq_global(1, BASE_MODREQ_OBJ_GLOBAL, "modreq-obj-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_OBJ_GLOBAL, "modreq-obj-global.conf", "mod_global_t");
+ /* types */
+ do_deps_modreq_global(1, BASE_MODREQ_TYPE_GLOBAL, "modreq-type-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_TYPE_GLOBAL, "modreq-type-global.conf", "mod_global_t");
+ /* attributes */
+ do_deps_modreq_global(1, BASE_MODREQ_ATTR_GLOBAL, "modreq-attr-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_ATTR_GLOBAL, "modreq-attr-global.conf", "mod_global_t");
+ /* booleans */
+ do_deps_modreq_global(1, BASE_MODREQ_BOOL_GLOBAL, "modreq-bool-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_BOOL_GLOBAL, "modreq-bool-global.conf", "mod_global_t");
+ /* roles */
+ do_deps_modreq_global(1, BASE_MODREQ_ROLE_GLOBAL, "modreq-role-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_ROLE_GLOBAL, "modreq-role-global.conf", "mod_global_t");
+ do_deps_modreq_global(1, BASE_MODREQ_PERM_GLOBAL, "modreq-perm-global.conf", "mod_global_t");
+ do_deps_modreq_global(0, BASE_MODREQ_PERM_GLOBAL, "modreq-perm-global.conf", "mod_global_t");
+}
+
+/* This function performs testing of the dependency handles for module optional
+ * symbols. It is capable of testing 2 scenarios - the dependencies are met
+ * and the dependencies are not met.
+ *
+ * Paramaters:
+ * req_met boolean indicating whether the base policy meets the
+ * requirements for the modules global block.
+ * b index of the base policy in the global bases_met array.
+ *
+ * policy name of the policy module to load for this test.
+ * decl_type name of the unique type found in the module's global
+ * section is to find that avrule_decl.
+ */
+static void do_deps_modreq_opt(int req_met, int ret_val, int b, char *policy, char *decl_type)
+{
+ policydb_t *base;
+ policydb_t mod;
+ policydb_t *mods[] = { &mod };
+ avrule_decl_t *decl;
+ int ret;
+ sepol_handle_t *h;
+
+ /* suppress error reporting - this is because we know that we
+ * are going to get errors and don't want libsepol complaining
+ * about it constantly. */
+ h = sepol_handle_create();
+ CU_ASSERT_FATAL(h != NULL);
+ sepol_msg_set_callback(h, NULL, NULL);
+
+ if (req_met) {
+ base = &bases_met[b];
+ } else {
+ base = &bases_notmet[b];
+ }
+
+ CU_ASSERT_FATAL(test_load_policy(&mod, POLICY_MOD, mls, "test-deps", policy) == 0);
+
+ /* link the modules and check for the correct return value.
+ */
+ ret = link_modules(h, base, mods, 1, 0);
+ CU_ASSERT_FATAL(ret == ret_val);
+ policydb_destroy(&mod);
+ if (ret_val < 0)
+ return;
+
+ decl = test_find_decl_by_sym(base, SYM_TYPES, decl_type);
+ CU_ASSERT_FATAL(decl != NULL);
+
+ if (req_met) {
+ CU_ASSERT(decl->enabled == 1);
+ } else {
+ CU_ASSERT(decl->enabled == 0);
+ }
+}
+
+/* Test that symbol require statements in the global scope of a module
+ * work correctly. This will cover tests 6 - 10 (described above).
+ *
+ * Each of these policies will require as few symbols as possible to
+ * use the required symbol in addition requiring (for example, the type
+ * test also requires an object class for an allow rule).
+ */
+static void deps_modreq_opt(void)
+{
+ /* object classes */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_OBJ_OPT, "modreq-obj-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, 0, BASE_MODREQ_OBJ_OPT, "modreq-obj-opt.conf", "mod_opt_t");
+ /* types */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_TYPE_OPT, "modreq-type-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, 0, BASE_MODREQ_TYPE_OPT, "modreq-type-opt.conf", "mod_opt_t");
+ /* attributes */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_ATTR_OPT, "modreq-attr-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, 0, BASE_MODREQ_ATTR_OPT, "modreq-attr-opt.conf", "mod_opt_t");
+ /* booleans */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_BOOL_OPT, "modreq-bool-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, 0, BASE_MODREQ_BOOL_OPT, "modreq-bool-opt.conf", "mod_opt_t");
+ /* roles */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_ROLE_OPT, "modreq-role-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, 0, BASE_MODREQ_ROLE_OPT, "modreq-role-opt.conf", "mod_opt_t");
+ /* permissions */
+ do_deps_modreq_opt(1, 0, BASE_MODREQ_PERM_OPT, "modreq-perm-opt.conf", "mod_opt_t");
+ do_deps_modreq_opt(0, -3, BASE_MODREQ_PERM_OPT, "modreq-perm-opt.conf", "mod_opt_t");
+}
+
+int deps_add_tests(CU_pSuite suite)
+{
+ if (NULL == CU_add_test(suite, "deps_modreq_global", deps_modreq_global)) {
+ return CU_get_error();
+ }
+
+ if (NULL == CU_add_test(suite, "deps_modreq_opt", deps_modreq_opt)) {
+ return CU_get_error();
+ }
+
+ return 0;
+}
diff --git a/libsepol/tests/test-deps.h b/libsepol/tests/test-deps.h
new file mode 100644
index 0000000..fbd2ace
--- /dev/null
+++ b/libsepol/tests/test-deps.h
@@ -0,0 +1,30 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_DEPS_H__
+#define __TEST_DEPS_H__
+
+#include <CUnit/Basic.h>
+
+int deps_test_init(void);
+int deps_test_cleanup(void);
+int deps_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsepol/tests/test-downgrade.c b/libsepol/tests/test-downgrade.c
new file mode 100644
index 0000000..1ee7ff4
--- /dev/null
+++ b/libsepol/tests/test-downgrade.c
@@ -0,0 +1,273 @@
+/*
+ * Author: Mary Garvin <mgarvin@tresys.com>
+ *
+ * Copyright (C) 2007-2008 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-downgrade.h"
+#include "parse_util.h"
+#include "helpers.h"
+
+#include <sepol/debug.h>
+#include <sepol/handle.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/conditional.h>
+#include <limits.h>
+#include <CUnit/Basic.h>
+
+#define POLICY_BIN_HI "policies/test-downgrade/policy.hi"
+#define POLICY_BIN_LO "policies/test-downgrade/policy.lo"
+
+static policydb_t policydb;
+
+/*
+ * Function Name: downgrade_test_init
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Initialize the policydb (policy data base structure)
+ */
+int downgrade_test_init(void)
+{
+ /* Initialize the policydb_t structure */
+ if (policydb_init(&policydb)) {
+ fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__);
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Function Name: downgrade_test_cleanup
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Destroys policydb structure
+ */
+int downgrade_test_cleanup(void)
+{
+ policydb_destroy(&policydb);
+
+ return 0;
+}
+
+/*
+ * Function Name: downgrade_add_tests
+ *
+ * Input: CU_pSuite
+ *
+ * Output: Returns 0 upon success. Returns a CUnit error value on failure.
+ *
+ * Description: Add the given downgrade tests to the downgrade suite.
+ */
+int downgrade_add_tests(CU_pSuite suite)
+{
+ if (CU_add_test(suite, "downgrade", test_downgrade) == NULL)
+ return CU_get_error();
+
+ return 0;
+}
+
+/*
+ * Function Name: test_downgrade_possible
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description:
+ * Tests the backward compatability of MLS and Non-MLS binary policy versions.
+ */
+void test_downgrade(void)
+{
+ if (do_downgrade_test(0) < 0)
+ fprintf(stderr,
+ "\nError during downgrade testing of Non-MLS policy\n");
+
+
+ if (do_downgrade_test(1) < 0)
+ fprintf(stderr,
+ "\nError during downgrade testing of MLS policy\n");
+}
+
+/*
+ * Function Name: do_downgrade_test
+ *
+ * Input: 0 for Non-MLS policy and 1 for MLS policy downgrade testing
+ *
+ * Output: 0 on success, negative number upon failure
+ *
+ * Description: This function handles the downgrade testing.
+ * A binary policy is read into the policydb structure, the
+ * policy version is decreased by a specific amount, written
+ * back out and then read back in again. The process is
+ * repeated until the minimum policy version is reached.
+ */
+int do_downgrade_test(int mls)
+{
+ policydb_t policydb_tmp;
+ int hi, lo, version;
+
+ /* Reset policydb for re-use */
+ policydb_destroy(&policydb);
+ downgrade_test_init();
+
+ /* Read in the hi policy from file */
+ if (read_binary_policy(POLICY_BIN_HI, &policydb) != 0) {
+ fprintf(stderr, "error reading %spolicy binary\n", mls ? "mls " : "");
+ CU_FAIL("Unable to read the binary policy");
+ return -1;
+ }
+
+ /* Change MLS value based on parameter */
+ policydb.mls = mls ? 1 : 0;
+
+ for (hi = policydb.policyvers; hi >= POLICYDB_VERSION_MIN; hi--) {
+ /* Stash old version number */
+ version = policydb.policyvers;
+
+ /* Try downgrading to each possible version. */
+ for (lo = hi - 1; lo >= POLICYDB_VERSION_MIN; lo--) {
+
+ /* Reduce policy version */
+ policydb.policyvers = lo;
+
+ /* Write out modified binary policy */
+ if (write_binary_policy(POLICY_BIN_LO, &policydb) != 0) {
+ /*
+ * Error from MLS to pre-MLS is expected due
+ * to MLS re-implementation in version 19.
+ */
+ if (mls && lo < POLICYDB_VERSION_MLS)
+ continue;
+
+ fprintf(stderr, "error writing %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi);
+ CU_FAIL("Failed to write downgraded binary policy");
+ return -1;
+ }
+
+ /* Make sure we can read back what we wrote. */
+ if (policydb_init(&policydb_tmp)) {
+ fprintf(stderr, "%s: Out of memory!\n",
+ __FUNCTION__);
+ return -1;
+ }
+ if (read_binary_policy(POLICY_BIN_LO, &policydb_tmp) != 0) {
+ fprintf(stderr, "error reading %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi);
+ CU_FAIL("Unable to read downgraded binary policy");
+ return -1;
+ }
+ policydb_destroy(&policydb_tmp);
+ }
+ /* Restore version number */
+ policydb.policyvers = version;
+ }
+
+ return 0;
+}
+
+/*
+ * Function Name: read_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read binary policy into policydb
+ * structure.
+ */
+int read_binary_policy(const char *path, policydb_t *p)
+{
+ FILE *in_fp = NULL;
+ struct policy_file f;
+ int rc;
+
+ /* Open the binary policy file */
+ if ((in_fp = fopen(path, "rb")) == NULL) {
+ fprintf(stderr, "Unable to open %s: %s\n", path,
+ strerror(errno));
+ sepol_handle_destroy(f.handle);
+ return -1;
+ }
+
+ /* Read in the binary policy. */
+ memset(&f, 0, sizeof(struct policy_file));
+ f.type = PF_USE_STDIO;
+ f.fp = in_fp;
+ rc = policydb_read(p, &f, 0);
+
+ sepol_handle_destroy(f.handle);
+ fclose(in_fp);
+ return rc;
+}
+
+/*
+ * Function Name: write_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: open file and write the binary policy from policydb structure.
+ */
+int write_binary_policy(const char *path, policydb_t *p)
+{
+ FILE *out_fp = NULL;
+ struct policy_file f;
+ sepol_handle_t *handle;
+ int rc;
+
+ /* We don't want libsepol to print warnings to stderr */
+ handle = sepol_handle_create();
+ if (handle == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ return -1;
+ }
+ sepol_msg_set_callback(handle, NULL, NULL);
+
+ /* Open the binary policy file for writing */
+ if ((out_fp = fopen(path, "w" )) == NULL) {
+ fprintf(stderr, "Unable to open %s: %s\n", path,
+ strerror(errno));
+ sepol_handle_destroy(f.handle);
+ return -1;
+ }
+
+ /* Write the binary policy */
+ memset(&f, 0, sizeof(struct policy_file));
+ f.type = PF_USE_STDIO;
+ f.fp = out_fp;
+ f.handle = handle;
+ rc = policydb_write(p, &f);
+
+ sepol_handle_destroy(f.handle);
+ fclose(out_fp);
+ return rc;
+}
diff --git a/libsepol/tests/test-downgrade.h b/libsepol/tests/test-downgrade.h
new file mode 100644
index 0000000..10a7c3b
--- /dev/null
+++ b/libsepol/tests/test-downgrade.h
@@ -0,0 +1,119 @@
+/*
+ * Author: Mary Garvin <mgarvin@tresys.com>
+ *
+ * Copyright (C) 2007-2008 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_DOWNGRADE_H__
+#define __TEST_DOWNGRADE_H__
+
+#include <CUnit/Basic.h>
+#include <sepol/policydb/policydb.h>
+
+/*
+ * Function Name: downgrade_test_init
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Initialize the policydb (policy data base structure)
+ */
+int downgrade_test_init(void);
+
+/*
+ * Function Name: downgrade_test_cleanup
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Destroys policydb structure
+ */
+int downgrade_test_cleanup(void);
+
+/*
+ * Function Name: downgrade_add_tests
+ *
+ * Input: CU_pSuite
+ *
+ * Output: Returns 0 upon success. Upon failure, a CUnit testing error
+ * value is returned
+ *
+ * Description: Add the given downgrade tests to the downgrade suite.
+ */
+int downgrade_add_tests(CU_pSuite suite);
+
+/*
+ * Function Name: test_downgrade_possible
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Tests the backward compatability of MLS and Non-MLS binary
+ * policy versions.
+ */
+void test_downgrade(void);
+
+/*
+ * Function Name: do_downgrade_test
+ *
+ * Input: int that represents a 0 for Non-MLS policy and a
+ * 1 for MLS policy downgrade testing
+ *
+ * Output: (int) 0 on success, negative number upon failure
+ *
+ * Description: This function handles the downgrade testing. A binary policy
+ * is read into the policydb structure, the policy version is
+ * decreased by a specific amount, written back out and then read
+ * back in again. The process is iterative until the minimum
+ * policy version is reached.
+ */
+int do_downgrade_test(int mls);
+
+/*
+ * Function Name: read_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read in the binary policy
+ * into the policydb structure.
+ */
+int read_binary_policy(const char *path, policydb_t *);
+
+/*
+ * Function Name: write_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read in the binary policy
+ * into the policydb structure.
+ */
+int write_binary_policy(const char *path, policydb_t *);
+
+#endif
diff --git a/libsepol/tests/test-expander-attr-map.c b/libsepol/tests/test-expander-attr-map.c
new file mode 100644
index 0000000..5c24ced
--- /dev/null
+++ b/libsepol/tests/test-expander-attr-map.c
@@ -0,0 +1,105 @@
+/*
+ * Authors: Chad Sellers <csellers@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-expander-attr-map.h"
+#include "test-common.h"
+
+#include <sepol/policydb/policydb.h>
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+extern policydb_t base_expanded2;
+
+void test_expander_attr_mapping(void)
+{
+ /* note that many cases are ommitted because they don't make sense
+ (i.e. declaring in an optional and then using it in the base) or
+ because declare in optional then require in a different optional
+ logic still doesn't work */
+
+ char *typesb1[] = { "attr_check_base_1_1_t", "attr_check_base_1_2_t" };
+ char *typesb2[] = { "attr_check_base_2_1_t", "attr_check_base_2_2_t" };
+ char *typesb3[] = { "attr_check_base_3_1_t", "attr_check_base_3_2_t",
+ "attr_check_base_3_3_t", "attr_check_base_3_4_t"
+ };
+ char *typesb4[] = { "attr_check_base_4_1_t", "attr_check_base_4_2_t" };
+ char *typesb5[] = { "attr_check_base_5_1_t", "attr_check_base_5_2_t" };
+ char *typesb6[] = { "attr_check_base_6_1_t", "attr_check_base_6_2_t",
+ "attr_check_base_6_3_t", "attr_check_base_6_4_t"
+ };
+ char *typesbo2[] = { "attr_check_base_optional_2_1_t",
+ "attr_check_base_optional_2_2_t"
+ };
+ char *typesbo5[] = { "attr_check_base_optional_5_1_t",
+ "attr_check_base_optional_5_2_t"
+ };
+ char *typesm2[] = { "attr_check_mod_2_1_t", "attr_check_mod_2_2_t" };
+ char *typesm4[] = { "attr_check_mod_4_1_t", "attr_check_mod_4_2_t" };
+ char *typesm5[] = { "attr_check_mod_5_1_t", "attr_check_mod_5_2_t" };
+ char *typesm6[] = { "attr_check_mod_6_1_t", "attr_check_mod_6_2_t",
+ "attr_check_mod_6_3_t", "attr_check_mod_6_4_t"
+ };
+ char *typesmo2[] = { "attr_check_mod_optional_4_1_t",
+ "attr_check_mod_optional_4_2_t"
+ };
+ char *typesb10[] = { "attr_check_base_10_1_t", "attr_check_base_10_2_t" };
+ char *typesb11[] = { "attr_check_base_11_3_t", "attr_check_base_11_4_t" };
+ char *typesm10[] = { "attr_check_mod_10_1_t", "attr_check_mod_10_2_t" };
+ char *typesm11[] = { "attr_check_mod_11_3_t", "attr_check_mod_11_4_t" };
+
+ test_attr_types(&base_expanded2, "attr_check_base_1", NULL, typesb1, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_2", NULL, typesb2, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_3", NULL, typesb3, 4);
+ test_attr_types(&base_expanded2, "attr_check_base_4", NULL, typesb4, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_5", NULL, typesb5, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_6", NULL, typesb6, 4);
+ test_attr_types(&base_expanded2, "attr_check_base_optional_2", NULL, typesbo2, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_optional_5", NULL, typesbo5, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_2", NULL, typesm2, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_4", NULL, typesm4, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_5", NULL, typesm5, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_6", NULL, typesm6, 4);
+ test_attr_types(&base_expanded2, "attr_check_mod_optional_4", NULL, typesmo2, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_7", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_base_8", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_base_9", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_base_10", NULL, typesb10, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_11", NULL, typesb11, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_7", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_mod_8", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_mod_9", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_mod_10", NULL, typesm10, 2);
+ test_attr_types(&base_expanded2, "attr_check_mod_11", NULL, typesm11, 2);
+ test_attr_types(&base_expanded2, "attr_check_base_optional_8", NULL, NULL, 0);
+ test_attr_types(&base_expanded2, "attr_check_mod_optional_7", NULL, NULL, 0);
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_5"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_5_1_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_5_2_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_8"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_8_1_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_base_optional_disabled_8_2_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_4"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_4_1_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_4_2_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_7"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_7_1_t"));
+ CU_ASSERT(!hashtab_search((&base_expanded2)->p_types.table, "attr_check_mod_optional_disabled_7_2_t"));
+}
diff --git a/libsepol/tests/test-expander-attr-map.h b/libsepol/tests/test-expander-attr-map.h
new file mode 100644
index 0000000..6a10089
--- /dev/null
+++ b/libsepol/tests/test-expander-attr-map.h
@@ -0,0 +1,26 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_EXPANDER__ATTR_MAP_H__
+#define __TEST_EXPANDER__ATTR_MAP_H__
+
+void test_expander_attr_mapping(void);
+
+#endif
diff --git a/libsepol/tests/test-expander-roles.c b/libsepol/tests/test-expander-roles.c
new file mode 100644
index 0000000..ecfa88e
--- /dev/null
+++ b/libsepol/tests/test-expander-roles.c
@@ -0,0 +1,37 @@
+/*
+ * Authors: Chad Sellers <csellers@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-expander-roles.h"
+#include "test-common.h"
+
+#include <sepol/policydb/policydb.h>
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+extern policydb_t role_expanded;
+
+void test_expander_role_mapping(void)
+{
+ char *types1[] = { "role_check_1_1_t", "role_check_1_2_t" };
+
+ test_role_type_set(&role_expanded, "role_check_1", NULL, types1, 2, 0);
+}
diff --git a/libsepol/tests/test-expander-roles.h b/libsepol/tests/test-expander-roles.h
new file mode 100644
index 0000000..380d2ef
--- /dev/null
+++ b/libsepol/tests/test-expander-roles.h
@@ -0,0 +1,27 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Author: Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_EXPANDER_ROLE_H__
+#define __TEST_EXPANDER_ROLE_H__
+
+void test_expander_role_mapping(void);
+
+#endif
diff --git a/libsepol/tests/test-expander-users.c b/libsepol/tests/test-expander-users.c
new file mode 100644
index 0000000..549492b
--- /dev/null
+++ b/libsepol/tests/test-expander-users.c
@@ -0,0 +1,75 @@
+/*
+ * Authors: Chad Sellers <csellers@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-expander-users.h"
+
+#include <sepol/policydb/policydb.h>
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+extern policydb_t user_expanded;
+
+static void check_user_roles(policydb_t * p, char *user_name, char **role_names, int num_roles)
+{
+ user_datum_t *user;
+ ebitmap_node_t *tnode;
+ unsigned int i;
+ int j;
+ unsigned char *found; /* array of booleans of roles found */
+ int extra = 0; /* number of extra roles found */
+
+ user = (user_datum_t *) hashtab_search(p->p_users.table, user_name);
+ if (!user) {
+ printf("%s not found\n", user_name);
+ CU_FAIL("user not found");
+ return;
+ }
+ found = calloc(num_roles, sizeof(unsigned char));
+ CU_ASSERT_FATAL(found != NULL);
+ ebitmap_for_each_bit(&user->roles.roles, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ extra++;
+ for (j = 0; j < num_roles; j++) {
+ if (strcmp(role_names[j], p->p_role_val_to_name[i]) == 0) {
+ extra--;
+ found[j] += 1;
+ break;
+ }
+ }
+ }
+ }
+ for (j = 0; j < num_roles; j++) {
+ if (found[j] != 1) {
+ printf("role %s associated with user %s %d times\n", role_names[j], user_name, found[j]);
+ CU_FAIL("user mapping failure\n");
+ }
+ }
+ free(found);
+ CU_ASSERT_EQUAL(extra, 0);
+}
+
+void test_expander_user_mapping(void)
+{
+ char *roles1[] = { "user_check_1_1_r", "user_check_1_2_r" };
+
+ check_user_roles(&user_expanded, "user_check_1", roles1, 2);
+}
diff --git a/libsepol/tests/test-expander-users.h b/libsepol/tests/test-expander-users.h
new file mode 100644
index 0000000..cb12143
--- /dev/null
+++ b/libsepol/tests/test-expander-users.h
@@ -0,0 +1,27 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Author: Chris PeBenito <cpebenito@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_EXPANDER_USER_H__
+#define __TEST_EXPANDER_USER_H__
+
+void test_expander_user_mapping(void);
+
+#endif
diff --git a/libsepol/tests/test-expander.c b/libsepol/tests/test-expander.c
new file mode 100644
index 0000000..8294308
--- /dev/null
+++ b/libsepol/tests/test-expander.c
@@ -0,0 +1,220 @@
+/*
+ * Authors: Chad Sellers <csellers@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This is where the expander tests should go, including:
+ * - check role, type, bool, user mapping
+ * - add symbols declared in enabled optionals
+ * - do not add symbols declared in disabled optionals
+ * - add rules from enabled optionals
+ * - do not add rules from disabled optionals
+ * - verify attribute mapping
+
+ * - check conditional expressions for correct mapping
+ */
+
+#include "test-expander.h"
+#include "parse_util.h"
+#include "helpers.h"
+#include "test-common.h"
+#include "test-expander-users.h"
+#include "test-expander-roles.h"
+#include "test-expander-attr-map.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/conditional.h>
+#include <limits.h>
+#include <stdlib.h>
+
+policydb_t role_expanded;
+policydb_t user_expanded;
+policydb_t base_expanded2;
+static policydb_t basemod;
+static policydb_t basemod2;
+static policydb_t mod2;
+static policydb_t base_expanded;
+static policydb_t base_only_mod;
+static policydb_t base_only_expanded;
+static policydb_t role_basemod;
+static policydb_t role_mod;
+static policydb_t user_basemod;
+static policydb_t user_mod;
+static policydb_t alias_basemod;
+static policydb_t alias_mod;
+static policydb_t alias_expanded;
+static uint32_t *typemap;
+extern int mls;
+
+/* Takes base, some number of modules, links them, and expands them
+ reads source from myfiles array, which has the base string followed by
+ each module string */
+int expander_policy_init(policydb_t * mybase, int num_modules, policydb_t ** mymodules, policydb_t * myexpanded, char **myfiles)
+{
+ char *filename[num_modules + 1];
+ int i;
+
+ for (i = 0; i < num_modules + 1; i++) {
+ filename[i] = calloc(PATH_MAX, sizeof(char));
+ if (snprintf(filename[i], PATH_MAX, "policies/test-expander/%s%s", myfiles[i], mls ? ".mls" : ".std") < 0)
+ return -1;
+ }
+
+ if (policydb_init(mybase)) {
+ fprintf(stderr, "out of memory!\n");
+ return -1;
+ }
+
+ for (i = 0; i < num_modules; i++) {
+ if (policydb_init(mymodules[i])) {
+ fprintf(stderr, "out of memory!\n");
+ return -1;
+ }
+ }
+
+ if (policydb_init(myexpanded)) {
+ fprintf(stderr, "out of memory!\n");
+ return -1;
+ }
+
+ mybase->policy_type = POLICY_BASE;
+ mybase->mls = mls;
+
+ if (read_source_policy(mybase, filename[0], myfiles[0])) {
+ fprintf(stderr, "read source policy failed %s\n", filename[0]);
+ return -1;
+ }
+
+ for (i = 1; i < num_modules + 1; i++) {
+ mymodules[i - 1]->policy_type = POLICY_MOD;
+ mymodules[i - 1]->mls = mls;
+ if (read_source_policy(mymodules[i - 1], filename[i], myfiles[i])) {
+ fprintf(stderr, "read source policy failed %s\n", filename[i]);
+ return -1;
+ }
+ }
+
+ if (link_modules(NULL, mybase, mymodules, num_modules, 0)) {
+ fprintf(stderr, "link modules failed\n");
+ return -1;
+ }
+
+ if (expand_module(NULL, mybase, myexpanded, 0, 0)) {
+ fprintf(stderr, "expand modules failed\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+int expander_test_init(void)
+{
+ char *small_base_file = "small-base.conf";
+ char *base_only_file = "base-base-only.conf";
+ int rc;
+ policydb_t *mymod2;
+ char *files2[] = { "small-base.conf", "module.conf" };
+ char *role_files[] = { "role-base.conf", "role-module.conf" };
+ char *user_files[] = { "user-base.conf", "user-module.conf" };
+ char *alias_files[] = { "alias-base.conf", "alias-module.conf" };
+
+ rc = expander_policy_init(&basemod, 0, NULL, &base_expanded, &small_base_file);
+ if (rc != 0)
+ return rc;
+
+ mymod2 = &mod2;
+ rc = expander_policy_init(&basemod2, 1, &mymod2, &base_expanded2, files2);
+ if (rc != 0)
+ return rc;
+
+ rc = expander_policy_init(&base_only_mod, 0, NULL, &base_only_expanded, &base_only_file);
+ if (rc != 0)
+ return rc;
+
+ mymod2 = &role_mod;
+ rc = expander_policy_init(&role_basemod, 1, &mymod2, &role_expanded, role_files);
+ if (rc != 0)
+ return rc;
+
+ /* Just init the base for now, until we figure out how to separate out
+ mls and non-mls tests since users can't be used in mls module */
+ mymod2 = &user_mod;
+ rc = expander_policy_init(&user_basemod, 0, NULL, &user_expanded, user_files);
+ if (rc != 0)
+ return rc;
+
+ mymod2 = &alias_mod;
+ rc = expander_policy_init(&alias_basemod, 1, &mymod2, &alias_expanded, alias_files);
+ if (rc != 0)
+ return rc;
+
+ return 0;
+}
+
+int expander_test_cleanup(void)
+{
+ policydb_destroy(&basemod);
+ policydb_destroy(&base_expanded);
+ free(typemap);
+
+ return 0;
+}
+
+static void test_expander_indexes(void)
+{
+ test_policydb_indexes(&base_expanded);
+}
+
+static void test_expander_alias(void)
+{
+ test_alias_datum(&alias_expanded, "alias_check_1_a", "alias_check_1_t", 1, 0);
+ test_alias_datum(&alias_expanded, "alias_check_2_a", "alias_check_2_t", 1, 0);
+ test_alias_datum(&alias_expanded, "alias_check_3_a", "alias_check_3_t", 1, 0);
+}
+
+int expander_add_tests(CU_pSuite suite)
+{
+ if (NULL == CU_add_test(suite, "expander_indexes", test_expander_indexes)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+#if 0
+ /* this is a very useful test and in fact has caught some bugs but cannot be used
+ * currently because of the way the expander removes attributes, please FIXME :) */
+ if (NULL == CU_add_test(suite, "expander_attr_mapping", test_expander_attr_mapping)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+#endif
+ if (NULL == CU_add_test(suite, "expander_role_mapping", test_expander_role_mapping)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ if (NULL == CU_add_test(suite, "expander_user_mapping", test_expander_user_mapping)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ if (NULL == CU_add_test(suite, "expander_alias", test_expander_alias)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ return 0;
+}
diff --git a/libsepol/tests/test-expander.h b/libsepol/tests/test-expander.h
new file mode 100644
index 0000000..5964133
--- /dev/null
+++ b/libsepol/tests/test-expander.h
@@ -0,0 +1,30 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_EXPANDER_H__
+#define __TEST_EXPANDER_H__
+
+#include <CUnit/Basic.h>
+
+int expander_test_init(void);
+int expander_test_cleanup(void);
+int expander_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
new file mode 100644
index 0000000..0ef0d69
--- /dev/null
+++ b/libsepol/tests/test-linker-cond-map.c
@@ -0,0 +1,159 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "parse_util.h"
+#include "helpers.h"
+#include "test-common.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/conditional.h>
+
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+/* Tests for conditionals
+ * Test each cond/bool for these
+ * - boolean copied correctly (state is correct)
+ * - conditional expression is correct
+ * Tests:
+ * - single boolean in base
+ * - single boolean in module
+ * - single boolean in base optional
+ * - single boolean in module optional
+ * - 2 booleans in base
+ * - 2 booleans in module
+ * - 2 booleans in base optional
+ * - 2 booleans in module optional
+ * - 2 booleans, base and module
+ * - 2 booleans, base optional and module
+ * - 2 booleans, base optional and module optional
+ * - 3 booleans, base, base optional, module
+ * - 4 boolean, base, base optional, module, module optional
+ */
+
+typedef struct test_cond_expr {
+ char *bool;
+ uint32_t expr_type;
+} test_cond_expr_t;
+
+void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_expr_t * bools, int len)
+{
+ int i;
+ cond_expr_t *expr;
+
+ CU_ASSERT_FATAL(d->cond_list != NULL);
+ CU_ASSERT_FATAL(d->cond_list->expr != NULL);
+
+ expr = d->cond_list->expr;
+
+ for (i = 0; i < len; i++) {
+ CU_ASSERT_FATAL(expr != NULL);
+
+ CU_ASSERT(expr->expr_type == bools[i].expr_type);
+ if (bools[i].bool) {
+ CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
+ }
+ expr = expr->next;
+ }
+}
+
+void test_bool_state(policydb_t * p, char *bool, int state)
+{
+ cond_bool_datum_t *b;
+
+ b = hashtab_search(p->p_bools.table, bool);
+ CU_ASSERT_FATAL(b != NULL);
+ CU_ASSERT(b->state == state);
+}
+
+void base_cond_tests(policydb_t * base)
+{
+ avrule_decl_t *d;
+ unsigned int decls[1];
+ test_cond_expr_t bools[2];
+
+ /* these tests look at booleans and conditionals in the base only
+ * to ensure that they aren't altered or removed during the link process */
+
+ /* bool existance and state, global scope */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "g_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_bool_state(base, "g_b_bool_1", 0);
+ /* conditional expression mapped correctly */
+ bools[0].bool = "g_b_bool_1";
+ bools[0].expr_type = COND_BOOL;
+ test_cond_expr_mapping(base, d, bools, 1);
+
+ /* bool existance and state, optional scope */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "o1_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_bool_state(base, "o1_b_bool_1", 1);
+ /* conditional expression mapped correctly */
+ bools[0].bool = "o1_b_bool_1";
+ bools[0].expr_type = COND_BOOL;
+ test_cond_expr_mapping(base, d, bools, 1);
+
+}
+
+void module_cond_tests(policydb_t * base)
+{
+ avrule_decl_t *d;
+ unsigned int decls[1];
+ test_cond_expr_t bools[3];
+
+ /* bool existance and state, module 1 global scope */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "g_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_bool_state(base, "g_m1_bool_1", 1);
+ /* conditional expression mapped correctly */
+ bools[0].bool = "g_m1_bool_1";
+ bools[0].expr_type = COND_BOOL;
+ test_cond_expr_mapping(base, d, bools, 1);
+
+ /* bool existance and state, module 1 optional scope */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "o1_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_bool_state(base, "o1_m1_bool_1", 0);
+ /* conditional expression mapped correctly */
+ bools[0].bool = "o1_m1_bool_1";
+ bools[0].expr_type = COND_BOOL;
+ test_cond_expr_mapping(base, d, bools, 1);
+
+ /* bool existance and state, module 2 global scope */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "g_m2_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_sym_presence(base, "g_m2_bool_2", SYM_BOOLS, SCOPE_DECL, decls, 1);
+ test_bool_state(base, "g_m2_bool_1", 1);
+ test_bool_state(base, "g_m2_bool_2", 0);
+ /* conditional expression mapped correctly */
+ bools[0].bool = "g_m2_bool_1";
+ bools[0].expr_type = COND_BOOL;
+ bools[1].bool = "g_m2_bool_2";
+ bools[1].expr_type = COND_BOOL;
+ bools[2].bool = NULL;
+ bools[2].expr_type = COND_AND;
+ test_cond_expr_mapping(base, d, bools, 3);
+}
diff --git a/libsepol/tests/test-linker-cond-map.h b/libsepol/tests/test-linker-cond-map.h
new file mode 100644
index 0000000..148c6f6
--- /dev/null
+++ b/libsepol/tests/test-linker-cond-map.h
@@ -0,0 +1,27 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_LINKER_COND_MAP_H__
+#define __TEST_LINKER_COND_MAP_H__
+
+extern void base_cond_tests(policydb_t * base);
+extern void module_cond_tests(policydb_t * base);
+
+#endif
diff --git a/libsepol/tests/test-linker-roles.c b/libsepol/tests/test-linker-roles.c
new file mode 100644
index 0000000..42f92d3
--- /dev/null
+++ b/libsepol/tests/test-linker-roles.c
@@ -0,0 +1,206 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "parse_util.h"
+#include "helpers.h"
+#include "test-common.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+/* Tests for roles:
+ * Test for each of these for
+ * - role in appropriate symtab (global and decl)
+ * - datum in the decl symtab has correct type_set
+ * - scope datum has correct decl ids
+ * - dominates bitmap is correct
+ * Tests:
+ * - role in base, no modules
+ * - role in base optional, no modules
+ * - role a in base, b in module
+ * - role a in base and module (additive)
+ * - role a in base and 2 module
+ * - role a in base optional, b in module
+ * - role a in base, b in module optional
+ * - role a in base optional, b in module optional
+ * - role a in base optional and module
+ * - role a in base and module optional
+ * - role a in base optional and module optional
+ * - role a in base optional and 2 modules
+ * - role a and b in base, b dom a, are types correct (TODO)
+ */
+
+/* this simply tests whether the passed in role only has its own
+ * value in its dominates ebitmap */
+static void only_dominates_self(policydb_t * p, role_datum_t * role)
+{
+ ebitmap_node_t *tnode;
+ unsigned int i;
+ int found = 0;
+
+ ebitmap_for_each_bit(&role->dominates, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ found++;
+ CU_ASSERT(i == role->s.value - 1);
+ }
+ }
+ CU_ASSERT(found == 1);
+}
+
+void base_role_tests(policydb_t * base)
+{
+ avrule_decl_t *decl;
+ role_datum_t *role;
+ unsigned int decls[2];
+ char *types[2];
+
+ /* These tests look at roles in the base only, the desire is to ensure that
+ * roles are not destroyed or otherwise removed during the link process */
+
+ /**** test for g_b_role_1 in base and decl 1 (global) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
+ /* make sure it has the correct type set (g_b_type_1, no negset, no flags) */
+ types[0] = "g_b_type_1";
+ role = test_role_type_set(base, "g_b_role_1", NULL, types, 1, 0);
+ /* This role should only dominate itself */
+ only_dominates_self(base, role);
+
+ /**** test for o1_b_role_1 in optional (decl 2) ****/
+ decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
+ decls[0] = decl->decl_id;
+ test_sym_presence(base, "o1_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
+ /* make sure it has the correct type set (o1_b_type_1, no negset, no flags) */
+ types[0] = "o1_b_type_1";
+ role = test_role_type_set(base, "o1_b_role_1", decl, types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+}
+
+void module_role_tests(policydb_t * base)
+{
+ role_datum_t *role;
+ avrule_decl_t *decl;
+ unsigned int decls[2];
+ char *types[3];
+
+ /* These tests are run when the base is linked with 2 modules,
+ * They should test whether the roles get copied correctly from the
+ * modules into the base */
+
+ /**** test for role in module 1 (global) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
+ /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
+ types[0] = "g_m1_type_1";
+ role = test_role_type_set(base, "g_m1_role_1", NULL, types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for role in module 1 (optional) ****/
+ decl = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
+ decls[0] = decl->decl_id;
+ test_sym_presence(base, "o1_m1_role_1", SYM_ROLES, SCOPE_DECL, decls, 1);
+ /* make sure it has the correct type set (o1_m1_type_1, no negset, no flags) */
+ types[0] = "o1_m1_type_1";
+ role = test_role_type_set(base, "o1_m1_role_1", decl, types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /* These test whether the type sets are copied to the right place and
+ * correctly unioned when they should be */
+
+ /**** test for type added to base role in module 1 (global) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2);
+ /* make sure it has the correct type set (g_m1_type_1, no negset, no flags) */
+ types[0] = "g_b_type_2"; /* added in base when declared */
+ types[1] = "g_m1_type_1"; /* added in module */
+ role = test_role_type_set(base, "g_b_role_2", NULL, types, 2, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for type added to base role in module 1 & 2 (global) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
+ test_sym_presence(base, "g_b_role_3", SYM_ROLES, SCOPE_DECL, decls, 3);
+ /* make sure it has the correct type set (g_b_type_2, g_m1_type_2, g_m2_type_2, no negset, no flags) */
+ types[0] = "g_b_type_2"; /* added in base when declared */
+ types[1] = "g_m1_type_2"; /* added in module 1 */
+ types[2] = "g_m2_type_2"; /* added in module 2 */
+ role = test_role_type_set(base, "g_b_role_3", NULL, types, 3, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for role in base optional and module 1 (additive) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "o1_b_role_2", SYM_ROLES, SCOPE_DECL, decls, 2);
+ /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
+ types[0] = "g_m1_type_1";
+ role = test_role_type_set(base, "o1_b_role_2", NULL, types, 1, 0);
+ types[0] = "o1_b_type_1";
+ role = test_role_type_set(base, "o1_b_role_2", test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"), types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for role in base and module 1 optional (additive) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"))->decl_id;
+ test_sym_presence(base, "g_b_role_4", SYM_ROLES, SCOPE_DECL, decls, 2);
+ /* this one will have 2 type sets, one in the global symtab and one in the base optional 1 */
+ types[0] = "g_b_type_2";
+ role = test_role_type_set(base, "g_b_role_4", NULL, types, 1, 0);
+ types[0] = "g_m1_type_2";
+ role = test_role_type_set(base, "g_b_role_4", test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m1"), types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for role in base and module 1 optional (additive) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id;
+ test_sym_presence(base, "o3_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 2);
+ /* this one will have 2 type sets, one in the 3rd base optional and one in the 3rd module optional */
+ types[0] = "o3_b_type_1";
+ role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_b"), types, 1, 0);
+ types[0] = "o3_m1_type_1";
+ role = test_role_type_set(base, "o3_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"), types, 1, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+
+ /**** test for role in base and module 1 optional (additive) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id;
+ decls[1] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ decls[2] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2"))->decl_id;
+ test_sym_presence(base, "o4_b_role_1", SYM_ROLES, SCOPE_DECL, decls, 3);
+ /* this one will have 2 type sets, one in the global symtab (with both module types) and one in the 4th optional of base */
+ types[0] = "g_m1_type_1";
+ role = test_role_type_set(base, "o4_b_role_1", test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"), types, 1, 0);
+ types[0] = "g_m2_type_1";
+ types[1] = "g_m1_type_2";
+ role = test_role_type_set(base, "o4_b_role_1", NULL, types, 2, 0);
+ /* and only dominates itself */
+ only_dominates_self(base, role);
+}
diff --git a/libsepol/tests/test-linker-roles.h b/libsepol/tests/test-linker-roles.h
new file mode 100644
index 0000000..f7407df
--- /dev/null
+++ b/libsepol/tests/test-linker-roles.h
@@ -0,0 +1,29 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_LINKER_ROLES_H__
+#define __TEST_LINKER_ROLES_H__
+
+#include <sepol/policydb/policydb.h>
+
+extern void base_role_tests(policydb_t * base);
+extern void module_role_tests(policydb_t * base);
+
+#endif
diff --git a/libsepol/tests/test-linker-types.c b/libsepol/tests/test-linker-types.c
new file mode 100644
index 0000000..94f16ac
--- /dev/null
+++ b/libsepol/tests/test-linker-types.c
@@ -0,0 +1,317 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ * Chad Sellers <csellers@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "parse_util.h"
+#include "helpers.h"
+#include "test-common.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+
+#include <CUnit/Basic.h>
+#include <stdlib.h>
+
+/* Tests for types:
+ * Test for each of these for
+ * - type in appropriate symtab (global and decl)
+ * - datum in the decl symtab has correct type bitmap (if attr)
+ * - primary is set correctly
+ * - scope datum has correct decl ids
+ * Tests:
+ * - type in base, no modules
+ * - type in base optional, no modules
+ * - type a in base, b in module
+ * - type a in base optional, b in module
+ * - type a in base, b in module optional
+ * - type a in base optional, b in module optional
+ * - attr in base, no modules
+ * - attr in base optional, no modules
+ * - attr a in base, b in module
+ * - attr a in base optional, b in module
+ * - attr a in base, b in module optional
+ * - attr a in base optional, b in module optional
+ * - attr a declared in base, added to in module
+ * - attr a declared in base, added to in module optional
+ * - attr a declared in base, added to in 2 modules
+ * - attr a declared in base, added to in 2 modules (optional and global)
+ * - attr a declared in base optional, added to in module
+ * - attr a declared in base optional, added to in module optional
+ * - attr a added to in base optional, declared in module
+ * - attr a added to in base optional, declared in module optional
+ * - attr a added to in base optional, declared in module, added to in other module
+ * - attr a added to in base optional, declared in module optional, added to in other module
+ * - attr a added to in base optional, declared in module , added to in other module optional
+ * - attr a added to in base optional, declared in module optional, added to in other module optional
+ * - alias in base of primary type in base, no modules
+ * - alias in base optional of primary type in base, no modules
+ * - alias in base optional of primary type in base optional
+ * - alias in module of primary type in base
+ * - alias in module optional of primary type in base
+ * - alias in module optional of primary type in base optional
+ * - alias in module of primary type in module
+ * - alias in module optional of primary type in module
+ * - alias in module optional of primary type in module optional
+ * - alias a in base, b in module, primary type in base
+ * - alias a in base, b in module, primary type in module
+ * - alias a in base optional, b in module, primary type in base
+ * - alias a in base optional, b in module, primary type in module
+ * - alias a in base, b in module optional, primary type in base
+ * - alias a in base, b in module optional, primary type in module
+ * - alias a in base optional, b in module optional, primary type in base
+ * - alias a in base optional, b in module optional, primary type in module
+ * - alias a in base, required in module, primary type in base
+ * - alias a in base, required in base optional, primary type in base
+ * - alias a in base, required in module optional, primary type in base
+ * - alias a in module, required in base optional, primary type in base
+ * - alias a in module, required in module optional, primary type in base
+ * - alias a in base optional, required in module, primary type in base
+ * - alias a in base optional, required in different base optional, primary type in base
+ * - alias a in base optional, required in module optional, primary type in base
+ * - alias a in module optional, required in base optional, primary type in base
+ * - alias a in module optional, required in module optional, primary type in base
+ * - alias a in module, required in base optional, primary type in module
+ * - alias a in module, required in module optional, primary type in module
+ * - alias a in base optional, required in module, primary type in module
+ * - alias a in base optional, required in different base optional, primary type in module
+ * - alias a in base optional, required in module optional, primary type in module
+ * - alias a in module optional, required in base optional, primary type in module
+ * - alias a in module optional, required in module optional, primary type in module
+ */
+
+/* Don't pass in decls from global blocks since symbols aren't stored in their symtab */
+static void test_type_datum(policydb_t * p, char *id, unsigned int *decls, int len, unsigned int primary)
+{
+ int i;
+ unsigned int value;
+ type_datum_t *type;
+
+ /* just test the type datums for each decl to see if it is what we expect */
+ type = hashtab_search(p->p_types.table, id);
+
+ CU_ASSERT_FATAL(type != NULL);
+ CU_ASSERT(type->primary == primary);
+ CU_ASSERT(type->flavor == TYPE_TYPE);
+
+ value = type->s.value;
+
+ for (i = 0; i < len; i++) {
+ type = hashtab_search(p->decl_val_to_struct[decls[i] - 1]->p_types.table, id);
+ CU_ASSERT_FATAL(type != NULL);
+ CU_ASSERT(type->primary == primary);
+ CU_ASSERT(type->flavor == TYPE_TYPE);
+ CU_ASSERT(type->s.value == value);
+ }
+
+}
+
+void base_type_tests(policydb_t * base)
+{
+ unsigned int decls[2];
+ char *types[2];
+
+ /* These tests look at types in the base only, the desire is to ensure that
+ * types are not destroyed or otherwise removed during the link process.
+ * if this happens these tests won't work anyway since we are using types to
+ * mark blocks */
+
+ /**** test for g_b_type_1 in base and decl 1 (global) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_type_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_type_datum(base, "g_b_type_1", NULL, 0, 1);
+ /* this attr is in the same decl as the type */
+ test_sym_presence(base, "g_b_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_b_type_1";
+ test_attr_types(base, "g_b_attr_1", NULL, types, 1);
+
+ /**** test for o1_b_type_1 in optional (decl 2) ****/
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id;
+ test_sym_presence(base, "o1_b_type_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_type_datum(base, "o1_b_type_1", NULL, 0, 1);
+ /* this attr is in the same decl as the type */
+ test_sym_presence(base, "o1_b_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "o1_b_type_1";
+ test_attr_types(base, "o1_b_attr_1", base->decl_val_to_struct[decls[0] - 1], types, 1);
+
+ /* tests for aliases */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_alias_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_alias_datum(base, "g_b_alias_1", "g_b_type_3", 1, 0);
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o6_b"))->decl_id;
+ test_sym_presence(base, "g_b_alias_2", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_alias_datum(base, "g_b_alias_2", "g_b_type_3", 1, 0);
+
+}
+
+void module_type_tests(policydb_t * base)
+{
+ unsigned int decls[2];
+ char *types[2];
+ avrule_decl_t *d;
+
+ /* These tests look at types that were copied from modules or attributes
+ * that were modified and declared in modules and base. These apply to
+ * declarations and modifications in and out of optionals. These tests
+ * should ensure that types and attributes are correctly copied from modules
+ * and that attribute type sets are correctly copied and mapped. */
+
+ /* note: scope for attributes is currently smashed if the attribute is declared
+ * somewhere so the scope test only looks at global, the type bitmap test looks
+ * at the appropriate decl symtab */
+
+ /* test for type in module 1 (global) */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m1_type_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_type_datum(base, "g_m1_type_1", NULL, 0, 1);
+ /* attr has is in the same decl as the above type */
+ test_sym_presence(base, "g_m1_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_1";
+ types[1] = "g_m1_type_2";
+ test_attr_types(base, "g_m1_attr_1", NULL, types, 2);
+
+ /* test for type in module 1 (optional) */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1"))->decl_id;
+ test_sym_presence(base, "o1_m1_type_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_type_datum(base, "o1_m1_type_1", NULL, 0, 1);
+ /* attr has is in the same decl as the above type */
+ test_sym_presence(base, "o1_m1_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "o1_m1_type_2";
+ test_attr_types(base, "o1_m1_attr_1", base->decl_val_to_struct[decls[0] - 1], types, 1);
+
+ /* test for attr declared in base, added to in module (global).
+ * Since these are both global it'll be merged in the main symtab */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_attr_3", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_3";
+ test_attr_types(base, "g_b_attr_3", NULL, types, 1);
+
+ /* test for attr declared in base, added to in module (optional). */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_attr_4", SYM_TYPES, SCOPE_DECL, decls, 1);
+
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1"))->decl_id;
+ types[0] = "o1_m1_type_3";
+ test_attr_types(base, "g_b_attr_4", base->decl_val_to_struct[decls[0] - 1], types, 1);
+
+ /* test for attr declared in base, added to in 2 modules (global). (merged in main symtab) */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_attr_5", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_4";
+ types[1] = "g_m2_type_4";
+ test_attr_types(base, "g_b_attr_5", NULL, types, 2);
+
+ /* test for attr declared in base, added to in 2 modules (optional/global). */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b"))->decl_id;
+ test_sym_presence(base, "g_b_attr_6", SYM_TYPES, SCOPE_DECL, decls, 1);
+ /* module 2 was global to its type is in main symtab */
+ types[0] = "g_m2_type_5";
+ test_attr_types(base, "g_b_attr_6", NULL, types, 1);
+ d = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"));
+ types[0] = "o3_m1_type_2";
+ test_attr_types(base, "g_b_attr_6", d, types, 1);
+
+ /* test for attr declared in base optional, added to in module (global). */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b"))->decl_id;
+ test_sym_presence(base, "o4_b_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_5";
+ test_attr_types(base, "o4_b_attr_1", NULL, types, 1);
+
+ /* test for attr declared in base optional, added to in module (optional). */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b"))->decl_id;
+ test_sym_presence(base, "o1_b_attr_2", SYM_TYPES, SCOPE_DECL, decls, 1);
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
+ types[0] = "o1_m1_type_5";
+ test_attr_types(base, "o1_b_attr_2", d, types, 1);
+
+ /* test for attr declared in module, added to in base optional */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m1_attr_2", SYM_TYPES, SCOPE_DECL, decls, 1);
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
+ types[0] = "o1_b_type_2";
+ test_attr_types(base, "g_m1_attr_2", d, types, 1);
+
+ /* test for attr declared in module optional, added to in base optional */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1"))->decl_id;
+ test_sym_presence(base, "o3_m1_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b");
+ types[0] = "o4_b_type_1";
+ test_attr_types(base, "o3_m1_attr_1", d, types, 1);
+
+ /* attr a added to in base optional, declared/added to in module, added to in other module */
+ /* first the module declare/add and module 2 add (since its global it'll be in the main symtab */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m1_attr_3", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_6";
+ types[1] = "g_m2_type_3";
+ test_attr_types(base, "g_m1_attr_3", NULL, types, 2);
+ /* base add */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_b");
+ types[0] = "o4_b_type_2";
+ test_attr_types(base, "g_m1_attr_3", d, types, 1);
+
+ /* attr a added to in base optional, declared/added in module optional, added to in other module */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o3_m1");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "o3_m1_attr_2", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "o3_m1_type_3";
+ test_attr_types(base, "o3_m1_attr_2", d, types, 1);
+ /* module 2's type will be in the main symtab */
+ types[0] = "g_m2_type_6";
+ test_attr_types(base, "o3_m1_attr_2", NULL, types, 1);
+ /* base add */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_b");
+ types[0] = "o2_b_type_1";
+ test_attr_types(base, "o3_m1_attr_2", d, types, 1);
+
+ /* attr a added to in base optional, declared/added in module , added to in other module optional */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m1_attr_4", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "g_m1_type_7";
+ test_attr_types(base, "g_m1_attr_4", NULL, types, 1);
+ /* module 2 */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m2");
+ types[0] = "o2_m2_type_1";
+ test_attr_types(base, "g_m1_attr_4", d, types, 1);
+ /* base add */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o5_b");
+ types[0] = "o5_b_type_1";
+ test_attr_types(base, "g_m1_attr_4", d, types, 1);
+
+ /* attr a added to in base optional, declared/added in module optional, added to in other module optional */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o4_m1");
+ decls[0] = d->decl_id;
+ test_sym_presence(base, "o4_m1_attr_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ types[0] = "o4_m1_type_1";
+ test_attr_types(base, "o4_m1_attr_1", d, types, 1);
+ /* module 2 */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o2_m2");
+ types[0] = "o2_m2_type_2";
+ test_attr_types(base, "o4_m1_attr_1", d, types, 1);
+ /* base add */
+ d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o5_b");
+ types[0] = "o5_b_type_2";
+ test_attr_types(base, "o4_m1_attr_1", d, types, 1);
+
+ /* tests for aliases */
+ decls[0] = (test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1"))->decl_id;
+ test_sym_presence(base, "g_m_alias_1", SYM_TYPES, SCOPE_DECL, decls, 1);
+ test_alias_datum(base, "g_m_alias_1", "g_b_type_3", 1, 0);
+
+}
diff --git a/libsepol/tests/test-linker-types.h b/libsepol/tests/test-linker-types.h
new file mode 100644
index 0000000..0c860eb
--- /dev/null
+++ b/libsepol/tests/test-linker-types.h
@@ -0,0 +1,27 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_LINKER_TYPES_H__
+#define __TEST_LINKER_TYPES_H__
+
+extern void base_type_tests(policydb_t * base);
+extern void module_type_tests(policydb_t * base);
+
+#endif
diff --git a/libsepol/tests/test-linker.c b/libsepol/tests/test-linker.c
new file mode 100644
index 0000000..d08f219
--- /dev/null
+++ b/libsepol/tests/test-linker.c
@@ -0,0 +1,154 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/* This is where the linker tests should go, including:
+ * - check role, type, bool, user, attr mapping
+ * - check for properly enabled optional
+ * - check for properly disabled optional
+ * - check for non-optional disabled blocks
+ * - properly add symbols declared in optionals
+ */
+
+#include "test-linker.h"
+#include "parse_util.h"
+#include "helpers.h"
+#include "test-common.h"
+#include "test-linker-roles.h"
+#include "test-linker-types.h"
+#include "test-linker-cond-map.h"
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/conditional.h>
+#include <sepol/policydb/expand.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#define NUM_MODS 2
+#define NUM_POLICIES NUM_MODS+1
+
+#define BASEMOD NUM_MODS
+const char *policies[NUM_POLICIES] = {
+ "module1.conf",
+ "module2.conf",
+ "small-base.conf",
+};
+
+static policydb_t basenomods;
+static policydb_t linkedbase;
+static policydb_t *modules[NUM_MODS];
+extern int mls;
+
+int linker_test_init(void)
+{
+ int i;
+
+ if (test_load_policy(&linkedbase, POLICY_BASE, mls, "test-linker", policies[BASEMOD]))
+ return -1;
+
+ if (test_load_policy(&basenomods, POLICY_BASE, mls, "test-linker", policies[BASEMOD]))
+ return -1;
+
+ for (i = 0; i < NUM_MODS; i++) {
+
+ modules[i] = calloc(1, sizeof(*modules[i]));
+ if (!modules[i]) {
+ fprintf(stderr, "out of memory!\n");
+ return -1;
+ }
+
+ if (test_load_policy(modules[i], POLICY_MOD, mls, "test-linker", policies[i]))
+ return -1;
+
+ }
+
+ if (link_modules(NULL, &linkedbase, modules, NUM_MODS, 0)) {
+ fprintf(stderr, "link modules failed\n");
+ return -1;
+ }
+
+ if (link_modules(NULL, &basenomods, NULL, 0, 0)) {
+ fprintf(stderr, "link modules failed\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+int linker_test_cleanup(void)
+{
+ int i;
+
+ policydb_destroy(&basenomods);
+ policydb_destroy(&linkedbase);
+
+ for (i = 0; i < NUM_MODS; i++) {
+ policydb_destroy(modules[i]);
+ free(modules[i]);
+ }
+ return 0;
+}
+
+static void test_linker_indexes(void)
+{
+ test_policydb_indexes(&linkedbase);
+}
+
+static void test_linker_roles(void)
+{
+ base_role_tests(&basenomods);
+ base_role_tests(&linkedbase);
+ module_role_tests(&linkedbase);
+}
+
+static void test_linker_types(void)
+{
+ base_type_tests(&basenomods);
+ base_type_tests(&linkedbase);
+ module_type_tests(&linkedbase);
+}
+
+static void test_linker_cond(void)
+{
+ base_cond_tests(&basenomods);
+ base_cond_tests(&linkedbase);
+ module_cond_tests(&linkedbase);
+}
+
+int linker_add_tests(CU_pSuite suite)
+{
+ if (NULL == CU_add_test(suite, "linker_indexes", test_linker_indexes)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ if (NULL == CU_add_test(suite, "linker_types", test_linker_types)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ if (NULL == CU_add_test(suite, "linker_roles", test_linker_roles)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ if (NULL == CU_add_test(suite, "linker_cond", test_linker_cond)) {
+ CU_cleanup_registry();
+ return CU_get_error();
+ }
+ return 0;
+}
diff --git a/libsepol/tests/test-linker.h b/libsepol/tests/test-linker.h
new file mode 100644
index 0000000..16339a0
--- /dev/null
+++ b/libsepol/tests/test-linker.h
@@ -0,0 +1,30 @@
+/*
+ * Author: Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_LINKER_H__
+#define __TEST_LINKER_H__
+
+#include <CUnit/Basic.h>
+
+int linker_test_init(void);
+int linker_test_cleanup(void);
+int linker_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
new file mode 100644
index 0000000..6864114
--- /dev/null
+++ b/libsepol/utils/Makefile
@@ -0,0 +1,24 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+BINDIR ?= $(PREFIX)/bin
+
+CFLAGS ?= -Wall -Werror
+override CFLAGS += -I../include
+LDLIBS += -L../src -lsepol
+
+TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+
+all: $(TARGETS)
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(BINDIR)
+
+clean:
+ -rm -f $(TARGETS) *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
+
diff --git a/libsepol/utils/chkcon.c b/libsepol/utils/chkcon.c
new file mode 100644
index 0000000..4c23d4c
--- /dev/null
+++ b/libsepol/utils/chkcon.c
@@ -0,0 +1,42 @@
+#include <sepol/sepol.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+void usage(char *progname)
+{
+ printf("usage: %s policy context\n", progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+
+ if (argc != 3)
+ usage(argv[0]);
+
+ fp = fopen(argv[1], "r");
+ if (!fp) {
+ fprintf(stderr, "Can't open '%s': %s\n",
+ argv[1], strerror(errno));
+ exit(1);
+ }
+ if (sepol_set_policydb_from_file(fp) < 0) {
+ fprintf(stderr, "Error while processing %s: %s\n",
+ argv[1], strerror(errno));
+ exit(1);
+ }
+ fclose(fp);
+
+ if (sepol_check_context(argv[2]) < 0) {
+ fprintf(stderr, "%s is not valid\n", argv[2]);
+ exit(1);
+ }
+
+ printf("%s is valid\n", argv[2]);
+ exit(0);
+}
diff --git a/policycoreutils/COPYING b/policycoreutils/COPYING
new file mode 100644
index 0000000..5b6e7c6
--- /dev/null
+++ b/policycoreutils/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+�
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+�
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+�
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+�
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/policycoreutils/ChangeLog b/policycoreutils/ChangeLog
new file mode 100644
index 0000000..ea69b46
--- /dev/null
+++ b/policycoreutils/ChangeLog
@@ -0,0 +1,924 @@
+2.0.54 2008-08-05
+ * Add support for boolean files and group support for seusers from Dan Walsh.
+ * Ensure that setfiles -p output is newline terminated from Russell Coker.
+
+2.0.53 2008-07-29
+ * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
+
+2.0.52 2008-07-02
+ * Add permissive domain capability to semanage from Dan Walsh.
+
+2.0.51 2008-06-28
+ * Add onboot option to fixfiles from Dan Walsh.
+ * Change restorecon.init to not run on boot by default from Dan Walsh.
+
+2.0.50 2008-06-30
+ * Fix audit2allow generation of role-type rules from Karl MacMillan.
+
+2.0.49 2008-05-16
+ * Remove security_check_context calls for prefix validation from semanage.
+
+2.0.48 2008-05-16
+ * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
+
+2.0.47 2008-04-18
+ * Update semanage man page for booleans from Dan Walsh.
+ * Add further error checking to seobject.py for setting booleans.
+
+2.0.46 2008-03-18
+ * Update audit2allow to report dontaudit cases from Dan Walsh.
+
+2.0.45 2008-03-18
+ * Fix semanage port to use --proto from Caleb Case.
+
+2.0.44 2008-02-22
+ * Fixed semodule to correctly handle error when unable to create a handle.
+
+2.0.43 2008-02-08
+ * Merged fix fixfiles option processing from Vaclav Ovsik.
+
+2.0.42 2008-02-02
+ * Make semodule_expand use sepol_set_expand_consume_base to reduce
+ peak memory usage.
+
+2.0.41 2008-01-28
+ * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
+
+2.0.40 2008-01-25
+ * Merged a second fixfiles -C fix from Marshall Miller.
+
+2.0.39 2008-01-24
+ * Merged fixfiles -C fix from Marshall Miller.
+
+2.0.38 2008-01-24
+ * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
+ * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
+ * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
+
+2.0.37 2008-01-23
+ * Merged replacement for audit2why from Dan Walsh.
+
+2.0.36 2008-01-23
+ * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
+
+2.0.35 2007-12-21
+ * Merged support for non-interactive newrole command invocation from Tim Reed.
+
+2.0.34 2007-12-14
+ * Update Makefile to not build restorecond if
+ /usr/include/sys/inotify.h is not present
+
+2.0.33 2007-12-07
+ * Drop verbose output on fixfiles -C from Dan Walsh.
+ * Fix argument handling in fixfiles from Dan Walsh.
+ * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
+
+2.0.32 2007-10-16
+ * load_policy initial load option from Chad Sellers.
+
+2.0.31 2007-10-15
+ * Fix semodule option handling from Dan Walsh.
+
+2.0.30 2007-10-11
+ * Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
+
+2.0.29 2007-10-05
+ * Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
+
+2.0.28 2007-10-05
+ * Update semodule man page for -D from Dan Walsh.
+ * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
+
+2.0.27 2007-09-19
+ * Improve semodule reporting of system errors from Stephen Smalley.
+
+2.0.26 2007-09-18
+ * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
+
+2.0.25 2007-08-23
+ * Remove genhomedircon script (functionality is now provided
+ within libsemanage) from Todd Miller.
+
+2.0.24 2007-08-23
+ * Fix genhomedircon searching for USER from Todd Miller
+ * Install run_init with mode 0755 from Dan Walsh.
+ * Fix chcat from Dan Walsh.
+ * Fix fixfiles pattern expansion and error reporting from Dan Walsh.
+ * Optimize genhomedircon to compile regexes once from Dan Walsh.
+ * Fix semanage gettext call from Dan Walsh.
+
+2.0.23 2007-08-16
+ * Disable dontaudits via semodule -D
+
+2.0.22 2007-06-20
+ * Rebase setfiles to use new labeling interface.
+
+2.0.21 2007-06-13
+ * Fixed setsebool (falling through to error path on success).
+
+2.0.20 2007-06-05
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Merged setfiles -c usage fix from Dan Walsh.
+ * Merged restorecon fix from Yuichi Nakamura.
+ * Dropped -lsepol where no longer needed.
+
+2.0.19 2007-05-11
+ * Merge newrole support for alternate pam configs from Ted X Toth.
+
+2.0.18 2007-05-11
+ * Merged merging of restorecon into setfiles from Stephen Smalley.
+
+2.0.17 2007-05-09
+ * Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
+
+2.0.16 2007-05-03
+ * Merged support for modifying the prefix via semanage from Dan Walsh.
+
+2.0.15 2007-04-26
+ * Merged move of audit2why to /usr/bin from Dan Walsh.
+
+2.0.14 2007-04-25
+ * Build fix for setsebool.
+
+2.0.13 2007-04-24
+ * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
+
+2.0.12 2007-04-24
+ * Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
+
+2.0.11 2007-04-24
+ * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
+
+2.0.10 2007-04-24
+ * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
+
+2.0.9 2007-04-12
+ * Merged seobject setransRecords patch to return the first alias from Xavier Toth.
+
+2.0.8 2007-04-10
+ * Merged updates to sepolgen-ifgen from Karl MacMillan.
+
+2.0.7 2007-03-01
+ * Merged restorecond init script LSB compliance patch from Steve Grubb.
+
+2.0.6 2007-02-22
+ * Merged newrole O_NONBLOCK fix from Linda Knippers.
+
+2.0.5 2007-02-22
+ * Merged sepolgen and audit2allow patches to leave generated files
+ in the current directory from Karl MacMillan.
+
+2.0.4 2007-02-22
+ * Merged restorecond memory leak fix from Steve Grubb.
+
+2.0.3 2007-02-21
+ * Merged translations update from Dan Walsh.
+ * Merged chcat fixes from Dan Walsh.
+ * Merged man page fixes from Dan Walsh.
+ * Merged seobject prefix validity checking from Dan Walsh.
+
+2.0.2 2007-02-20
+ * Merged seobject exception handler fix from Caleb Case.
+ * Merged setfiles memory leak patch from Todd Miller.
+
+2.0.1 2007-02-08
+ * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
+
+2.0.0 2007-02-05
+ * Merged new audit2allow from Karl MacMillan.
+ This audit2allow depends on the new sepolgen python module.
+ Note that you must run the sepolgen-ifgen tool to generate
+ the data needed by audit2allow to generate refpolicy.
+
+1.34.1 2007-01-22
+ * Fixed newrole non-pam build.
+
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.16 2007-01-18
+ * Merged po file updates from Dan Walsh.
+ * Removed update-po from all target in po/Makefile.
+
+1.33.15 2007-01-17
+ * Merged unicode-to-string fix for seobject audit from Dan Walsh.
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.14 2007-01-16
+ * Merged newrole man page patch from Michael Thompson.
+
+1.33.13 2007-01-16
+ * Merged patch to fix python unicode problem from Dan Walsh.
+
+1.33.12 2007-01-11
+ * Merged newrole securetty check from Dan Walsh.
+ * Merged semodule patch to generalize list support from Karl MacMillan.
+
+1.33.11 2007-01-09
+ * Merged fixfiles and seobject fixes from Dan Walsh.
+ * Merged semodule support for list of modules after -i from Karl MacMillan.
+
+1.33.10 2007-01-08
+ * Merged patch to correctly handle a failure during semanage handle
+ creation from Karl MacMillan.
+
+1.33.9 2007-01-05
+ * Merged patch to fix seobject role modification from Dan Walsh.
+
+1.33.8 2007-01-04
+ * Merged patches from Dan Walsh to:
+ - omit the optional name from audit2allow
+ - use the installed python version in the Makefiles
+ - re-open the tty with O_RDWR in newrole
+
+1.33.7 2007-01-03
+ * Patch from Dan Walsh to correctly suppress warnings in load_policy.
+
+1.33.6 2006-11-29
+ * Patch from Dan Walsh to add an pam_acct_msg call to run_init
+ * Patch from Dan Walsh to fix error code returns in newrole
+ * Patch from Dan Walsh to remove verbose flag from semanage man page
+ * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
+ in /usr/share/selinux/<SELINUXTYPE>
+
+1.33.5 2006-11-27
+ * Merged patch from Michael C Thompson to clean up genhomedircon
+ error handling.
+1.33.4 2006-11-21
+ * Merged po file updates from Dan Walsh.
+
+1.33.3 2006-11-21
+ * Merged setsebool patch from Karl MacMillan.
+ This fixes a bug reported by Yuichi Nakamura with
+ always setting booleans persistently on an unmanaged system.
+
+1.33.2 2006-11-20
+ * Merged patch from Dan Walsh (via Karl MacMillan):
+ * Added newrole audit message on login failure
+ * Add /var/log/wtmp to restorecond.conf watch list
+ * Fix genhomedircon, semanage, semodule_expand man pages.
+
+1.33.1 2006-11-13
+ * Merged newrole patch set from Michael Thompson.
+
+1.32 2006-10-17
+ * Updated version for release.
+
+1.30.31 2006-10-17
+ * Merged audit2allow -l fix from Yuichi Nakamura.
+ * Merged restorecon -i and -o - support from Karl MacMillan.
+ * Merged semanage/seobject fix from Dan Walsh.
+ * Merged fixfiles -R and verify changes from Dan Walsh.
+
+1.30.30 2006-09-29
+ * Merged newrole auditing of failures due to user actions from
+ Michael Thompson.
+
+1.30.29 2006-09-13
+ * Man page corrections from Dan Walsh
+ * Change all python invocations to /usr/bin/python -E
+ * Add missing getopt flags to genhomedircon
+
+1.30.28 2006-09-01
+ * Merged fix for restorecon // handling from Erich Schubert.
+ * Merged translations update and fixfiles fix from Dan Walsh.
+
+1.30.27 2006-08-24
+ * Merged fix for restorecon symlink handling from Erich Schubert.
+
+1.30.26 2006-08-11
+ * Merged semanage local file contexts patch from Chris PeBenito.
+
+1.30.25 2006-08-03
+ * Merged patch from Dan Walsh with:
+ * audit2allow: process MAC_POLICY_LOAD events
+ * newrole: run shell with - prefix to start a login shell
+ * po: po file updates
+ * restorecond: bail if SELinux not enabled
+ * fixfiles: omit -q
+ * genhomedircon: fix exit code if non-root
+ * semodule_deps: install man page
+
+1.30.24 2006-08-03
+ * Merged secon Makefile fix from Joshua Brindle.
+
+1.30.23 2006-08-03
+ * Merged netfilter contexts support patch from Chris PeBenito.
+
+1.30.22 2006-07-28
+ * Merged restorecond size_t fix from Joshua Brindle.
+
+1.30.21 2006-07-28
+ * Merged secon keycreate patch from Michael LeMay.
+
+1.30.20 2006-07-26
+ * Merged restorecond fixes from Dan Walsh.
+ Merged updated po files from Dan Walsh.
+
+1.30.19 2006-07-26
+ * Merged python gettext patch from Stephen Bennett.
+
+1.30.18 2006-07-25
+ * Merged semodule_deps from Karl MacMillan.
+
+1.30.17 2006-06-29
+ * Lindent.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ * -p option (progress) for setfiles and restorecon.
+ * disable context translation for setfiles and restorecon.
+ * on/off values for setsebool.
+
+1.30.15 2006-06-26
+ * Merged setfiles and semodule_link fixes from Joshua Brindle.
+
+1.30.14 2006-06-16
+ * Merged fix for setsebool error path from Serge Hallyn.
+
+1.30.13 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Updated po files.
+ * Fixes for genhomedircon and seobject.
+ * Audit message for mass relabel by setfiles.
+
+1.30.12 2006-06-02
+ * Updated fixfiles script for new setfiles location in /sbin.
+
+1.30.11 2006-05-26
+ * Merged more translations from Dan Walsh.
+ * Merged patch to relocate setfiles to /sbin for early relabel
+ when /usr might not be mounted from Dan Walsh.
+ * Merged semanage/seobject patch to preserve fcontext ordering in list.
+ * Merged secon patch from James Antill.
+
+1.30.10 2006-05-22
+ * Merged patch with updates to audit2allow, secon, genhomedircon,
+ and semanage from Dan Walsh.
+
+1.30.9 2006-05-08
+ * Fixed audit2allow and po Makefiles for DESTDIR= builds.
+ * Merged .po file patch from Dan Walsh.
+ * Merged bug fix for genhomedircon.
+
+1.30.8 2006-05-08
+ * Merged patch from Dan Walsh.
+ This includes audit2allow changes for analysis plugins,
+ internationalization support for several additional programs
+ and added po files, some fixes for semanage, and several cleanups.
+ It also adds a new secon utility.
+
+1.30.7 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.6 2006-04-14
+ * Merged semanage prefix support from Russell Coker.
+
+1.30.5 2006-04-11
+ * Added a test to setfiles to check that the spec file is
+ a regular file.
+
+1.30.4 2006-03-29
+ * Merged audit2allow fixes for refpolicy from Dan Walsh.
+ * Merged fixfiles patch from Dan Walsh.
+ * Merged restorecond daemon from Dan Walsh.
+
+1.30.3 2006-03-29
+ * Merged semanage non-MLS fixes from Chris PeBenito.
+
+1.30.2 2006-03-29
+ * Merged semanage and semodule man page examples from Thomas Bleher.
+
+1.30.1 2006-03-20
+ * Merged semanage labeling prefix patch from Ivan Gyurdiev.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.28 2006-03-13
+ * Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
+
+1.29.27 2006-03-08
+ * Merged audit2allow -R support, chcat fix, semanage MLS checks
+ and semanage audit calls from Dan Walsh.
+
+1.29.26 2006-02-15
+ * Merged semanage bug fix patch from Ivan Gyurdiev.
+
+1.29.25 2006-02-14
+ * Merged improve bindings patch from Ivan Gyurdiev.
+
+1.29.24 2006-02-14
+ * Merged semanage usage patch from Ivan Gyurdiev.
+ * Merged use PyList patch from Ivan Gyurdiev.
+
+1.29.23 2006-02-13
+ * Merged newrole -V/--version support from Glauber de Oliveira Costa.
+
+1.29.22 2006-02-13
+ * Merged genhomedircon prefix patch from Dan Walsh.
+
+1.29.21 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.29.20 2006-02-07
+ * Merged seuser/user_extra support patch to semodule_package
+ from Joshua Brindle.
+
+1.29.19 2006-02-06
+ * Merged getopt type fix for semodule_link/expand and sestatus
+ from Chris PeBenito.
+
+1.29.18 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.29.17 2006-01-30
+ * Merged genhomedircon fix from Dan Walsh.
+
+1.29.16 2006-01-30
+ * Merged seusers.system patch from Ivan Gyurdiev.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+ * Merged genhomedircon patch from Dan Walsh.
+
+1.29.15 2006-01-27
+ * Merged newrole audit patch from Steve Grubb.
+
+1.29.14 2006-01-27
+ * Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
+
+1.29.13 2006-01-27
+ * Merged semanage and semodule access check patches from Joshua Brindle.
+
+1.29.12 2006-01-26
+ * Merged restorecon, chcat, and semanage patches from Dan Walsh.
+
+1.29.11 2006-01-25
+ * Modified newrole and run_init to use the loginuid when
+ supported to obtain the Linux user identity to re-authenticate,
+ and to fall back to real uid. Dropped the use of the SELinux
+ user identity, as Linux users are now mapped to SELinux users
+ via seusers and the SELinux user identity space is separate.
+
+1.29.10 2006-01-20
+ * Merged semanage bug fixes from Ivan Gyurdiev.
+ * Merged semanage fixes from Russell Coker.
+ * Merged chcat.8 and genhomedircon patches from Dan Walsh.
+
+1.29.9 2006-01-19
+ * Merged chcat, semanage, and setsebool patches from Dan Walsh.
+
+1.29.8 2006-01-18
+ * Merged semanage fixes from Ivan Gyurdiev.
+ * Merged semanage fixes from Russell Coker.
+ * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
+
+1.29.7 2006-01-13
+ * Merged newrole cleanup patch from Steve Grubb.
+ * Merged setfiles/restorecon performance patch from Russell Coker.
+ * Merged genhomedircon and semanage patches from Dan Walsh.
+
+1.29.6 2006-01-12
+ * Merged remove add_local/set_local patch from Ivan Gyurdiev.
+
+1.29.5 2006-01-05
+ * Added filename to semodule error reporting.
+
+1.29.4 2006-01-05
+ * Merged genhomedircon and semanage patch from Dan Walsh.
+ * Changed semodule error reporting to include argv[0].
+
+1.29.3 2006-01-04
+ * Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - cleanup setsebool
+ - update setsebool to apply active booleans through libsemanage
+ - update semodule to use the new semanage_set_rebuild() interface
+ - fix various bugs in semanage
+ * Merged patch from Dan Walsh (Red Hat).
+ This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
+ and semanage.
+
+1.29.2 2005-12-14
+ * Merged patch for chcat script from Dan Walsh.
+
+1.29.1 2005-12-08
+ * Merged fix for audit2allow long option list from Dan Walsh.
+ * Merged -r option for restorecon (alias for -R) from Dan Walsh.
+ * Merged chcat script and man page from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.37 2005-12-07
+ * Clarified the genhomedircon warning message.
+
+1.27.36 2005-12-05
+ * Changed genhomedircon to warn on use of ROLE in homedir_template
+ if using managed policy, as libsemanage does not yet support it.
+
+1.27.35 2005-12-02
+ * Merged genhomedircon bug fix from Dan Walsh.
+
+1.27.34 2005-12-02
+ * Revised semodule* man pages to refer to checkmodule and
+ to include example sections.
+
+1.27.33 2005-12-01
+ * Merged audit2allow --tefile and --fcfile support from Dan Walsh.
+ * Merged genhomedircon fix from Dan Walsh.
+ * Merged semodule* man pages from Dan Walsh, and edited them.
+
+1.27.32 2005-12-01
+ * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
+ retain validation/canonicalization of contexts during init.
+
+1.27.31 2005-11-29
+ * Changed genhomedircon to always use user_r for the role in the
+ managed case since user_get_defrole is broken.
+
+1.27.30 2005-11-29
+ * Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
+ * Fixed semodule -v option.
+
+1.27.29 2005-11-28
+ * Merged audit2allow python script from Dan Walsh.
+ (old script moved to audit2allow.perl, will be removed later).
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Merged semodule quieting patch from Dan Walsh
+ (inverts default, use -v to restore original behavior).
+
+1.27.28 2005-11-15
+ * Merged genhomedircon rewrite from Dan Walsh.
+
+1.27.27 2005-11-09
+ * Merged setsebool cleanup patch from Ivan Gyurdiev.
+
+1.27.26 2005-11-09
+ * Added -B (--build) option to semodule to force a rebuild.
+
+1.27.25 2005-11-08
+ * Reverted setsebool patch to call semanage_set_reload_bools().
+ * Changed setsebool to disable policy reload and to call
+ security_set_boolean_list to update the runtime booleans.
+
+1.27.24 2005-11-08
+ * Changed setfiles -c to use new flag to set_matchpathcon_flags()
+ to disable context translation by matchpathcon_init().
+
+1.27.23 2005-11-07
+ * Changed setfiles for the context canonicalization support.
+
+1.27.22 2005-11-07
+ * Changed setsebool to call semanage_is_managed() interface
+ and fall back to security_set_boolean_list() if policy is
+ not managed.
+
+1.27.21 2005-11-07
+ * Merged setsebool memory leak fix from Ivan Gyurdiev.
+ * Merged setsebool patch to call semanage_set_reload_bools()
+ interface from Ivan Gyurdiev.
+
+1.27.20 2005-11-04
+ * Merged setsebool patch from Ivan Gyurdiev.
+ This moves setsebool from libselinux/utils to policycoreutils,
+ and rewrites it to use libsemanage for permanent boolean changes.
+
+1.27.19 2005-10-25
+ * Merged semodule support for reload, noreload, and store options
+ from Joshua Brindle.
+ * Merged semodule_package rewrite from Joshua Brindle.
+
+1.27.18 2005-10-20
+ * Cleaned up usage and error messages and releasing of memory by
+ semodule_* utilities.
+
+1.27.17 2005-10-20
+ * Corrected error reporting by semodule.
+
+1.27.16 2005-10-19
+ * Updated semodule_expand for change to sepol interface.
+
+1.27.15 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.14 2005-10-18
+ * Updated semodule_package for sepol interface changes.
+
+1.27.13 2005-10-17
+ * Updated semodule_expand/link for sepol interface changes.
+
+1.27.12 2005-10-14
+ * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
+
+1.27.11 2005-10-13
+ * Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
+
+1.27.10 2005-10-13
+ * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
+
+1.27.9 2005-10-13
+ * Merged fixfiles patch from Dan Walsh (Red Hat).
+
+1.27.8 2005-10-13
+ * Updated semodule for removal of semanage_strerror.
+
+1.27.7 2005-10-11
+ * Updated semodule_link and semodule_expand to use shared libsepol.
+ Fixed audit2why to call policydb_init prior to policydb_read (still
+ uses the static libsepol).
+
+1.27.6 2005-10-07
+ * Updated for changes to libsepol.
+ Changed semodule and semodule_package to use the shared libsepol.
+ Disabled build of semodule_link and semodule_expand for now.
+ Updated audit2why for relocated policydb internal headers,
+ still needs to be converted to a shared lib interface.
+
+1.27.5 2005-10-06
+ * Fixed warnings in load_policy.
+
+1.27.4 2005-10-06
+ * Rewrote load_policy to use the new selinux_mkload_policy()
+ interface provided by libselinux.
+
+1.27.3 2005-09-28
+ * Merged patch to update semodule to the new libsemanage API
+ and improve the user interface from Karl MacMillan (Tresys).
+ * Modified semodule for the create/connect API split.
+
+1.27.2 2005-09-20
+ * Merged run_init open_init_pty bug fix from Manoj Srivastava
+ (unblock SIGCHLD). Bug reported by Erich Schubert.
+
+1.27.1 2005-09-20
+ * Merged error shadowing bug fix for restorecon from Dan Walsh.
+ * Merged setfiles usage/man page update for -r option from Dan Walsh.
+ * Merged fixfiles -C patch to ignore :s0 addition on update
+ to a MCS/MLS policy from Dan Walsh.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.9 2005-08-31
+ * Changed setfiles -c to translate the context to raw format
+ prior to calling libsepol.
+
+1.25.8 2005-08-31
+ * Changed semodule to report errors even without -v,
+ to detect extraneous arguments, and corrected usage message.
+
+1.25.7 2005-08-25
+ * Merged patch for fixfiles -C from Dan Walsh.
+
+1.25.6 2005-08-22
+ * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
+ Bugs found by Coverity.
+
+1.25.5 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.25.4 2005-07-27
+ * Changed semodule* to link with libsemanage.
+
+1.25.3 2005-07-26
+ * Merged restorecon patch from Ivan Gyurdiev.
+
+1.25.2 2005-07-11
+ * Merged load_policy, newrole, and genhomedircon patches from Red Hat.
+
+1.25.1 2005-07-06
+ * Merged loadable module support from Tresys Technology.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.11 2005-05-19
+ * Merged fixfiles and newrole patch from Dan Walsh.
+ * Merged audit2why man page from Dan Walsh.
+
+1.23.10 2005-05-16
+ * Extended audit2why to incorporate booleans and local user
+ settings when analyzing audit messages.
+
+1.23.9 2005-05-13
+ * Updated audit2why for sepol_ prefixes on Flask types to
+ avoid namespace collision with libselinux, and to
+ include <selinux/selinux.h> now.
+
+1.23.8 2005-05-13
+ * Added audit2why utility.
+
+1.23.7 2005-04-29
+ * Merged patch for fixfiles from Dan Walsh.
+ Allow passing -F to force reset of customizable contexts.
+
+1.23.6 2005-04-13
+ * Fixed signed/unsigned pointer bug in load_policy.
+ * Reverted context validation patch for genhomedircon.
+
+1.23.5 2005-04-12
+ * Reverted load_policy is_selinux_enabled patch from Dan Walsh.
+ Otherwise, an initial policy load cannot be performed using
+ load_policy, e.g. for anaconda.
+
+1.23.4 2005-04-08
+ * Merged load_policy is_selinux_enabled patch from Dan Walsh.
+ * Merged restorecon verbose output patch from Dan Walsh.
+ * Merged setfiles altroot patch from Chris PeBenito.
+
+1.23.3 2005-03-17
+ * Merged context validation patch for genhomedircon from Eric Paris.
+
+1.23.2 2005-03-16
+ * Changed setfiles -c to call set_matchpathcon_flags(3) to
+ turn off processing of .homedirs and .local.
+
+1.23.1 2005-03-14
+ * Merged rewrite of genhomedircon by Eric Paris.
+ * Changed fixfiles to relabel jfs since it now supports security xattrs
+ (as of 2.6.11). Removed reiserfs until 2.6.12 is released with
+ fixed support for reiserfs and selinux.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.22 2005-03-07
+ * Merged restorecon and genhomedircon patch from Dan Walsh.
+
+1.21.21 2005-02-28
+ * Merged load_policy and genhomedircon patch from Dan Walsh.
+
+1.21.20 2005-02-24
+ * Merged fixfiles and genhomedircon patch from Dan Walsh.
+
+1.21.19 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.18 2005-02-18
+ * Changed load_policy to fall back to the original policy upon
+ an error from sepol_genusers().
+
+1.21.17 2005-02-17
+ * Merged new genhomedircon script from Dan Walsh.
+
+1.21.16 2005-02-17
+ * Changed load_policy to call sepol_genusers().
+
+1.21.15 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.14 2005-02-08
+ * Merged restorecon patch from Dan Walsh.
+
+1.21.13 2005-02-07
+ * Merged sestatus patch from Dan Walsh.
+ * Merged further change to fixfiles -C from Dan Walsh.
+
+1.21.12 2005-02-02
+ * Merged further patches for restorecon/setfiles -e and fixfiles -C.
+
+1.21.11 2005-02-02
+ * Merged patch for fixfiles -C option from Dan Walsh.
+ * Merged patch -e support for restorecon from Dan Walsh.
+ * Merged updated -e support for setfiles from Dan Walsh.
+
+1.21.10 2005-01-31
+ * Merged patch for open_init_pty from Manoj Srivastava.
+
+1.21.9 2005-01-28
+ * Merged updated fixfiles script from Dan Walsh.
+ * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
+ * Reverted fixfiles patch for file_contexts.local;
+ obsoleted by setfiles rewrite.
+ * Merged error handling patch for restorecon from Dan Walsh.
+ * Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
+
+1.21.8 2005-01-28
+ * Rewrote setfiles to use matchpathcon and the new interfaces
+ exported by libselinux (>= 1.21.5).
+
+1.21.7 2005-01-27
+ * Prevent overflow of spec array in setfiles.
+
+1.21.6 2005-01-27
+ * Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
+
+1.21.5 2005-01-26
+ * Merged newrole -l support from Darrel Goeddel (TCS).
+
+1.21.4 2005-01-25
+ * Merged fixfiles patch for file_contexts.local from Dan Walsh.
+
+1.21.3 2005-01-21
+ * Fixed restorecon to not treat errors from is_context_customizable()
+ as a customizable context.
+ * Merged setfiles/restorecon patch to not reset user field unless
+ -F option is specified from Dan Walsh.
+
+1.21.2 2005-01-21
+ * Merged open_init_pty helper for run_init from Manoj Srivastava.
+ * Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
+
+1.21.1 2005-01-19
+ * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
+
+1.20 2005-01-06
+ * Merged fixfiles rewrite from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged fixfiles and restorecon patches from Dan Walsh.
+ * Changed restorecon to ignore ENOENT errors from matchpathcon.
+ * Merged nonls patch from Chris PeBenito.
+ * Removed fixfiles.cron.
+ * Merged run_init.8 patch from Dan Walsh.
+
+1.18 2004-11-01
+ * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
+ * Merged sestatus patch from Steve Grubb.
+ * Merged fixfiles patch from Dan Walsh.
+ * Added -l option to setfiles to log changes via syslog.
+ * Merged -e option to setfiles to exclude directories.
+ * Merged -R option to restorecon for recursive descent.
+ * Merged sestatus patch from Steve Grubb via Dan Walsh.
+ * Merged load_policy and fixfiles.cron patches from Dan Walsh.
+ * Merged fix for setfiles context validation patch from Colin Walters.
+ * Merged setfiles context validation patch from Colin Walters.
+ * Merged genhomedircon patch from Russell Coker.
+ * Merged restorecon patch from Russell Coker.
+
+1.16 2004-08-13
+ * Merged audit2allow fix from Tom London.
+ * Merged load_policy man page from Dan Walsh.
+ * Merged newrole bug fix from Chad Hanson.
+ * Changed load_policy to preserve booleans by default.
+ * Changed load_policy to invoke sepol_genbools() instead.
+ * Changed load_policy to also invoke security_load_booleans().
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Changed restorecon to use realpath.
+ * Merged fixfiles patch from Dan Walsh.
+ * Merged genhomedircon patch from Russell Coker and Dan Walsh.
+ * Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
+ * Merged stat fix for setfiles -s from Russell Coker.
+
+1.14 2004-06-25
+ * Merged fix for fixfiles.
+ * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
+ * Merged updated genhomedircon script from Russell Coker.
+ * Merged run_init patch to find initrc_context from Dan Walsh.
+ * Merged fixfiles patch for /etc/selinux from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged fixfiles patch from Dan Walsh.
+
+1.12 2004-05-10
+ * Merged newrole patch from Colin Walters.
+ * Merged fixfiles from Dan Walsh.
+
+1.10 2004-04-05
+ * Changed setfiles to not abort upon lsetfilecon failures.
+ * Merged sestatus from Chris PeBenito.
+ * Merged fixes for restorecon.
+ * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
+ * Merged restorecon patch from Dan Walsh.
+ * Revert add_assoc change from setfiles.
+ * Moved restorecon to /sbin.
+ * Disable add_assoc in setfiles by default, use -a to enable.
+ * Merged genhomedircon patch from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged setfiles buffer size change from Dan Walsh.
+ * Merged genhomedircon fix from Karl MacMillan of Tresys.
+ This generates separate lines for each prefix.
+
+1.8 2004-03-09
+ * Merged genhomedircon patch from Karl MacMillan of Tresys.
+ * Removed checkcon script (obsoleted by restorecon -nv).
+ * Replaced restorecon script with C program from Dan Walsh.
+ Uses the new matchpathcon function from libselinux.
+
+1.6 2004-02-18
+ * Fixed setfiles sorting problem reported by Colin Walters.
+ * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
+ * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
+ * Quiet warning about duplicate same specifications if -q is used.
+ * Fixed usage message of audit2allow.
+
+1.4 2003-12-01
+ * Merged patch from Russell Coker.
+ * Added audit2allow (formerly newrules.pl from policy).
+ * Dropped -lattr from Makefiles.
+ * Merged setfiles check type first patch by Russell Coker.
+
+1.2 2003-09-30
+ * Merged run_init close file patch from Chris PeBenito.
+ * Merged setfiles stem compression patch by Russell Coker.
+ * Merged setfiles usage/getopt/err patch by Russell Coker.
+ * Merged setfiles altroot patch by Hardened Gentoo team.
+ * Merged i18n patch by Dan Walsh.
+ * Changed Makefiles to allow non-root rpm builds.
+
+1.1 2003-08-13
+ * Dropped obsolete psid code from setfiles.
+
+1.0 2003-07-11
+ * Initial public release.
+
diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
new file mode 100644
index 0000000..538302b
--- /dev/null
+++ b/policycoreutils/Makefile
@@ -0,0 +1,14 @@
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+
+INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+
+ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
+ SUBDIRS += restorecond
+endif
+
+all install relabel clean indent:
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+ done
+
+test:
diff --git a/policycoreutils/VERSION b/policycoreutils/VERSION
new file mode 100644
index 0000000..ff9a9b7
--- /dev/null
+++ b/policycoreutils/VERSION
@@ -0,0 +1 @@
+2.0.54
diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile
new file mode 100644
index 0000000..144f10f
--- /dev/null
+++ b/policycoreutils/audit2allow/Makefile
@@ -0,0 +1,22 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= $(PREFIX)/lib
+MANDIR ?= $(PREFIX)/share/man
+LOCALEDIR ?= /usr/share/locale
+
+all: ;
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 audit2allow $(BINDIR)
+ install -m 755 sepolgen-ifgen $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2allow.1 $(MANDIR)/man1/
+
+clean:
+ rm -f *~
+
+indent: ;
+
+relabel: ;
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
new file mode 100644
index 0000000..a187edf
--- /dev/null
+++ b/policycoreutils/audit2allow/audit2allow
@@ -0,0 +1,344 @@
+#! /usr/bin/python -E
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006-2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+
+import sepolgen.audit as audit
+import sepolgen.policygen as policygen
+import sepolgen.interfaces as interfaces
+import sepolgen.output as output
+import sepolgen.objectmodel as objectmodel
+import sepolgen.defaults as defaults
+import sepolgen.module as module
+from sepolgen.sepolgeni18n import _
+
+class AuditToPolicy:
+ VERSION = "%prog .1"
+ SYSLOG = "/var/log/messages"
+
+ def __init__(self):
+ self.__options = None
+ self.__parser = None
+ self.__avs = None
+
+ def __parse_options(self):
+ from optparse import OptionParser
+
+ parser = OptionParser(version=self.VERSION)
+ parser.add_option("-a", "--audit", action="store_true", dest="audit", default=False,
+ help="read input from audit log - conflicts with -i")
+ parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
+ help="read input from dmesg - conflicts with --audit and --input")
+ parser.add_option("-i", "--input", dest="input",
+ help="read input from <input> - conflicts with -a")
+ parser.add_option("-l", "--lastreload", action="store_true", dest="lastreload", default=False,
+ help="read input only after the last reload")
+ parser.add_option("-r", "--requires", action="store_true", dest="requires", default=False,
+ help="generate require statements for rules")
+ parser.add_option("-m", "--module", dest="module",
+ help="set the module name - implies --requires")
+ parser.add_option("-M", "--module-package", dest="module_package",
+ help="generate a module package - conflicts with -o and -m")
+ parser.add_option("-o", "--output", dest="output",
+ help="append output to <filename>, conflicts with -M")
+ parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
+ default=True, help="generate refpolicy style output")
+
+ parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
+ default=False, help="do not generate refpolicy style output")
+ parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
+ default=False, help="explain generated output")
+ parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
+ default=False, help="fully explain generated output")
+ parser.add_option("-t", "--type", help="only process messages with a type that matches this regex",
+ dest="type")
+ parser.add_option("--perm-map", dest="perm_map", help="file name of perm map")
+ parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
+ parser.add_option("--debug", dest="debug", action="store_true", default=False,
+ help="leave generated modules for -M")
+
+ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
+ help="Translates SELinux audit messages into a description of why the access was denied")
+
+ options, args = parser.parse_args()
+
+ # Make -d, -a, and -i conflict
+ if options.audit is True:
+ if options.input is not None:
+ sys.stderr.write("error: --audit conflicts with --input\n")
+ if options.dmesg is True:
+ sys.stderr.write("error: --audit conflicts with --dmesg\n")
+ if options.input is not None and options.dmesg is True:
+ sys.stderr.write("error: --input conflicts with --dmesg\n")
+
+ # Turn on requires generation if a module name is given. Also verify
+ # the module name.
+ if options.module:
+ name = options.module
+ else:
+ name = options.module_package
+ if name:
+ options.requires = True
+ if not module.is_valid_name(name):
+ sys.stderr.write("only letters and numbers allowed in module names\n")
+ sys.exit(2)
+
+ # Make -M and -o conflict
+ if options.module_package:
+ if options.output:
+ sys.stderr.write("error: --module-package conflicts with --output\n")
+ sys.exit(2)
+ if options.module:
+ sys.stderr.write("error: --module-package conflicts with --module\n")
+ sys.exit(2)
+
+ self.__options = options
+
+ def __read_input(self):
+ parser = audit.AuditParser(last_load_only=self.__options.lastreload)
+
+ filename = None
+ messages = None
+ f = None
+
+ # Figure out what input we want
+ if self.__options.input is not None:
+ filename = self.__options.input
+ elif self.__options.dmesg:
+ messages = audit.get_dmesg_msgs()
+ elif self.__options.audit:
+ try:
+ messages = audit.get_audit_msgs()
+ except OSError, e:
+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+ sys.exit(1)
+ else:
+ # This is the default if no input is specified
+ f = sys.stdin
+
+ # Get the input
+ if filename is not None:
+ try:
+ f = open(filename)
+ except IOError, e:
+ sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e)))
+ sys.exit(1)
+
+ if f is not None:
+ parser.parse_file(f)
+ f.close()
+
+ if messages is not None:
+ parser.parse_string(messages)
+
+ self.__parser = parser
+
+ def __process_input(self):
+ if self.__options.type:
+ avcfilter = audit.AVCTypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ csfilter = audit.ComputeSidTypeFilter(self.__options.type)
+ self.__role_types = self.__parser.to_role(csfilter)
+ else:
+ self.__avs = self.__parser.to_access()
+ self.__role_types = self.__parser.to_role()
+
+ def __load_interface_info(self):
+ # Load interface info file
+ if self.__options.interface_info:
+ fn = self.__options.interface_info
+ else:
+ fn = defaults.interface_info()
+ try:
+ fd = open(fn)
+ except:
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
+ sys.exit(1)
+
+ ifs = interfaces.InterfaceSet()
+ ifs.from_file(fd)
+ fd.close()
+
+ # Also load perm maps
+ if self.__options.perm_map:
+ fn = self.__options.perm_map
+ else:
+ fn = defaults.perm_map()
+ try:
+ fd = open(fn)
+ except:
+ sys.stderr.write("could not open perm map [%s]\n" % fn)
+ sys.exit(1)
+
+ perm_maps = objectmodel.PermMappings()
+ perm_maps.from_file(fd)
+
+ return (ifs, perm_maps)
+
+ def __output_modulepackage(self, writer, generator):
+ generator.set_module_name(self.__options.module_package)
+ filename = self.__options.module_package + ".te"
+ packagename = self.__options.module_package + ".pp"
+
+ try:
+ fd = open(filename, "w")
+ except IOError, e:
+ sys.stderr.write("could not write output file: %s\n", str(e))
+ sys.exit(1)
+
+ writer.write(generator.get_module(), fd)
+ fd.close()
+
+ mc = module.ModuleCompiler()
+
+ try:
+ mc.create_module_package(filename, self.__options.refpolicy)
+ except RuntimeError, e:
+ print e
+ sys.exit(1)
+
+ sys.stdout.write(_("******************** IMPORTANT ***********************\n"))
+ sys.stdout.write((_("To make this policy package active, execute:" +\
+ "\n\nsemodule -i %s\n\n") % packagename))
+
+ def __output_audit2why(self):
+ import selinux
+ import selinux.audit2why as audit2why
+ import seobject
+ audit2why.init()
+ for i in self.__parser.avc_msgs:
+ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
+ if rc >= 0:
+ print "%s\n\tWas caused by:" % i.message
+ if rc == audit2why.NOPOLICY:
+ raise RuntimeError("Must call policy_init first")
+ if rc == audit2why.BADTCON:
+ print "Invalid Target Context %s\n" % i.tcontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Source Context %s\n" % i.scontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Type Class %s\n" % i.tclass
+ continue
+ if rc == audit2why.BADPERM:
+ print "Invalid permission %s\n" % i.accesses
+ continue
+ if rc == audit2why. BADCOMPUTE:
+ raise RuntimeError("Error during access vector computation")
+ if rc == audit2why.ALLOW:
+ print "\t\tUnknown - would be allowed by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+ continue
+ if rc == audit2why.DONTAUDIT:
+ print "\t\tUnknown - should be dontaudit'd by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+ continue
+ if rc == audit2why.BOOLEAN:
+ if len(bools) > 1:
+ print "\tOne of the following booleans was set incorrectly."
+ for b in bools:
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
+ else:
+ print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
+ continue
+
+ if rc == audit2why.TERULE:
+ print "\t\tMissing type enforcement (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
+ continue
+
+ if rc == audit2why.CONSTRAINT:
+ print "\t\tPolicy constraint violation.\n"
+ print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
+ print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
+ continue
+
+ if rc == audit2why.RBAC:
+ print "\t\tMissing role allow rule.\n"
+ print "\t\tAdd an allow rule for the role pair.\n"
+ continue
+
+ audit2why.finish()
+ return
+
+ def __output(self):
+
+ if self.__options.audit2why:
+ return self.__output_audit2why()
+
+ g = policygen.PolicyGenerator()
+
+ if self.__options.module:
+ g.set_module_name(self.__options.module)
+
+ # Interface generation
+ if self.__options.refpolicy:
+ ifs, perm_maps = self.__load_interface_info()
+ g.set_gen_refpol(ifs, perm_maps)
+
+ # Explanation
+ if self.__options.verbose:
+ g.set_gen_explain(policygen.SHORT_EXPLANATION)
+ if self.__options.explain_long:
+ g.set_gen_explain(policygen.LONG_EXPLANATION)
+
+ # Requires
+ if self.__options.requires:
+ g.set_gen_requires(True)
+
+ # Generate the policy
+ g.add_access(self.__avs)
+ g.add_role_types(self.__role_types)
+
+ # Output
+ writer = output.ModuleWriter()
+
+ # Module package
+ if self.__options.module_package:
+ self.__output_modulepackage(writer, g)
+ else:
+ # File or stdout
+ if self.__options.module:
+ g.set_module_name(self.__options.module)
+
+ if self.__options.output:
+ fd = open(self.__options.output, "w")
+ else:
+ fd = sys.stdout
+ writer.write(g.get_module(), fd)
+
+ def main(self):
+ try:
+ self.__parse_options()
+ self.__read_input()
+ self.__process_input()
+ self.__output()
+ except KeyboardInterrupt:
+ sys.exit(0)
+
+if __name__ == "__main__":
+ app = AuditToPolicy()
+ app.main()
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
new file mode 100644
index 0000000..b7169c3
--- /dev/null
+++ b/policycoreutils/audit2allow/audit2allow.1
@@ -0,0 +1,185 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2005 Manoj Srivastava <srivasta@debian.org>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.\"
+.TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
+.SH NAME
+.BR audit2allow
+ \- generate SELinux policy allow rules from logs of denied operations
+
+.BR audit2why
+ \- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
+
+.SH SYNOPSIS
+.B audit2allow
+.RI [ options "] "
+.SH OPTIONS
+.TP
+.B "\-a" | "\-\-all"
+Read input from audit and message log, conflicts with -i
+.TP
+.B "\-d" | "\-\-dmesg"
+Read input from output of
+.I /bin/dmesg.
+Note that all audit messages are not available via dmesg when
+auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
+.TP
+.B "\-f" | "\-\-fcfile" <File Context File>
+Add File Context File to generated Module Package. Requires -M option.
+.TP
+.B "\-h" | "\-\-help"
+Print a short usage message
+.TP
+.B "\-i <inputfile>" | "\-\-input <inputfile>"
+read input from
+.I <inputfile>
+.TP
+.B "\-l" | "\-\-lastreload"
+read input only after last policy reload
+.TP
+.B "\-m <modulename>" | "\-\-module <modulename>"
+Generate module/require output <modulename>
+.TP
+.B "\-M <modulename>"
+Generate loadable module package, conflicts with -o
+.TP
+.B "\-o <outputfile>" | "\-\-output <outputfile>"
+append output to
+.I <outputfile>
+.TP
+.B "\-r" | "\-\-requires"
+Generate require output syntax for loadable modules.
+.TP
+.B "\-N" | "\-\-noreference"
+Do not generate reference policy, traditional style allow rules.
+This is the default behavior.
+.TP
+.B "\-R" | "\-\-reference"
+Generate reference policy using installed macros.
+This attempts to match denials against interfaces and may be inaccurate.
+.TP
+.B "\-t " | "\-\-tefile"
+Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
+.TP
+.B "\-w" | "\-\-why"
+Translates SELinux audit messages into a description of why the access wasn denied
+
+.TP
+.B "\-v" | "\-\-verbose"
+Turn on verbose output
+
+.SH DESCRIPTION
+.PP
+This utility scans the logs for messages logged when the system denied
+permission for operations, and generates a snippet of policy rules
+which, if loaded into policy, might have allowed those operations to
+succeed. However, this utility only generates Type Enforcement (TE) allow
+rules. Certain permission denials may require other kinds of policy changes,
+e.g. adding an attribute to a type declaration to satisfy an existing
+constraint, adding a role allow rule, or modifying a constraint. The
+.BR audit2why (8)
+utility may be used to diagnose the reason when it is unclear.
+.PP
+Care must be exercised while acting on the output of this utility to
+ensure that the operations being permitted do not pose a security
+threat. Often it is better to define new domains and/or types, or make other
+structural changes to narrowly allow an optimal set of operations to
+succeed, as opposed to blindly implementing the sometimes broad
+changes recommended by this utility. Certain permission denials are
+not fatal to the application, in which case it may be preferable to
+simply suppress logging of the denial via a 'dontaudit' rule rather than
+an 'allow' rule.
+.PP
+.SH EXAMPLE
+.nf
+.B NOTE: These examples are for systems using the audit package. If you do
+.B not use the audit package, the AVC messages will be in /var/log/messages.
+.B Please substitute /var/log/messages for /var/log/audit/audit.log in the
+.B examples.
+.PP
+.B Using audit2allow to generate monolithic (non-module) policy
+$ cd /etc/selinux/$SELINUXTYPE/src/policy
+$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
+$ cat domains/misc/local.te
+allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
+<review domains/misc/local.te and customize as desired>
+$ make load
+
+.B Using audit2allow to generate module policy
+
+$ cat /var/log/audit/audit.log | audit2allow -m local > local.te
+$ cat local.te
+module local 1.0;
+
+require {
+ role system_r;
+
+
+ class fifo_file { getattr ioctl };
+
+
+ type cupsd_config_t;
+ type unconfined_t;
+ };
+
+
+allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
+<review local.te and customize as desired>
+
+.B Building module policy manually
+
+# Compile the module
+$ checkmodule -M -m -o local.mod local.te
+# Create the package
+$ semodule_package -o local.pp -m local.mod
+# Load the module into the kernel
+$ semodule -i local.pp
+
+.B Using audit2allow to generate and build module policy
+$ cat /var/log/audit/audit.log | audit2allow -M local
+Generating type enforcment file: local.te
+Compiling policy: checkmodule -M -m -o local.mod local.te
+Building package: semodule_package -o local.pp -m local.mod
+
+******************** IMPORTANT ***********************
+
+In order to load this newly created policy package into the kernel,
+you are required to execute
+
+semodule -i local.pp
+
+.fi
+.PP
+.SH AUTHOR
+This manual page was written by
+.I Manoj Srivastava <srivasta@debian.org>,
+for the Debian GNU/Linux system. It was updated by Dan Walsh <dwalsh@redhat.com>
+.PP
+The
+.B audit2allow
+utility has contributions from several people, including
+.I Justin R. Smith
+and
+.I Yuichi Nakamura.
+and
+.I Dan Walsh
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
new file mode 100644
index 0000000..03f95a1
--- /dev/null
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
@@ -0,0 +1,89 @@
+#! /usr/bin/python -E
+#
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+# Parse interfaces and output extracted information about them
+# suitable for policy generation. By default writes the output
+# to the default location (obtained from sepolgen.defaults), but
+# will output to another file provided as an argument:
+# sepolgen-ifgen [headers] [output-filename]
+
+
+import sys
+import os
+
+import sepolgen.refparser as refparser
+import sepolgen.defaults as defaults
+import sepolgen.interfaces as interfaces
+
+
+VERSION = "%prog .1"
+
+def parse_options():
+ from optparse import OptionParser
+
+ parser = OptionParser(version=VERSION)
+ parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(),
+ help="filename to store output")
+ parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
+ help="location of the interface header files")
+ parser.add_option("-v", "--verbose", action="store_true", default=False,
+ help="print debuging output")
+ parser.add_option("-d", "--debug", action="store_true", default=False,
+ help="extra debugging output")
+ options, args = parser.parse_args()
+
+ return options
+
+
+def main():
+ options = parse_options()
+
+ # Open the output first to generate errors before parsing
+ try:
+ f = open(options.output, "w")
+ except IOError, e:
+ sys.stderr.write("could not open output file [%s]\n" % options.output)
+ return 1
+
+ if options.verbose:
+ log = sys.stdout
+ else:
+ log = None
+
+ try:
+ headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
+ except ValueError, e:
+ print "error parsing headers"
+ print str(e)
+ return 1
+
+ if_set = interfaces.InterfaceSet(output=log)
+ if_set.add_headers(headers)
+ if_set.to_file(f)
+ f.close()
+
+ if refparser.success:
+ return 0
+ else:
+ return 1
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile
new file mode 100644
index 0000000..bbf19e9
--- /dev/null
+++ b/policycoreutils/audit2why/Makefile
@@ -0,0 +1,18 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+
+TARGETS=audit2why
+
+all: $(TARGETS)
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2why.1 $(MANDIR)/man1/
+
+clean:
+
+relabel:
diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why
new file mode 100644
index 0000000..21a72aa
--- /dev/null
+++ b/policycoreutils/audit2why/audit2why
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/audit2allow -w $*
diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1
new file mode 100644
index 0000000..a9e8893
--- /dev/null
+++ b/policycoreutils/audit2why/audit2why.1
@@ -0,0 +1 @@
+.so man1/audit2allow.1
diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
new file mode 100644
index 0000000..2dd2943
--- /dev/null
+++ b/policycoreutils/load_policy/Makefile
@@ -0,0 +1,28 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR ?= $(PREFIX)/share/man
+LOCALEDIR ?= /usr/share/locale
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib
+
+TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+
+all: $(TARGETS)
+
+install: all
+ -mkdir -p $(SBINDIR)
+ install -m 755 $(TARGETS) $(SBINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 load_policy.8 $(MANDIR)/man8/
+
+clean:
+ -rm -f $(TARGETS) *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
+ /sbin/restorecon $(SBINDIR)/load_policy
diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8
new file mode 100644
index 0000000..f9ca36e
--- /dev/null
+++ b/policycoreutils/load_policy/load_policy.8
@@ -0,0 +1,43 @@
+.TH LOAD_POLICY "8" "May 2003" "Security Enhanced Linux" NSA
+.SH NAME
+load_policy \- load a new SELinux policy into the kernel
+
+.SH SYNOPSIS
+.B load_policy
+[-qi]
+.br
+.SH DESCRIPTION
+.PP
+load_policy loads the installed policy file into the kernel.
+The existing policy boolean values are automatically preserved
+across policy reloads rather than being reset to the default
+values in the policy file.
+
+.SH "OPTIONS"
+.TP
+.B \-q
+suppress warning messages.
+.TP
+.B \-i
+inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
+
+.SH "EXIT STATUS"
+.TP
+.B 0
+Success
+.TP
+.B 1
+Invalid option
+.TP
+.B 2
+Policy load failed
+.TP
+.B 3
+Initial policy load failed and enforcing mode requested
+.SH SEE ALSO
+.B booleans
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
new file mode 100644
index 0000000..47d9b0f
--- /dev/null
+++ b/policycoreutils/load_policy/load_policy.c
@@ -0,0 +1,95 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <getopt.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include <sepol/sepol.h>
+#ifdef USE_NLS
+#include <locale.h> /* for setlocale() */
+#include <libintl.h> /* for gettext() */
+#define _(msgid) gettext (msgid)
+#else
+#define _(msgid) (msgid)
+#endif
+#ifndef PACKAGE
+#define PACKAGE "policycoreutils" /* the name of this package lang translation */
+#endif
+
+void usage(char *progname)
+{
+ fprintf(stderr, _("usage: %s [-qi]\n"), progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int ret, opt, quiet = 0, nargs, init=0, enforce=0;
+
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+#endif
+
+ while ((opt = getopt(argc, argv, "bqi")) > 0) {
+ switch (opt) {
+ case 'b':
+ fprintf(stderr, "%s: Warning! The -b option is no longer supported, booleans are always preserved across reloads. Continuing...\n",
+ argv[0]);
+ break;
+ case 'q':
+ quiet = 1;
+ sepol_debug(0);
+ break;
+ case 'i':
+ init = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ nargs = argc - optind;
+ if (nargs > 2)
+ usage(argv[0]);
+ if (nargs >= 1 && !quiet) {
+ fprintf(stderr,
+ "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n",
+ argv[0], argv[optind++]);
+ }
+ if (nargs == 2 && ! quiet) {
+ fprintf(stderr,
+ "%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
+ argv[0], argv[optind++]);
+ }
+ if (init) {
+ if (is_selinux_enabled() == 1) {
+ /* SELinux is already enabled, we should not do an initial load again */
+ fprintf(stderr,
+ _("%s: Policy is already loaded and initial load requested\n"),
+ argv[0]);
+ exit(2);
+ }
+ ret = selinux_init_load_policy(&enforce);
+ if (ret != 0 ) {
+ if (enforce > 0) {
+ /* SELinux in enforcing mode but load_policy failed */
+ fprintf(stderr,
+ _("%s: Can't load policy and enforcing mode requested: %s\n"),
+ argv[0], strerror(errno));
+ exit(3);
+ }
+ }
+ }
+ else {
+ ret = selinux_mkload_policy(1);
+ }
+ if (ret < 0) {
+ fprintf(stderr, _("%s: Can't load policy: %s\n"),
+ argv[0], strerror(errno));
+ exit(2);
+ }
+ exit(0);
+}
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
new file mode 100644
index 0000000..6c19bd1
--- /dev/null
+++ b/policycoreutils/newrole/Makefile
@@ -0,0 +1,85 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+ETCDIR ?= $(DESTDIR)/etc
+LOCALEDIR = /usr/share/locale
+PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+# Enable capabilities to permit newrole to generate audit records.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_AUDIT_WRITE.
+AUDIT_LOG_PRIV ?= n
+# Enable capabilities to permit newrole to utilitize the pam_namespace module.
+# This will make newrole a setuid root program.
+# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
+# CAP_DAC_OVERRIDE.
+NAMESPACE_PRIV ?= n
+# If LSPP_PRIV is y, then newrole will be made into setuid root program.
+# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
+LSPP_PRIV ?= n
+VERSION = $(shell cat ../VERSION)
+
+CFLAGS ?= -Werror -Wall -W
+EXTRA_OBJS =
+override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(PREFIX)/lib
+ifeq (${PAMH}, /usr/include/security/pam_appl.h)
+ override CFLAGS += -DUSE_PAM
+ EXTRA_OBJS += hashtab.o
+ LDLIBS += -lpam -lpam_misc
+else
+ override CFLAGS += -D_XOPEN_SOURCE=500
+ LDLIBS += -lcrypt
+endif
+ifeq (${AUDITH}, /usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+endif
+ifeq (${LSPP_PRIV},y)
+ override AUDIT_LOG_PRIV=y
+ override NAMESPACE_PRIV=y
+endif
+ifeq (${AUDIT_LOG_PRIV},y)
+ override CFLAGS += -DAUDIT_LOG_PRIV
+ IS_SUID=y
+endif
+ifeq (${NAMESPACE_PRIV},y)
+ override CFLAGS += -DNAMESPACE_PRIV
+ IS_SUID=y
+endif
+ifeq (${IS_SUID},y)
+ MODE := 4555
+ LDLIBS += -lcap
+else
+ MODE := 0555
+endif
+
+all: newrole
+
+newrole: newrole.o $(EXTRA_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+install: all
+ test -d $(BINDIR) || install -m 755 -d $(BINDIR)
+ test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ install -m $(MODE) newrole $(BINDIR)
+ install -m 644 newrole.1 $(MANDIR)/man1/
+ifeq (${PAMH}, /usr/include/security/pam_appl.h)
+ test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ifeq (${LSPP_PRIV},y)
+ install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+else
+ install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+endif
+endif
+
+clean:
+ rm -f newrole *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel: install
+ /sbin/restorecon $(BINDIR)/newrole
diff --git a/policycoreutils/newrole/hashtab.c b/policycoreutils/newrole/hashtab.c
new file mode 100644
index 0000000..0442ab3
--- /dev/null
+++ b/policycoreutils/newrole/hashtab.c
@@ -0,0 +1,292 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * Implementation of the hash table type.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include "hashtab.h"
+
+hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ const hashtab_key_t key),
+ int (*keycmp) (hashtab_t h,
+ const hashtab_key_t key1,
+ const hashtab_key_t key2),
+ unsigned int size)
+{
+
+ hashtab_t p;
+ unsigned int i;
+
+ p = (hashtab_t) malloc(sizeof(hashtab_val_t));
+ if (p == NULL)
+ return p;
+
+ memset(p, 0, sizeof(hashtab_val_t));
+ p->size = size;
+ p->nel = 0;
+ p->hash_value = hash_value;
+ p->keycmp = keycmp;
+ p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size);
+ if (p->htable == NULL) {
+ free(p);
+ return NULL;
+ }
+ for (i = 0; i < size; i++)
+ p->htable[i] = (hashtab_ptr_t) NULL;
+
+ return p;
+}
+
+int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+ if (!h)
+ return HASHTAB_OVERFLOW;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0))
+ return HASHTAB_PRESENT;
+
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return HASHTAB_OVERFLOW;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+
+ h->nel++;
+ return HASHTAB_SUCCESS;
+}
+
+int hashtab_remove(hashtab_t h, hashtab_key_t key,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ int hvalue;
+ hashtab_ptr_t cur, last;
+
+ if (!h)
+ return HASHTAB_MISSING;
+
+ hvalue = h->hash_value(h, key);
+ last = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ last = cur;
+ cur = cur->next;
+ }
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return HASHTAB_MISSING;
+
+ if (last == NULL)
+ h->htable[hvalue] = cur->next;
+ else
+ last->next = cur->next;
+
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ free(cur);
+ h->nel--;
+ return HASHTAB_SUCCESS;
+}
+
+int hashtab_replace(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ int hvalue;
+ hashtab_ptr_t prev, cur, newnode;
+
+ if (!h)
+ return HASHTAB_OVERFLOW;
+
+ hvalue = h->hash_value(h, key);
+ prev = NULL;
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
+ prev = cur;
+ cur = cur->next;
+ }
+
+ if (cur && (h->keycmp(h, key, cur->key) == 0)) {
+ if (destroy)
+ destroy(cur->key, cur->datum, args);
+ cur->key = key;
+ cur->datum = datum;
+ } else {
+ newnode = (hashtab_ptr_t) malloc(sizeof(hashtab_node_t));
+ if (newnode == NULL)
+ return HASHTAB_OVERFLOW;
+ memset(newnode, 0, sizeof(struct hashtab_node));
+ newnode->key = key;
+ newnode->datum = datum;
+ if (prev) {
+ newnode->next = prev->next;
+ prev->next = newnode;
+ } else {
+ newnode->next = h->htable[hvalue];
+ h->htable[hvalue] = newnode;
+ }
+ }
+
+ return HASHTAB_SUCCESS;
+}
+
+hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t key)
+{
+
+ int hvalue;
+ hashtab_ptr_t cur;
+
+ if (!h)
+ return NULL;
+
+ hvalue = h->hash_value(h, key);
+ cur = h->htable[hvalue];
+ while (cur != NULL && h->keycmp(h, key, cur->key) > 0)
+ cur = cur->next;
+
+ if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
+ return NULL;
+
+ return cur->datum;
+}
+
+void hashtab_destroy(hashtab_t h)
+{
+ unsigned int i;
+ hashtab_ptr_t cur, temp;
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ free(temp);
+ }
+ h->htable[i] = NULL;
+ }
+
+ free(h->htable);
+ h->htable = NULL;
+
+ free(h);
+}
+
+int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d, void *args), void *args)
+{
+ unsigned int i, ret;
+ hashtab_ptr_t cur;
+
+ if (!h)
+ return HASHTAB_SUCCESS;
+
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret)
+ return ret;
+ cur = cur->next;
+ }
+ }
+ return HASHTAB_SUCCESS;
+}
+
+void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args)
+{
+ unsigned int i;
+ int ret;
+ hashtab_ptr_t last, cur, temp;
+
+ if (!h)
+ return;
+
+ for (i = 0; i < h->size; i++) {
+ last = NULL;
+ cur = h->htable[i];
+ while (cur != NULL) {
+ ret = apply(cur->key, cur->datum, args);
+ if (ret) {
+ if (last) {
+ last->next = cur->next;
+ } else {
+ h->htable[i] = cur->next;
+ }
+
+ temp = cur;
+ cur = cur->next;
+ if (destroy)
+ destroy(temp->key, temp->datum, args);
+ free(temp);
+ h->nel--;
+ } else {
+ last = cur;
+ cur = cur->next;
+ }
+ }
+ }
+
+ return;
+}
+
+void hashtab_hash_eval(hashtab_t h, char *tag)
+{
+ unsigned int i;
+ int chain_len, slots_used, max_chain_len;
+ hashtab_ptr_t cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < h->size; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ printf
+ ("%s: %d entries and %d/%d buckets used, longest chain length %d\n",
+ tag, h->nel, slots_used, h->size, max_chain_len);
+}
diff --git a/policycoreutils/newrole/hashtab.h b/policycoreutils/newrole/hashtab.h
new file mode 100644
index 0000000..abc80c3
--- /dev/null
+++ b/policycoreutils/newrole/hashtab.h
@@ -0,0 +1,142 @@
+
+/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+
+/* FLASK */
+
+/*
+ * A hash table (hashtab) maintains associations between
+ * key values and datum values. The type of the key values
+ * and the type of the datum values is arbitrary. The
+ * functions for hash computation and key comparison are
+ * provided by the creator of the table.
+ */
+
+#ifndef _NEWROLE_HASHTAB_H_
+#define _NEWROLE_HASHTAB_H_
+
+#include <stdint.h>
+#include <errno.h>
+#include <stdio.h>
+
+typedef char *hashtab_key_t; /* generic key type */
+typedef void *hashtab_datum_t; /* generic datum type */
+
+typedef struct hashtab_node *hashtab_ptr_t;
+
+typedef struct hashtab_node {
+ hashtab_key_t key;
+ hashtab_datum_t datum;
+ hashtab_ptr_t next;
+} hashtab_node_t;
+
+typedef struct hashtab_val {
+ hashtab_ptr_t *htable; /* hash table */
+ unsigned int size; /* number of slots in hash table */
+ uint32_t nel; /* number of elements in hash table */
+ unsigned int (*hash_value) (struct hashtab_val * h, hashtab_key_t key); /* hash function */
+ int (*keycmp) (struct hashtab_val * h, hashtab_key_t key1, hashtab_key_t key2); /* key comparison function */
+} hashtab_val_t;
+
+typedef hashtab_val_t *hashtab_t;
+
+/* Define status codes for hash table functions */
+#define HASHTAB_SUCCESS 0
+#define HASHTAB_OVERFLOW -ENOMEM
+#define HASHTAB_PRESENT -EEXIST
+#define HASHTAB_MISSING -ENOENT
+
+/*
+ Creates a new hash table with the specified characteristics.
+
+ Returns NULL if insufficent space is available or
+ the new hash table otherwise.
+ */
+extern hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
+ const hashtab_key_t
+ key),
+ int (*keycmp) (hashtab_t h,
+ const hashtab_key_t key1,
+ const hashtab_key_t key2),
+ unsigned int size);
+/*
+ Inserts the specified (key, datum) pair into the specified hash table.
+
+ Returns HASHTAB_OVERFLOW if insufficient space is available or
+ HASHTAB_PRESENT if there is already an entry with the same key or
+ HASHTAB_SUCCESS otherwise.
+ */
+extern int hashtab_insert(hashtab_t h, hashtab_key_t k, hashtab_datum_t d);
+
+/*
+ Removes the entry with the specified key from the hash table.
+ Applies the specified destroy function to (key,datum,args) for
+ the entry.
+
+ Returns HASHTAB_MISSING if no entry has the specified key or
+ HASHTAB_SUCCESS otherwise.
+ */
+extern int hashtab_remove(hashtab_t h, hashtab_key_t k,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Insert or replace the specified (key, datum) pair in the specified
+ hash table. If an entry for the specified key already exists,
+ then the specified destroy function is applied to (key,datum,args)
+ for the entry prior to replacing the entry's contents.
+
+ Returns HASHTAB_OVERFLOW if insufficient space is available or
+ HASHTAB_SUCCESS otherwise.
+ */
+extern int hashtab_replace(hashtab_t h, hashtab_key_t k, hashtab_datum_t d,
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Searches for the entry with the specified key in the hash table.
+
+ Returns NULL if no entry has the specified key or
+ the datum of the entry otherwise.
+ */
+extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k);
+
+/*
+ Destroys the specified hash table.
+ */
+extern void hashtab_destroy(hashtab_t h);
+
+/*
+ Applies the specified apply function to (key,datum,args)
+ for each entry in the specified hash table.
+
+ The order in which the function is applied to the entries
+ is dependent upon the internal structure of the hash table.
+
+ If apply returns a non-zero status, then hashtab_map will cease
+ iterating through the hash table and will propagate the error
+ return to its caller.
+ */
+extern int hashtab_map(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args), void *args);
+
+/*
+ Same as hashtab_map, except that if apply returns a non-zero status,
+ then the (key,datum) pair will be removed from the hashtab and the
+ destroy function will be applied to (key,datum,args).
+ */
+extern void hashtab_map_remove_on_error(hashtab_t h,
+ int (*apply) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void (*destroy) (hashtab_key_t k,
+ hashtab_datum_t d,
+ void *args),
+ void *args);
+
+extern void hashtab_hash_eval(hashtab_t h, char *tag);
+
+#endif
diff --git a/policycoreutils/newrole/newrole-lspp.pamd b/policycoreutils/newrole/newrole-lspp.pamd
new file mode 100644
index 0000000..836b689
--- /dev/null
+++ b/policycoreutils/newrole/newrole-lspp.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+password include system-auth
+session required pam_namespace.so unmnt_remnt no_unmount_on_close
diff --git a/policycoreutils/newrole/newrole.1 b/policycoreutils/newrole/newrole.1
new file mode 100644
index 0000000..376c458
--- /dev/null
+++ b/policycoreutils/newrole/newrole.1
@@ -0,0 +1,116 @@
+.TH NEWROLE "1" "October 2000" "Security Enhanced Linux" NSA
+.SH NAME
+newrole \- run a shell with a new SELinux role
+.SH SYNOPSIS
+.B newrole
+[\fB-r\fR|\fB--role\fR]
+\fIROLE\fR
+[\fB-t\fR|\fB--type\fR]
+\fITYPE\fR
+[\fB-l\fR|\fB--level\fR]
+\fILEVEL\fR [-- [\fIARGS\fR]...]
+.SH DESCRIPTION
+.PP
+Run a new shell in a new context. The new context is derived from the
+old context in which
+.B newrole
+is originally executed. If the
+.B -r
+or
+.B --role
+option is specified, then the new context will have the role specified by
+\fIROLE\fR.
+If the
+.B -t
+or
+.B --type
+option is specified, then the new context will have the type (domain)
+specified by
+\fITYPE\fR.
+If a role is specified, but no type is specified, the default type is derived
+from the specified role. If the
+.B -l
+or
+.B --level
+option is specified, then the new context will have the sensitivity level
+specified by
+\fILEVEL\fR.
+If
+\fILEVEL\fR
+is a range, the new context will have the sensitivity level and clearance
+specified by that range.
+.PP
+Additional arguments
+.I ARGS
+may be provided after a -- option,
+in which case they are supplied to the new shell.
+In particular, an argument of -- -c will cause the next argument to be
+treated as a command by most command interpreters.
+.PP
+If a command argument is specified to newrole and the command name is found
+in /etc/selinux/newrole_pam.conf, then the pam service name listed in that
+file for the command will be used rather than the normal newrole pam
+configuration. This allows for per-command pam configuration when
+invoked via newrole, e.g. to skip the interactive re-authentication phase.
+.PP
+The new shell will be the shell specified in the user's entry in the
+.I /etc/passwd
+file.
+.PP
+The
+.B -V
+or
+.B --version
+shows the current version of newrole
+.PP
+.SH EXAMPLE
+.br
+Changing role:
+ # id -Z
+ staff_u:staff_r:staff_t:SystemLow-SystemHigh
+ # newrole -r sysadm_r
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh
+
+Changing sensitivity only:
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+ # newrole -l Secret
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Secret-SystemHigh
+
+.PP
+Changing sensitivity and clearance:
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
+ # newrole -l Secret-Secret
+ # id -Z
+ staff_u:sysadm_r:sysadm_t:Secret
+
+.PP
+Running a program in a given role or level:
+ # newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..."
+ # newrole -l Secret -- -c "/path/to/app arg1 arg2..."
+
+.SH FILES
+/etc/passwd - user account information
+.br
+/etc/shadow - encrypted passwords and age information
+.br
+/etc/selinux/<policy>/contexts/default_type - default types for roles
+.br
+/etc/selinux/<policy>/contexts/securetty_types - securetty types for level changes
+.br
+/etc/selinux/newrole_pam.conf - optional mapping of commands to separate pam service names
+.br
+.SH SEE ALSO
+.B runcon
+(1)
+.SH AUTHORS
+.nf
+Anthony Colatrella
+Tim Fraser
+Steve Grubb <sgrubb@redhat.com>
+Darrel Goeddel <DGoeddel@trustedcs.com>
+Michael Thompson <mcthomps@us.ibm.com>
+Dan Walsh <dwalsh@redhat.com>
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
new file mode 100644
index 0000000..b3880ec
--- /dev/null
+++ b/policycoreutils/newrole/newrole.c
@@ -0,0 +1,1388 @@
+/************************************************************************
+ *
+ * newrole
+ *
+ * SYNOPSIS:
+ *
+ * This program allows a user to change their SELinux RBAC role and/or
+ * SELinux TE type (domain) in a manner similar to the way the traditional
+ * UNIX su program allows a user to change their identity.
+ *
+ * USAGE:
+ *
+ * newrole [ -r role ] [ -t type ] [ -l level ] [ -V ] [ -- args ]
+ *
+ * BUILD OPTIONS:
+ *
+ * option USE_PAM:
+ *
+ * Set the USE_PAM constant if you want to authenticate users via PAM.
+ * If USE_PAM is not set, users will be authenticated via direct
+ * access to the shadow password file.
+ *
+ * If you decide to use PAM must be told how to handle newrole. A
+ * good rule-of-thumb might be to tell PAM to handle newrole in the
+ * same way it handles su, except that you should remove the pam_rootok.so
+ * entry so that even root must re-authenticate to change roles.
+ *
+ * If you choose not to use PAM, make sure you have a shadow passwd file
+ * in /etc/shadow. You can use a symlink if your shadow passwd file
+ * lives in another directory. Example:
+ * su
+ * cd /etc
+ * ln -s /etc/auth/shadow shadow
+ *
+ * If you decide not to use PAM, you will also have to make newrole
+ * setuid root, so that it can read the shadow passwd file.
+ *
+ *
+ * Authors:
+ * Anthony Colatrella
+ * Tim Fraser
+ * Steve Grubb <sgrubb@redhat.com>
+ * Darrel Goeddel <DGoeddel@trustedcs.com>
+ * Michael Thompson <mcthomps@us.ibm.com>
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+ *************************************************************************/
+
+#define _GNU_SOURCE
+
+#if defined(AUDIT_LOG_PRIV) && !defined(USE_AUDIT)
+#error AUDIT_LOG_PRIV needs the USE_AUDIT option
+#endif
+#if defined(NAMESPACE_PRIV) && !defined(USE_PAM)
+#error NAMESPACE_PRIV needs the USE_PAM option
+#endif
+
+#include <stdio.h>
+#include <stdlib.h> /* for malloc(), realloc(), free() */
+#include <pwd.h> /* for getpwuid() */
+#include <ctype.h>
+#include <sys/types.h> /* to make getuid() and getpwuid() happy */
+#include <sys/wait.h> /* for wait() */
+#include <getopt.h> /* for getopt_long() form of getopt() */
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
+#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
+#include <selinux/context.h> /* for context-mangling functions */
+#include <selinux/get_default_type.h>
+#include <selinux/get_context_list.h> /* for SELINUX_DEFAULTUSER */
+#include <signal.h>
+#include <unistd.h> /* for getuid(), exit(), getopt() */
+#ifdef USE_AUDIT
+#include <libaudit.h>
+#endif
+#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
+#include <sys/prctl.h>
+#include <sys/capability.h>
+#endif
+#ifdef USE_NLS
+#include <locale.h> /* for setlocale() */
+#include <libintl.h> /* for gettext() */
+#define _(msgid) gettext (msgid)
+#else
+#define _(msgid) (msgid)
+#endif
+#ifndef PACKAGE
+#define PACKAGE "policycoreutils" /* the name of this package lang translation */
+#endif
+
+/* USAGE_STRING describes the command-line args of this program. */
+#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
+
+#ifdef USE_PAM
+#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf";
+#endif
+
+#define DEFAULT_PATH "/usr/bin:/bin"
+#define DEFAULT_CONTEXT_SIZE 255 /* first guess at context size */
+
+extern char **environ;
+
+/**
+ * Construct from the current range and specified desired level a resulting
+ * range. If the specified level is a range, return that. If it is not, then
+ * construct a range with level as the sensitivity and clearance of the current
+ * context.
+ *
+ * newlevel - the level specified on the command line
+ * range - the range in the current context
+ *
+ * Returns malloc'd memory
+ */
+static char *build_new_range(char *newlevel, const char *range)
+{
+ char *newrangep = NULL;
+ const char *tmpptr;
+ size_t len;
+
+ /* a missing or empty string */
+ if (!range || !strlen(range) || !newlevel || !strlen(newlevel))
+ return NULL;
+
+ /* if the newlevel is actually a range - just use that */
+ if (strchr(newlevel, '-')) {
+ newrangep = strdup(newlevel);
+ return newrangep;
+ }
+
+ /* look for MLS range in current context */
+ tmpptr = strchr(range, '-');
+ if (tmpptr) {
+ /* we are inserting into a ranged MLS context */
+ len = strlen(newlevel) + 1 + strlen(tmpptr + 1) + 1;
+ newrangep = (char *)malloc(len);
+ if (!newrangep)
+ return NULL;
+ snprintf(newrangep, len, "%s-%s", newlevel, tmpptr + 1);
+ } else {
+ /* we are inserting into a currently non-ranged MLS context */
+ if (!strcmp(newlevel, range)) {
+ newrangep = strdup(range);
+ } else {
+ len = strlen(newlevel) + 1 + strlen(range) + 1;
+ newrangep = (char *)malloc(len);
+ if (!newrangep)
+ return NULL;
+ snprintf(newrangep, len, "%s-%s", newlevel, range);
+ }
+ }
+
+ return newrangep;
+}
+
+#ifdef USE_PAM
+
+/************************************************************************
+ *
+ * All PAM code goes in this section.
+ *
+ ************************************************************************/
+#include <security/pam_appl.h> /* for PAM functions */
+#include <security/pam_misc.h> /* for misc_conv PAM utility function */
+
+char *service_name = "newrole";
+
+/* authenticate_via_pam()
+ *
+ * in: pw - struct containing data from our user's line in
+ * the passwd file.
+ * out: nothing
+ * return: value condition
+ * ----- ---------
+ * 1 PAM thinks that the user authenticated themselves properly
+ * 0 otherwise
+ *
+ * This function uses PAM to authenticate the user running this
+ * program. This is the only function in this program that makes PAM
+ * calls.
+ */
+int authenticate_via_pam(const char *ttyn, pam_handle_t * pam_handle)
+{
+
+ int result = 0; /* set to 0 (not authenticated) by default */
+ int pam_rc; /* pam return code */
+ const char *tty_name;
+
+ if (ttyn) {
+ if (strncmp(ttyn, "/dev/", 5) == 0)
+ tty_name = ttyn + 5;
+ else
+ tty_name = ttyn;
+
+ pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
+ if (pam_rc != PAM_SUCCESS) {
+ fprintf(stderr, _("failed to set PAM_TTY\n"));
+ goto out;
+ }
+ }
+
+ /* Ask PAM to authenticate the user running this program */
+ pam_rc = pam_authenticate(pam_handle, 0);
+ if (pam_rc != PAM_SUCCESS) {
+ goto out;
+ }
+
+ /* Ask PAM to verify acct_mgmt */
+ pam_rc = pam_acct_mgmt(pam_handle, 0);
+ if (pam_rc == PAM_SUCCESS) {
+ result = 1; /* user authenticated OK! */
+ }
+
+ out:
+ return result;
+} /* authenticate_via_pam() */
+
+#include "hashtab.h"
+
+static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
+ void *args __attribute__ ((unused)))
+{
+ free(key);
+ free(d);
+ return 0;
+}
+
+static unsigned int reqsymhash(hashtab_t h, hashtab_key_t key)
+{
+ char *p, *keyp;
+ size_t size;
+ unsigned int val;
+
+ val = 0;
+ keyp = (char *)key;
+ size = strlen(keyp);
+ for (p = keyp; ((size_t) (p - keyp)) < size; p++)
+ val =
+ (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
+ return val & (h->size - 1);
+}
+
+static int reqsymcmp(hashtab_t h
+ __attribute__ ((unused)), hashtab_key_t key1,
+ hashtab_key_t key2)
+{
+ char *keyp1, *keyp2;
+
+ keyp1 = (char *)key1;
+ keyp2 = (char *)key2;
+ return strcmp(keyp1, keyp2);
+}
+
+static hashtab_t app_service_names = NULL;
+#define PAM_SERVICE_SLOTS 64
+
+static int process_pam_config(FILE * cfg)
+{
+ const char *config_file_path = PAM_SERVICE_CONFIG;
+ char *line_buf = NULL;
+ unsigned long lineno = 0;
+ size_t len = 0;
+ char *app = NULL;
+ char *service = NULL;
+ int ret;
+
+ while (getline(&line_buf, &len, cfg) > 0) {
+ char *buffer = line_buf;
+ lineno++;
+ while (isspace(*buffer))
+ buffer++;
+ if (buffer[0] == '#')
+ continue;
+ if (buffer[0] == '\n' || buffer[0] == '\0')
+ continue;
+
+ app = service = NULL;
+ ret = sscanf(buffer, "%as %as\n", &app, &service);
+ if (ret < 2 || !app || !service)
+ goto err;
+
+ ret = hashtab_insert(app_service_names, app, service);
+ if (ret == HASHTAB_OVERFLOW) {
+ fprintf(stderr,
+ _
+ ("newrole: service name configuration hashtable overflow\n"));
+ goto err;
+ }
+ }
+
+ free(line_buf);
+ return 0;
+ err:
+ free(app);
+ free(service);
+ fprintf(stderr, _("newrole: %s: error on line %lu.\n"),
+ config_file_path, lineno);
+ free(line_buf);
+ return -1;
+}
+
+/*
+ * Read config file ignoring comment lines.
+ * Files specified one per line executable with a corresponding
+ * pam service name.
+ */
+static int read_pam_config()
+{
+ const char *config_file_path = PAM_SERVICE_CONFIG;
+ FILE *cfg = NULL;
+ cfg = fopen(config_file_path, "r");
+ if (!cfg)
+ return 0; /* This configuration is optional. */
+ app_service_names =
+ hashtab_create(reqsymhash, reqsymcmp, PAM_SERVICE_SLOTS);
+ if (!app_service_names)
+ goto err;
+ if (process_pam_config(cfg))
+ goto err;
+ fclose(cfg);
+ return 0;
+ err:
+ fclose(cfg);
+ return -1;
+}
+
+#else /* else !USE_PAM */
+
+/************************************************************************
+ *
+ * All shadow passwd code goes in this section.
+ *
+ ************************************************************************/
+#include <shadow.h> /* for shadow passwd functions */
+#include <string.h> /* for strlen(), memset() */
+
+#define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */
+
+/* authenticate_via_shadow_passwd()
+ *
+ * in: uname - the calling user's user name
+ * out: nothing
+ * return: value condition
+ * ----- ---------
+ * 1 user authenticated themselves properly according to the
+ * shadow passwd file.
+ * 0 otherwise
+ *
+ * This function uses the shadow passwd file to thenticate the user running
+ * this program.
+ */
+int authenticate_via_shadow_passwd(const char *uname)
+{
+ struct spwd *p_shadow_line;
+ char *unencrypted_password_s;
+ char *encrypted_password_s;
+
+ setspent();
+ p_shadow_line = getspnam(uname);
+ endspent();
+ if (!(p_shadow_line)) {
+ fprintf(stderr, _("Cannot find your entry in the shadow "
+ "passwd file.\n"));
+ return 0;
+ }
+
+ /* Ask user to input unencrypted password */
+ if (!(unencrypted_password_s = getpass(PASSWORD_PROMPT))) {
+ fprintf(stderr, _("getpass cannot open /dev/tty\n"));
+ return 0;
+ }
+
+ /* Use crypt() to encrypt user's input password. */
+ encrypted_password_s = crypt(unencrypted_password_s,
+ p_shadow_line->sp_pwdp);
+ memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
+ return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
+}
+#endif /* if/else USE_PAM */
+
+/**
+ * This function checks to see if the shell is known in /etc/shells.
+ * If so, it returns 1. On error or illegal shell, it returns 0.
+ */
+static int verify_shell(const char *shell_name)
+{
+ int found = 0;
+ const char *buf;
+
+ if (!(shell_name && shell_name[0]))
+ return found;
+
+ while ((buf = getusershell()) != NULL) {
+ /* ignore comments */
+ if (*buf == '#')
+ continue;
+
+ /* check the shell skipping newline char */
+ if (!strcmp(shell_name, buf)) {
+ found = 1;
+ break;
+ }
+ }
+ endusershell();
+ return found;
+}
+
+/**
+ * Determine the Linux user identity to re-authenticate.
+ * If supported and set, use the login uid, as this should be more stable.
+ * Otherwise, use the real uid.
+ *
+ * This function assigns malloc'd memory into the pw_copy struct.
+ * Returns zero on success, non-zero otherwise
+ */
+int extract_pw_data(struct passwd *pw_copy)
+{
+ uid_t uid;
+ struct passwd *pw;
+
+#ifdef USE_AUDIT
+ uid = audit_getloginuid();
+ if (uid == (uid_t) - 1)
+ uid = getuid();
+#else
+ uid = getuid();
+#endif
+
+ setpwent();
+ pw = getpwuid(uid);
+ endpwent();
+ if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_shell
+ && pw->pw_shell[0] && pw->pw_dir && pw->pw_dir[0])) {
+ fprintf(stderr,
+ _("cannot find valid entry in the passwd file.\n"));
+ return -1;
+ }
+
+ *pw_copy = *pw;
+ pw = pw_copy;
+ pw->pw_name = strdup(pw->pw_name);
+ pw->pw_dir = strdup(pw->pw_dir);
+ pw->pw_shell = strdup(pw->pw_shell);
+
+ if (!(pw->pw_name && pw->pw_dir && pw->pw_shell)) {
+ fprintf(stderr, _("Out of memory!\n"));
+ goto out_free;
+ }
+
+ if (verify_shell(pw->pw_shell) == 0) {
+ fprintf(stderr, _("Error! Shell is not valid.\n"));
+ goto out_free;
+ }
+ return 0;
+
+ out_free:
+ free(pw->pw_name);
+ free(pw->pw_dir);
+ free(pw->pw_shell);
+ return -1;
+}
+
+/**
+ * Either restore the original environment, or set up a minimal one.
+ *
+ * The minimal environment contains:
+ * TERM, DISPLAY and XAUTHORITY - if they are set, preserve values
+ * HOME, SHELL, USER and LOGNAME - set to contents of /etc/passwd
+ * PATH - set to default value DEFAULT_PATH
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int restore_environment(int preserve_environment,
+ char **old_environ, const struct passwd *pw)
+{
+ char const *term_env;
+ char const *display_env;
+ char const *xauthority_env;
+ char *term = NULL; /* temporary container */
+ char *display = NULL; /* temporary container */
+ char *xauthority = NULL; /* temporary container */
+ int rc;
+
+ environ = old_environ;
+
+ if (preserve_environment)
+ return 0;
+
+ term_env = getenv("TERM");
+ display_env = getenv("DISPLAY");
+ xauthority_env = getenv("XAUTHORITY");
+
+ /* Save the variable values we want */
+ if (term_env)
+ term = strdup(term_env);
+ if (display_env)
+ display = strdup(display_env);
+ if (xauthority_env)
+ xauthority = strdup(xauthority_env);
+ if ((term_env && !term) || (display_env && !display) ||
+ (xauthority_env && !xauthority)) {
+ rc = -1;
+ goto out;
+ }
+
+ /* Construct a new environment */
+ if ((rc = clearenv())) {
+ fprintf(stderr, _("Unable to clear environment\n"));
+ goto out;
+ }
+
+ /* Restore that which we saved */
+ if (term)
+ rc |= setenv("TERM", term, 1);
+ if (display)
+ rc |= setenv("DISPLAY", display, 1);
+ if (xauthority)
+ rc |= setenv("XAUTHORITY", xauthority, 1);
+ rc |= setenv("HOME", pw->pw_dir, 1);
+ rc |= setenv("SHELL", pw->pw_shell, 1);
+ rc |= setenv("USER", pw->pw_name, 1);
+ rc |= setenv("LOGNAME", pw->pw_name, 1);
+ rc |= setenv("PATH", DEFAULT_PATH, 1);
+ out:
+ free(term);
+ free(display);
+ free(xauthority);
+ return rc;
+}
+
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system. If the user is root, we leave
+ * the capabilities alone since they already should have access to the
+ * audit netlink socket.
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
+static int drop_capabilities(void)
+{
+ int rc = 0;
+ cap_t new_caps, tmp_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
+ cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID };
+ uid_t uid = getuid();
+
+ if (!uid)
+ return 0;
+
+ /* Non-root caller, suid root path */
+ new_caps = cap_init();
+ tmp_caps = cap_init();
+ if (!new_caps || !tmp_caps) {
+ fprintf(stderr, _("Error initing capabilities, aborting.\n"));
+ return -1;
+ }
+ rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
+ rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET);
+ rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET);
+ rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET);
+ if (rc) {
+ fprintf(stderr, _("Error setting capabilities, aborting\n"));
+ goto out;
+ }
+
+ /* Keep capabilities across uid change */
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+ fprintf(stderr, _("Error setting KEEPCAPS, aborting\n"));
+ rc = -1;
+ goto out;
+ }
+
+ /* Does this temporary change really buy us much? */
+ /* We should still have root's caps, so drop most capabilities now */
+ if ((rc = cap_set_proc(tmp_caps))) {
+ fprintf(stderr, _("Error dropping capabilities, aborting\n"));
+ goto out;
+ }
+
+ /* Change uid */
+ if ((rc = setresuid(uid, uid, uid))) {
+ fprintf(stderr, _("Error changing uid, aborting.\n"));
+ goto out;
+ }
+
+ /* Now get rid of this ability */
+ if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
+ fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
+ goto out;
+ }
+
+ /* Finish dropping capabilities. */
+ if ((rc = cap_set_proc(new_caps))) {
+ fprintf(stderr,
+ _("Error dropping SETUID capability, aborting\n"));
+ goto out;
+ }
+ out:
+ if (cap_free(tmp_caps) || cap_free(new_caps))
+ fprintf(stderr, _("Error freeing caps\n"));
+ return rc;
+}
+#elif defined(NAMESPACE_PRIV)
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise
+ * CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_FOWNER and CAP_CHOWN,
+ * before invoking pam_namespace. These capabilities are needed
+ * for performing bind mounts/unmounts and to create potential new
+ * instance directories with appropriate DAC attributes. If the
+ * user is root, we leave the capabilities alone since they already
+ * should have access to the audit netlink socket and should have
+ * the ability to create/mount/unmount instance directories.
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int drop_capabilities(void)
+{
+ int rc = 0;
+ cap_t new_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID,
+ CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN,
+ CAP_DAC_OVERRIDE
+ };
+
+ if (!getuid())
+ return 0;
+
+ /* Non-root caller, suid root path */
+ new_caps = cap_init();
+ if (!new_caps) {
+ fprintf(stderr, _("Error initing capabilities, aborting.\n"));
+ return -1;
+ }
+ rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET);
+ rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 6, cap_list, CAP_SET);
+ if (rc) {
+ fprintf(stderr, _("Error setting capabilities, aborting\n"));
+ goto out;
+ }
+
+ /* Ensure that caps are dropped after setuid call */
+ if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) {
+ fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
+ goto out;
+ }
+
+ /* We should still have root's caps, so drop most capabilities now */
+ if ((rc = cap_set_proc(new_caps))) {
+ fprintf(stderr, _("Error dropping capabilities, aborting\n"));
+ goto out;
+ }
+ out:
+ if (cap_free(new_caps))
+ fprintf(stderr, _("Error freeing caps\n"));
+ return rc;
+}
+
+#else
+static inline int drop_capabilities(void)
+{
+ return 0;
+}
+#endif
+
+#ifdef NAMESPACE_PRIV
+/**
+ * This function will set the uid values to be that of caller's uid, and
+ * will drop any privilages which maybe have been raised.
+ */
+static int transition_to_caller_uid()
+{
+ uid_t uid = getuid();
+
+ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) {
+ fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n"));
+ return -1;
+ }
+
+ if (setresuid(uid, uid, uid)) {
+ fprintf(stderr, _("Error changing uid, aborting.\n"));
+ return -1;
+ }
+ return 0;
+}
+#endif
+
+#ifdef AUDIT_LOG_PRIV
+/* Send audit message */
+static
+int send_audit_message(int success, security_context_t old_context,
+ security_context_t new_context, const char *ttyn)
+{
+ char *msg = NULL;
+ int rc;
+ int audit_fd = audit_open();
+
+ if (audit_fd < 0) {
+ fprintf(stderr, _("Error connecting to audit system.\n"));
+ return -1;
+ }
+ if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
+ old_context ? old_context : "?",
+ new_context ? new_context : "?") < 0) {
+ fprintf(stderr, _("Error allocating memory.\n"));
+ rc = -1;
+ goto out;
+ }
+ rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+ msg, NULL, NULL, ttyn, success);
+ if (rc <= 0) {
+ fprintf(stderr, _("Error sending audit message.\n"));
+ rc = -1;
+ goto out;
+ }
+ rc = 0;
+ out:
+ free(msg);
+ close(audit_fd);
+ return rc;
+}
+#else
+static inline
+ int send_audit_message(int success __attribute__ ((unused)),
+ security_context_t old_context
+ __attribute__ ((unused)),
+ security_context_t new_context
+ __attribute__ ((unused)), const char *ttyn
+ __attribute__ ((unused)))
+{
+ return 0;
+}
+#endif
+
+/**
+ * This function attempts to relabel the tty. If this function fails, then
+ * the fd is closed, the contexts are free'd and -1 is returned. On success,
+ * a valid fd is returned and tty_context and new_tty_context are set.
+ *
+ * This function will not fail if it can not relabel the tty when selinux is
+ * in permissive mode.
+ */
+static int relabel_tty(const char *ttyn, security_context_t new_context,
+ security_context_t * tty_context,
+ security_context_t * new_tty_context)
+{
+ int fd;
+ int enforcing = security_getenforce();
+ security_context_t tty_con = NULL;
+ security_context_t new_tty_con = NULL;
+
+ if (!ttyn)
+ return 0;
+
+ if (enforcing < 0) {
+ fprintf(stderr, _("Could not determine enforcing mode.\n"));
+ return -1;
+ }
+
+ /* Re-open TTY descriptor */
+ fd = open(ttyn, O_RDWR | O_NONBLOCK);
+ if (fd < 0) {
+ fprintf(stderr, _("Error! Could not open %s.\n"), ttyn);
+ return fd;
+ }
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+
+ if (fgetfilecon(fd, &tty_con) < 0) {
+ fprintf(stderr, _("%s! Could not get current context "
+ "for %s, not relabeling tty.\n"),
+ enforcing ? "Error" : "Warning", ttyn);
+ if (enforcing)
+ goto close_fd;
+ }
+
+ if (tty_con &&
+ (security_compute_relabel(new_context, tty_con,
+ SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
+ fprintf(stderr, _("%s! Could not get new context for %s, "
+ "not relabeling tty.\n"),
+ enforcing ? "Error" : "Warning", ttyn);
+ if (enforcing)
+ goto close_fd;
+ }
+
+ if (new_tty_con)
+ if (fsetfilecon(fd, new_tty_con) < 0) {
+ fprintf(stderr,
+ _("%s! Could not set new context for %s\n"),
+ enforcing ? "Error" : "Warning", ttyn);
+ freecon(new_tty_con);
+ new_tty_con = NULL;
+ if (enforcing)
+ goto close_fd;
+ }
+
+ *tty_context = tty_con;
+ *new_tty_context = new_tty_con;
+ return fd;
+
+ close_fd:
+ freecon(tty_con);
+ close(fd);
+ return -1;
+}
+
+/**
+ * This function attempts to revert the relabeling done to the tty.
+ * fd - referencing the opened ttyn
+ * ttyn - name of tty to restore
+ * tty_context - original context of the tty
+ * new_tty_context - context tty was relabeled to
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+static int restore_tty_label(int fd, const char *ttyn,
+ security_context_t tty_context,
+ security_context_t new_tty_context)
+{
+ int rc = 0;
+ security_context_t chk_tty_context = NULL;
+
+ if (!ttyn)
+ goto skip_relabel;
+
+ if (!new_tty_context)
+ goto skip_relabel;
+
+ /* Verify that the tty still has the context set by newrole. */
+ if ((rc = fgetfilecon(fd, &chk_tty_context)) < 0) {
+ fprintf(stderr, "Could not fgetfilecon %s.\n", ttyn);
+ goto skip_relabel;
+ }
+
+ if ((rc = strcmp(chk_tty_context, new_tty_context))) {
+ fprintf(stderr, _("%s changed labels.\n"), ttyn);
+ goto skip_relabel;
+ }
+
+ if ((rc = fsetfilecon(fd, tty_context)) < 0)
+ fprintf(stderr,
+ _("Warning! Could not restore context for %s\n"), ttyn);
+ skip_relabel:
+ freecon(chk_tty_context);
+ return rc;
+}
+
+/**
+ * Parses and validates the provided command line options and
+ * constructs a new context based on our old context and the
+ * arguments specified on the command line. On success
+ * new_context will be set to valid values, otherwise its value
+ * is left unchanged.
+ *
+ * Returns zero on success, non-zero otherwise.
+ */
+static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
+ security_context_t old_context,
+ security_context_t * new_context,
+ int *preserve_environment)
+{
+ int flag_index; /* flag index in argv[] */
+ int clflag; /* holds codes for command line flags */
+ char *role_s = NULL; /* role spec'd by user in argv[] */
+ char *type_s = NULL; /* type spec'd by user in argv[] */
+ char *type_ptr = NULL; /* stores malloc'd data from get_default_type */
+ char *level_s = NULL; /* level spec'd by user in argv[] */
+ char *range_ptr = NULL;
+ security_context_t new_con = NULL;
+ security_context_t tty_con = NULL;
+ context_t context = NULL; /* manipulatable form of new_context */
+ const struct option long_options[] = {
+ {"role", 1, 0, 'r'},
+ {"type", 1, 0, 't'},
+ {"level", 1, 0, 'l'},
+ {"preserve-environment", 0, 0, 'p'},
+ {"version", 0, 0, 'V'},
+ {NULL, 0, 0, 0}
+ };
+
+ *preserve_environment = 0;
+ while (1) {
+ clflag = getopt_long(argc, argv, "r:t:l:pV", long_options,
+ &flag_index);
+ if (clflag == -1)
+ break;
+
+ switch (clflag) {
+ case 'V':
+ printf("newrole: %s version %s\n", PACKAGE, VERSION);
+ exit(0);
+ break;
+ case 'p':
+ *preserve_environment = 1;
+ break;
+ case 'r':
+ if (role_s) {
+ fprintf(stderr,
+ _("Error: multiple roles specified\n"));
+ return -1;
+ }
+ role_s = optarg;
+ break;
+ case 't':
+ if (type_s) {
+ fprintf(stderr,
+ _("Error: multiple types specified\n"));
+ return -1;
+ }
+ type_s = optarg;
+ break;
+ case 'l':
+ if (!is_selinux_mls_enabled()) {
+ fprintf(stderr, _("Sorry, -l may be used with "
+ "SELinux MLS support.\n"));
+ return -1;
+ }
+ if (level_s) {
+ fprintf(stderr, _("Error: multiple levels "
+ "specified\n"));
+ return -1;
+ }
+ if (ttyn) {
+ if (fgetfilecon(STDIN_FILENO, &tty_con) >= 0) {
+ if (selinux_check_securetty_context
+ (tty_con) < 0) {
+ fprintf(stderr,
+ _
+ ("Error: you are not allowed to change levels on a non secure terminal \n"));
+ freecon(tty_con);
+ return -1;
+ }
+ freecon(tty_con);
+ }
+ }
+
+ level_s = optarg;
+ break;
+ default:
+ fprintf(stderr, "%s\n", USAGE_STRING);
+ return -1;
+ }
+ }
+
+ /* Verify that the combination of command-line arguments are viable */
+ if (!(role_s || type_s || level_s)) {
+ fprintf(stderr, "%s\n", USAGE_STRING);
+ return -1;
+ }
+
+ /* Fill in a default type if one hasn't been specified. */
+ if (role_s && !type_s) {
+ /* get_default_type() returns malloc'd memory */
+ if (get_default_type(role_s, &type_ptr)) {
+ fprintf(stderr, _("Couldn't get default type.\n"));
+ send_audit_message(0, old_context, new_con, ttyn);
+ return -1;
+ }
+ type_s = type_ptr;
+ }
+
+ /* Create a temporary new context structure we extract and modify */
+ context = context_new(old_context);
+ if (!context) {
+ fprintf(stderr, _("failed to get new context.\n"));
+ goto err_free;
+ }
+
+ /* Modify the temporary new context */
+ if (role_s)
+ if (context_role_set(context, role_s)) {
+ fprintf(stderr, _("failed to set new role %s\n"),
+ role_s);
+ goto err_free;
+ }
+
+ if (type_s)
+ if (context_type_set(context, type_s)) {
+ fprintf(stderr, _("failed to set new type %s\n"),
+ type_s);
+ goto err_free;
+ }
+
+ if (level_s) {
+ range_ptr =
+ build_new_range(level_s, context_range_get(context));
+ if (!range_ptr) {
+ fprintf(stderr,
+ _("failed to build new range with level %s\n"),
+ level_s);
+ goto err_free;
+ }
+ if (context_range_set(context, range_ptr)) {
+ fprintf(stderr, _("failed to set new range %s\n"),
+ range_ptr);
+ goto err_free;
+ }
+ }
+
+ /* Construct the final new context */
+ if (!(new_con = context_str(context))) {
+ fprintf(stderr, _("failed to convert new context to string\n"));
+ goto err_free;
+ }
+
+ if (security_check_context(new_con) < 0) {
+ fprintf(stderr, _("%s is not a valid context\n"), new_con);
+ send_audit_message(0, old_context, new_con, ttyn);
+ goto err_free;
+ }
+
+ *new_context = strdup(new_con);
+ if (!*new_context) {
+ fprintf(stderr, _("Unable to allocate memory for new_context"));
+ goto err_free;
+ }
+
+ free(type_ptr);
+ free(range_ptr);
+ context_free(context);
+ return 0;
+
+ err_free:
+ free(type_ptr);
+ free(range_ptr);
+ /* Don't free new_con, context_free(context) handles this */
+ context_free(context);
+ return -1;
+}
+
+/**
+ * Take care of any signal setup
+ */
+static int set_signal_handles()
+{
+ sigset_t empty;
+
+ /* Empty the signal mask in case someone is blocking a signal */
+ if (sigemptyset(&empty)) {
+ fprintf(stderr, _("Unable to obtain empty signal set\n"));
+ return -1;
+ }
+
+ (void)sigprocmask(SIG_SETMASK, &empty, NULL);
+
+ /* Terminate on SIGHUP. */
+ if (signal(SIGHUP, SIG_DFL) == SIG_ERR) {
+ fprintf(stderr, _("Unable to set SIGHUP handler\n"));
+ return -1;
+ }
+
+ return 0;
+}
+
+/************************************************************************
+ *
+ * All code used for both PAM and shadow passwd goes in this section.
+ *
+ ************************************************************************/
+
+int main(int argc, char *argv[])
+{
+ security_context_t new_context = NULL; /* target security context */
+ security_context_t old_context = NULL; /* original securiy context */
+ security_context_t tty_context = NULL; /* current context of tty */
+ security_context_t new_tty_context = NULL; /* new context of tty */
+
+ struct passwd pw; /* struct derived from passwd file line */
+ char *ttyn = NULL; /* tty path */
+
+ char **old_environ;
+ int preserve_environment;
+
+ int fd;
+ pid_t childPid = 0;
+ char *shell_argv0 = NULL;
+
+#ifdef USE_PAM
+ int rc;
+ int pam_status; /* pam return code */
+ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */
+
+ /* This is a jump table of functions for PAM to use when it wants to *
+ * communicate with the user. We'll be using misc_conv(), which is *
+ * provided for us via pam_misc.h. */
+ struct pam_conv pam_conversation = {
+ misc_conv,
+ NULL
+ };
+#endif
+
+ /*
+ * Step 0: Setup
+ *
+ * Do some intial setup, including dropping capabilities, checking
+ * if it makes sense to continue to run newrole, and setting up
+ * a scrubbed environment.
+ */
+ if (drop_capabilities())
+ return -1;
+ if (set_signal_handles())
+ return -1;
+
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+#endif
+
+ old_environ = environ;
+ environ = NULL;
+
+ if (!is_selinux_enabled()) {
+ fprintf(stderr, _("Sorry, newrole may be used only on "
+ "a SELinux kernel.\n"));
+ return -1;
+ }
+
+ if (security_getenforce() < 0) {
+ fprintf(stderr, _("Could not determine enforcing mode.\n"));
+ return -1;
+ }
+
+ /*
+ * Step 1: Parse command line and valid arguments
+ *
+ * old_context and ttyn are required for audit logging,
+ * context validation and pam
+ */
+ if (getprevcon(&old_context)) {
+ fprintf(stderr, _("failed to get old_context.\n"));
+ return -1;
+ }
+
+ ttyn = ttyname(STDIN_FILENO);
+ if (!ttyn || *ttyn == '\0') {
+ fprintf(stderr,
+ _("Warning! Could not retrieve tty information.\n"));
+ }
+
+ if (parse_command_line_arguments(argc, argv, ttyn, old_context,
+ &new_context, &preserve_environment))
+ return -1;
+
+ /*
+ * Step 2: Authenticate the user.
+ *
+ * Re-authenticate the user running this program.
+ * This is just to help confirm user intent (vs. invocation by
+ * malicious software), not to authorize the operation (which is covered
+ * by policy). Trusted path mechanism would be preferred.
+ */
+ if (extract_pw_data(&pw))
+ goto err_free;
+
+#ifdef USE_PAM
+ if (read_pam_config()) {
+ fprintf(stderr,
+ _("error on reading PAM service configuration.\n"));
+ goto err_free;
+ }
+
+ if (app_service_names != NULL && optind < argc) {
+ if (strcmp(argv[optind], "-c") == 0 && optind < (argc - 1)) {
+ /*
+ * Check for a separate pam service name for the
+ * command when invoked by newrole.
+ */
+ char *cmd = NULL;
+ rc = sscanf(argv[optind + 1], "%as", &cmd);
+ if (rc != EOF && cmd) {
+ char *app_service_name =
+ (char *)hashtab_search(app_service_names,
+ cmd);
+ free(cmd);
+ if (app_service_name != NULL)
+ service_name = app_service_name;
+ }
+ }
+ }
+
+ pam_status = pam_start(service_name, pw.pw_name, &pam_conversation,
+ &pam_handle);
+ if (pam_status != PAM_SUCCESS) {
+ fprintf(stderr, _("failed to initialize PAM\n"));
+ goto err_free;
+ }
+
+ if (!authenticate_via_pam(ttyn, pam_handle))
+#else
+ if (!authenticate_via_shadow_passwd(pw.pw_name))
+#endif
+ {
+ fprintf(stderr, _("newrole: incorrect password for %s\n"),
+ pw.pw_name);
+ send_audit_message(0, old_context, new_context, ttyn);
+ goto err_close_pam;
+ }
+
+ /*
+ * Step 3: Handle relabeling of the tty.
+ *
+ * Once we authenticate the user, we know that we want to proceed with
+ * the action. Prior to this point, no changes are made the to system.
+ */
+ fd = relabel_tty(ttyn, new_context, &tty_context, &new_tty_context);
+ if (fd < 0)
+ goto err_close_pam;
+
+ /*
+ * Step 4: Fork
+ *
+ * Fork, allowing parent to clean up after shell has executed.
+ * Child: reopen stdin, stdout, stderr and exec shell
+ * Parnet: wait for child to die and restore tty's context
+ */
+ childPid = fork();
+ if (childPid < 0) {
+ /* fork failed, no child to worry about */
+ int errsv = errno;
+ fprintf(stderr, _("newrole: failure forking: %s"),
+ strerror(errsv));
+ if (restore_tty_label(fd, ttyn, tty_context, new_tty_context))
+ fprintf(stderr, _("Unable to restore tty label...\n"));
+ if (close(fd))
+ fprintf(stderr, _("Failed to close tty properly\n"));
+ goto err_close_pam;
+ } else if (childPid) {
+ /* PARENT
+ * It doesn't make senes to exit early on errors at this point,
+ * since we are doing cleanup which needs to be done.
+ * We can exit with a bad rc though
+ */
+ pid_t pid;
+ int exit_code = 0;
+ int status;
+
+ do {
+ pid = wait(&status);
+ } while (pid < 0 && errno == EINTR);
+
+ /* Preserve child exit status, unless there is another error. */
+ if (WIFEXITED(status))
+ exit_code = WEXITSTATUS(status);
+
+ if (restore_tty_label(fd, ttyn, tty_context, new_tty_context)) {
+ fprintf(stderr, _("Unable to restore tty label...\n"));
+ exit_code = -1;
+ }
+ freecon(tty_context);
+ freecon(new_tty_context);
+ if (close(fd)) {
+ fprintf(stderr, _("Failed to close tty properly\n"));
+ exit_code = -1;
+ }
+#ifdef USE_PAM
+#ifdef NAMESPACE_PRIV
+ pam_status = pam_close_session(pam_handle, 0);
+ if (pam_status != PAM_SUCCESS) {
+ fprintf(stderr, "pam_close_session failed with %s\n",
+ pam_strerror(pam_handle, pam_status));
+ exit_code = -1;
+ }
+#endif
+ rc = pam_end(pam_handle, pam_status);
+ if (rc != PAM_SUCCESS) {
+ fprintf(stderr, "pam_end failed with %s\n",
+ pam_strerror(pam_handle, rc));
+ exit_code = -1;
+ }
+ hashtab_map(app_service_names, free_hashtab_entry, NULL);
+ hashtab_destroy(app_service_names);
+#endif
+ free(pw.pw_name);
+ free(pw.pw_dir);
+ free(pw.pw_shell);
+ free(shell_argv0);
+ return exit_code;
+ }
+
+ /* CHILD */
+ /* Close the tty and reopen descriptors 0 through 2 */
+ if (ttyn) {
+ if (close(fd) || close(0) || close(1) || close(2)) {
+ fprintf(stderr, _("Could not close descriptors.\n"));
+ goto err_close_pam;
+ }
+ fd = open(ttyn, O_RDONLY | O_NONBLOCK);
+ if (fd != 0)
+ goto err_close_pam;
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR | O_NONBLOCK);
+ if (fd != 1)
+ goto err_close_pam;
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ fd = open(ttyn, O_RDWR | O_NONBLOCK);
+ if (fd != 2)
+ goto err_close_pam;
+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+
+ }
+ /*
+ * Step 5: Execute a new shell with the new context in `new_context'.
+ *
+ * Establish context, namesapce and any options for the new shell
+ */
+ if (optind < 1)
+ optind = 1;
+
+ /* This is ugly, but use newrole's argv for the exec'd shells argv */
+ if (asprintf(&shell_argv0, "-%s", pw.pw_shell) < 0) {
+ fprintf(stderr, _("Error allocating shell's argv0.\n"));
+ shell_argv0 = NULL;
+ goto err_close_pam;
+ }
+ argv[optind - 1] = shell_argv0;
+
+ if (setexeccon(new_context)) {
+ fprintf(stderr, _("Could not set exec context to %s.\n"),
+ new_context);
+ goto err_close_pam;
+ }
+#ifdef NAMESPACE_PRIV
+ /* Ask PAM to setup session for user running this program */
+ pam_status = pam_open_session(pam_handle, 0);
+ if (pam_status != PAM_SUCCESS) {
+ fprintf(stderr, "pam_open_session failed with %s\n",
+ pam_strerror(pam_handle, pam_status));
+ goto err_close_pam;
+ }
+#endif
+
+ if (send_audit_message(1, old_context, new_context, ttyn))
+ goto err_close_pam_session;
+#ifdef NAMESPACE_PRIV
+ if (transition_to_caller_uid())
+ goto err_close_pam_session;
+#endif
+ freecon(old_context);
+ freecon(new_context);
+
+ /* Handle environment changes */
+ if (restore_environment(preserve_environment, old_environ, &pw)) {
+ fprintf(stderr, _("Unable to restore the environment, "
+ "aborting\n"));
+ goto err_close_pam_session;
+ }
+ execv(pw.pw_shell, argv + optind - 1);
+
+ /*
+ * Error path cleanup
+ *
+ * If we reach here, then we failed to exec the new shell.
+ */
+ perror(_("failed to exec shell\n"));
+ err_close_pam_session:
+#ifdef NAMESPACE_PRIV
+ pam_status = pam_close_session(pam_handle, 0);
+ if (pam_status != PAM_SUCCESS)
+ fprintf(stderr, "pam_close_session failed with %s\n",
+ pam_strerror(pam_handle, pam_status));
+#endif
+ err_close_pam:
+#ifdef USE_PAM
+ rc = pam_end(pam_handle, pam_status);
+ if (rc != PAM_SUCCESS)
+ fprintf(stderr, "pam_end failed with %s\n",
+ pam_strerror(pam_handle, rc));
+#endif
+ err_free:
+ freecon(tty_context);
+ freecon(new_tty_context);
+ freecon(old_context);
+ freecon(new_context);
+ free(pw.pw_name);
+ free(pw.pw_dir);
+ free(pw.pw_shell);
+ free(shell_argv0);
+#ifdef USE_PAM
+ if (app_service_names) {
+ hashtab_map(app_service_names, free_hashtab_entry, NULL);
+ hashtab_destroy(app_service_names);
+ }
+#endif
+ return -1;
+} /* main() */
diff --git a/policycoreutils/newrole/newrole.pamd b/policycoreutils/newrole/newrole.pamd
new file mode 100644
index 0000000..d1b435c
--- /dev/null
+++ b/policycoreutils/newrole/newrole.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session optional pam_xauth.so
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
new file mode 100644
index 0000000..9e762c9
--- /dev/null
+++ b/policycoreutils/po/Makefile
@@ -0,0 +1,86 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+TOP = ../..
+
+# What is this package?
+NLSPACKAGE = policycoreutils
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(DESTDIR)/usr/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge -v
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt --statistics --verbose
+
+# What do we need to do
+POFILES = $(wildcard *.po)
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = \
+ ../load_policy/load_policy.c \
+ ../newrole/newrole.c \
+ ../run_init/run_init.c \
+ ../setfiles/setfiles.c \
+ ../scripts/genhomedircon \
+ ../scripts/chcat \
+ ../semanage/semanage \
+ ../semanage/seobject.py \
+ ../audit2allow/audit2allow \
+ ../audit2allow/avc.py \
+
+#default:: clean
+
+all:: $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+update-po: Makefile $(POTFILE) refresh-po
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+indent:
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git a/policycoreutils/po/Makefile.in b/policycoreutils/po/Makefile.in
new file mode 100644
index 0000000..aaf485d
--- /dev/null
+++ b/policycoreutils/po/Makefile.in
@@ -0,0 +1,218 @@
+# Makefile for program source directory in GNU NLS utilities package.
+# Copyright (C) 1995, 1996, 1997 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
+#
+# This file file be copied and used freely without restrictions. It can
+# be used in projects which are not available under the GNU Public License
+# but which still want to provide support for the GNU gettext functionality.
+# Please note that the actual code is *not* freely available.
+
+PACKAGE = policycoreutils
+VERSION = 1.1
+
+SHELL = /bin/sh
+
+
+srcdir = .
+top_srcdir = ..
+
+
+prefix = /usr
+exec_prefix = ${prefix}
+datadir = $(prefix)/share
+localedir = $(datadir)/locale
+gnulocaledir = $(prefix)/share/locale
+gettextsrcdir = $(prefix)/share/gettext/po
+subdir = po
+
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+MKINSTALLDIRS = mkdir -p
+
+CC = gcc
+GENCAT =
+GMSGFMT = PATH=../src:$$PATH /usr/bin/msgfmt
+MSGFMT = /usr/bin/msgfmt
+XGETTEXT = PATH=../src:$$PATH /usr/bin/xgettext
+MSGMERGE = PATH=../src:$$PATH msgmerge
+
+DEFS = -DHAVE_CONFIG_H
+CFLAGS = -g -O2
+CPPFLAGS =
+
+INCLUDES = -I.. -I$(top_srcdir)/intl
+
+COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(XCFLAGS)
+
+POFILES = da.po de.po es.po et.po fr.po gl.po id.po it.po ko.po nl.po pl.po pt_BR.po ru.po sv.po
+GMOFILES = da.gmo de.gmo es.gmo et.gmo fr.gmo gl.gmo id.gmo it.gmo ko.gmo nl.gmo pl.gmo pt_BR.gmo ru.gmo sv.gmo
+DISTFILES = Makefile.in.in POTFILES.in $(PACKAGE).pot \
+$(POFILES) $(GMOFILES) $(SOURCES)
+
+POTFILES = \
+
+CATALOGS = #da.gmo de.gmo es.gmo et.gmo fr.gmo gl.gmo id.gmo it.gmo ko.gmo nl.gmo pl.gmo pt_BR.gmo ru.gmo sv.gmo
+CATOBJEXT = .gmo
+INSTOBJEXT = .mo
+
+.SUFFIXES:
+.SUFFIXES: .c .o .po .pox .gmo .mo .msg .cat
+
+.c.o:
+ $(COMPILE) $<
+
+.po.pox:
+ $(MAKE) $(PACKAGE).pot
+ $(MSGMERGE) $< $(srcdir)/$(PACKAGE).pot -o $*.pox
+
+.po.mo:
+ $(MSGFMT) -o $@ $<
+
+.po.gmo:
+ file=$(srcdir)/`echo $* | sed 's,.*/,,'`.gmo \
+ && rm -f $$file && $(GMSGFMT) -o $$file $<
+
+.po.cat:
+ sed -f ../intl/po2msg.sed < $< > $*.msg \
+ && rm -f $@ && $(GENCAT) $@ $*.msg
+
+
+all: all-yes
+
+all-yes: $(CATALOGS)
+all-no:
+
+$(srcdir)/$(PACKAGE).pot: $(POTFILES)
+ $(XGETTEXT) --default-domain=$(PACKAGE) --directory=$(top_srcdir) \
+ --add-comments --keyword=_ --keyword=N_ \
+ --files-from=$(srcdir)/POTFILES.in \
+ && test ! -f $(PACKAGE).po \
+ || ( rm -f $(srcdir)/$(PACKAGE).pot \
+ && mv $(PACKAGE).po $(srcdir)/$(PACKAGE).pot )
+
+install: install-exec install-data
+install-exec:
+install-data: install-data-yes
+install-data-no: all
+install-data-yes: all
+ $(MKINSTALLDIRS) $(DESTDIR)$(datadir);
+ for cat in $(CATALOGS); do \
+ cat=`basename $$cat`; \
+ case "$$cat" in \
+ *.gmo) destdir=$(DESTDIR)$(gnulocaledir);; \
+ *) destdir=$(DESTDIR)$(localedir);; \
+ esac; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ dir=$$destdir/$$lang/LC_MESSAGES; \
+ echo $dir \
+ $(MKINSTALLDIRS) $$dir; \
+ if test -r $$cat; then \
+ $(INSTALL_DATA) $$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \
+ echo "installing $$cat as $$dir/$(PACKAGE)$(INSTOBJEXT)"; \
+ else \
+ $(INSTALL_DATA) $(srcdir)/$$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \
+ echo "installing $(srcdir)/$$cat as" \
+ "$$dir/$(PACKAGE)$(INSTOBJEXT)"; \
+ fi; \
+ if test -r $$cat.m; then \
+ $(INSTALL_DATA) $$cat.m $$dir/$(PACKAGE)$(INSTOBJEXT).m; \
+ echo "installing $$cat.m as $$dir/$(PACKAGE)$(INSTOBJEXT).m"; \
+ else \
+ if test -r $(srcdir)/$$cat.m ; then \
+ $(INSTALL_DATA) $(srcdir)/$$cat.m \
+ $$dir/$(PACKAGE)$(INSTOBJEXT).m; \
+ echo "installing $(srcdir)/$$cat as" \
+ "$$dir/$(PACKAGE)$(INSTOBJEXT).m"; \
+ else \
+ true; \
+ fi; \
+ fi; \
+ done
+ if test "$(PACKAGE)" = "gettext"; then \
+ $(MKINSTALLDIRS) $(DESTDIR)$(gettextsrcdir); \
+ $(INSTALL_DATA) $(srcdir)/Makefile.in.in \
+ $(DESTDIR)$(gettextsrcdir)/Makefile.in.in; \
+ else \
+ : ; \
+ fi
+
+# Define this as empty until I found a useful application.
+installcheck:
+
+uninstall:
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \
+ rm -f $(DESTDIR)$(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \
+ rm -f $(DESTDIR)$(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \
+ done
+
+check: all
+
+dvi info tags TAGS ID:
+
+mostlyclean:
+ rm -f core core.* *.pox $(PACKAGE).po *.old.po
+ rm -fr *.o
+
+clean: mostlyclean
+ rm -f *.gmo
+
+distclean: clean
+ rm -f Makefile Makefile.in POTFILES *.mo *.msg *.cat *.cat.m
+
+maintainer-clean: distclean
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+ rm -f $(GMOFILES)
+
+distdir = ../$(PACKAGE)-$(VERSION)/$(subdir)
+dist distdir: update-po $(DISTFILES)
+ dists="$(DISTFILES)"; \
+ for file in $$dists; do \
+ ln $(srcdir)/$$file $(distdir) 2> /dev/null \
+ || cp -p $(srcdir)/$$file $(distdir); \
+ done
+
+update-po: Makefile
+ $(MAKE) $(PACKAGE).pot
+ PATH=`pwd`/../src:$$PATH; \
+ cd $(srcdir); \
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ mv $$lang.po $$lang.old.po; \
+ echo "$$lang:"; \
+ if $(MSGMERGE) $$lang.old.po $(PACKAGE).pot -o $$lang.po; then \
+ rm -f $$lang.old.po; \
+ else \
+ echo "msgmerge for $$cat failed!"; \
+ rm -f $$lang.po; \
+ mv $$lang.old.po $$lang.po; \
+ fi; \
+ done
+
+POTFILES: POTFILES.in
+ ( if test 'x$(srcdir)' != 'x.'; then \
+ posrcprefix='$(top_srcdir)/'; \
+ else \
+ posrcprefix="../"; \
+ fi; \
+ rm -f $@-t $@ \
+ && (sed -e '/^#/d' -e '/^[ ]*$$/d' \
+ -e "s@.*@ $$posrcprefix& \\\\@" < $(srcdir)/$@.in \
+ | sed -e '$$s/\\$$//') > $@-t \
+ && chmod a-w $@-t \
+ && mv $@-t $@ )
+
+Makefile: Makefile.in.in ../config.status POTFILES
+ cd .. \
+ && CONFIG_FILES=$(subdir)/$@.in CONFIG_HEADERS= \
+ $(SHELL) ./config.status
+
+# Tell versions [3.59,3.63) of GNU make not to export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/policycoreutils/po/Makefile.in.in b/policycoreutils/po/Makefile.in.in
new file mode 100644
index 0000000..c4539ac
--- /dev/null
+++ b/policycoreutils/po/Makefile.in.in
@@ -0,0 +1,230 @@
+# Makefile for program source directory in GNU NLS utilities package.
+# Copyright (C) 1995, 1996, 1997 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
+#
+# This file file be copied and used freely without restrictions. It can
+# be used in projects which are not available under the GNU Public License
+# but which still want to provide support for the GNU gettext functionality.
+# Please note that the actual code is *not* freely available.
+
+PACKAGE = @PACKAGE@
+VERSION = @VERSION@
+
+SHELL = /bin/sh
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+datadir = $(prefix)/@DATADIRNAME@
+localedir = $(datadir)/locale
+gnulocaledir = $(prefix)/share/locale
+gettextsrcdir = $(prefix)/share/gettext/po
+subdir = po
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+MKINSTALLDIRS = @MKINSTALLDIRS@
+
+CC = @CC@
+GENCAT = @GENCAT@
+GMSGFMT = PATH=../src:$$PATH @GMSGFMT@
+MSGFMT = @MSGFMT@
+XGETTEXT = PATH=../src:$$PATH @XGETTEXT@
+MSGMERGE = PATH=../src:$$PATH msgmerge
+
+DEFS = @DEFS@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+
+INCLUDES = -I.. -I$(top_srcdir)/intl
+
+COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(XCFLAGS)
+
+POFILES = @POFILES@
+GMOFILES = @GMOFILES@
+DISTFILES = Makefile.in.in POTFILES.in $(PACKAGE).pot \
+$(POFILES) $(GMOFILES) $(SOURCES)
+
+POTFILES = \
+
+CATALOGS = @CATALOGS@
+CATOBJEXT = @CATOBJEXT@
+INSTOBJEXT = @INSTOBJEXT@
+
+.SUFFIXES:
+.SUFFIXES: .c .o .po .pox .gmo .mo .msg .cat
+
+.c.o:
+ $(COMPILE) $<
+
+.po.pox:
+ $(MAKE) $(PACKAGE).pot
+ $(MSGMERGE) $< $(srcdir)/$(PACKAGE).pot -o $*.pox
+
+.po.mo:
+ $(MSGFMT) -o $@ $<
+
+.po.gmo:
+ file=$(srcdir)/`echo $* | sed 's,.*/,,'`.gmo \
+ && rm -f $$file && $(GMSGFMT) -o $$file $<
+
+.po.cat:
+ sed -f ../intl/po2msg.sed < $< > $*.msg \
+ && rm -f $@ && $(GENCAT) $@ $*.msg
+
+
+all: all-@USE_NLS@
+
+all-yes: $(CATALOGS)
+all-no:
+
+$(srcdir)/$(PACKAGE).pot: $(POTFILES)
+ $(XGETTEXT) --default-domain=$(PACKAGE) --directory=$(top_srcdir) \
+ --add-comments --keyword=_ --keyword=N_ \
+ --files-from=$(srcdir)/POTFILES.in \
+ && test ! -f $(PACKAGE).po \
+ || ( rm -f $(srcdir)/$(PACKAGE).pot \
+ && mv $(PACKAGE).po $(srcdir)/$(PACKAGE).pot )
+
+install: install-exec install-data
+install-exec:
+install-data: install-data-@USE_NLS@
+install-data-no: all
+install-data-yes: all
+ if test -x "$(MKINSTALLDIRS)"; then \
+ $(MKINSTALLDIRS) $(DESTDIR)$(datadir); \
+ else \
+ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir); \
+ fi
+ @catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ case "$$cat" in \
+ *.gmo) destdir=$(DESTDIR)$(gnulocaledir);; \
+ *) destdir=$(DESTDIR)$(localedir);; \
+ esac; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ dir=$$destdir/$$lang/LC_MESSAGES; \
+ if test -r "$(MKINSTALLDIRS)"; then \
+ $(MKINSTALLDIRS) $$dir; \
+ else \
+ $(SHELL) $(top_srcdir)/mkinstalldirs $$dir; \
+ fi; \
+ if test -r $$cat; then \
+ $(INSTALL_DATA) $$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \
+ echo "installing $$cat as $$dir/$(PACKAGE)$(INSTOBJEXT)"; \
+ else \
+ $(INSTALL_DATA) $(srcdir)/$$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \
+ echo "installing $(srcdir)/$$cat as" \
+ "$$dir/$(PACKAGE)$(INSTOBJEXT)"; \
+ fi; \
+ if test -r $$cat.m; then \
+ $(INSTALL_DATA) $$cat.m $$dir/$(PACKAGE)$(INSTOBJEXT).m; \
+ echo "installing $$cat.m as $$dir/$(PACKAGE)$(INSTOBJEXT).m"; \
+ else \
+ if test -r $(srcdir)/$$cat.m ; then \
+ $(INSTALL_DATA) $(srcdir)/$$cat.m \
+ $$dir/$(PACKAGE)$(INSTOBJEXT).m; \
+ echo "installing $(srcdir)/$$cat as" \
+ "$$dir/$(PACKAGE)$(INSTOBJEXT).m"; \
+ else \
+ true; \
+ fi; \
+ fi; \
+ done
+ if test "$(PACKAGE)" = "gettext"; then \
+ if test -x "$(MKINSTALLDIRS)"; then \
+ $(MKINSTALLDIRS) $(DESTDIR)$(gettextsrcdir); \
+ else \
+ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(gettextsrcdir); \
+ fi; \
+ $(INSTALL_DATA) $(srcdir)/Makefile.in.in \
+ $(DESTDIR)$(gettextsrcdir)/Makefile.in.in; \
+ else \
+ : ; \
+ fi
+
+# Define this as empty until I found a useful application.
+installcheck:
+
+uninstall:
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \
+ rm -f $(DESTDIR)$(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \
+ rm -f $(DESTDIR)$(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \
+ done
+
+check: all
+
+dvi info tags TAGS ID:
+
+mostlyclean:
+ rm -f core core.* *.pox $(PACKAGE).po *.old.po
+ rm -fr *.o
+
+clean: mostlyclean
+ rm -f *.gmo
+
+distclean: clean
+ rm -f Makefile Makefile.in POTFILES *.mo *.msg *.cat *.cat.m
+
+maintainer-clean: distclean
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+ rm -f $(GMOFILES)
+
+distdir = ../$(PACKAGE)-$(VERSION)/$(subdir)
+dist distdir: update-po $(DISTFILES)
+ dists="$(DISTFILES)"; \
+ for file in $$dists; do \
+ ln $(srcdir)/$$file $(distdir) 2> /dev/null \
+ || cp -p $(srcdir)/$$file $(distdir); \
+ done
+
+update-po: Makefile
+ $(MAKE) $(PACKAGE).pot
+ PATH=`pwd`/../src:$$PATH; \
+ cd $(srcdir); \
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
+ mv $$lang.po $$lang.old.po; \
+ echo "$$lang:"; \
+ if $(MSGMERGE) $$lang.old.po $(PACKAGE).pot -o $$lang.po; then \
+ rm -f $$lang.old.po; \
+ else \
+ echo "msgmerge for $$cat failed!"; \
+ rm -f $$lang.po; \
+ mv $$lang.old.po $$lang.po; \
+ fi; \
+ done
+
+POTFILES: POTFILES.in
+ ( if test 'x$(srcdir)' != 'x.'; then \
+ posrcprefix='$(top_srcdir)/'; \
+ else \
+ posrcprefix="../"; \
+ fi; \
+ rm -f $@-t $@ \
+ && (sed -e '/^#/d' -e '/^[ ]*$$/d' \
+ -e "s@.*@ $$posrcprefix& \\\\@" < $(srcdir)/$@.in \
+ | sed -e '$$s/\\$$//') > $@-t \
+ && chmod a-w $@-t \
+ && mv $@-t $@ )
+
+Makefile: Makefile.in.in ../config.status POTFILES
+ cd .. \
+ && CONFIG_FILES=$(subdir)/$@.in CONFIG_HEADERS= \
+ $(SHELL) ./config.status
+
+# Tell versions [3.59,3.63) of GNU make not to export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
new file mode 100644
index 0000000..585162e
--- /dev/null
+++ b/policycoreutils/po/POTFILES
@@ -0,0 +1,10 @@
+ ../load_policy/load_policy.c \
+ ../newrole/newrole.c \
+ ../run_init/run_init.c \
+ ../setfiles/setfiles.c \
+ ../scripts/genhomedircon \
+ ../scripts/chcat \
+ ../semanage/semanage \
+ ../semanage/seobject.py \
+ ../audit2allow/audit2allow \
+ ../audit2allow/avc.py
diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in
new file mode 100644
index 0000000..f311add
--- /dev/null
+++ b/policycoreutils/po/POTFILES.in
@@ -0,0 +1,39 @@
+run_init/open_init_pty.c
+run_init/run_init.c
+semodule_link/semodule_link.c
+audit2allow/audit2allow
+audit2allow/avc.py
+semanage/seobject.py
+restorecon/restorecon.c
+setsebool/setsebool.c
+newrole/newrole.c
+load_policy/load_policy.c
+sestatus/sestatus.c
+semodule/semodule.c
+setfiles/setfiles.c
+semodule_package/semodule_package.c
+semodule_deps/semodule_deps.c
+semodule_expand/semodule_expand.c
+audit2why/audit2why.c
+scripts/genhomedircon
+scripts/chcat
+scripts/fixfiles
+restorecond/stringslist.c
+restorecond/restorecond.h
+restorecond/utmpwatcher.h
+restorecond/stringslist.h
+restorecond/restorecond.c
+restorecond/utmpwatcher.c
+gui/translationsPage.py
+gui/booleansPage.py
+gui/usersPage.py
+gui/modulesPage.py
+gui/system-config-selinux.glade
+gui/portsPage.py
+gui/statusPage.py
+gui/loginsPage.py
+gui/semanagePage.py
+gui/mappingsPage.py
+gui/system-config-selinux.py
+gui/fcontextPage.py
+secon/secon.c
diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/af.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/am.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/ar.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/as.po b/policycoreutils/po/as.po
new file mode 100644
index 0000000..2c6480a
--- /dev/null
+++ b/policycoreutils/po/as.po
@@ -0,0 +1,1028 @@
+# translation of as.po to Assamese
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Amitakhya Phukan <amitakhya.phukan@gmail.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: as\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-09-29 12:44+0530\n"
+"Last-Translator: Amitakhya Phukan <amitakhya.phukan@gmail.com>\n"
+"Language-Team: Assamese\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/be.po b/policycoreutils/po/be.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/be.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/bg.po b/policycoreutils/po/bg.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/bg.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/bn.po b/policycoreutils/po/bn.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/bn.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/bn_IN.po b/policycoreutils/po/bn_IN.po
new file mode 100644
index 0000000..bcd639e
--- /dev/null
+++ b/policycoreutils/po/bn_IN.po
@@ -0,0 +1,1079 @@
+# translation of bn_IN.po to Bengali India
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# translation of bn_IN.po to Bangla (INDIA)
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Runa Bhattacharjee <runab@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: bn_IN\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 10:44+0530\n"
+"Last-Translator: Runa Bhattacharjee <runab@redhat.com>\n"
+"Language-Team: Bengali India\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "ব্যবহারপ্রণালী: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: চিহ্নিত নিয়মনীতি লোড করা যায়নি: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY নির্ধারণ করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "পাসওয়ার্ড:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "shadow passwd ফাইলের মধ্যে আপনার তথ্য পাওয়া যায়নি।\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass'র দ্বারা /dev/tty খোলা সম্ভব হয়নি\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd ফাইলের মধ্যে বৈধ এন্ট্রি পাওয়া যায়নি।\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "মেমরি অবশিষ্ট নেই!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "ত্রুটি! বৈধ শেল ব্যবহার করা হয়নি।\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "পরিবেশ পরিশ্রুত করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "কর্ম init করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "ক্ষমতা নির্ধারণ করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS'র মান নির্ধারণ করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "ক্ষমতা drop করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid পরিবর্তন করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS'র মান পুনরায় নির্ধারণ করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID বৈশিষ্ট্য drop করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps মুক্ত করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "অডিট সিস্টেমের সাথে সংযোগ করতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "মেমরি নির্ধারণ করতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "অডিট সংক্রান্ত বার্তা পাঠাতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "enforcing মোড নির্ধারণ করা যায়নি।\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "ত্রুটি! %s খুলতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! %s'র ক্ষেত্রে বর্তমান context প্রাপ্ত করা যায়নি, tty'র লেবেল পরিবর্তন করা হবে "
+"না।\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! %s'র ক্ষেত্রে নতুন context প্রাপ্ত করা যায়নি, tty'র লেবেল পরিবর্তন করা হবে "
+"না।\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s'র ক্ষেত্রে নতুন context স্থাপন করা যায়নি\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s'র লেবেল পরিবর্তিত হয়েছে।\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "সতর্কবার্তা! %s'র context পুনরুদ্ধার করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "ত্রুটি: একাধিক ভূমিকা উল্লিখিত হয়েছে\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "ত্রুটি: একাধিক ধরনের ফাইল নির্ধারিত হয়েছে\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "দূঃক্ষিত, -l শুধুমাত্র SELinux MLS সমর্থনের সাথে ব্যবহার করা যাবে\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "ত্রুটি: একাধিক স্তর নির্ধারিত হয়েছে\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "ডিফল্ট প্রকৃতি সনাক্ত করা যায়নি।\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "new context প্রাপ্ত করতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "নতুন ভূমিকা %s স্থাপন করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "নতুন ধরন %s স্থাপন করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s স্তর সহ নতুন রেঞ্জ নির্মাণ করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "নতুন রেঞ্জ %s স্থাপন করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "নতুন context'কে string হিসাবে রূপান্তর করা যায়নি\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s বৈধ context নয়\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "new_context'র জন্য মেমরি বরাদ্দ করতে ব্যর্থ"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "ফাঁকা সিগন্যাল সংকলন প্রাপ্ত করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP হ্যান্ডলার নির্ধারণ করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "দুঃক্ষিত, newrole শুধুমাত্র একটি SELinux কার্নেলে ব্যবহার করা যাবে।\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context প্রাপ্ত করতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "ত্রুটি! tty সংক্রান্ত তথ্য প্রাপ্ত করা যায়নি।\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s'র পরিচয় প্রমাণিত করা হচ্ছে।\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM আরম্ভ করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: %s'র পাসওয়ার্ড সঠিক নয়\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: fork করতে ব্যর্থ: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty লেবেল পুনরায় স্থাপন করতে ব্যর্থ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty সঠিকরূপে বন্ধ করতে ব্যর্থ\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "বিবরণ প্রদর্শন বন্ধ করা যায়নি।\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "শেল'র argv0 বরাদ্দ করতে ব্যর্থ।\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec context %s হিসাবে স্থাপন করা যায়নি।\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "পরিবেশ পুনরুদ্ধার করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "শেল exec করতে ব্যর্থ\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"ব্যবহারপ্রণালী: run_init <script> <args ...>\n"
+" এই ক্ষেত্রে: <script> দ্বারা সঞ্চালনের উদ্দেশ্যে init স্ক্রিপ্ট চিহ্নিত করা হয়,\n"
+" <args ...>'র মধ্যে উপরোক্ত স্ক্রিপ্টের আর্গুমেন্ট উল্লিখিত হয়।"
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "অ্যাকাউন্ট সংক্রান্ত তথ্য প্রাপ্ত করতে ব্যর্থ।\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s'র পাসওয়ার্ড সঠিক নয়\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "%s ফাইল খুলতে ব্যর্থ\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s ফাইলে কোনো context উপস্থিত নেই\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "দুঃক্ষিত, run_init শুধুমাত্র SELinux কার্নেলের সাথে ব্যবহারযোগ্য।\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "অনুমোদন করতে ব্যর্থ।\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "অন্তত একটি শ্রেণী উল্লেখ করা আবশ্যক"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%s'র সাথে '+' সহযোগে সংবেদনশীলতার মাত্রা পরিবর্তন করা যাবে না"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s, বর্তমানে %s'র মধ্যে উপস্থিত রয়েছে"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s, বর্তমানে %s'র মধ্যে নেই"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "অন্যান্য শ্রেণী বিভাগের সাথে +/- ব্যবহার করা যাবে না"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "একাধিক প্রকৃতির সংবেদনশীলতা থাকা সম্ভব হবে না"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "ব্যবহারপ্রণালী %s CATEGORY File ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "ব্যবহারপ্রণালী %s -l CATEGORY user ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "ব্যবহারপ্রণালী %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "ব্যবহারপ্রণালী %s -l [[+|-]CATEGORY],...]q user ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "ব্যবহারপ্রণালী %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "ব্যবহারপ্রণালী %s -l -d user ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "ব্যবহারপ্রণালী %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "ব্যবহারপ্রণালী %s -L -l user"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "বিকল্পের তালিকা সমাপ্ত করতে -- প্রয়োগ করুন। উদাহরণস্বরূপ"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "২ অথবা অধিক সংখ্যক আর্গুমেন্ট আবশ্যক"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s পোর্ট নির্ধারিত হয়নি"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s, %s অবজেক্টের জন্য বৈধ নয়\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "MLS-বিহীন মেশিনে রেঞ্জ সমর্থন করা হয় না"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "ভূমিকা নির্ধারণ করা আবশ্যক"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "প্রে-ফিক্স উল্লেখ করা আবশ্যক"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "বিকল্প সংক্রান্ত ত্রুটি %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "মান বৈধ নয় %s "
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "MLS-বিহীন মেশিনে অনুবাদ সমর্থন করা হয় না"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s খুলতে ব্যর্থ: MLS-বিহীন মেশিনে অনুবাদ সমর্থন করা হয় না"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "অনুবাদের মধ্যে শূণ্যস্থান ব্যবহার করা যাবে না '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "স্তর বৈধ নয় '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "অনুবাদের মধ্যে %s বর্তমানে ব্যাখ্যা করা হয়েছে"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "অনুবাদের মধ্যে %s'র ব্যাখ্যা করা হয়নি"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux নিয়মনীতি বর্তমানে পরিচালিত নয় অথবা সংগ্রহস্থল ব্যবহার করা সম্ভব নয়।"
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "নিয়মনীতির সংগ্রহস্থল পড়া যায়নি।"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage সংযোগ স্থাপন করা যায়নি"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s'র জন্য কি নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা নির্ধারিত হয়েছে কিনা পরীক্ষা করা যায়নি"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা বর্তমানে নির্ধারিত হয়েছে"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux ব্যবহারকারী %s বর্তমানে উপস্থিত নেই"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s'র নাম নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%s'র ক্ষেত্রে MLS রেঞ্জ নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%s'র ক্ষেত্রে SELinux ব্যবহারকারী নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage আদান-প্রদান আরম্ভ করা যায়নি"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser অথবা serange আবশ্যক"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা নির্ধারিত হয়নি"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "%s'র ক্ষেত্রে seuser কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং ব্যবস্থা পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"%s'র জন্য লগ-ইন ম্যাপিং ব্যবস্থা নিয়মনীতির মধ্যে নির্ধারিত হওয়ার ফলে মুছে ফেলা সম্ভব "
+"নয়"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s'র ক্ষেত্রে লগ-ইন ম্যাপিং মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "লগ-ইন ম্যাপিং তালিকাভুক্ত করা যায়নি"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "SELinux ব্যবহারকারী %s'র বৈশিষ্ট্য নির্ধারিত কিনা পরীক্ষা করা যায়নি"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux ব্যবহারকারী %s'র বৈশিষ্ট্য বর্তমানে নির্ধারিত হয়েছে"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%s'র জন্য SELinux ব্যবহারকারী নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%s ভূমিকাটি, %s'র জন্য নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%s'র ক্ষেত্রে MLS স্তর নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "প্রেফিক্স বৈধ নয় %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%s প্রেফিক্সটি %s'র ক্ষেত্রে যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s'র জন্য কি প্রাপ্ত করা যায়নি"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux ব্যবহারকারী %s যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "প্রেফিক্স, ভূমিকা, স্তর অথবা রেঞ্জ উল্লেখ করা আবশ্যক"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "প্রেফিক্স অথবা ভূমিকা উল্লেখ করা আবশ্যক"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux ব্যবহারকারী %s'র বৈশিষ্ট্য নির্ধারিত হয়নি"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s'র জন্য ব্যবহারকারী কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux ব্যবহারকারী %s'র বৈশিষ্ট্য পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"SELinux ব্যবহারকারী %s'র বৈশিষ্ট্য নিয়মনীতির মধ্যে নির্ধারিত হয়েছে যার ফলে "
+"অপসারণযোগ্য নয়"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux ব্যবহারকারী %s মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux ব্যবহারকারীদের তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "ব্যবহারকারী %s'র ভূমিকার তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "udp অথবা tcp প্রোটোকল আবশ্যক"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "পোর্ট উল্লেখ করা আবশ্যক"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s'র জন্য কি নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "ধরন উল্লেখ করা আবশ্যক"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "পোর্ট %s/%s নির্ধারিত হয়েছে কিনা পরীক্ষা করা যায়নি"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "পোর্ট %s/%s বর্তমানে নির্ধারিত আছে"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s'র জন্য পোর্ট নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s'র জন্য context নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s'র ক্ষেত্রে পোর্ট context'র মধ্যে ব্যবহারকারী নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s'র ক্ষেত্রে পোর্ট context'র মধ্যে ভূমিকা নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s'র ক্ষেত্রে পোর্ট context'র মধ্যে ধরন নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s'র ক্ষেত্রে পোর্ট context'র মধ্যে mls ক্ষেত্র নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s'র ক্ষেত্রে পোর্ট context নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s পোর্ট যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype অথবা serange আবশ্যক"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype আবশ্যক"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "%s/%s পোর্ট নির্ধারিত হয়নি"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "%s/%s পোর্ট কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "%s/%s পোর্ট পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "%s/%s পোর্টটি নিয়মনীতির মধ্যে নির্ধারিত হওয়ার ফলে অপসারণযোগ্য নয়"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "%s/%s পোর্ট মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "পোর্টের তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux Type আবশ্যক"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s'র কি নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "%s প্রেক্ষাপটের বৈশিষ্ট্য নির্ধারিত হয়েছে কিনা পরীক্ষা করা যায়নিis defined"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s প্রেক্ষাপট বর্তমানে নির্ধারিত রয়েছে"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s'র প্রেক্ষাপট নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s'র জন্য context নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s'র ক্ষেত্রে প্রেক্ষাপটের context'এ ব্যবহারকারী বৈশিষ্ট্য নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s'র ক্ষেত্রে প্রেক্ষাপটের context'এ ভূমিকার বৈশিষ্ট্য নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s'র ক্ষেত্রে প্রেক্ষাপটের context'এ ধরন নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s'র ক্ষেত্রে প্রেক্ষাপটের context'এ mls ক্ষেত্র নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s'র ক্ষেত্রে প্রেক্ষাপটের context'র বৈশিষ্ট্য নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s'র ক্ষেত্রে বার্তার context নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s প্রেক্ষাপট যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s প্রেক্ষাপটের বৈশিষ্ট্য নির্ধারিত হয়নি"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "%s প্রেক্ষাপট কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "%s প্রেক্ষাপট পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "%s প্রেক্ষাপটটি নিয়মনীতির মধ্যে নির্ধারিত হয়েছে এবং অপসারণযোগ্য নয়"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "%s প্রেক্ষাপট মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "প্রেক্ষাপটের তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s'র ফাইল context নির্ধারিত হয়েছে কিনা পরীক্ষা করা যায়নি"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s'র ফাইল context বর্তমানে নির্ধারিত রয়েছে"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s'র ফাইল contex নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইলের context'এ ব্যবহারকারী বৈশিষ্ট্য নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইলের context'এ ভূমিকা নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইলের context'এ ধরন নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইলের context'এ mls ক্ষেত্র নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইলের context নির্ধারণ করা যায়নি"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s'র ক্ষেত্রে ফাইল context যোগ করা যায়নি"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange অথবা seuser আবশ্যক"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s'র ফাইল context আবশ্যক"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s'র জন্য ফাইল context কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s'র জন্য ফাইল context পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"%s'র ফাইল context নিয়মনীতির মধ্যে নির্ধারিত হওয়ার ফলে তা অপসারণ করা সম্ভব নয়"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s'র ফাইল context মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "ফাইল context'র তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "স্থানীয় ফাইলের context'র তালিকা নির্মাণ করা যায়নি"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "মান আবশ্যক"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "বুলিয়ান %s'র বৈশিষ্ট্য নির্ধারিত হয়েছে কিনা তা পরীক্ষা করা যায়নি"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "বুলিয়ান %s'র মান বর্তমানে নির্ধারিত রয়েছে"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "%s'র ফাইল context কোয়েরি করা যায়নি"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "%s বুলিয়ানের মান পরিবর্তন করা যায়নি"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "বুলিয়ান %s'র মান নিয়মনীতির মধ্যে নির্ধারিত হওয়ার ফলে অপসারণযোগ্য নয়"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "বুলিয়ান %s মুছে ফেলা যায়নি"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "বুলিয়ানের তালিকা নির্মাণ করা যায়নি"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "আবশ্যক ধরন নির্ধারণকারী (type enforcement) ফাইল নির্মাণ: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "নিয়মনীতি কম্পাইল করা হচ্ছে"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** গুরুত্বপূর্ণ ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"কার্নেলের মধ্যে নবনির্মিত এই নিয়মনীতির প্যাকেজ লোড করার জন্য\n"
+"নিম্নলিখিত কমান্ড প্রয়োগ করুন \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "বিকল্প সংক্রান্ত ত্রুটি: %s"
diff --git a/policycoreutils/po/bs.po b/policycoreutils/po/bs.po
new file mode 100644
index 0000000..8e1ae01
--- /dev/null
+++ b/policycoreutils/po/bs.po
@@ -0,0 +1,1116 @@
+# translation of bs.po to Bosnian
+# Adnan Hodzic <AbsintheSyringe@gmail.com>, 2007.
+msgid ""
+msgstr ""
+"Project-Id-Version: bs\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2007-01-23 16:51+0100\n"
+"Last-Translator: Adnan Hodzic <AbsintheSyringe@gmail.com>\n"
+"Language-Team: Bosnian <lokal@linux.org.ba>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Croatian\n"
+"X-Poedit-Country: CROATIA\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "upotreba: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Pravilo nije moguće učitati: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "Zadavanje PAM_TTY nije uspjelo\n"
+
+#: ../newrole/newrole.c:218
+#: ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Lozinka:"
+
+#: ../newrole/newrole.c:243
+#: ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Vaš unos u datoteci lozinka u sjeni nije moguće pronaći.\n"
+
+#: ../newrole/newrole.c:250
+#: ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "'getpass' ne može otvoriti /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "Valjani unos u datoteci lozinka nije moguće pronaći.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Nedovoljno memorije!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Greška! Shell nije valjan.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Čišćenje okruženje nije moguće\n"
+
+#: ../newrole/newrole.c:436
+#: ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Greška pri inicijalizaciji sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:444
+#: ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Greška pri postavljanju sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Greška postavljanju KEEPCAPS. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:458
+#: ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Greška pri ispuštanju sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Greška pri izmjeni UID. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:470
+#: ../newrole/newrole.c:525
+#: ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Greška vraćanju KEEPCAPS na izvorne postavke. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Greška pri ispuštanju SETUID sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:482
+#: ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Greška pri oslobađanju sposobnosti\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Greška pri povezivanju sa sustavom provjere.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Greška pri dodjeljivanju memorije.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Greška pri slanju poruke provjere.\n"
+
+#: ../newrole/newrole.c:634
+#: ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Određivanje načina prisiljavanja nije moguće.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Greška! Nije moguće otvoriti %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Dohvaćanje trenutnog konteksta za %s nije moguće. TTY neće biti ponovno označen.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Dohvaćanje novog konteksta za %s nije moguće. TTY neće biti ponovno označen.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Zadavanje novog konteksta za %s nije moguće.\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s je izmijenio oznake.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Upozorenje! Obnavljanje konteksta za %s nije moguće.\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Greška: Određene su višestruke uloge\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Greška: Određene su višestruke vrste\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Nažalost, opcija -l može se upotrijebiti uz SELinux MLS podršku.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Greška: Određene su višestruke razine\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Dohvaćanje zadane vrste nije moguće.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "Dohvaćanje novog konteksta nije uspjelo.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "Zadavanje nove %s uloge nije uspjelo.\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "Zadavanje nove vrste %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "Izrada novog opsega s razinom %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "Zadavanje novog opsega %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "Pretvaranje novog konteksta u niz nije uspjelo.\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nije valjani kontekst\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Dodjeljivanje memorije za new_context nije moguće"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Dohvaćanje praznog kompleta signala nije moguće\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Postavljanje SIGHUP rukovanja nije moguće\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Nažalost, nova uloga može se upotrijebiti samo na SELinux kernelu.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "Dohvaćanje starog konteksta nije uspjelo.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Greška! Dohvaćanje TTY podataka nije moguće.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Provjera autentičnosti %s.\n"
+
+#: ../newrole/newrole.c:1020
+#: ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Inicijalizacija PAM nije uspjela\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: neispravna lozinka za %s.\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: 'forking' neuspjeh: %s"
+
+#: ../newrole/newrole.c:1059
+#: ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Obnavljanje tty oznake nije moguće...\n"
+
+#: ../newrole/newrole.c:1061
+#: ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Ispravno zatvaranje tty nije uspjelo\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Nije moguće zatvoriti deskriptore. \n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Greška pri dodjeljivanju argv0 ljuske.\n"
+
+#: ../newrole/newrole.c:1147
+#: ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Nije moguće postaviti exec kontekst za %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Obnavljanje okruženja nije moguće. Prekidanje radnje.\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "Izvršavanje ljuske nije uspjelo\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"UPOTREBA: run_init <skripta> <argumenti ...>\n"
+" gdje je <skripta> naziv init skripte koju je potrebno pokrenuti,\n"
+" <argumenti ...> argumenti za tu skriptu."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "Dohvaćanje podataka o nalogu nije uspjelo\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: neispravna lozinka za %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Datoteku %s nije bilo moguće otvoriti\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "U datoteci %s nema konteksta\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Nažalost, run_init može se upotrijebiti samo na SELinux kernelu.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "Provjere autentičnosti nije uspjela.\n"
+
+#: ../scripts/chcat:75
+#: ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Zahtijeva najmanje jednu kategoriju"
+
+#: ../scripts/chcat:89
+#: ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Nije moguće urediti razine osjetljivosti upotrebom '+' na %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s već je unutar %s"
+
+#: ../scripts/chcat:164
+#: ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nije unutar %s"
+
+#: ../scripts/chcat:237
+#: ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kombiniranje +/- s ostalim vrstama kategorija nije moguće"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nije moguće imati višestruke osjetljivosti"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Upotreba %s KATEGORIJA datoteka ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Upotreba %s -l KATEGORIJA korisnik..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Upotreba %s [[+|-]KATEGORIJA],...]q datoteka ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Upotreba %s -l [[+|-]KATEGORIJA],...]q korisnik ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Upotreba %s -d datoteka ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Upotreba %s -l -d korisnik ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Upotreba %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Upotreba %s -L -l korisnik"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Za završetak popisa opcija upotrijebite -- . Na primjer"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -TvrtkaPovjerljivo /docs/poslovniplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +TvrtkaPovjerljivo juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Zahtijeva 2 ili više argumenta"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nije određen"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s nije valjan za %s objekata\n"
+
+#: ../semanage/semanage:183
+#: ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "Opseg nije podržan na ne-MLS računalima"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Potrebno je odrediti ulogu"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Potrebno je odrediti prefiks"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Greška opcija %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Neispravna vrijednost '%s'. "
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "Prijevodi nisu podržani na ne-MLS računalima"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Otvaranje %s nije moguće: Prijevodi nisu podržani na ne-MLS računalima"
+
+#: ../semanage/seobject.py:179
+#: ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Prijevodi ne mogu sadržavati prazna mjesta (razmake) '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Neispravna razina '%s'. "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s već je definiran u prijevodima"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nije definiran u prijevodima"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux pravilima se ne upravlja ili pristup pohrani nije moguć."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Čitanje pohrane pravila nije moguće."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Uspostavljanje semanage veze nije moguće"
+
+#: ../semanage/seobject.py:247
+#: ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352
+#: ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504
+#: ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093
+#: ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207
+#: ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Izrada ključa za %s nije moguća"
+
+#: ../semanage/seobject.py:251
+#: ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356
+#: ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Nije moguće provjeriti je li mapiranje za prijavu %s određeno"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mapiranje prijave za %s već je određeno"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux korisnik %s ne postoji"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Izrada mapiranja prijave za %s nije moguća"
+
+#: ../semanage/seobject.py:265
+#: ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Zadavanje naziva za %s nije moguće"
+
+#: ../semanage/seobject.py:270
+#: ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Zadavanje MLS raspona za %s nije moguće"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Zadavanje SELinux korisnika za %s nije moguće"
+
+#: ../semanage/seobject.py:278
+#: ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368
+#: ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539
+#: ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705
+#: ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776
+#: ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944
+#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073
+#: ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148
+#: ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Semanage transakciju nije moguće pokrenuti"
+
+#: ../semanage/seobject.py:282
+#: ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Dodavanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Zahtijeva seuser ili serange"
+
+#: ../semanage/seobject.py:311
+#: ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Mapiranje prijave za %s nije određeno"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Propitivanje seusera za %s nije moguće"
+
+#: ../semanage/seobject.py:334
+#: ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Uređivanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Mapiranje prijave za %s određeno je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:373
+#: ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Brisanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Ispisivanje popisa mapiranja prijava nije moguće"
+
+#: ../semanage/seobject.py:437
+#: ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566
+#: ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Nije moguće provjeriti je li SELinux korisnik %s određen"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux korisnik %s već je određen"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Izrada SELinux korisnika za %s nije moguća"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Dodavanje uloge %s za %s nije moguće"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Zadavanje MLS razine za %s nije moguće"
+
+#: ../semanage/seobject.py:463
+#: ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Neispravan prefiks %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Dodavanje prefiksa %s za %s nije moguće"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Izvlačenje ključa za %s nije moguće"
+
+#: ../semanage/seobject.py:477
+#: ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Dodavanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Zahtijeva prefiks, uloge, razinu ili raspon"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Zahtijeva prefiks ili uloge"
+
+#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux korisnik %s nije određen"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Propitivanje korisnika za %s nije moguće"
+
+#: ../semanage/seobject.py:543
+#: ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Uređivanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux korisnik %s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:582
+#: ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Brisanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Ispisivanje popisa SELinux korisnika nije moguće"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Ispisivanje popisa uloga korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Potreban je UDP ili TCP protokol"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Potreban je port"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Izrada ključa za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Potrebna je vrsta"
+
+#: ../semanage/seobject.py:668
+#: ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Nije moguće provjeriti je li port %s/%s određen"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s već je određen"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Izrada porta za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Izrada konteksta za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Zadavanje korisnika u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Zadavanje uloge u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Zadavanje vrste u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Zadavanje MLS polja u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Zadavanje konteksta porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:709
+#: ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Dodavanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:722
+#: ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Zahtijeva setype ili serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Zahtijeva setype"
+
+#: ../semanage/seobject.py:732
+#: ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s nije određen"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Propitivanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:751
+#: ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Uređivanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:780
+#: ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Brisanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:792
+#: ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Ispisivanje popisa portova nije moguće"
+
+#: ../semanage/seobject.py:855
+#: ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Potrebna je SELinux vrsta"
+
+#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960
+#: ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Izrada ključa za %s nije moguća"
+
+#: ../semanage/seobject.py:863
+#: ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Nije moguće provjeriti je li sučelje %s određeno"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Sučelje %s već je određeno"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Izrada sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:874
+#: ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Izrada konteksta za %s nije moguća"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Zadavanje korisnika u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Zadavanje uloge u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Zadavanje vrste u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Zadavanje MLS polja u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Zadavanje konteksta sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Zadavanje konteksta poruke za %s nije moguće"
+
+#: ../semanage/seobject.py:907
+#: ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Dodavanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:929
+#: ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Sučelje %s nije određeno"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Propitivanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:948
+#: ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Uređivanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Sučelje %s određeno je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Brisanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Ispisivanje popisa sučelja nije moguće"
+
+#: ../semanage/seobject.py:1035
+#: ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136
+#: ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Nije moguće provjeriti je li kontekst datoteke za %s određen"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Kontekst datoteke za %s već je određen"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Izrada konteksta datoteke za %s nije moguća"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Zadavanje korisnika u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Zadavanje uloge u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Zadavanje vrste u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Zadavanje MLS polja u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Zadavanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1077
+#: ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Dodavanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Zahtijeva setype, serange ili seuser"
+
+#: ../semanage/seobject.py:1099
+#: ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Kontekst datoteke za %s nije određen"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Propitivanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1120
+#: ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Uređivanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Kontekst datoteke za %s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:1152
+#: ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Brisanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Ispisivanje popisa konteksta datoteke nije moguće"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Izrada popisa konteksta lokalnih datoteka nije moguća"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Zahtijeva vrijednost"
+
+#: ../semanage/seobject.py:1211
+#: ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Nije moguće provjeriti je li Booleova vrijednost %s određena"
+
+#: ../semanage/seobject.py:1213
+#: ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Booleova vrijednost %s nije određena"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Propitivanje konteksta datoteke %s nije moguće"
+
+#: ../semanage/seobject.py:1229
+#: ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Uređivanje Booleove vrijednosti %s nije moguće"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Booleova vrijednost %s određena je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:1261
+#: ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Brisanje Booleove vrijednosti %s nije moguće"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Ispisivanje popisa Booleovih vrijednosti nije moguće"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Generiranje datoteke prisile vrste: %s.te"
+
+#: ../audit2allow/audit2allow:189
+#: ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Pravila prevođenja"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** VAŽNO ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Da bi se ovaj novoizrađeni paket pravila učitao u kernel,\n"
+"potrebno je da izvršite naredbu \n"
+"\n"
+"semodule -I %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Opciona greška: %s "
+
diff --git a/policycoreutils/po/ca.po b/policycoreutils/po/ca.po
new file mode 100644
index 0000000..58b8ebb
--- /dev/null
+++ b/policycoreutils/po/ca.po
@@ -0,0 +1,1074 @@
+# Catalan translation for policycoreutils
+# Copyright © 2006 The Free Software Foundation, Inc.
+# This file is distributed under the same license as the policycoreutils
+# package.
+#
+# Josep Puigdemont Casamajó <josep.puigdemont@gmail.com>, 2006.
+# Xavier Conde Rueda <xavi.conde@gmail.com>, 2006
+#
+# This file is translated according to the glossary and style guide of
+# Softcatalà. If you plan to modify this file, please read first the page
+# of the Catalan translation team for the Fedora project at:
+# http://www.softcatala.org/projectes/fedora/
+# and contact the previous translator
+#
+# Aquest fitxer s'ha de traduir d'acord amb el recull de termes i la guia
+# d'estil de Softcatalà. Si voleu modificar aquest fitxer, llegiu si
+# us plau la pàgina de catalanització del projecte Fedora a:
+# http://www.softcatala.org/projectes/fedora/
+# i contacteu l'anterior traductor/a.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-03 01:04+0100\n"
+"Last-Translator: Xavier Conde Rueda <xavi.conde@gmail.com>\n"
+"Language-Team: Catalan <tradgnome@softcatala.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "Forma d'ús: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: no es pot carregar la política: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "no s'ha pogut establir PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Contrasenya:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+"No s'ha pogut trobar la vostra entrada en el fitxer de contrasenyes "
+"ocultes.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "El getpass no pot obrir /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "no s'ha trobat la vostra entrada en el fitxer de contrasenyes.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "No hi ha prou memòria\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "L'intèrpret d'ordres no és vàlid.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "No es pot buidar l'entorn\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "S'ha produït un error en iniciar les capacitats, s'està anul·lant.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "S'ha produït un error en establir les capacitats, s'està anul·lant\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "S'ha produït un error en establir KEEPCAPS, s'està anul·lant.\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "S'ha produït un error en eliminar les capacitats, s'està anul·lant.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "S'ha produït un error en canviar l'UID, s'està anul·lant.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+"S'ha produït un error en tornar a establir el valor de KEEPCAPS, s'està "
+"anul·lant.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+"S'ha produït un error en eliminar la capacitat per a SETUID, s'està "
+"anul·lant.\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "S'ha produït un error en eliminar les capacitats\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "S'ha produït un error en connectar al sistema audit.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "S'ha produït un error en assignar memòria.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "S'ha produït un error en enviar el missatge d'audit.\n"
+
+# FIXME: enforce -> fer cumplir (josep)
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "No s'ha pogut determinar el mode de reforç.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "S'ha produït un error: no s'ha pogut obrir %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s. No s'ha pogut obtenir el context actual per a %s, no es reetiquetarà el "
+"tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s. No s'ha pogut obtenir el nou context per a %s, no es reetiquetarà el "
+"tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s. No s'ha pogut establir el nou context per a %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "S'han canviat %s etiquetes.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Avís: no s'ha pogut restaurar el context per a %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "S'ha produït un error: s'han especificat múltiples rols\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "S'ha produït un error: s'han especificat múltiples tipus\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "El «-l» s'ha de fer servir amb suport MLS de SELinux.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "S'ha produït un error: s'han especificat múltiples nivells\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "No s'ha pogut obtenir el tipus predeterminat.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "no s'ha pogut obtenir el nou context.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "no s'ha pogut establir un nou rol %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "no s'ha pogut establir el nou tipus %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "no s'ha pogut muntar el nou rang amb nivell %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "no s'ha pogut establir el nou rang %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "no s'ha pogut convertir el nou context en cadena de text\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s no és un context vàlid\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "No es pot assignar memòria per a new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "No es pot obtenir un conjunt de senyals buit\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "No es pot establir el gestor de SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "El newrole només es pot fer servir amb un nucli amb SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "no s'ha pogut obtenir l'old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "No s'ha pogut obtenir informació de la tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "S'està autenticant %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "no s'ha pogut inicialitzar el PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: la contrasenya per a %s no és correcta\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: no s'ha pogut crear un fill: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "No es pot restaurar l'estiqueta tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "No s'ha pogut tancar el tty adequadament\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "No s'ha pogut tancar els descriptors.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "S'ha produït un error en assignar l'argv0 de l'intèrpret d'ordres.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "No s'ha pogut establir el context d'execució a %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "No s'ha pogut restaurar l'entorn, s'està interrompent\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "no s'ha pogut executar l'intèrpret d'ordres\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"Ús: run_init <fitxer de seqüència> <arguments ...>\n"
+" on: <fitxer de seqüència> és la seqüència d'iniciació a executar,\n"
+" <args ...> són els arguments per al fitxer de seqüència."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "no s'ha pogut obtenir la informació del compte\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: contrasenya incorrecta per a %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "No s'ha pogut obrir el fitxer %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "No hi ha context al fitxer %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "El run_init només es pot fer servir amb un nucli SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "ha fallat l'autenticació.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Requereix com a mínim una categoria"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+"No s'ha pogut modificar els nivells de sensibilitat fent servir '+' a %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s ja és a %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s no és a %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "No es pot combinar +/- amb altres tipus de categories"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "No pot tenir múltiples sensibilitats"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Forma d'ús: %s CATEGORIA fitxer ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Forma d'ús: %s -l CATEGORIA usuari ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Forma d'ús: %s [[+|-]CATEGORIA],...]q Fitxer ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Forma d'ús: %s -1 [[+|-]CATEGORIA],...]q usuari ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Forma d'ús: %s -d Fitxer ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Forma d'ús: %s -l -d usuari ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Forma d'ús: %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Forma d'ús: %s -L -l usuari"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Useu -- per acabar la llista d'opcions. Per exemple"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyiaConfidencial /docs/pladenegocis.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyiaConfidencial jusuari"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Necessita almenys dos arguments"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s no és definit"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s no és vàlid per a objectes %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "el rang no està implementat amb màquines sense MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Heu d'especificar un rol"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Heu d'especificar un prefix"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Error en les opcions %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Valor invàlid per a %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "les traduccions no estan suportades en màquines sense MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"No s'ha pogut obrir %s: les traduccions no estan suportades a màquines sense "
+"MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Les traduccions no poden contenir espais '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Nivell '%s' invàlid "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s ja existeix a les traduccions"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s no està definit a les traduccions"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"No s'està gestionant les polítiques del SELinux o no es pot accedir el "
+"magatzem."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "No es pot llegir el magatzem de polítiques."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "No es pot establir la connexió amb el semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "No s'ha pogut crear una clau per a %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "No s'ha pogut comprovar si està definit el mapatge d'entrada per a %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Ja s'ha definit el mapatge per a %s"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "No existeix l'usuari de Linux %s"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "No s'ha pogut crear el mapatge d'entrada per a %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "No s'ha pogut establir el nom per a %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "No s'ha pogut establir el rang MLS per a %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "No s'ha pogut establir l'usuari SELinux per a %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "No s'ha pogut iniciar la transacció del semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "No s'ha pogut afegir el mapatge d'entrada per a %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Es necessita el seuser o el serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "No s'ha definit el mapatge de l'entrada per a %s"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "No s'ha pogut consultar el seuser quant a %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "No s'ha pogut modificar el mapatge d'entrada per a %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "S'ha definit el mapatge per a %s a la política, no es pot suprimir"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "No s'ha pogut suprimir el mapatge d'entrada per a %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "No s'ha pogut llistar els mapatges d'entrada"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "No s'ha pogut comprovar si està definit l'usuari SELinux %s"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "L'usuari SELinux %s ja està definit"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "No s'ha pogut crear l'usuari SELinux per a %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "No s'ha pogut afegir el rol %s per a %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "No s'ha pogut establir el nivell MLS per a %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "El prefix %s invàlid"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "No s'ha pogut afegir el prefix %s per a %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "No s'ha pogut extreure la clau per a %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "No s'ha pogut afegir l'usuari SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Necessita prefix, rols, nivell o rang"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Necessita prefix o rols"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "L'usuari SELinux %s no està definit"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "No s'ha pogut demanar l'usuari per a %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "No s'ha pogut modificar l'usuari SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "L'usuari SELinux %s està definit a la política, no es pot suprimir"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "No s'ha pogut suprimir l'usuari SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "No es pot llistar els usuaris SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "No es pot llistar els rols per a l'usuari %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Es necessita el protocol udp o tcp"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Cal el port"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "No s'ha pogut crear una clau per a %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Cal el tipus"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "No s'ha pogut comprovar si el port %s/%s està definit"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "El port %s/%s està definit"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "No s'ha pogut crear el port per a %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "No s'ha pogut crear el context per a %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "No s'ha pogut establir l'usuari al context del port per a %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "No s'ha pogut establir el rol al context del port per a %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "No s'ha pogut establir el tipus al context del port per a %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+"No s'ha pogut establir els camps mls en el context del port per a %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "No s'ha pogut establir el context del port per a %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "No s'ha pogut afegir el port %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Cal el setype o el serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Cal el setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "El port %s/%s no està definit"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "No es pot consultar el port %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "No es pot modificar el port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "El port %s/%s està definit en la política, no es pot suprimir"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "No s'ha pogut suprimir el port %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "No s'ha pogut llistar els ports"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Cal el tipus SELinux"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "No s'ha pogut crear la clau per a %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "No s'ha pogut comprovar si s'ha definit la interfície %s"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Ja s'ha definit la interfície %s"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "No s'ha pogut crear la interfície per a %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "No s'ha pogut crear el context per a %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+"No s'ha pogut establir l'usuari en el context de la interfície per a %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "No s'ha pogut establir el rol en el context d'interfície per a %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "No s'ha pogut establir el tipus en el context d'interfície per a %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+"No s'ha pogut establir els camps mls en el context d'interfície per a %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "No s'ha pogut establir el context d'interfície per a %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "No s'ha pogut establir el context de missatge per a %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "No s'ha pogut afegir la interfície per a %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "La interfície %s no s'ha definit"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "No s'ha pogut consultar la interfície %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "No s'ha pogut modificar la interfície %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "La interfície %s s'ha definit a la política, no es pot suprimir"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "No s'ha pogut suprimir la interfície %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "No s'han pogut llistar les interfícies"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "No s'ha pogut comprovar si el context de fitxer per a %s està definit"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "El context de fitxer per a %s ja està definit"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "No s'ha pogut crear el fitxer de context per a %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "No s'ha pogut establir l'usuari en el context del fitxer per a %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "No s'ha pogut establir el rol en el context del fitxer per a %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "No s'ha pogut establir el tipus en el context del fitxer per a %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "No s'ha pogut establir els camps mls en el context de fitxer per a %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "No s'ha pogut establir el context de fitxer per a %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "No s'ha pogut afegir el context de fitxer per a %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Es necessita el setype, serange o seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "No s'ha definit el context del fitxer per a %s"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "No s'ha pogut consultar el context del fitxer per a %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "No s'ha pogut modificar el context de fitxer per a %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"El context del fitxer per a %s està definit en la política, no es pot "
+"suprimir"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "No s'ha pogut suprimir el context de fitxer per a %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "No s'ha pogut llistar els contexts del fitxer"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "No s'ha pogut llistar els contexts del fitxer local"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Requereix un valor"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "No s'ha pogut comprovar si el booleà %s està definit"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "El booleà %s no s'ha definit"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "No s'ha pogut consultar el context %s del fitxer"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "No s'ha pogut modificar el booleà %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "El booleà %s està definit a la política, no es pot suprimir"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "No s'ha pogut suprimir el booleà %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "No s'ha pogut llistar els booleans"
+
+# FIXME: enforce -> fer cumplir (josep)
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "S'està generant el fitxer de reforç del tipus: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "S'està compilant la política"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Per carregar aquest nou paquet de polítiques en el nucli,\n"
+"us cal executar\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Error en les opcions: %s "
diff --git a/policycoreutils/po/cs.po b/policycoreutils/po/cs.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/cs.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/cy.po b/policycoreutils/po/cy.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/cy.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/da.po b/policycoreutils/po/da.po
new file mode 100644
index 0000000..2f312da
--- /dev/null
+++ b/policycoreutils/po/da.po
@@ -0,0 +1,1042 @@
+# Danish messages for policycoreutils.
+# Copyright (C) 2006 Christian Rose.
+# Christian Rose <menthos@menthos.com>, 2006.
+# Keld Simonsen <keld@dkuug.dk>, 2006.
+#
+# $Id: da.po 2193 2007-01-18 14:49:39Z ssmalley $
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-08-28 02:52-0400\n"
+"Last-Translator: Keld Simonsen <keld@dkuug.dk>\n"
+"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "brug: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Kan ikke indlæse policy: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "kunne ikke sætte PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Adgangskode:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Kan ikke finde din post i skyggeadgangskodesfilen.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass kan ikke åbne /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, fuzzy, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "kan ikke finde din indgang i passwd-filen.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Ikke mere hukommelse!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Fejl! Skallen er ikke gyldig.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Fejl ved initiering af kapabiliteter, afbryder.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, fuzzy, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Fejl ved initiering af kapabiliteter, afbryder.\n"
+
+#: ../newrole/newrole.c:450
+#, fuzzy, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Fejl ved nulstilling af KEEPCAPS, afbryder\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Fejl ved fjernelse af kapabiliteter, afbryder\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Fejl ved skift af uid, afbryder.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Fejl ved nulstilling af KEEPCAPS, afbryder\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Fejl ved fjernelse af SETUID kapabilitet, afbryder\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Fejl ved forbindelse til auditeringssystem.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Fejl ved hukommelsesallokering.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Fejl ved sending af auditeringsmeddelelse.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Kunne ikke bestemme gennemtvingnings-tilstand.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Fejl! Kunne ikke åbne %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Kunne ikke hente aktuel kontekst for %s, ommærker ikke tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Kunne ikke få ny kontekst for %s, ommærker ikke tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Kunne ikke sætte ny kontekst for %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s ændrede mærkninger.\n"
+
+#: ../newrole/newrole.c:716
+#, fuzzy, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Advarsel! Kunne ikke genetablere kontekst for %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Fejl: flere roller specificeret\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Fejl: flere typer angivet\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Desværre, -l kan bruges med SELinux MLS understøttelse.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Fejl: flere niveauer angivet\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Kunne ikke få fat i standardtype.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "kunne ikke få fat i ny kontekst.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "kunne ikke sætte ny rolle %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "kunne ikke sætte ny type %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "kunne ikke bygge nyt interval med niveau %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "kunne ikke sætte nyt interval %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "kunne ikke konvertere ny kontekst til streng\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s er ikke en gyldig kontekst\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Desværre, newrole kan kun bruges på en SELinux-kerne.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "kunne ikke få fat i old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Fejl! Kunne ikke få fat på tty-information.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autentifiserer %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "kunne ikke initiere PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: fejlagtig adgangskode for %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: fejl ved forgrening: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, fuzzy, c-format
+msgid "Failed to close tty properly\n"
+msgstr "kunne ikke sætte ny type %s\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Kunne ikke lukke deskriptorerne.\n"
+
+#: ../newrole/newrole.c:1140
+#, fuzzy, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Fejl ved hukommelsesallokering.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Kunne ikke sætte kørselskontekst til %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "kunne ikke udføre skál\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"BRUG: run_init <skript> <args ...>\n"
+" hvor: <skript> er navnet på init skript som skal køres,\n"
+" <args ...> er argumenter til dette skript."
+
+#: ../run_init/run_init.c:139
+#, fuzzy, c-format
+msgid "failed to get account information\n"
+msgstr "kunne ikke få fat i ny kontekst.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: forkert adgangskode for %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Kunne ikke åbne filen %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Ingen kontekst i filen %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Desværre, run_init kan kun bruges på en SELinux-kerne.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "autentisering mislykkedes.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Kræver mindst én kategori"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Kan ikke ændre følsomhedsniveau ved at bruge '+' på %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s er allerede i %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s findes ikke i %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kan ikke kombinere +/- med andre typer af kategorier"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Kan ikke have flere følsomheder"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Brug %s KATEGORI fil ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Brug %s -l KATEGORI bruger ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Brug %s [[+|-]KATEGORI],...]q fil ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Brug %s -l [[+|-]KATEGORI],...]q bruger ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Brug %s -d fil ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Brug %s -l -d bruger ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Brug %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Brug %s -L -l bruger"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Brug -- for afslutte option-listen. For eksempel"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -Hemmeligt /dok/forretningsplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +Hemmeligt juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Kræver 2 eller flere argumenter"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s er ikke defineret"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s ikke gyldig for %s objekt\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "interval understøttes ikke af ikke-MLS maskiner"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Du skal angive en rolle"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Du skal angive et præfiks"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Flagfejl %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Ugyldigxt værdi %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "oversættelser understøttes ikke på maskiner som ikke har MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Kan ikke åbne %s: oversættelser understøttes ikke på maskiner som ikke har "
+"MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "oversættelser kan ikke indeholde mellemrum \"%s\" "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Ugyldigt niveau \"%s\" "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s er allerede defineret i oversættelser"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s er ikke defineret i oversættelser"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux policy er ikke håndteret, eller der er ikke adgang til lager."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Kan ikke læse policylager."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Kunne ikke sætte en semanage-opkobling op"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Kunne ikke oprette en nøgle for %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Kunne ikke kontrollere om indlogningskortlægning for %s er defineret"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Indlogningskortlægning for %s er allerede defineret"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linuxbruger %s findes ikke"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Kunne ikke oprette indlogningskortlægning for %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Kunne ikke sætte navn for %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Kunne ikke sætte MLS-interval for %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Kunne ikke sætte SELinux-bruger for %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Kunne ikke starte semanage-transaktion"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Kunne ikke tilføje indlogningskortlægning for %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Kræver seuser eller serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Indlogningskortlægning for %s er ikke defineret"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Kunne ikke forespørge seuser om %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Kunne ikke ændre indlognings-kortlægning for %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Indlogningskortlægning for %s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Kunne ikke fjerne indlogningkortlægning for %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Kunne ikke liste indlogningskortlægninger"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Kunne ikke kontrollere om SELinux-bruger %s er defineret"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux-bruger %s er allerede defineret"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Kunne ikke oprette SELinux-bruger for %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Kunne ikke tilføje rolle %s for %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Kunne ikke sætte MLS-niveau for %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, fuzzy, python-format
+msgid "Invalid prefix %s"
+msgstr "Ugyldigxt værdi %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Kunne ikke tilføje præfiks %s for %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Kunne ikke finde nøgle for %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Kunne ikke tilføje SELinux-bruger %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Kræver præfiks, roller, niveau eller område"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Kræver præfiks eller roller"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux-bruger %s er ikke defineret"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Kan ikke forespørge bruger om %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Kan ikke ændre SELinux-bruger %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux-bruger %s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Kan ikke fjerne SELinuxtbruger %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Kan ikke liste SELinuxtbrugere"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Kan ikke liste roller for bruger %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protokol udp eller tcp kræves"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Port kræves"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Kunne ikke oprette en nøgle for %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Type kræves"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Kunne ikke kontrollere om port %s/%s er defineret"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s allerede defineret"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Kunne ikke oprette port for %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Kunne ikke oprette kontekst for %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Kunne ikke sætte bruger i port-kontekst for %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Kunne ikke sætte rolle i port-kontekst for %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Kunne ikke sætte type i port-kontekst for %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Kunne ikke sætte mls-felter i port-kontekst for %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Kunne ikke sætte port-kontekst for %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Kunne ikke tilføje port %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Kræver setype eller serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Kræver setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s er ikke defineret"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Kunne ikke forespørge port %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Kunne ikke ændre port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Kan ikke fjerne port %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Kunne ikke liste porte"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux Type kræves"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Kunne ikke oprette nøgle for %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Kunne ikke kontrollere om grænsefladen %s er defineret"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Grænsefladen %s er allerede defineret"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Kunne ikke oprette grænseflade for %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Kunne ikke oprette-kontekst for %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Kunne ikke sætte bruger i grænseflade-kontekst for %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Kunne ikke sætte rolle i grænseflade-kontekst for %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Kan ikke sætte type i grænseflade-kontekst for %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Kan ikke sætte mls-felt i grænseflade-kontekst for %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Kan ikke sætte grænseflade-kontekst for %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Kan ikke sætte meddelelse-kontekst for %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Kunne ikke tilføje grænsefladen %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Grænsefladen %s er ikke defineret"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Kunne ikke spørge grænsefladen %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Kunne ikke ændre grænsefladen %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Grænseflade %s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Kunne ikke fjerne grænsefladen %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Kunne ikke liste grænseflader"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Kan ikke kontrollere om fil-kontekst for %s er defineret"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Filkontekst for %s allerede defineret"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Kunne ikke oprette filkontekst for %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Kunne ikke sætte bruger i filkontekst for %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Kunne ikke sætte rolle i filkontekst for %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Kunne ikke sætte type i filkontekst for %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Kunne ikke sætte mls-felter i filkontekst for %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Kunne ikke sætte filkontekst for %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Kunne ikke tilføje filkontekst for %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Kræver setype, serange eller seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Filkontekst for %s er ikke defineret"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Kunne ikke spørge filkontekst for %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Kunne ikke ændre filkontekst for %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Filkontekst for %s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Kunne ikke slette filkontekst for %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Kunne ikke liste filkontekst"
+
+#: ../semanage/seobject.py:1168
+#, fuzzy
+msgid "Could not list local file contexts"
+msgstr "Kunne ikke liste filkontekst"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Kræver værdi"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Kunne ikke kontrollere om flaget %s er defineret"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Flaget %s er ikke defineret"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Kunne ikke forespørge filkontekst %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Kunne ikke ændre flag %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Flag %s er defineret i policy, kan ikke fjernes"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Kunne ikke fjerne flag %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Kunne ikke liste flag"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Genererer gennemtvingnings-type fil: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Kompilerer policy"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"********************* VIGTIGT ************************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"For at indlæse denne nye policy-pakke in i kernen,\n"
+"skal du køre \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Flagfejl: %s "
diff --git a/policycoreutils/po/de.po b/policycoreutils/po/de.po
new file mode 100644
index 0000000..0d10bd9
--- /dev/null
+++ b/policycoreutils/po/de.po
@@ -0,0 +1,1067 @@
+# translation of de.po to
+# translation of de.po to
+# German translation of policycoreutils.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+# Holger Wansing <linux@wansing-online.de>, 2006.
+# Timo Trinks <ttrinks@redhat.com>, 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: de\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 09:27+1000\n"
+"Last-Translator: Timo Trinks <ttrinks@redhat.com>\n"
+"Language-Team: <en@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "Aufruf: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Kann Richtlinie nicht laden: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "Einstellung von PAM_TTY fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Passwort:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Konnte Ihren Eintrag in der »shadow«-Passwortdatei nicht finden.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass kann /dev/tty nicht öffnen\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "Kann keinen gültigen Eintrag in der passwd-Datei finden.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Nicht genügend Speicher!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Fehler! Shell ist ungültig.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Kann Umgebung nicht löschen\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Fehler bei der Funktions-Initialisierung, Abbruch.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Fehler bei der Leistungsinitialisierung, Abbruch.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Fehler bei der KEEPCAPS-Einrichtung, Abbruch\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Fehler beim verwerfen von Funktionen.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Fehler beim Ändern der Benutzerkennung (uid), Abbruch.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Fehler beim zurücksetzen von KEEPCAPS, Abbruch\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Fehler beim verwerfen der SETUID Funktion, Abbruch.\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Fehler beim Lösen von Caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Fehler beim Verbinden für Systemprüfung.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Fehler beim Reservieren des Speichers.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Fehler beim Senden der Prüfungsmeldung.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Konnte Enforcing-Modus nicht beenden.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Fehler! Konnte %s nicht öffnen.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Erwerb des aktuellen Kontextes für %s fehlgeschlagen. tty wird nicht "
+"umbenannt.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Erwerb des neuen Kontextes für %s fehlgeschlagen. tty wird nicht "
+"umbenannt.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Konnte neuen Kontext für »%s« nicht setzen.\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s wurde unbenannt.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Warnung! Kontext für %s nicht wiederherstellbar\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Fehler: mehrere Benutzer (SELinux RBAC rolesf) festgelegt\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Fehler: mehrere Typen festgelegt\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Entschuldigung, ich sollte nur mit MLS Unterstützung benutzt werden.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Fehler: mehrere Ebenen festgelegt\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Konnte Standardtyp nicht feststellen.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "Erwerb des neuen Kontextes fehlgeschlagen.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "Setzen von neuem Benutzer (SELinux RBAC role) »%s« fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "Setzen des neuen Typs »%s« fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "Erstellung von neuem Bereich mit Level %s fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "Setzen von neuem Bereich %s fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+"Konvertieren des neuen Kontexts in Zeichenfolge (String) fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "»%s« ist kein gültiger Kontext\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Kann keinen Speicher für new_context zuweisen"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Kann keine leere Signalmenge erhalten\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Kann SIGHUP-Handler nicht setzen\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+"Entschuldigung, diese neue Eingabe sollte nur auf einem SELinux-Kernel "
+"benutzt werden.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "Konnte alten Kontext nicht bekommen.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Fehler! Konnte tty-Informationen nicht abrufen.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Authentifiziere %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Initialisieren von PAM fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "Neue Eingabe: falsches Passwort für %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: Fork fehlgeschlagen: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Kann TTY-Label nicht wiederherstellen...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Schließen von TTY fehlgeschlagen\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Konnte Deskriptoren nicht schließen.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Fehler beim Zuweisen von argv0 für die Shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Konnte exec-Kontext nicht auf »%s« setzen.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Kann Umgebung nicht wiederherstellen, Abbruch\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "Ausführen der Shell fehlgeschlagen\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"AUFRUF: run_init <script> <args ...>\n"
+" dabei ist <script> der Name des Init-Skripts, das Sie ausführen möchten "
+"und\n"
+" <args ...> sind die Argumente für dieses Skript."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "Konnte keine Account-Informationen abrufen\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: falsches Passwort für »%s«\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Konnte Datei »%s« nicht öffnen\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Kein Kontext in Datei »%s«\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+"Entschuldigung, run_init sollte nur auf einem SELinux-Kernel benutzt "
+"werden.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "Authentifizierung fehlgeschlagen.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Benötigt mindestens eine Kategorie"
+
+# Translation of sensitivity fuzzy
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Kann Sensivitätsstufe mittels '+' auf %s nicht ändern"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s ist bereits in %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s ist nicht in %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kann +/- nicht mit anderen Kategorietypen kombinieren"
+
+# Translation of 'sensitivities' fuzzy
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Kann nicht mehrere Empfindlichkeiten besitzen"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Verwendung %s KATEGORIE Datei ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Verwendung %s -l KATEGORIE Benutzer ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Verwendung %s [[+|-]KATEGORIE],...]q Datei ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Verwendung %s -l [[+|-]KATEGORIE],...]q Benutzer ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Aufruf %s -d Datei ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Verwendung %s -l -d Benutzer ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Aufruf %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Aufruf: %s -L -l Benutzer"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Benutze -- um die Optionenaufzählung abzuschließen. Beispiel:"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -Vertraulich /docs/geschäftsplanung.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +Vertraulich juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Benötigt 2 oder mehr Argumente"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s ist nicht definiert"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s ist ungültig für %s Objekte\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "Bereich wird auf Nicht-MLS Maschinen nicht unterstützt"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Sie müssen einen Benutzer angeben"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Sie müssen ein Präfix angeben"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Optionsfehler %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Ungültiger Wert %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "Übersetzungen auf Nicht-MLS Machinen werden nicht unterstützt"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Öffnen von %s: Übersetzungen auf Nicht-MLS Machinen werden nicht unterstützt"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Übersetzungen können keine Leerfelder enthalten '%s'"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Ungültiges Level '%s'"
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s ist bereits in Übersetzungen festgelegt"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s ist nicht in Übersetzungen festgelegt"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"SELinux Richtlinie wird nicht verwaltet oder auf den Speicher kann nicht "
+"zugegriffen werden."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Kann Richtlinien - Speicher nicht lesen"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Konnte semanage Verbindung nicht herstellen"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Konnte keinen Schlüssel für %s erstellen"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Konnte nicht überprüfen ob die Login-Zuweisung für %s zugewiesen ist"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Login-Zuordung für %s ist bereits festgelegt"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux Benutzer %s existiert nicht"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Login-Zuweisung für %s konnte nicht erstellt werden"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Bezeichnung für %s konnte nicht gesetzt werden"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "MLS Bereich für %s konnte nicht gesetzt werden"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "SELinux Benutzer für %s konnte nicht gesetzt werden"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage Transaktion konnte nicht gestartet werden"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Login-Zuweisung für %s konnte nicht hinzugefügt werden"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Benötigt seuser oder serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Login-Zuordnung für %s ist nicht definiert"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Konnte seuser für %s nicht abfragen"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Konnte Login-Zuweisung für %s nicht ändern"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Login-Zuordnung für %s ist in der Richtlinie festgelegt und kann nicht "
+"entfernt werden"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Konnte Login-Zuweisung für %s nicht löschen"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Konnte Login-Zuweisungen nicht anzeigen"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Konnte nicht überprüfen ob SELinux Benutzer %s definiert ist"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux user %s ist bereits angelegt"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Konnte SELinux Benutzer für %s nicht erstellen"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Konnte Benutzerrolle %s für %s nicht hinzufügen"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Konnte MLS Level für %s nicht setzen"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Ungültiges Präfix %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Konnte Präfix %s für %s nicht hinzufügen"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Konnte Schlüssel für %s nicht extrahieren"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Konnte SELinux User %s nicht hinzufügen"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Benötigt Präfix, Benutzerrolle, Level oder Bereich"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Benötigt Präfix oder Benutzerrollen"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux Benutzer %s ist nicht definiert"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Konnte Benutzer für %s nicht abfragen"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Konnte SELinux Benutzer %s nicht ändern"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"SELinux Benutzer %s ist in der Richtlinie definiert und kann nicht entfernt "
+"werden"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Konnte SELinux Benutzer %s nicht löschen"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Konnte SELinux Benutzer nicht auflisten"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Konnte Benutzerrollen nicht auflisten für %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protokoll UDP oder TCP wird benötigt"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Port wird benötigt"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Konnte Schlüssel für %s/%s nicht erstellen"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Typ wird benötigt"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Konnte nicht prüfen ob Port %s/%s definiert ist"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s ist bereits definiert"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Konnte Port für %s/%s nicht erstellen"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Konnte Kontext für %s/%s nicht erstellen"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Konnte Benutzer in Port-Kontext für %s/%s nicht setzen"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Konnte Benutzerrolle in Port-Kontext für %s/%s nicht setzen"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Konnte Typ in Port-Kontext für %s/%s nicht setzen"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Konnte MLS Felder in Port-Kontext für %s/%s nicht setzen"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Konnte Port-Kontext für %s/%s nicht setzen"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Konnte Port %s/%s nicht hinzufügen"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Benötigt setype oder serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Benötigt setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s ist nicht definiert"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Konnte Port %s/%s nicht abfragen"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Konnte Port %s/%s nicht ändern"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+"Port %s/%s ist in der Richtlinie festgelegt und kann nicht entfernt werden"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Konnte Port %s/%s nicht löschen"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Konnte Ports nicht auflisten"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux Typ wird benötigt"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Konnte Schlüssel für %s nicht kreieren"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Konnte nicht überprüfen, ob die Schnittstelle %s definiert ist"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Schnittstelle %s ist bereits definiert"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Konnte keine Schnittstelle für %s kreieren"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Konnte keinen Kontext für %s kreieren"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Konnte Benutzer in Schnittstellen-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Konnte Aufgabe in Schnittstellen-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Konnte Typ in Schnittstellen-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Konnte die mls-Felder in Schnittstellen-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Konnte Schnittstellen-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Konnte Nachricht-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Konnte Schnittstelle %s nicht hinzufügen"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Schnittstelle %s ist nicht definiert"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Konnte Schnittstelle %s nicht abfragen"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Konnte Schnittstelle %s nicht modifizieren"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+"Schnittstelle %s ist in der Richtlinie festgelegt und kann nicht entfernt "
+"werden"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Konnte Schnittstelle %s nicht löschen"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Konnte Schnittstellen nicht auflisten"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Konnte nicht überprüfen, ob Datei-Kontext für %s definiert ist"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Datei-Kontext für %s ist bereits definiert"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht kreieren"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Konnte Benutzer in Datei-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Konnte Aufgabe in Datei-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Konnte Typ in Datei-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Konnte die mls-Felder in Datei-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht setzen"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht hinzufügen"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Benötigt setype, serange oder seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Datei-Kontext für %s ist nicht definiert"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht abfragen"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht erneuern"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Der Kontext für Datei %s ist in der Richtlinie festgelegt und kann nicht "
+"entfernt werden"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Konnte Datei-Kontext für %s nicht löschen"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Konnte Datei-Kontexte nicht auflisten"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Konnte lokale Datei-Kontexte nicht auflisten"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Benötigt einen Wert"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Konnte nicht überprüfen, ob boolesch %s definiert ist"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Boolscher Wert %s ist nicht definiert"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Konnte den Datei-Kontext %s nicht abfragen"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Konnte boolesch %s nicht erneuern"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+"Boolscher Wert %s ist in der Richtlinie festgelegt und kann nicht entfernt "
+"werden"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Konnte boolesch %s nicht löschen"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Konnte boolesche Werte nicht auflisten"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Erstelle Type Enforcement Datei %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Kompiliere Richtlinie"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** WICHTIG ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Um das neu erstellte Richtlinienpaket in den Kernel zu laden,\n"
+"ist es notwendig folgendes auszuführen:\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Options Fehler: %s"
diff --git a/policycoreutils/po/el.po b/policycoreutils/po/el.po
new file mode 100644
index 0000000..ca1a298
--- /dev/null
+++ b/policycoreutils/po/el.po
@@ -0,0 +1,1079 @@
+# translation of el.po to Greek
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Simos Xenitellis <simos@gnome.org>, 2006.
+# Dimitris Glezos <dimitris@glezos.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: el\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-09-18 14:49+0100\n"
+"Last-Translator: Dimitris Glezos <dimitris@glezos.com>\n"
+"Language-Team: Greek <fedora-trans-el@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, fuzzy, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "(tt) %s: αδυναμία φόρτωσης πρόσοψης: %s\n"
+
+#
+#: ../newrole/newrole.c:188
+#, fuzzy, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "Αποτυχία ορίσματος του PAM_TTY=%s"
+
+# #-#-#-#-# gdm2.gnome-2-14.el.po (el) #-#-#-#-#
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Συνθηματικό:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, fuzzy, c-format
+msgid "Out of memory!\n"
+msgstr "Η μνήμη εξαντλήθηκε"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, fuzzy, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Σφάλμα κατά την ολοκλήρωση της μορφοποίησης"
+
+#: ../newrole/newrole.c:450
+#, fuzzy, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Σφάλμα διαγραφής εικόνας boot"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, fuzzy, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Σφάλμα κατά την ολοκλήρωση της μορφοποίησης"
+
+#
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, fuzzy, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Σφάλμα στην ανάγνωση... ματαίωση"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, fuzzy, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Σφάλμα διαγραφής εικόνας boot"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, fuzzy, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Σφάλμα εγγραφής στο δίσκο"
+
+#: ../newrole/newrole.c:586
+#, fuzzy, c-format
+msgid "Error allocating memory.\n"
+msgstr "Σφάλμα φόρτωσης λίστας memo"
+
+#: ../newrole/newrole.c:593
+#, fuzzy, c-format
+msgid "Error sending audit message.\n"
+msgstr "Σφάλμα ανάκτησης μηνύματος"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, fuzzy, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Αδύνατος ο προσδιορισμός της τρέχουσας γεωμετρίας δισκέτας."
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Σφάλμα! Αδυναμία ανοίγματος %s.\n"
+
+#
+#: ../newrole/newrole.c:646
+#, fuzzy, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s: Αποτυχία δημιουργίας περιβάλλοντος για %s. Διακοπή."
+
+#
+#: ../newrole/newrole.c:656
+#, fuzzy, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s: Αποτυχία δημιουργίας περιβάλλοντος για %s. Διακοπή."
+
+#
+#: ../newrole/newrole.c:666
+#, fuzzy, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s: Αποτυχία δημιουργίας νέου αρχείου cookie σε %s"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, fuzzy, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../newrole/newrole.c:772
+#, fuzzy, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Να επιτρέπεται η επιλογή πολλαπλών γραμμών"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, fuzzy, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Δεν ήταν δυνατή η λήψη μηνύματος"
+
+#: ../newrole/newrole.c:824
+#, fuzzy, c-format
+msgid "failed to get new context.\n"
+msgstr "Αποτυχία ορισμού εύρεσης κειμένου: %s."
+
+#: ../newrole/newrole.c:831
+#, fuzzy, c-format
+msgid "failed to set new role %s\n"
+msgstr "Αποτυχία ορισμού τιμής: %s."
+
+#: ../newrole/newrole.c:838
+#, fuzzy, c-format
+msgid "failed to set new type %s\n"
+msgstr "Αποτυχία ορισμού εύρεσης κειμένου: %s."
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, fuzzy, c-format
+msgid "failed to set new range %s\n"
+msgstr "Αποτυχία ορισμού γλώσσας: %s."
+
+#: ../newrole/newrole.c:860
+#, fuzzy, c-format
+msgid "failed to convert new context to string\n"
+msgstr "αποτυχία αποστολής επόμενου αλφαριθμητικού \"%s\" στην ομιλία"
+
+#: ../newrole/newrole.c:865
+#, fuzzy, c-format
+msgid "%s is not a valid context\n"
+msgstr "Το %s δεν είναι έγκυρη τοποθεσία"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, fuzzy, c-format
+msgid "failed to get old_context.\n"
+msgstr "Αποτυχία ορισμού αρίθμησης: %s."
+
+#: ../newrole/newrole.c:996
+#, fuzzy, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Αδυναμία ανάκτησης δεδομένων μετοχών."
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Πιστοποίηση %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, fuzzy, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Αδυναμία αρχικοποίησης φωνών\n"
+
+#: ../newrole/newrole.c:1029
+#, fuzzy, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "Εισάγετε συνθηματικό για %s"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, fuzzy, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Αποτυχία ορισμού εύρεσης κειμένου: %s."
+
+#: ../newrole/newrole.c:1117
+#, fuzzy, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Δεν ήταν δυνατό το κλείσιμο του προσωρινού φακέλου:%s"
+
+#: ../newrole/newrole.c:1140
+#, fuzzy, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Σφάλμα φόρτωσης λίστας memo"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, fuzzy, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Αδυναμία εκτέλεσης '%s': %s\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+#, fuzzy
+msgid "failed to exec shell\n"
+msgstr "Αποτυχία εκτέλεσης gpg: %s"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, fuzzy, c-format
+msgid "failed to get account information\n"
+msgstr "Αποτυχία ορισμού εύρεσης κειμένου: %s."
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: λανθασμένο συνθηματικό για %s\n"
+
+#: ../run_init/run_init.c:309
+#, fuzzy, c-format
+msgid "Could not open file %s\n"
+msgstr "Δεν ήταν δυνατό το άνοιγμα του αρχείου"
+
+#: ../run_init/run_init.c:336
+#, fuzzy, c-format
+msgid "No context in file %s\n"
+msgstr "Αδυναμία ανοίγματος αρχείου %s.\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "αποτυχία πιστοποίησης.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+#, fuzzy
+msgid "Requires at least one category"
+msgstr "Απαιτούμενα άτομα και έ_νας πόρος"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, fuzzy, c-format
+msgid "%s is already in %s"
+msgstr "%s είναι ήδη στη λίστα"
+
+# #-#-#-#-# nautilus.gnome-2-14.el.po (el) #-#-#-#-#
+#
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, fuzzy, c-format
+msgid "%s is not in %s"
+msgstr "%s σε %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, fuzzy, c-format
+msgid "Usage %s -L"
+msgstr "Χρήση: %s\n"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+#, fuzzy
+msgid "Requires 2 or more arguments"
+msgstr "Μεταβλητή ή εντολή προγράμματος"
+
+#: ../semanage/semanage:132
+#, fuzzy, c-format
+msgid "%s not defined"
+msgstr "%s: δεν έχουν ορισθεί γραμματοσειρές\n"
+
+#: ../semanage/semanage:156
+#, fuzzy, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "Μή έγκυρο αντικείμενο"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+#, fuzzy
+msgid "range not supported on Non MLS machines"
+msgstr ""
+"#-#-#-#-# epiphany.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Δεν υποστηρίζεται η εκτύπωση σε αυτόν τον εκτυπωτή\n"
+"#-#-#-#-# yelp.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Η εκτύπωση δεν υποστηρίζεται σε αυτόν τον εκτυπωτή"
+
+#: ../semanage/semanage:249
+#, fuzzy
+msgid "You must specify a role"
+msgstr "Πρέπει να καθορίσετε ένα κατάλογο."
+
+#: ../semanage/semanage:251
+#, fuzzy
+msgid "You must specify a prefix"
+msgstr "Θα πρέπει να καθορίσετε ένα μοτίβο"
+
+#: ../semanage/semanage:300
+#, fuzzy, c-format
+msgid "Options Error %s "
+msgstr "Σφάλμα πιστοποίησης: %s"
+
+#: ../semanage/semanage:304
+#, fuzzy, c-format
+msgid "Invalid value %s"
+msgstr "Μη έγκυρη τιμή VGA"
+
+#: ../semanage/seobject.py:132
+#, fuzzy
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+"#-#-#-#-# epiphany.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Δεν υποστηρίζεται η εκτύπωση σε αυτόν τον εκτυπωτή\n"
+"#-#-#-#-# yelp.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Η εκτύπωση δεν υποστηρίζεται σε αυτόν τον εκτυπωτή"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, fuzzy, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Ο φάκελος δεν είναι δυνατό να περιέχει το χαρακτήρα '/'"
+
+#: ../semanage/seobject.py:182
+#, fuzzy, python-format
+msgid "Invalid Level '%s' "
+msgstr "Μη έγκυρη στρατηγική '%s'"
+
+#: ../semanage/seobject.py:185
+#, fuzzy, python-format
+msgid "%s already defined in translations"
+msgstr "%s είναι ήδη στη λίστα"
+
+#: ../semanage/seobject.py:197
+#, fuzzy, python-format
+msgid "%s not defined in translations"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί στο postamble\n"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+#, fuzzy
+msgid "Cannot read policy store."
+msgstr "Αδυναμία δημιουργίας συσκευής αναπαραγωγής"
+
+#: ../semanage/seobject.py:228
+#, fuzzy
+msgid "Could not establish semanage connection"
+msgstr "Αδυναμία δημιουργίας σύνδεσης σε “%s” ."
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, fuzzy, python-format
+msgid "Could not create a key for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, fuzzy, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Δεν ήταν δυνατό να ελεγχθεί το αρχείο μηνυμάτων %s: %s"
+
+#: ../semanage/seobject.py:253
+#, fuzzy, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Constant \"%s\" έχει ήδη καθορισθεί"
+
+#: ../semanage/seobject.py:257
+#, fuzzy, python-format
+msgid "Linux User %s does not exist"
+msgstr "Ο φάκελος `%s' δεν υπάρχει."
+
+#: ../semanage/seobject.py:261
+#, fuzzy, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, fuzzy, python-format
+msgid "Could not set name for %s"
+msgstr "Δεν ήταν δυνατή η μετονομασία του φακέλου : %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, fuzzy, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Αδυναμία αποθήκευσης φακέλου : %s"
+
+#: ../semanage/seobject.py:274
+#, fuzzy, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+#, fuzzy
+msgid "Could not start semanage transaction"
+msgstr "Αδυναμία έναρξης αλληλουχίας κατάστασης: %s"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, fuzzy, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Δεν ήταν δυνατή η φόρτωση της περίληψης για %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, fuzzy, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:315
+#, fuzzy, python-format
+msgid "Could not query seuser for %s"
+msgstr "Δεν ήταν δυνατή η φόρτωση της περίληψης για %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, fuzzy, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Δεν είναι δυνατή η ανάγνωση πληροφοριών συμβολικού δεσμού για %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, fuzzy, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:391
+#, fuzzy
+msgid "Could not list login mappings"
+msgstr "Αποτυχία δημιουργίας δεσμού στο pipeline"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, fuzzy, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Δεν ήταν δυνατό να ελεγχθεί το αρχείο μηνυμάτων %s: %s"
+
+#: ../semanage/seobject.py:439
+#, fuzzy, python-format
+msgid "SELinux user %s is already defined"
+msgstr "Constant \"%s\" έχει ήδη καθορισθεί"
+
+#: ../semanage/seobject.py:443
+#, fuzzy, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:452
+#, fuzzy, python-format
+msgid "Could not add role %s for %s"
+msgstr "Αδυναμία προσθήκης αγαπημένου: %s"
+
+#
+#: ../semanage/seobject.py:461
+#, fuzzy, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Αποτυχία ρύθμισης των διαπιστευτηρίων για %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, fuzzy, python-format
+msgid "Invalid prefix %s"
+msgstr "Μη έγκυρη τιμή VGA"
+
+#: ../semanage/seobject.py:466
+#, fuzzy, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Αδυναμία προσθήκης αγαπημένου: %s"
+
+#: ../semanage/seobject.py:469
+#, fuzzy, python-format
+msgid "Could not extract key for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, fuzzy, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Αδυναμία προσθήκης αγαπημένου: %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+#, fuzzy
+msgid "Requires prefix or roles"
+msgstr "_Απαιτούμενα άτομα"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, fuzzy, python-format
+msgid "SELinux user %s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:514
+#, fuzzy, python-format
+msgid "Could not query user for %s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, fuzzy, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Αδυναμία φόρτωσης εικονιδίου \"%s\": %s\n"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, fuzzy, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Αδυναμία ενεργοποίησης της διεπαφής %s"
+
+#: ../semanage/seobject.py:598
+#, fuzzy
+msgid "Could not list SELinux users"
+msgstr "Αδυναμία εκκίνησης Sound Juicer"
+
+#: ../semanage/seobject.py:604
+#, fuzzy, python-format
+msgid "Could not list roles for user %s"
+msgstr "Αδυναμία αποθήκευσης φακέλου : %s"
+
+#: ../semanage/seobject.py:638
+#, fuzzy
+msgid "Protocol udp or tcp is required"
+msgstr "Δεν υποστηρίζεται το πρωτόκολλο"
+
+#: ../semanage/seobject.py:640
+#, fuzzy
+msgid "Port is required"
+msgstr "Απαιτείται κωδικός."
+
+#: ../semanage/seobject.py:651
+#, fuzzy, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:662
+#, fuzzy
+msgid "Type is required"
+msgstr "Απαιτείται πληρωμή"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, fuzzy, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Δεν ήταν δυνατό να ελεγχθεί το αρχείο μηνυμάτων %s: %s"
+
+#: ../semanage/seobject.py:670
+#, fuzzy, python-format
+msgid "Port %s/%s already defined"
+msgstr "Constant \"%s\" έχει ήδη καθορισθεί"
+
+#: ../semanage/seobject.py:674
+#, fuzzy, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Αδυναμία δημιουργίας journal για %s"
+
+#: ../semanage/seobject.py:680
+#, fuzzy, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:684
+#, fuzzy, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Δεν ήταν δυνατό το κλείσιμο του φακέλου πηγής %s: %s"
+
+#: ../semanage/seobject.py:688
+#, fuzzy, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Δεν είναι δυνατή η ανάγνωση πληροφοριών συμβολικού δεσμού για %s"
+
+#: ../semanage/seobject.py:692
+#, fuzzy, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Αδυναμία συγχρονισμού φακέλου spool %s: %s"
+
+#: ../semanage/seobject.py:697
+#, fuzzy, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Δεν ήταν δυνατή η δημιουργία αρχείου κλειδώματος για %s: %s"
+
+#: ../semanage/seobject.py:701
+#, fuzzy, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Δεν ήταν δυνατό το κλείσιμο του φακέλου πηγής %s: %s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, fuzzy, python-format
+msgid "Could not add port %s/%s"
+msgstr "Αδυναμία προσθήκης αγαπημένου: %s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+#, fuzzy
+msgid "Requires setype"
+msgstr "_Απαιτούμενα άτομα"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, fuzzy, python-format
+msgid "Port %s/%s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:736
+#, fuzzy, python-format
+msgid "Could not query port %s/%s"
+msgstr "Δεν ήταν δυνατή η φόρτωση της περίληψης για %s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, fuzzy, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Δεν ήταν δυνατή η δικράνωση: %s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, fuzzy, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Δεν ήταν δυνατή η διαγραφή του φακέλου `%s': %s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+#, fuzzy
+msgid "Could not list ports"
+msgstr "Αδυναμία αποθήκευσης φακέλου : %s"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+#, fuzzy
+msgid "SELinux Type is required"
+msgstr "Χρειάζεται ένας διοργανωτής."
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, fuzzy, python-format
+msgid "Could not create key for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, fuzzy, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Αδυναμία σύνδεσης στο περιβάλλον χρήσης '%s'"
+
+#: ../semanage/seobject.py:865
+#, fuzzy, python-format
+msgid "Interface %s already defined"
+msgstr "Constant \"%s\" έχει ήδη καθορισθεί"
+
+#: ../semanage/seobject.py:869
+#, fuzzy, python-format
+msgid "Could not create interface for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, fuzzy, python-format
+msgid "Could not create context for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:878
+#, fuzzy, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Αδυναμία ανάλυσης ονόματος διεπαφής από '%s'"
+
+#: ../semanage/seobject.py:882
+#, fuzzy, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Αδυναμία ανάλυσης ονόματος διεπαφής από '%s'"
+
+#: ../semanage/seobject.py:886
+#, fuzzy, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Αδυναμία ανάλυσης ονόματος διεπαφής από '%s'"
+
+#: ../semanage/seobject.py:891
+#, fuzzy, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Αδυναμία ανάλυσης ονόματος διεπαφής από '%s'"
+
+#: ../semanage/seobject.py:895
+#, fuzzy, python-format
+msgid "Could not set interface context for %s"
+msgstr "Αδυναμία ανάλυσης ονόματος διεπαφής από '%s'"
+
+#: ../semanage/seobject.py:899
+#, fuzzy, python-format
+msgid "Could not set message context for %s"
+msgstr "Δεν είναι δυνατή η αποστολή του μηνύματος : %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, fuzzy, python-format
+msgid "Could not add interface %s"
+msgstr "Αδυναμία ενεργοποίησης της διεπαφής %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, fuzzy, python-format
+msgid "Interface %s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:933
+#, fuzzy, python-format
+msgid "Could not query interface %s"
+msgstr "Αδυναμία ενεργοποίησης της διεπαφής %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, fuzzy, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+"#-#-#-#-# gnome-control-center.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Αδυναμία φόρτωσης της κύριας επιφάνειας χρήστη\n"
+"#-#-#-#-# gnome-screensaver.gnome-2-14.el.po (el) #-#-#-#-#\n"
+"Αδυναμία φόρτωση της κύριας επιφάνειας χρήσης\n"
+"#-#-#-#-# gnome-volume-manager.HEAD.el.po (el) #-#-#-#-#\n"
+"Αδυναμία φόρτωσης κύριας διεπαφής"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, fuzzy, python-format
+msgid "Could not delete interface %s"
+msgstr "Αδυναμία ενεργοποίησης της διεπαφής %s"
+
+#: ../semanage/seobject.py:992
+#, fuzzy
+msgid "Could not list interfaces"
+msgstr "Αδυναμία ενεργοποίησης της διεπαφής %s"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, fuzzy, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Δεν ήταν δυνατό να ελεγχθεί το αρχείο μηνυμάτων %s: %s"
+
+#: ../semanage/seobject.py:1037
+#, fuzzy, python-format
+msgid "File context for %s already defined"
+msgstr "Constant \"%s\" έχει ήδη καθορισθεί"
+
+#: ../semanage/seobject.py:1041
+#, fuzzy, python-format
+msgid "Could not create file context for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:1050
+#, fuzzy, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Αδυναμία αναγνώρισης τύπου αρχείου %s"
+
+#: ../semanage/seobject.py:1054
+#, fuzzy, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Αδυναμία αναγνώρισης τύπου αρχείου %s"
+
+#: ../semanage/seobject.py:1058
+#, fuzzy, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Αδυναμία αποθήκευσης του αρχείου %s."
+
+#: ../semanage/seobject.py:1063
+#, fuzzy, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Δεν είναι δυνατή η ανάγνωση πληροφοριών συμβολικού δεσμού για %s"
+
+#: ../semanage/seobject.py:1069
+#, fuzzy, python-format
+msgid "Could not set file context for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, fuzzy, python-format
+msgid "Could not add file context for %s"
+msgstr "Αδυναμία φόρτωσης εικονιδίου για %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, fuzzy, python-format
+msgid "File context for %s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:1103
+#, fuzzy, python-format
+msgid "Could not query file context for %s"
+msgstr "Αδυναμία δημιουργίας cache για %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, fuzzy, python-format
+msgid "Could not modify file context for %s"
+msgstr "Αδυναμία φόρτωσης εικονιδίου για %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, fuzzy, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+"Δεν ήταν δυνατή η διαγραφή του αρχείου περιεχομένων του φακέλου `%s': %s"
+
+#: ../semanage/seobject.py:1164
+#, fuzzy
+msgid "Could not list file contexts"
+msgstr "Αδυναμία προβολής περιεχομένου."
+
+#: ../semanage/seobject.py:1168
+#, fuzzy
+msgid "Could not list local file contexts"
+msgstr "Αδυναμία προβολής περιεχομένου."
+
+#: ../semanage/seobject.py:1203
+#, fuzzy
+msgid "Requires value"
+msgstr "Απόκρυψη τιμής"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, fuzzy, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Δεν ήταν δυνατό να ελεγχθεί το αρχείο μηνυμάτων %s: %s"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, fuzzy, python-format
+msgid "Boolean %s is not defined"
+msgstr "η γραμματοσειρά %d δεν έχει ορισθεί\n"
+
+#: ../semanage/seobject.py:1217
+#, fuzzy, python-format
+msgid "Could not query file context %s"
+msgstr "Δεν είναι δυνατό το άνοιγμα του αρχείου: %s: %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, fuzzy, python-format
+msgid "Could not modify boolean %s"
+msgstr "Αδυναμία ανοίγματος \"%s\""
+
+#: ../semanage/seobject.py:1253
+#, fuzzy, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Οι φάκελοι spool δε μπορούν να διαγραφούν"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, fuzzy, python-format
+msgid "Could not delete boolean %s"
+msgstr "Δεν ήταν δυνατή η διαγραφή του φακέλου `%s': %s"
+
+#: ../semanage/seobject.py:1273
+#, fuzzy
+msgid "Could not list booleans"
+msgstr "Αδυναμία αποθήκευσης φακέλου : %s"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+#, fuzzy
+msgid "Compiling policy"
+msgstr "Γίνεται αντιγραφή δίσκου"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, fuzzy, c-format
+msgid "Options Error: %s "
+msgstr "Σφάλμα πιστοποίησης: %s"
diff --git a/policycoreutils/po/en_GB.po b/policycoreutils/po/en_GB.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/en_GB.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/es.po b/policycoreutils/po/es.po
new file mode 100644
index 0000000..8afd900
--- /dev/null
+++ b/policycoreutils/po/es.po
@@ -0,0 +1,1043 @@
+# Domingo E. Becker <beckerde@hotmail.com>, 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 18:57-0300\n"
+"Last-Translator: Domingo E. Becker <beckerde@hotmail.com>\n"
+"Language-Team: <es@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "uso: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: no se puede cargar la política: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "fallo al fijar PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Contraseña:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "No se puede encontrar su registro en el archivo shadow passwd.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass no puede abrir /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "no se puede encontrar un registro válido en el archivo passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Falta memoria!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Error! El shell no es válido.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "No se pudo limpiar el entorno\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Error al hacer init en las capacidades, abortando.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Error al configurar las capacidades, abortando.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Error al configurar KEEPCAPS, abortando\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Error al desechar las capacidades, abortando\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Error al cambiar uid, abortando.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Error al resetear KEEPCAPS, abortando\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Error al desechar la capacidad SETUID, abortando\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Error al liberar caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Error al conectar al sistema de auditoría.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Error al asignar memoria.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Error al enviar un mensaje de auditoría.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "No se pudo determinar el modo de obediencia.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Error! No se pudo abrir %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! No se pudo obtener el contexto actual para %s, no se reetiqueta el "
+"tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! No se pudo obtener un contexto nuevo para %s, no se reetiqueta el tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! No se pudo fijar el nuevo contexto para %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s etiquetas cambiadas.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Precaución! No se pudo restablecer el contexto para %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Error: se especificaron roles múltiples\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Error: se especificaron tipos múltiples\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Lo siento, -l se puede usar cuando hay soporte para SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Error: se especificaron múltiples niveles\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "No se pudo obtener el tipo por defecto.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "fallo al obtener el contexto nuevo.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "fallo al fijar nuevo rol %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "fallo al fijar el tipo nuevo %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "fallo al construir el rango nuevo con el nivel %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "fallo al fijar el rango n uevo %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "fallo al convertir el contexto nuevo a cadena\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s no es un contexto válido\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "No se pudo asignar memoria para el new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Imposible obtener señal de vacío\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Imposible poner el manejador SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Lo siento, newrole sólo se puede usar en un kernel SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "fallo al obtener old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Error! No se pudo obtener la información de tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autenticando %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "fallo al inicializar PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: contraseña incorrecta para %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: error al crear proceso: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Imposible restaurar la etiqueta tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Fallo al cerrar tty adecuadamente\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "No se pudo cerrar los descriptores.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Error al asignar argv0 del shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "No se pudo fijar el contexto de ejecución a %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Imposible restaurar el entorno, abortando\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "fallo al ejecutar shell\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"USO: run_init <script> <args ...>\n"
+" donde: <script> es el nombre del script de inicio a ejecutar,\n"
+" <args ...> son los argumentos al script."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "fallo al obtener la información de la cuenta.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: contraseña incorrecta para %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "No se pudo abrir el archivo %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "No hay contexto en el archivo %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Lo siento, run_init sólo se puede usar en un kernel SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "falló la autenticación.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Se requiere al menos una categoría"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "No se puede modificar los niveles de sensibilidad usando '+' en %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s ya está en %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s no está en %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "No se puede combinar +/- con otros tipos de categorías"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "No se puede tener múltiples sensibilidades"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Use %s CATEGORY Archivo ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Use %s -l CATEGORY usuario ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Use %s [[+|-]CATEGORY],...]q Archivo ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Use %s -l [[+|-]CATEGORY],...]q usuario ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Use %s -d Archivo ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Use %s -l -d usuario ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Use %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Use %s -L -l usuario"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Use -- to finalizar la lista de ociones. Por ejemplo"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -ConfidencialEmpresa /docs/plandenegocios.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +ConfidencialEmpresa juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Se requieren 2 o más argumentos"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s no está definido"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s no es válido para los objetos %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "el rango no es soportado en máquinas no MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Debe especificar un rol"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Debe especificar un prefijo"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Error en Opciones %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Valor inválido %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "traducciones no soportadas en máquinas no MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "No se pudo abrir %s: traducciones no soportadas en máquinas no MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Las traducciones no pueden tener espacios '%s'"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Nivel inválido '%s'"
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s ya definido en traducciones"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s no definido en traducciones"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"La política SELinux es no manejada o no se puede acceder al almacenamiento."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "No se puede leer el almacenamiento de políticas."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "No se pudo establecer una conexión semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "No se pudo crear una clave para %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "No se pudo chequear si está definido el mapeo de login para %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "El mapeo de login para %s ya fue definido"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "El Usuario de Linux %s no existe"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "No se pudo crear mapeo de login para %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "No se pudo fijar el nombre para %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "No se pudo fijar el rango MLS para %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "No se pudo fijar el usuario SELinux para %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "No se puede iniciar transacción·semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "No se pudo agregar el mapeo de ingreso para %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Se requiere seuser o serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "El mapeo de ingreso para %s no está definido"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "No se pudo consultar seuser para %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "No se pudo modificar el mapeo de ingreso para %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"El mapeo de ingreso para %s se definió en la política, no se puede eliminar"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "No se pudo eliminar el mapeo de ingreso para %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "No se pudo listar los mapeos de ingreso"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "No se pudo chequear si el usuario SELinux %s está definido"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "El usuario SELinux %s ya está definido"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "N o se pudo crear el usuario SELinux para %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "No se pudo agregar el rol %s para %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "No se pudo fijar el nivel MLS para %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Prefijo inválido %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "No se pudo agregar el prefijo %s para %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "No se pudo extraer la clave para %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "no se pudo agregar el usuario SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Se requiere prefijo, roles, nivel o rango"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Se requiere prefijo o roles"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "El usuario SELinux %s no es definido"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "No se pudo consultar usuario para %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "No se pudo modificar el usuario SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "El usuario SELinux %s está definido en política, no puede ser borrado"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "No se pudo borrar el usuario SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "No se pudieron listar los usuarios SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "No se pudieron listar los roles para el usuario %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Se requiere protocolo udp o tcp"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Se requiere un puerto"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "No se pudo crear una clave para %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Se requiere tipo"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "No se pudo chequear si el puerto %s/%s está definido"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "El puerto %s/%s ya está definido"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "No se pudo crear el puerto para %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "No se pudo crear el contexto para %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "No se pudo poner al usuario en el contexto de puerto para %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "No se pudo poner el rol en el contexto de puerto para %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "No se pudo poner el tipo en el contexto de puerto para %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr " No se pudo fijar los campos mls en el contexto de puerto para %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "No se pudo poner el contexto de puerto para %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "No se pudo agregar puerto %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Se requiere setype o serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Se requiere setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "El puerto %s/%s no está definido"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "No se pudo consultar el puerto %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "No se pudo modificar el puerto %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "El puerto %s/%s está definido en la política, no se puede borrar"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "No se puede borrar el puerto %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "No se pueden listar los puertos"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Se requiere el tipo SELinux "
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "No se pudo crear clave para %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "No se pudo chequear si la interfase %s está definida"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "La interfase %s ya está definida"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "No se pudo crear la interfase para %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "No se pudo crear el contexto para %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "No se pudo poner el usuario en el contexto de interfase para %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "No se pudo fijar el rol en el contexto de interfase para %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "No se pudo poner el tipo en el contexto de interfase para %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+"No se pudieron poner los campos mls en el contexto de interfase para %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "No se pudo poner el contexto de interfase para %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "No se pudo poner el contexto de mensaje para %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "No se pudo agregar la interfase %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "La interfase %s no está definida"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "No se pudo consultar la interfase %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "No se pudo modificar la interfase %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "La interfase %s está definida en la política, no se puede borrar"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "No se pudo borrar la interfase %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "No se pudieron listar las interfases"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "No se pudo chequear si el contexto de archivo para %s está definido"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "El contexto de archivo para %s ya está definido"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "No se pudo crear el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "No se pudo poner al usuario en el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "No se pudo poner el rol en el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "No se pudo poner el tipo en el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "No se pudieron poner los campos mls en el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "No se pudo poner el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "No se pudo agregar el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Se requiere setype, serange o seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "El contexto de archivo para %s no está definido"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "No se pudo consultar el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "No se pudo modificar el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"El contexto de archivo para %s está definido en la política, no se puede "
+"borrar"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "No se pudo borrar el contexto de archivo para %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "No se pudieron listar los contextos de archivo"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "No se pudieron listar los contextos de archivo"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Se requiere un valor"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "No se pudo chequear si el booleano %s está definido"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "El booleano %s no está definido"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "No se udo consultar el contexto de archivo %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "No se pudo modificar el booleano %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "El booleano %s está definido en la política, no se puede borrar"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "No se puede borrar el booleano %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "No se pueden listar los booleanos"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Generando archivo de obediencia de tipo: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Compilando·política"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANTE **********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Para cargar esta nuevo paquete de políticas en el kernel,\n"
+"debe ejecutar·\n"
+"\n"
+"semodule·-i·%s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Error Opciones:·%s·"
diff --git a/policycoreutils/po/et.po b/policycoreutils/po/et.po
new file mode 100644
index 0000000..e215519
--- /dev/null
+++ b/policycoreutils/po/et.po
@@ -0,0 +1,1010 @@
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/eu_ES.po b/policycoreutils/po/eu_ES.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/eu_ES.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/fa.po b/policycoreutils/po/fa.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/fa.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/fi.po b/policycoreutils/po/fi.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/fi.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/fr.po b/policycoreutils/po/fr.po
new file mode 100644
index 0000000..24b62d6
--- /dev/null
+++ b/policycoreutils/po/fr.po
@@ -0,0 +1,1066 @@
+# translation of fr.po to Français
+# translation of Policy Core Utils.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+#
+#
+# <>, 2006.
+# Thomas Canniot <thomas.canniot@laposte.net>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: fr\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-23 08:08+0100\n"
+"Last-Translator: Thomas Canniot <thomas.canniot@laposte.net>\n"
+"Language-Team: Français <fedora-trans-fr-request@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: \n"
+"X-Generator: KBabel 1.11.4\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "syntaxe: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Ne peut charger la stratégie: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "impossible de définir PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Mot de passe:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Impossible de trouver votre entrée dans le fichier shadow.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass ne peut accéder à /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "impossible de trouver entrée valide dans le fichier passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Plus de mémoire disponible!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Erreur ! Shell non valide.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Impossible de nettoyer l'environnement\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Erreur lors de l'initialisation des capacités, abandon\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Erreur lors de la configuration des capacités, abandon\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Erreur de la configuration de KEEPCAPS, abandon\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Erreur lors de la libération des capacité, abandon\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Erreur lors du changement le l'uid, abandon.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Erreur de ré-initialisation de KEEPCAPS, abandon\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Erreur lors de la libération du SETUID, abandon\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Erreur lors de la libération de caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Erreur de connexion au système d'audit.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Erreur d'allocation de mémoire.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Erreur lors de l'envoi du message d'audit.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Ne peut définir le mode autoritaire.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Erreur! ne peut ouvrir %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Ne peut récupérer le contexte actuel pour %s, le tty ne sera pas "
+"renommé.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Ne peut récupérer le nouveau contexte pour %s, le tty ne sera pas "
+"renommé.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Impossible de paramétrer le nouveau contexte pour %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s à changé les labels.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Attention! Échec impossible de restaurer le contexte pour %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Erreur: des rôles multiples ont été spécifié\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Erreur: des types multiples ont été spécifié\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+"Désolé, l'option -l doit être utilisé avec le support SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Erreur: niveaux multiples spécifiés\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Ne peut trouver le type par défaut.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "impossible d'obtenir le nouveau contexte.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "échec de l'affectation du nouveau rôle %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "échec de l'affectation du nouveau type %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "échec de construction de la nouvelle plage avec le niveau %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "échec de la création de la plage %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "échec de conversion du contexte en chaine\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s n'est pas un contexte valide\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Impossible d'allouer de l'espace mémoire pour new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Impossible d'obtenir un signal vide\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Impossible de configurer le gestionnaire SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Désolé, newrole ne peut être utilisé que sur un noyau SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "impossible trouver old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Erreur! Impossible de récupérer les information lié au tty\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Authentifie %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "échec de l'initialisation de PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: mot de passe incorrect pour %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: Échec de séparation: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Impossible de restaurer l'étiquetage tty ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Impossible de fermer tty correctement\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Impossible de fermer les descripteurs.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Erreur d'allocation pour argv0 su shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Impossible de régler le contexte d'exécution vers %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Impossible de restaurer l'environnement, abandon\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "Échec de l'exécution du shell\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"SYNTAXE: run_init <script> <arg ...>\n"
+" où: <script> est le nom du script d'initialisation à exécuter,\n"
+" <args ...> sont les arguments à passer au script."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "impossible d'obtenir des informations sur le compte.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: mot de passe incorrect pour %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Ne peut ouvrir le fichier %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Pas de contexte dans le fichier %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+"Désolé, run_init doit être utilisé uniquement sur un noyau SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "échec lors de l'authentification.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Requiert au moins une catégorie"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+"Impossible de modifier le niveau de sensibilité en utilisant '+' sur %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s se trouve déjà dans %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s ne se trouve pas dans %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Impossible de combiner +/- avec différents type de catégories"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Impossible de définir plusieurs sensibilités"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Syntaxe %s CATEGORY Fichier"
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Syntaxe: %s -l CATEGORY utilisateur"
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Syntaxe: %s [[+|-]CATEGORY],...]q Fichier ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Syntaxe: %s -l [[+|-]CATEGORY],...]q Utilisateur ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Syntaxe: %s -d Fichier..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Syntaxe: %s -l -d utilisateur ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Syntaxe: %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Syntaxe: %s -L -l utilisateur"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Utilisez -- pour marquer la fin des options. Par exemple"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Deux arguments ou plus sont nécessaires"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s non défini"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s non valide pour les objets %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "plage non supportée sur une machine non MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Vous devez spécifier un rôle"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Vous devez spécifier un préfixe"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "%s erreur dans les options"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Valeur invalide %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "traduction non supporté sur une machine non MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Impossible d'ouvrir %s: traduction non supportée sur une machine non MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Les traductions ne peuvent contenir d'espaces '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Niveau Invalide '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s est déjà défini dans les traductions"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s n'est pas défini dans les traductions"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"La stratégies SELinux n'est pas gérée ou la base n'est pas accessible."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Ne peut lire la base de donnée des stratégie"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Impossible d'établir de connexion semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Impossible de créer de clef pour %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Ne peut vérifier si le mappage de connexion est défini pour %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mappage pour %s est déjà défini"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Utilisateur Linux %s n'existe pas"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Ne peut mapper le nom d'utilisateur pour %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Impossible de définir le nom pour %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Impossible de définir une plage MLS pour %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Impossible de définir un utilisateur SELinux pour %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Impossible de démarrer une transaction semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Impossible d'ajouter un mappage pour %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser ou un serange obligatoire"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Le mappage de connexion pour %s n'est pas défini "
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Impossible de trouver un seuser pour %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Impossible de modifier le mappage pour %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Le mappage pour %s est défini dans une stratégie, il ne peut être "
+"supprimé"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Impossible de supprimer le mappage pour %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Impossible de lister les mappages"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Impossible de vérifier si l'utilisateur SELinux %s est défini"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "L'utilisateur SELinux %s est déjà défini"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Impossible de créer un utilisateur SELinux pour %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Impossible d'ajouter un rôle %s pour %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Impossible de régler le niveau MLS pour %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Préfixe invalide %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Impossible d'ajouter le préfixe %s à %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Impossible d'extraire la clef pour %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Impossible d'ajouter l'utilisateur SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Exige un préfixe, un rôle, un niveau ou une plage"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Exige un préfixe ou un rôle"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "L'utilisateur SELinux %s n'existe pas"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Impossible de vérifier l'utilisateur pour %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Impossible de modifier l'utilisateur SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"L'utilisateur SELinux %s est défini dans une stratégie, il ne peut être "
+"supprimé"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Ne peut supprimer l'utilisateur SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Impossible de lister les utilisateurs SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Impossible de lister les rôles de l'utilisateur %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protocole udp ou tcp obligatoire"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Un numéro de port nécessaire"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Impossible de créer une clef pour %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Indiquez un type"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Impossible de vérifier si le port %s/%s est défini"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Le port %s/%s déjà défini"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Impossible de créer le port pour %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Impossible de créer le contexte pour %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+"Impossible de définir l'utilisateur dans le contexte du port pour %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "impossible de définir le rôle dans le contexte de port pour %s/%s "
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Impossible de définir le type dans le contexte de port pour %s/%s "
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+"Impossible de définir les champs mls dans le contexte de port pour %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Impossible de définir le contexte de port pour %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Impossible d'ajouter le port %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype ou serange obligatoire"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype obligatoire"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Le port %s/%s n'est pas défini"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Impossible d'énumérer le port %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Impossible de modifier le port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+"Le port %s/%s est défini dans les stratégies, il ne peut être supprimé"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Impossible de supprimer le port %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Impossible d'énumérer les port"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Type SELinux nécessaire"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Impossible de créer la clef pour %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Impossible de vérifier si l'interface %s existe"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "L'interface %s existe déjà"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Impossible de créer l'interface pour %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Impossible de créer le contexte pour %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+"Impossible de définir l'utilisateur dans le contexte d'interface pour %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Impossible de définir le rôle dans le contexte d'interface pour %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Impossible de définir le type dans le contexte d'interface pour %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+"Impossible de définir les champs mls dans le contexte d'interface pour %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Impossible de définir le contexte d'interface pour %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Impossible de définir le contexte du message pour %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Impossible d'ajouter l'interface %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "L'interface %s n'existe pas"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Impossible d'interroger l'interface %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Impossible de modifier l'interface %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+"L'interface %s est définie dans les stratégies, elle ne peut être "
+"supprimée "
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Impossible de supprimer l'interface %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Impossible d'énumérer les interfaces"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Impossible de vérifier si le contexte du fichier pour %s est défini"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Le contexte de fichier pour %s est déjà défini"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Impossible de créer le contexte de fichier pour %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+"Impossible de définir l'utilisateur dans le contexte de fichier pour %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Impossible de définir le rôle dans le contexte de fichier pour %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Impossible de définir le type dans le contexte du fichier pour %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+"Impossible de définir les champs mls dans le contexte du fichier pour %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Impossible de définir le fichier %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Impossible d'ajouter le contexte du fichier pour %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange ou seuser nécessaire"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Le contexte de fichier pour %s n'est pas défini"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Impossible d'interroger le contexte du fichier pour %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Impossible de modifier le contexte de fichier pour %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Le contexte de fichier pour %s est défini dans les stratégie, il ne peut "
+"être supprimé"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Impossible de supprimer le contexte du fichier pour %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Impossible de lister les contextes de fichiers"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Impossible de lister les contextes de fichiers locaux"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Valeur requise"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Impossible de vérifier si le booléen %s est défini"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Le booléen %s n'est pas défini"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Impossible d'interroger le contexte du fichier %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "impossible de modifier les booléens %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+"Le booléen %s est défini dans les stratégies, il en peut être supprimé"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Impossible de supprimer le booléen %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Impossible d'énumérer les booléens"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Génération du fichier d'exécution %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Compilation des stratégies"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Pour pouvoir charger cette stratégie dans le noyau,\n"
+"vous devez premièrement exécuter \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Options invalides: %s "
diff --git a/policycoreutils/po/gl.po b/policycoreutils/po/gl.po
new file mode 100644
index 0000000..e215519
--- /dev/null
+++ b/policycoreutils/po/gl.po
@@ -0,0 +1,1010 @@
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/gu.po b/policycoreutils/po/gu.po
new file mode 100644
index 0000000..006b28c
--- /dev/null
+++ b/policycoreutils/po/gu.po
@@ -0,0 +1,1042 @@
+# translation of gu.po to Gujarati
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Ankit Patel <ankit@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gu\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 10:46+0530\n"
+"Last-Translator: Ankit Patel <ankit@redhat.com>\n"
+"Language-Team: Gujarati <fedora-trans-gu@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+"\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "વપરાશ: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: પોલિસી લાવી શકતા નથી: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY સુયોજિત કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "પાસવર્ડ:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "shadow passwd ફાઈલમાં તમારો પ્રવેશ શોધી શકતા નથી.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass એ /dev/tty ખોલી શકતું નથી\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd ફાઈલમાં માન્ય પ્રવેશ શોધી શકતા નથી.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "મેમરીની બહાર!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "ભૂલ! શેલ માન્ય નથી.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "પર્યાવરણ સાફ કરવામાં અસમર્થ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "ક્ષમતાઓનો આરંભ કરવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "ક્ષમતાઓ સુયોજિત કરવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS સુયોજિત કરવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "ક્ષમતાઓ મૂકી દેવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid બદલવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS પુનઃસુયોજિત કરવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID ક્ષમતાઓ છોડી મૂકવામાં ભૂલ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "કેપ્સ મુક્ત કરવામાં ભૂલ\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "audit સિસ્ટમ સાથે જોડાવામાં ભૂલ.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "મેમરી ફાળવવામાં ભૂલ.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "audit સંદેશો મોકલવામાં ભૂલ.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "enforcing સ્થિતિ નક્કી કરી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "ભૂલ! %s ખોલી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %s માટે વર્તમાન સંદર્ભ મેળવી શક્યા નહિં, નહિં કે tty નું પુનઃલેબલીકરણ.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %s માટે નવો સંદર્ભ મેળવી શક્યા નહિં, નહિં કે tty નું પુનઃલેબલીકરણ.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s માટે નવો સંદર્ભ સુયોજિત કરી શક્યા નહિં\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s એ લેબલો બદલી નાંખ્યા.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "ચેતવણી! %s માટેનો સંદર્ભ પુનઃસંગ્રહી શક્યા નહિં\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "ભૂલ: ઘણી ભૂમિકાઓ સ્પષ્ટ થયેલ છે\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "ભૂલ: ઘણા પ્રકારો સ્પષ્ટ સ્પષ્ટ થયેલ છે\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "માફ કરજો, -l એ કદાચ SELinux MLS આધાર સાથે વાપરવામાં આવશે.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "ભૂલ: ઘણા સ્તરો સ્પષ્ટ થયેલ છે\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "મૂળભૂત પ્રકાર મેળવી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "નવો સંદર્ભ મેળવવામાં નિષ્ફળ.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "નવી ભૂમિકા %s સુયોજિત કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "નવો પ્રકાર %s સુયોજિત કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "સ્તર %s સાથેની નવી મર્યાદા બાંધવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "નવો વિસ્તાર %s સુયોજિત કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "શબ્દમાળાના નવા સંદર્ભમાં રૂપાંતરણ કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s એ માન્ય સંદર્ભ નથી\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "new_context માટેનો સંદર્ભ ફાળવવામાં અસમર્થ"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "ખાલી સંકેત સમૂહ મેળવવામાં અસમર્થ\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP નિયંત્રક સુયોજિત કરવામાં અસમર્થ\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "માફ કરજો, નવી ભૂમિકા માત્ર SELinux કર્નલ પર જ વપરાશે.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context મેળવવામાં નિષ્ફળ.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "ભૂલ! tty જાણકારી પ્રાપ્ત કરી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s નું સત્તાધિકરણ કરી રહ્યા છીએ.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM નો આરંભ કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "નવીભૂમિકા: %s માટે અયોગ્ય પાસવર્ડ\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "નવી ભૂમિકા: forking માં નિષ્ફળતા: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty લેબલ પુનઃસંગ્રહવામાં અસમર્થ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty વ્યવસ્થિત રીતે બંધ કરવામાં નિષ્ફળ\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "વર્ણનકારો બંધ કરી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "શેલની argv0 ફાળવવામાં ભૂલ.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "%s નો exec સંદર્ભ સુયોજિત કરી શક્યા નહિં.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "પર્યાવરણ પુનઃસંગ્રહિત કરવામાં અસમર્થ, અડધેથી બંધ કરી રહ્યા છીએ\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "exec shell માં નિષ્ફળ\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"વપરાશ: run_init <script> <args ...>\n"
+" જ્યાં: <script> એ ચલાવવા માટેની init સ્ક્રિપ્ટનું નામ છે,\n"
+" <args ...> એ તે સ્ક્રિપ્ટની દલીલો છે."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "ખાતા જાણકારી મેળવવામાં નિષ્ફળ\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s માટે અયોગ્ય પાસવર્ડ\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "ફાઈલ %s ખોલી શક્યા નહિં\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "ફાઈલ %s માં કોઈ સંદર્ભ નથી\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "માફ કરજો, run_init એ માત્ર SELinux કર્નલ પર જ વાપરી શકાશે.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "સત્તાધિકરણ નિષ્ફળ.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "ઓછામાં ઓછો માત્ર એક જ વર્ગ જરૂરી છે"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "'+' ની મદદથી %s પર સંવેદનશીલતા સ્તરો સુધારી શકતા નથી"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s એ પહેલાથી જ %s માં છે"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s એ %s માં નથી"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/- ને અન્ય પ્રકારના વર્ગો સાથે જોડી શકતા નથી"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "ઘણી સંવેદનશીલતાઓ હોઈ શકતી નથી"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "વપરાશ %s CATEGORY File ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "વપરાશ %s -l CATEGORY user ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "વપરાશ %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "વપરાશ %s -l [[+|-]CATEGORY],...]q user ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "વપરાશ %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "વપરાશ %s -l -d user ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "વપરાશ %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "વપરાશ %s -L -l user"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "વિકલ્પ યાદીનો અંત કરવા માટે -- વાપરો. ઉદાહરણ તરીકે"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "૨ અથવા વધુ દલીલો જરૂરી છે"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s વ્યાખ્યાયિત નથી"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s એ %s ઓબ્જેક્ટો માટે માન્ય સંદર્ભ નથી\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "બિન MLS મશીનો પર વિસ્તાર આધારભૂત નથી"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "તમારે ભૂમિકા સ્પષ્ટ કરવી જ પડશે"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "તમારે પૂર્વગ સ્પષ્ટ કરવો જ પડશે"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "વિકલ્પો ભૂલ %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "અમાન્ય કિંમત %s "
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "બિન-MLS મશીનો પર ભાષાંતરો આધારભૂત નથી"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s ખોલવામાં અસમર્થ: બિન-MLS મશીનો પર ભાષાંતરો આધારભૂત નથી"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "ભાષાંતરો જગ્યાઓ સમાવી શકતા નથી '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "અમાન્ય સ્તર '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s એ પહેલાથી જ ભાષાંતરોમાં વ્યાખ્યાયિત થયેલ છે"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s એ ભાષાંતરોમાં વ્યાખ્યાયિત થયેલ નથી"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux પોલિસીની વ્યવસ્થા થયેલ નથી અથવા સંગ્રહ વાપરી શકાતો નથી."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "પોલિસી સંગ્રહ વાંચી શકતા નથી."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage જોડાણ અધિષ્ઠાપિત કરી શક્યું નહિં"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s માટે કી બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "ચકાસી શક્યા નહિં કે શું %s માટે પ્રવેશ જોડણી વ્યાખ્યાયિત થયેલ છે"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s માટેનું પ્રવેશ જોડાણ પહેલાથી જ વ્યાખ્યાયિત થયેલ છે"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux વપરાશકર્તા %s અસ્તિત્વમાં નથી"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s માટે પ્રવેશ જોડણી બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s માટે નામ સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%s માટે MLS મર્યાદા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%s માટે SELinux વપરાશકર્તા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage લેવડદેવડ શરૂ કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s માટે પ્રવેશ જોડણી ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser અથવા serange જરૂરી છે"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s માટેની પ્રવેશ જોડણી વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "%s માટે seuser પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s માટે પ્રવેશ જોડણી સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s માટે પ્રવેશ જોડણી એ પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકાતી નથી"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s માટે પ્રવેશ જોડણી કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "પ્રવેશ જોડણીઓની યાદી કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "શું SELinux વપરાશકર્તા %s એ વ્યાખ્યાયિત છે તે ચકાસી શક્યા નહિં"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux વપરાશકર્તા %s એ પહેલાથી જ વ્યાખ્યાયિત છે"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%s માટે SELinux વપરાશકર્તા બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "ભૂમિકા %s ને %s માટે ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%s માટે MLS સ્તર સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "અયોગ્ય પૂર્વગ %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "પૂર્વગ %s ને %s માટે ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s માટે કીનો અર્ક કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux વપરાશકર્તા %s ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "પૂર્વગ, ભૂમિકાઓ, સ્તર અથવા વિસ્તાર જરૂરી છે"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "પૂર્વગ અથવા ભૂમિકાઓ જરૂરી છે"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux વપરાશકર્તા %s એ વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "વપરાશકર્તાને %s માટે પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux વપરાશકર્તા %s સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux વપરાશકર્તા %s એ પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકાતા નથી"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux વપરાશકર્તા %s કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux વપરાશકર્તાઓની યાદી કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "વપરાશકર્તા %s માટે ભૂમિકાઓની યાદી આપી શક્યા નહિં"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "પ્રોટોકોલ udp અથવા tcp જરૂરી છે"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "પોર્ટ જરૂરી છે"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s માટે કી બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "પ્રકાર જરૂરી છે"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "શું પોર્ટ %s/%s વ્યાખ્યાયિત છે કે નહિં તે ચકાસી શક્યા નહિં"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "પોર્ટ %s/%s પહેલાથી જ વ્યાખ્યાયિત છે"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s માટે પોર્ટ બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s માટે સંદર્ભ બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s માટે પોર્ટ સંદર્ભમાં વપરાશકર્તા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s માટે પોર્ટ સંદર્ભમાં ભૂમિકા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s માટે પોર્ટ સંદર્ભમાં પ્રકાર સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s માટે પોર્ટ સંદર્ભમાં mls ક્ષેત્રો સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s માટે પોર્ટ સંદર્ભ સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "પોર્ટ %s/%s ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype અથવા serange જરૂરી છે"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype જરૂરી છે"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "પોર્ટ %s/%s એ વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "પોર્ટ %s/%s નો પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "પોર્ટ %s/%s સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "પોર્ટ %s/%s એ પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકાતો નથી"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "પોર્ટ %s/%s કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "પોર્ટોની યાદી કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux પ્રકાર જરૂરી છે"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s માટે કી બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "શું ઈન્ટરફેસ %s એ વ્યાખ્યાયિત થયેલ છે કે નહિં તે ચકાસી શક્યા નહિં"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "ઈન્ટરફેસ %s પહેલાથી જ વ્યાખ્યાયિત થયેલ છે"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s માટે ઈન્ટરફેસ બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s માટે સંદર્ભ બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s માટે ઈન્ટરફેસ સંદર્ભમાં વપરાશકર્તા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s માટે ઈન્ટરફેસ સંદર્ભમાં ભૂમિકા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s માટે ઈન્ટરફેસ સંદર્ભમાં પ્રકાર સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s માટે ઈન્ટરફેસ સંદર્ભમાં mls ક્ષેત્રો સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s માટે ઈન્ટરફેસ સંદર્ભ સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s માટે સંદેશા સંદર્ભ સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s ઈન્ટરફેસ ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "ઈન્ટરફેસ %s વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "ઈન્ટરફેસ %s ને પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "ઈન્ટરફેસ %s સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "ઈન્ટરફેસ %s પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકતા નથી"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "ઈન્ટરફેસ %s કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "ઈન્ટરફેસોની યાદી આપી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "શું %s માટેનો ફાઈલ સંદર્ભ વ્યાખ્યાયિત છે કે નહિં તે ચકાસી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s માટેનો ફાઈલ સંદર્ભ પહેલાથી જ વ્યાખ્યાયિત થયેલ છે"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ બનાવી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભમાં વપરાશકર્તા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભમાં ભૂમિકા સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભમાં પ્રકાર સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભમાં mls ક્ષેત્રો સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ સુયોજિત કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ ઉમેરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange અથવા seuser જરૂરી છે"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s માટેનો ફાઈલ સંદર્ભ વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s માટે ફાઈલ સંદર્ભ પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકતા નથી"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s માટે ફાઈલ સંદર્ભ કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "ફાઈલ સંદર્ભોની યાદી આપી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "સ્થાનીક ફાઈલ સંદર્ભોની યાદી કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "કિંમત જરૂરી છે"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "શું બુલિયન %s વ્યાખ્યાયિત છે તે ચકાસી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "બુલિયન %s એ વ્યાખ્યાયિત નથી"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "ફાઈલ સંદર્ભ %s નો પ્રશ્ન કરી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "બુલિયન %s સુધારી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "બુલિયન %s પોલિસીમાં વ્યાખ્યાયિત છે, કાઢી શકતા નથી"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "બુલિયન %s કાઢી શક્યા નહિં"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "બુલિયનોની યાદી આપી શક્યા નહિં"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "પ્રકાર enforcment ફાઈલ પેદા કરી રહ્યા છીએ: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "કમ્પાઈલીંગ પોલિસી"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** અગત્ય ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"કર્નલમાં આ નવા બનેલ પોલિસી પેકેજને લાવવા માટે,\n"
+"તમારે \n"
+"\n"
+"semodule -i %s.pp ચલાવવાની જરૂર છે\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "વિકલ્પો ભૂલ: %s "
diff --git a/policycoreutils/po/he.po b/policycoreutils/po/he.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/he.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/hi.po b/policycoreutils/po/hi.po
new file mode 100644
index 0000000..88c701a
--- /dev/null
+++ b/policycoreutils/po/hi.po
@@ -0,0 +1,1043 @@
+# translation of hi.po to Hindi
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Rajesh Ranjan <rranjan@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: hi\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-30 16:35+0530\n"
+"Last-Translator: Rajesh Ranjan <rranjan@redhat.com>\n"
+"Language-Team: Hindi <fedora-trans-hi@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n!=1);\n\n"
+"\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "प्रयोग: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: नीति नहीं लोड कर सकता है: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY सेट करने में विफल\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "शब्दकूट:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "आपकी प्रविष्टि को छाया शब्दकूट फाइल में प्रविष्ट नहीं कर सका.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass /dev/tty खोल नहीं सकता\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd फाइल में वैध प्रविष्टि नहीं पा सकता.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "स्मृति के बाहर!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "त्रुटि! शेल वैध नहीं है.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "वातावरण साफ करने में असमर्थ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "त्रुटि initing क्षमता, त्याग रहा है.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "त्रुटि सेटिंग क्षमता, रोक रहा है\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS सेट करने में त्रुटि, रोक रहा है\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "त्रुटि त्याग क्षमता, त्याग रहा है\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "त्रुटि uid बदल रहा है, त्याग रहा है.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "त्रुटि KEEPCAPS फिर सेट कर रहा है, त्याग रहा है\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "त्रुटि SETUID क्षमता छोड़ रहा है, त्याग रहा है\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps स्वतंत्र करने में त्रुटि\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "सिस्टम ऑडिट संबंधन में त्रुटि.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "स्मृति संभाजन में त्रुटि.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "ऑडिट संदेश भेजने में त्रुटि.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "पुनर्बलन मोड निश्चित नहीं कर सका.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "त्रुटि! %s खोल नहीं सकता.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %s के लिये मौजूदा संदर्भ नहीं पा सकता, tty फिर लेबल नहीं कर रहा है.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %s के लिये नया संदर्भ नहीं पा सका, tty फिर लेबल नहीं कर सकता.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s के लिये नया संदर्भ नहीं सेट कर सका\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s लेबल बदला.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "चेतावनी! %s के लिये संदर्भ जमा नहीं कर सका\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "त्रुटि: बहुल भूमिका निर्दिष्ट\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "त्रुटि: बहुल प्रकार निर्दिष्ट\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "क्षमा करें, -l को SELinux MLS समर्थन के साथ प्रयोग किया जा सकता है.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "त्रुटि: बहुल स्तर निर्दिष्ट\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "मूलभूत प्रकार नहीं पा सका.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "नये संदर्भ पाने में विफल.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "%s नयी भूमिका नहीं सेट कर सका\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "नया प्रकार %s सेट करने में विफल\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s स्तर के साथ नया परिसर बनाने में विफल\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "%s नया परिसर सेट करने में विफल\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "नया संदर्भ स्ट्रिंग में बदलने में विफल\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s एक वैध संदर्भ नहीं है\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "new_context के लिये स्मृति आबंटित करने में समर्थ"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "रिक्त संकेत सेट पाने में असमर्थ\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP नियंत्रण सेट करने में असमर्थ\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "क्षमा करें, newrole सिर्फ SELinux कर्नेल पर प्रयोग किया जा सकता है.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context को पाने में विफल.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "त्रुटि! tty सूचना नहीं पा सकता.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "सत्यापित कर रहा है %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM आरंभीकरण में विफल\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: %s के लिये गलत शब्दकूट\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: विभाजन में विफलता: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty स्तर फिर जमा करने में असमर्थ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty को विधिवत रूप से बंद करने में विफल\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "विवरणकर्ता बंद नहीं सका.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "शैल argv0 आबंटित करने में त्रुटि.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec संदर्भ %s में सेट नहीं कर सका.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "वातावरण फिर भंडारित करने में असमर्थ, रोक रहा है\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "शेल निष्पादन में विफल\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"प्रयोग: run_init <script> <args ...>\n"
+" जहां: <script> init स्क्रिप्ट का नाम है चलाने के लिये,\n"
+" <args ...> यह उस स्क्रिप्ट का तर्क है."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "खाता सूचना पाने में विफल\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s के लिये गलत शब्दकूट\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "%s फाइल खोल नहीं सका\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s फाइल में कोई संदर्भ नहीं\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "क्षमा करें, run_init को सिर्फ SELinux कर्नेल पर प्रयोग किया जा सकता है.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "सत्यापन विफल.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "कम से कम एक श्रेणी जरूरी"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "'+' %s पर प्रयोग करते हुये संवेदनशीलता स्तर नहीं बदल सकता है"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s पहले से %s में है"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s %s में नहीं है"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/- को अन्य श्रेणी प्रकार से जोड़ नहीं सकता"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "बहुल संवेदनशीलता नहीं रख सकता है"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "प्रयोग %s CATEGORY फाइल ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "प्रयोग %s -l CATEGORY उपयोक्ता ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "प्रयोग %s [[+|-]CATEGORY],...]q फाइल ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "प्रयोग %s -l [[+|-]CATEGORY],...]q उपयोक्ता ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "प्रयोग %s -d फाइल ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "प्रयोग %s -l -d उपयोक्ता ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "प्रयोग %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "प्रयोग %s -L -l उपयोक्ता"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "प्रयोग करें -- विकल्प सूची समाप्त करने के लिये. उदाहरण के लिये"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "2 ज्यादा तर्क जरूरी"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s परिभाषित नहीं"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s वैध नहीं है %s वस्तु के लिये\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "गैर-MLS मशीन पर परिसर समर्थित नहीं"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "आप जरूर एक भूमिका निर्दिष्ट करें"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "आप जरूर एक उपसर्ग निर्दिष्ट करें"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "विकल्प त्रुटि %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "अवैध मान %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "गैर-MLS मशीन पर अनुवाद समर्थित नहीं"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s खोलने में असमर्थ: गैर-MLS मशीन पर अनुवाद समर्थित नहीं"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "अनुवाद में '%s' खाली स्थान नहीं होते हैं."
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "अवैध स्तर '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s पहले से अनुवाद में परिभाषित है"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s अनुवाद में परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux नीति प्रबंधित नहीं है या भंडार अभिगम नहीं किया जा सकता है."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "नीति भंडार नहीं पढ़ सकता है."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage संबंधन स्थापित नहीं कर सका"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s के लिये कुंजी नहीं बना सका"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "नहीं जांच सका अगर %s के लिये लॉगिन मैपिंग परिभाषित है"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s के लिये लॉगिन मैपिंग पहले से परिभाषित है"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux उपयोक्ता %s मौजूद नहीं है"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s के लिये लॉगिन मैपिंग नहीं बना सका"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s के लिये नाम सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "MLS परिसर %s के लिये सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "SELinux उपयोक्ता %s के लिये सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage विनिमय आरंभ नहीं कर सका"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s के लिये लॉगिन मैपिंग जोड़ नहीं सका"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser या serange जरूरी"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s के लिये लॉगिन मैपिंग परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "seuser को %s के लिये प्रश्न नहीं कर सका"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s के लिये लॉगिन मैपिंग नहीं रूपांतरित कर सका"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "नीति में %s परिभाषित है, मिटाया नहीं जा सकता"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s के लिये लॉगिन मैपिंग नहीं मिटा सका"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "लॉगिन मैपिंग नहीं सूचीबद्ध कर सका"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "जांच नहीं सका कि SELinux उपयोक्ता %s परिभाषित है"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux उपयोक्ता %s पहले से परिभाषित है"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "SELinux उपयोक्ता %s के लिये बना नहीं सका"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%s भूमिका %s के लिये जोड़ नहीं सका"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "MLS स्तर %s के लिये सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "अवैध उपसर्ग %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%s उपसर्ग %s के लिये नहीं जोड़ सका"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s के लिये कुंजी निकाल नहीं सका"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux उपयोक्ता %s नहीं जोड़ सका"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "उपसर्ग, भूमिका, स्तर या परिसर जरूरी"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "उपसर्ग या भूमिका जरूरी"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux उपयोक्ता %s परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s के लिये उपयोक्ता को प्रश्न नहीं कर सकता"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux उपयोक्ता %s नहीं सुधार सकता"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux उपयोक्ता %s नीति में परिभाषित है, मिटा नहीं सकता"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux उपयोक्ता %s मिटा नहीं सका"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux उपयोक्ता सूचीबद्ध नहीं सका"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "%s उपयोक्ता के लिये भूमिका सूचीबद्ध नहीं कर सका"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "प्रोटोकॉल udp या tcp जरूरी है"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "पोर्ट जरूरी है"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s के लिये कुंजी नहीं बना सका"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "टाइप जरूरी है"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "जांच नहीं सका अगर पोर्ट %s/%s परिभाषित है"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "%s/%s पोर्ट पहले से परिभाषित है"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s के लिये पोर्ट बना नहीं सका"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s के लिये संदर्भ बना नहीं सका"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s के लिये पोर्ट संदर्भ में उपयोक्ता सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s के लिये पोर्ट संदर्भ में भूमिका सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s के लिये पोर्ट संदर्भ में टाइप सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s के लिये पोर्ट संदर्भ में क्षेत्र mls सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s के लिये पोर्ट संदर्भ सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s पोर्ट जोड़ नहीं सका"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype या serange जरूरी"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "सेटटाइप जरूरी"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "पोर्ट %s/%s परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "%s/%s पोर्ट प्रश्न नहीं कर सका"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "%s/%s पोर्ट रूपांतरित नहीं कर सका"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "%s/%s नीति में परिभाषित है, मिटा नहीं सकता"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "%s/%s पोर्ट मिटा नहीं सका"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "पोर्ट सूची बद्ध नहीं कर सका"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux प्रकार जरूरी है"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s के लिये कुंजी नहीं बना सका"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "जांच नहीं सका अगर %s अंतरफलक परिभाषित है"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s अंतरफलक पहले से परिभाषित है"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s के लिये अंतरफलक नहीं बना सका"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s के लिये संदर्भ बना नहीं सका"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "उपयोक्ता को %s के लिये अंतरफलक संदर्भ में सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "भूमिका को %s के लिये अंतरफलक संदर्भ में सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "टाइप को %s के लिये अंतरफलक संदर्भ में सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "mls क्षेत्र %s के लिये अंतरफलक संदर्भ में सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s के लिये अंतरफलक संदर्भ सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s के लिये संदेश संदर्भ सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s अंतरफलक जोड़ नहीं सका"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s अंतरफलक परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "%s अंतरफलक प्रश्न नहीं कर सकता"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "%s अंतरफलक रूपांतरित नहीं सक सका"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "अंतरफलक %s नीति में परिभाषित है, मिटाया नहीं जा सकता"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "%s अंतरफलक मिटा नहीं सका"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "अंतरफलक सूचीबद्ध नहीं कर सका"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "जांच नहीं सका अगर %s के लिये फाइल संदर्भ परिभाषित है"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s के लिये फाइल संदर्भ पहले से परिभाषित है"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s के लिये फाइल संदर्भ नहीं बना सका"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s के लिये फाइल संदर्भ में उपयोक्ता सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s के लिये फाइल संदर्भ में भूमिका सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s के लिये फाइल संदर्भ में टाइप सेट नहीं कर सका"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "mls क्षेत्र %s के लिये फाइल संदर्भ के क्रम में नहीं सेट कर सका"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s के लिये फाइल संदर्भ नहीं सेट कर सका"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s के लिये फाइल संदर्भ नहीं जोड़ सका"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "सेटटाइप जरूरी, serange या seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s के लिये फाइल संदर्भ परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s के लिये फाइल संदर्भ को प्रश्न नहीं कर सका"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s के लिये फाइल संदर्भ नहीं सुधार सका"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s के लिये फाइल संदर्भ नीति में परिभाषित है, मिटा नहीं सकता"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s के लिये फाइलसंदर्भ मिटा नहीं सका"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "फाइल संदर्भ सूचीबद्ध नहीं कर सका"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "स्थानीय फाइल संदर्भ सूचीबद्ध नहीं कर सका"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "मान जरूरी"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "अगर %s बुलियन परिभाषित है तो जांच नहीं सका"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "%s बुलियन परिभाषित नहीं है"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "%s फाइल संदर्भ को प्रश्न नहीं कर सका"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "%s बुलियन रूपांतरित नहीं कर सका"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "%s बुलियन नीति में परिभाषित है, मिटाया नहीं जा सकता"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "%s बुलियन मिटा नहीं सका"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "बुलियन सूचीबद्ध नहीं कर सका"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "टाइप पुनर्बलीकरण फाइल बना रहा है: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "कंपाइलिंग नीति"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** महत्वपूर्ण ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"कर्नेल में नव निर्मित नीति संकुल लोड करने के क्रम में,\n"
+"आपको जरूरत है \n"
+"\n"
+"semodule -i %s.pp चलाने की\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "विकल्प त्रुटि: %s "
+
diff --git a/policycoreutils/po/hr.po b/policycoreutils/po/hr.po
new file mode 100644
index 0000000..6dee9b0
--- /dev/null
+++ b/policycoreutils/po/hr.po
@@ -0,0 +1,1113 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-28 20:15+0100\n"
+"Last-Translator: Renato Pavicic <renato@translator-shop.org>\n"
+"Language-Team: Croatian <www.translator-shop.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Croatian\n"
+"X-Poedit-Country: CROATIA\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "upotreba: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Pravilo nije moguće učitati: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "Zadavanje PAM_TTY nije uspjelo\n"
+
+#: ../newrole/newrole.c:218
+#: ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Lozinka:"
+
+#: ../newrole/newrole.c:243
+#: ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Vaš unos u datoteci lozinka u sjeni nije moguće pronaći.\n"
+
+#: ../newrole/newrole.c:250
+#: ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "'getpass' ne može otvoriti /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "Valjani unos u datoteci lozinka nije moguće pronaći.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Nedovoljno memorije!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Pogreška! Ljuska nije valjana.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Čišćenje okruženje nije moguće\n"
+
+#: ../newrole/newrole.c:436
+#: ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Pogreška pri inicijalizaciji sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:444
+#: ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Pogreška pri postavljanju sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Pogreška postavljanju KEEPCAPS. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:458
+#: ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Pogreška pri ispuštanju sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Pogreška pri izmjeni UID. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:470
+#: ../newrole/newrole.c:525
+#: ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Pogreška vraćanju KEEPCAPS na izvorne postavke. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Pogreška pri ispuštanju SETUID sposobnosti. Bit će prekinuto.\n"
+
+#: ../newrole/newrole.c:482
+#: ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Pogreška pri oslobađanju sposobnosti\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Pogreška pri povezivanju sa sustavom provjere.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Pogreška pri dodjeljivanju memorije.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Pogreška pri slanju poruke provjere.\n"
+
+#: ../newrole/newrole.c:634
+#: ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Određivanje načina prisiljavanja nije moguće.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Pogreška! Nije moguće otvoriti %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Dohvaćanje trenutnog konteksta za %s nije moguće. TTY neće biti ponovno označen.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Dohvaćanje novog konteksta za %s nije moguće. TTY neće biti ponovno označen.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Zadavanje novog konteksta za %s nije moguće.\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s je izmijenio oznake.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Upozorenje! Obnavljanje konteksta za %s nije moguće.\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Pogreška: Određene su višestruke uloge\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Pogreška: Određene su višestruke vrste\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Nažalost, opcija -l može se upotrijebiti uz SELinux MLS podršku.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Pogreška: Određene su višestruke razine\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Dohvaćanje zadane vrste nije moguće.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "Dohvaćanje novog konteksta nije uspjelo.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "Zadavanje nove %s uloge nije uspjelo.\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "Zadavanje nove vrste %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "Izrada novog opsega s razinom %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "Zadavanje novog opsega %s nije uspjelo.\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "Pretvaranje novog konteksta u niz nije uspjelo.\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nije valjani kontekst\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Dodjeljivanje memorije za new_context nije moguće"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Dohvaćanje praznog kompleta signala nije moguće\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Postavljanje SIGHUP rukovanja nije moguće\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Nažalost, nova uloga može se upotrijebiti samo na SELinux kernelu.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "Dohvaćanje starog konteksta nije uspjelo.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Pogreška! Dohvaćanje TTY podataka nije moguće.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Provjera autentičnosti %s.\n"
+
+#: ../newrole/newrole.c:1020
+#: ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "Inicijalizacija PAM nije uspjela\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: neispravna lozinka za %s.\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: 'forking' neuspjeh: %s"
+
+#: ../newrole/newrole.c:1059
+#: ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Obnavljanje tty oznake nije moguće...\n"
+
+#: ../newrole/newrole.c:1061
+#: ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Ispravno zatvaranje tty nije uspjelo\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Nije moguće zatvoriti deskriptore. \n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Pogreška pri dodjeljivanju argv0 ljuske.\n"
+
+#: ../newrole/newrole.c:1147
+#: ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Nije moguće postaviti exec kontekst za %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Obnavljanje okruženja nije moguće. Prekidanje radnje.\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "Izvršavanje ljuske nije uspjelo\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"UPOTREBA: run_init <skripta> <argumenti ...>\n"
+" gdje je <skripta> naziv init skripte koju je potrebno pokrenuti,\n"
+" <argumenti ...> argumenti za tu skriptu."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "Dohvaćanje podataka o nalogu nije uspjelo\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: neispravna lozinka za %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Datoteku %s nije bilo moguće otvoriti\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "U datoteci %s nema konteksta\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Nažalost, run_init može se upotrijebiti samo na SELinux kernelu.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "Provjere autentičnosti nije uspjela.\n"
+
+#: ../scripts/chcat:75
+#: ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Zahtijeva najmanje jednu kategoriju"
+
+#: ../scripts/chcat:89
+#: ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Nije moguće urediti razine osjetljivosti upotrebom '+' na %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s već je unutar %s"
+
+#: ../scripts/chcat:164
+#: ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nije unutar %s"
+
+#: ../scripts/chcat:237
+#: ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kombiniranje +/- s ostalim vrstama kategorija nije moguće"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nije moguće imati višestruke osjetljivosti"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Upotreba %s KATEGORIJA datoteka ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Upotreba %s -l KATEGORIJA korisnik..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Upotreba %s [[+|-]KATEGORIJA],...]q datoteka ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Upotreba %s -l [[+|-]KATEGORIJA],...]q korisnik ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Upotreba %s -d datoteka ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Upotreba %s -l -d korisnik ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Upotreba %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Upotreba %s -L -l korisnik"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Za završetak popisa opcija upotrijebite -- . Na primjer"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -TvrtkaPovjerljivo /docs/poslovniplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +TvrtkaPovjerljivo juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Zahtijeva 2 ili više argumenta"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nije određen"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s nije valjan za %s objekata\n"
+
+#: ../semanage/semanage:183
+#: ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "Opseg nije podržan na ne-MLS računalima"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Potrebno je odrediti ulogu"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Potrebno je odrediti prefiks"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Pogreška opcija %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Neispravna vrijednost '%s'. "
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "Prijevodi nisu podržani na ne-MLS računalima"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Otvaranje %s nije moguće: Prijevodi nisu podržani na ne-MLS računalima"
+
+#: ../semanage/seobject.py:179
+#: ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Prijevodi ne mogu sadržavati prazna mjesta (razmake) '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Neispravna razina '%s'. "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s već je definiran u prijevodima"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nije definiran u prijevodima"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux pravilima se ne upravlja ili pristup pohrani nije moguć."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Čitanje pohrane pravila nije moguće."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Uspostavljanje semanage veze nije moguće"
+
+#: ../semanage/seobject.py:247
+#: ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352
+#: ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504
+#: ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093
+#: ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207
+#: ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Izrada ključa za %s nije moguća"
+
+#: ../semanage/seobject.py:251
+#: ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356
+#: ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Nije moguće provjeriti je li mapiranje za prijavu %s određeno"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mapiranje prijave za %s već je određeno"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux korisnik %s ne postoji"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Izrada mapiranja prijave za %s nije moguća"
+
+#: ../semanage/seobject.py:265
+#: ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Zadavanje naziva za %s nije moguće"
+
+#: ../semanage/seobject.py:270
+#: ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Zadavanje MLS raspona za %s nije moguće"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Zadavanje SELinux korisnika za %s nije moguće"
+
+#: ../semanage/seobject.py:278
+#: ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368
+#: ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539
+#: ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705
+#: ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776
+#: ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944
+#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073
+#: ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148
+#: ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Semanage transakciju nije moguće pokrenuti"
+
+#: ../semanage/seobject.py:282
+#: ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Dodavanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Zahtijeva seuser ili serange"
+
+#: ../semanage/seobject.py:311
+#: ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Mapiranje prijave za %s nije određeno"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Propitivanje seusera za %s nije moguće"
+
+#: ../semanage/seobject.py:334
+#: ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Uređivanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Mapiranje prijave za %s određeno je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:373
+#: ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Brisanje mapiranja prijave za %s nije moguće"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Ispisivanje popisa mapiranja prijava nije moguće"
+
+#: ../semanage/seobject.py:437
+#: ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566
+#: ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Nije moguće provjeriti je li SELinux korisnik %s određen"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux korisnik %s već je određen"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Izrada SELinux korisnika za %s nije moguća"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Dodavanje uloge %s za %s nije moguće"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Zadavanje MLS razine za %s nije moguće"
+
+#: ../semanage/seobject.py:463
+#: ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Neispravan prefiks %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Dodavanje prefiksa %s za %s nije moguće"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Izvlačenje ključa za %s nije moguće"
+
+#: ../semanage/seobject.py:477
+#: ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Dodavanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Zahtijeva prefiks, uloge, razinu ili raspon"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Zahtijeva prefiks ili uloge"
+
+#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux korisnik %s nije određen"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Propitivanje korisnika za %s nije moguće"
+
+#: ../semanage/seobject.py:543
+#: ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Uređivanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux korisnik %s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:582
+#: ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Brisanje SELinux korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Ispisivanje popisa SELinux korisnika nije moguće"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Ispisivanje popisa uloga korisnika %s nije moguće"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Potreban je UDP ili TCP protokol"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Potreban je port"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Izrada ključa za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Potrebna je vrsta"
+
+#: ../semanage/seobject.py:668
+#: ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Nije moguće provjeriti je li port %s/%s određen"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s već je određen"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Izrada porta za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Izrada konteksta za %s/%s nije moguća"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Zadavanje korisnika u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Zadavanje uloge u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Zadavanje vrste u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Zadavanje MLS polja u kontekstu porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Zadavanje konteksta porta za %s/%s nije moguće"
+
+#: ../semanage/seobject.py:709
+#: ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Dodavanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:722
+#: ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Zahtijeva setype ili serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Zahtijeva setype"
+
+#: ../semanage/seobject.py:732
+#: ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s nije određen"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Propitivanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:751
+#: ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Uređivanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:780
+#: ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Brisanje porta %s/%s nije moguće"
+
+#: ../semanage/seobject.py:792
+#: ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Ispisivanje popisa portova nije moguće"
+
+#: ../semanage/seobject.py:855
+#: ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Potrebna je SELinux vrsta"
+
+#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960
+#: ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Izrada ključa za %s nije moguća"
+
+#: ../semanage/seobject.py:863
+#: ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Nije moguće provjeriti je li sučelje %s određeno"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Sučelje %s već je određeno"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Izrada sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:874
+#: ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Izrada konteksta za %s nije moguća"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Zadavanje korisnika u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Zadavanje uloge u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Zadavanje vrste u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Zadavanje MLS polja u kontekstu sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Zadavanje konteksta sučelja za %s nije moguće"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Zadavanje konteksta poruke za %s nije moguće"
+
+#: ../semanage/seobject.py:907
+#: ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Dodavanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:929
+#: ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Sučelje %s nije određeno"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Propitivanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:948
+#: ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Uređivanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Sučelje %s određeno je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Brisanje sučelja %s nije moguće"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Ispisivanje popisa sučelja nije moguće"
+
+#: ../semanage/seobject.py:1035
+#: ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136
+#: ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Nije moguće provjeriti je li kontekst datoteke za %s određen"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Kontekst datoteke za %s već je određen"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Izrada konteksta datoteke za %s nije moguća"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Zadavanje korisnika u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Zadavanje uloge u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Zadavanje vrste u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Zadavanje MLS polja u kontekstu datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Zadavanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1077
+#: ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Dodavanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Zahtijeva setype, serange ili seuser"
+
+#: ../semanage/seobject.py:1099
+#: ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Kontekst datoteke za %s nije određen"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Propitivanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1120
+#: ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Uređivanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Kontekst datoteke za %s određen je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:1152
+#: ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Brisanje konteksta datoteke za %s nije moguće"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Ispisivanje popisa konteksta datoteke nije moguće"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Izrada popisa konteksta lokalnih datoteka nije moguća"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Zahtijeva vrijednost"
+
+#: ../semanage/seobject.py:1211
+#: ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Nije moguće provjeriti je li Booleova vrijednost %s određena"
+
+#: ../semanage/seobject.py:1213
+#: ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Booleova vrijednost %s nije određena"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Propitivanje konteksta datoteke %s nije moguće"
+
+#: ../semanage/seobject.py:1229
+#: ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Uređivanje Booleove vrijednosti %s nije moguće"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Booleova vrijednost %s određena je u pravilima. Brisanje nije moguće."
+
+#: ../semanage/seobject.py:1261
+#: ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Brisanje Booleove vrijednosti %s nije moguće"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Ispisivanje popisa Booleovih vrijednosti nije moguće"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Generiranje datoteke prisile vrste: %s.te"
+
+#: ../audit2allow/audit2allow:189
+#: ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Pravila prevođenja"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** VAŽNO ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Da bi se ovaj novoizrađeni paket pravila učitao u kernel,\n"
+"potrebno je da izvršite naredbu \n"
+"\n"
+"semodule -I %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Pogreška opcija: %s "
+
diff --git a/policycoreutils/po/hu.po b/policycoreutils/po/hu.po
new file mode 100644
index 0000000..76b80d6
--- /dev/null
+++ b/policycoreutils/po/hu.po
@@ -0,0 +1,1052 @@
+# translation of policycoreutils to Hungarian
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Arpad Biro <biro_arpad@yahoo.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: hu\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-09-15 17:27+0200\n"
+"Last-Translator: Arpad Biro <biro_arpad@yahoo.com>\n"
+"Language-Team: Hungarian\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.10.2\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "használat: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: szabályzat nem betölthető: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "nem sikerült beállítani ezt: PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Jelszó:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Az Ön bejegyzése nem található az árnyék-jelszófájlban.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "A getpass nem tudja megnyitni ezt: /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, fuzzy, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "Az Ön bejegyzése nem található a jelszófájlban.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Elfogyott a memória.\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Hiba: a parancsértelmező érvénytelen.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Hiba a képességek inicializálásakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, fuzzy, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Hiba a képességek inicializálásakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:450
+#, fuzzy, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Hiba a KEEPCAPS visszaállításakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Hiba a képességek eldobásakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Hiba a uid módosításakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Hiba a KEEPCAPS visszaállításakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Hiba a SETUID képesség eldobásakor; megszakítás.\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Hiba az auditálási rendszerhez való csatlakozáskor.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Memóriafoglalási hiba.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Hiba az auditálási üzenet küldésekor.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Nem sikerült meghatározni a kikényszerítési módot.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Hiba: nem lehet megnyitni ezt: %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s: nem sikerült meghatározni a jelenlegi kontextust ehhez: %s - a tty nem "
+"lesz újracímkézve.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s: nem sikerült meghatározni az új kontextust ehhez: %s - a tty nem lesz "
+"újracímkézve.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s: nem sikerült beállítani az új kontextust ehhez: %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s címkét módosított.\n"
+
+#: ../newrole/newrole.c:716
+#, fuzzy, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Figyelmeztetés: nem sikerült visszaállítani a kontextust ehhez: %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Hiba: több szerep lett megadva\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Hiba: több típus lett megadva\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "A -l használata SELinux MLS-támogatás esetén lehetséges.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Hiba: több szint lett megadva\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Nem sikerült meghatározni az alapértelmezett típust.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "Nem sikerült meghatározni az új kontextust.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "nem sikerült beállítani ezt az új szerepet: %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "nem sikerült beállítani ezt az új típust: %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "nem sikerült új tartományt készíteni ezzel a szinttel: %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "nem sikerült beállítani ezt az új tartományt: %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "nem sikerült szöveggé alakítani az új kontextust\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nem egy érvényes kontextus\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "A newrole funkció csak SELinux-kernelen használható.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "Nem sikerült meghatározni a régi kontextust.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Hiba: nem sikerült lekérdezni a tty-információkat.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s azonosítása.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "nem sikerült inicializálni a PAM-et\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: helytelen jelszó ehhez a felhasználóhoz: %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: nem sikerült létrehozni új folyamatot: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, fuzzy, c-format
+msgid "Failed to close tty properly\n"
+msgstr "nem sikerült beállítani ezt az új típust: %s\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Nem sikerült lezárni a leírókat.\n"
+
+#: ../newrole/newrole.c:1140
+#, fuzzy, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Memóriafoglalási hiba.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Nem sikerült beállítani a végrehajtási kontextust erre: %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "nem sikerült végrehajtani a parancsértelmezőt\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"Használat: run_init <szkript> <argumentumok ...>\n"
+" ahol <szkript> a futtatandó inicializálási szkript neve,\n"
+" <argumentumok ...> pedig ezen szkript argumentumai."
+
+#: ../run_init/run_init.c:139
+#, fuzzy, c-format
+msgid "failed to get account information\n"
+msgstr "Nem sikerült meghatározni az új kontextust.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: helytelen jelszó ehhez a felhasználóhoz: %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Nem sikerült megnyitni ezt a fájlt: %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Nincs kontextus ebben a fájlban: %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "A run_init funkció csak SELinux-kernelen használható.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "Az azonosítás nem sikerült.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Legalább 1 kategóriát igényel"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Az érzékenységi szintek nem módosíthatók \"+\" használatával ezen: %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s már benne van ebben: %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nincs benne ebben: %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "A +/- nem kombinálható egyéb fajta kategóriákkal"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nem lehet több érzékenység"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Használat: %s kategória fájl ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Használat: %s -l kategória felhasználó ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Használat: %s [[+|-]kategória],...]q fájl ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Használat: %s -l [[+|-]kategória],...]q felhasználó ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Használat: %s -d fájl ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Használat: %s -l -d felhasználó ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Használat: %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Használat: %s -L -l felhasználó"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Az argumentumlista a -- jellel zárható le. Példa:"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -Bizalmas /docs/üzletiterv.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +Bizalmas felhasználó1"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Meg kell adni legalább 2 argumentumot"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nincs definiálva"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "\"%s\" nem érvényes \"%s\" objektumokhoz\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "a tartomány nem támogatott a nem MLS-es gépeken"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Meg kell adni egy szerepet"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Meg kell adni egy előtagot"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Hiba az opciókban: %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Érvénytelen érték: %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "a fordítások nem támogatottak a nem MLS-es gépeken"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Nem lehet megnyitni ezt: %s: a fordítások nem támogatottak a nem MLS-es "
+"gépeken"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "A fordítások nem tartalmazhatnak szóközöket - \"%s\" "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Érvénytelen szint: \"%s\" "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s már definiálva van a fordításokban"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nincs definiálva a fordításokban"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "Az SELinux-szabályzat nem kezelt, vagy nem lehet elérni a tárolót."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Nem lehet olvasni a szabályzat-tárolót."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Nem sikerült létrehozni Semanage-kapcsolatot"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Nem sikerült létrehozni kulcsot ehhez: %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+"Nem sikerült ellenőrizni, hogy van-e definiálva bejelentkezési hozzárendelés "
+"ehhez: %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Már van definiálva bejelentkezési hozzárendelés ehhez: %s"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Nem létezik %s nevű Linux-felhasználó"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Nem sikerült létrehozni bejelentkezési hozzárendelést ehhez: %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Nem sikerült nevet beállítani ehhez: %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Nem sikerült MLS-tartományt beállítani ehhez: %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Nem sikerült SELinux-felhasználót beállítani ehhez: %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Nem sikerült elindítani az Semanage-tranzakciót"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Nem sikerült felvenni bejelentkezési hozzárendelést ehhez: %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Seuser vagy Serange szükséges"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Nincs definiálva bejelentkezési hozzárendelés ehhez: %s"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Nem sikerült végrehajtani Seuser-lekérdezést erre: %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Nem sikerült módosítani \"%s\" bejelentkezési hozzárendelését"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"%s bejelentkezési hozzárendelése szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Nem sikerült törölni \"%s\" bejelentkezési hozzárendelését"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Nem sikerült listázni a bejelentkezési hozzárendeléseket"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+"Nem sikerült ellenőrizni, hogy van-e definiálva \"%s\" SELinux-felhasználó"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "Már van definiálva \"%s\" nevű SELinux-felhasználó"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Nem sikerült létrehozni SELinux-felhasználót ehhez: %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Nem sikerült felvenni \"%s\" szerepet ehhez: %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Nem sikerült beállítani az MLS-szintet ehhez: %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, fuzzy, python-format
+msgid "Invalid prefix %s"
+msgstr "Érvénytelen érték: %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Nem sikerült felvenni \"%s\" előtagot ehhez: %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Nem sikerült kinyerni a kulcsot ehhez: %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Nem sikerült felvenni \"%s\" SELinux-felhasználót"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Szükség van előtagra, szerepekre, szintre vagy tartományra"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Szükség van előtagra vagy szerepekre"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "\"%s\" SELinux-felhasználó nincs definiálva"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Nem sikerült lekérdezni a felhasználót ehhez: %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Nem sikerült módosítani a(z) \"%s\" SELinux-felhasználót"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"\"%s\" SELinux-felhasználó szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Nem sikerült törölni a(z) \"%s\" SELinux-felhasználót"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Nem sikerült listázni az SELinux-felhasználókat"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Nem sikerült listázni a(z) \"%s\" felhasználó szerepeit"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "UDP vagy TCP protokoll szükséges"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Meg kell adni portot"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Nem sikerült létrehozni kulcsot ehhez: %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Meg kell adni típust"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Nem sikerült ellenőrizni, hogy definiálva van-e a(z) %s/%s port"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "A(z) %s/%s port már definiálva van"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Nem sikerült létrehozni portot ehhez: %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Nem sikerült létrehozni kontextust ehhez: %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Nem sikerült beállítani a felhasználót %s/%s portkontextusban"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Nem sikerült beállítani a szerepet %s/%s portkontextusban"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Nem sikerült beállítani a típust %s/%s portkontextusban"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Nem sikerült beállítani az MLS-mezőket %s/%s portkontextusban"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Nem sikerült beállítani a portkontextust ehhez: %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Nem sikerült felvenni ezt a portot: %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Setype vagy Serange szükséges"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Setype szükséges"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "%s/%s port nincs definiálva"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Nem sikerült lekérdezni ezt a portot: %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Nem sikerült módosítani ezt a portot: %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "A(z) %s/%s port szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Nem sikerült törölni ezt a portot: %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Nem sikerült listázni a portokat"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Meg kell adni SELinux-típust"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Nem sikerült létrehozni kulcsot ehhez: %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Nem sikerült ellenőrizni, hogy definiálva van-e ez a csatoló: %s"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s csatoló már definiálva van"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Nem sikerült létrehozni csatolót ehhez: %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Nem sikerült létrehozni kontextust ehhez: %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Nem sikerült beállítani a felhasználót %s csatolókontextusban"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Nem sikerült beállítani a szerepet %s csatolókontextusban"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Nem sikerült beállítani a típust %s csatolókontextusban"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Nem sikerült beállítani az MLS-mezőket %s csatolókontextusban"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Nem sikerült beállítani a csatolókontextust ehhez: %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Nem sikerült beállítani az üzenetkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Nem sikerült felvenni ezt a csatolót: %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s csatoló nincs definiálva"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Nem sikerült lekérdezni ezt a csatolót: %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Nem sikerült módosítani ezt a csatolót: %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "A(z) %s csatoló szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Nem sikerült törölni ezt a csatolót: %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Nem sikerült listázni a csatolókat"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+"Nem sikerült ellenőrizni, hogy van-e definiálva fájlkontextus ehhez: %s"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Már van definiálva fájlkontextus ehhez: %s"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Nem sikerült létrehozni fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Nem sikerült beállítani a felhasználót %s fájlkontextusban"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Nem sikerült beállítani a szerepet %s fájlkontextusban"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Nem sikerült beállítani a típust %s fájlkontextusban"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Nem sikerült beállítani az MLS-mezőket %s fájlkontextusban"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Nem sikerült beállítani a fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Nem sikerült felvenni fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Setype, Serange vagy Seuser szükséges"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Nincs definiálva fájlkontextus ehhez: %s"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Nem sikerült lekérdezni a fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Nem sikerült módosítani a fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s fájlkontextusa szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Nem sikerült törölni %s fájlkontextusát"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Nem sikerült listázni a fájlkontextusokat"
+
+#: ../semanage/seobject.py:1168
+#, fuzzy
+msgid "Could not list local file contexts"
+msgstr "Nem sikerült listázni a fájlkontextusokat"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Meg kell adni egy értéket"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Nem sikerült ellenőrizni, hogy \"%s\" logikai érték definiálva van-e"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "\"%s\" logikai érték nincs definiálva"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Nem sikerült lekérdezni a fájlkontextust ehhez: %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Nem sikerült módosítani a(z) \"%s\" logikai értéket"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "A(z) \"%s\" logikai érték szabályzatban van definiálva - nem törölhető"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Nem sikerült törölni a(z) \"%s\" logikai értéket"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Nem sikerült listázni a logikai értékeket"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Típuskényszerítési fájl készítése: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Szabályzat elkészítése"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"*********************** FONTOS ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Az újonnan elkészített szabályzatcsomagnak a kernelbe való\n"
+"betöltéséhez végre kell hajtania a következő parancsot:\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Hiba az opciókban: %s "
diff --git a/policycoreutils/po/hy.po b/policycoreutils/po/hy.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/hy.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/id.po b/policycoreutils/po/id.po
new file mode 100644
index 0000000..e215519
--- /dev/null
+++ b/policycoreutils/po/id.po
@@ -0,0 +1,1010 @@
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/is.po b/policycoreutils/po/is.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/is.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/it.po b/policycoreutils/po/it.po
new file mode 100644
index 0000000..55aa0c1
--- /dev/null
+++ b/policycoreutils/po/it.po
@@ -0,0 +1,1052 @@
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to
+# translation of it.po to Italiano
+# This file is distributed under the same license as the policycoreutils package.
+# Francesco Tombolini <tombo@adamantio.net>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: it\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-24 01:02+0100\n"
+"Last-Translator: \n"
+"Language-Team: <it@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "uso: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Non posso caricare la policy: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "impostazione di PAM_TTY fallita\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Password:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Impossibile trovare il tuo record nel file shadow passwd.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass non può aprire /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "impossibile trovare entry valide nel file passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Memoria esaurita!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Errore! La shell non è valida.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Impossibile ripulire l'ambiente\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Errore inizializzazione capacità, abbandono.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Errore impostazione capacità, abbandono.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Errore impostazione KEEPCAPS, abbandono\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Errore rilascio capacità, abbandono\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Errore cambio uid, abbandono.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Errore reimpostazione KEEPCAPS, abbandono\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Errore rilascio capacità SETUID, abbandono\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Errore nel liberare caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Errore di connessione al sistema audit.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Errore di allocazione memoria.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Errore di invio messaggio audit.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Non si può determinare la modalità enforcing.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Errore! Impossibile aprire %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Impossibile ottenere il contesto corrente per %s, tty non "
+"rietichettante.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Impossibile ottenere il nuovo contesto per %s, tty non rietichettante.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Impossibile impostare il nuovo contesto per %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s etichette cambiate.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Attenzione! Impossibile ripristinare il contesto per %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Errore: ruoli multipli specificati\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Errore: tipi multipli specificati\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Spiacente, -l può essere usato con il supporto SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Errore: livelli multipli specificati\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Non si può determinare il tipo predefinito.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "determinazione nuovo contesto fallita.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "impostazione nuovo ruolo %s fallita\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "impostazione nuovo tipo %s fallita\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "creazione nuovo range con livello %s fallita\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "impostazione nuovo range %s fallita\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "conversione nuovo contesto in stringa fallita\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s non è un contesto valido\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Impossibile assegnare memoria per new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Impossibile ottenere un segnale vuoto\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Impossibile impostare SIGHUP handler\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Spiacente, newrole può essere usato solo su un kernel SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "determinazione vecchio contesto fallita.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Errore! Impossibile recuperare informazioni tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autenticazione %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "inizializzazione di PAM fallita\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: password non corretta per %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: fallimento forking: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Impossibile ripristinare l'etichetta tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Impossibile chiudere correttamente tty\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Impossibile chiudere i descrittori.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Errore nell'allocazione di argv0 della shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Impossibile impostare il contesto exec su %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Impossibile ripristinare l'ambiente, abbandono\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "esecuzione shell fallita\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"USO: run_init <script> <args ...>\n"
+" dove: <script> è il nome dell'init script da eseguire,\n"
+" <args ...> sono gli argomenti per quello script."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "impossibile ottenere informazioni sull'account.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: password non corretta per %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Impossibile aprire il file %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Nessun contesto nel file %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Spiacente, run_init può essere usato solo su un kernel SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "autenticazione fallita.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Richiede almeno una categoria"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Impossibile modificare i livelli di sensitività usando '+' su %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s è già in %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s non è in %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Impossibile combinare +/- con altri tipi di categorie"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Impossibile avere sensitività multiple"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Uso %s CATEGORIA File ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Uso %s -l CATEGORIA utente ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Uso %s [[+|-]CATEGORIA],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Uso %s -l [[+|-]CATEGORIA],...]q utente ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Uso %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Uso %s -l -d utente ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Uso %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Uso %s -L -l utente"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Usate -- per la lista delle opzioni. Ad esempio"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Richiede 2 o più argomenti"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s non definito"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s non valido per gli oggetti %s \n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "range non supportato su macchine Non MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Si deve specificare un ruolo"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Si deve specificare un prefisso"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Errore opzioni %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Valore non valido %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "traduzioni non supportate su macchine non-MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Impossibile aprire %s: traduzioni non supportate su macchine non-MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Le traduzioni non possono contenere spazi '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Livello non valido '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s già definito nelle traduzioni"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s non definito nelle traduzioni"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"La policy SELinux non è amministrata o non si può accedere al deposito."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Impossibile leggere il deposito della policy."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Impossibile stabilire connessione semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Impossibile creare una chiave per %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Impossibile controllare se è definito il login mapping per %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Il login mapping per %s è già definito"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "L'utente linux %s non esiste"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Impossibile creare il login mapping per %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Impossibile impostare nome per %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Impossibile impostare range MLS per %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Impossibile impostare utente SELinux per %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Impossibile avviare transazione semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Impossibile aggiungere login mapping per %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Richiede seuser o serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Il login mapping per %s non è definito"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Impossibile interrogare seuser per %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Impossibile modificare login mapping per %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Il login mapping per %s è definito nella policy, non può essere eliminato"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Impossibile eliminare il login mapping per %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Impossibile elencare i login mappings"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Impossibile controllare se l'utente SELinux %s è definito"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "L'utente SELinux %s è già definito"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Impossibile creare l'utente SELinux per %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Impossibile aggiungere il ruolo %s per %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Impossibile impostare il livello MLS per %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Prefisso non valido %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Impossibile aggiungere il prefisso %s per %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Impossibile estrarre la chiave per %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Impossibile aggiungere l'utente SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Richiede prefisso, ruolo, livello o range"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Richiede prefisso o ruolo"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "L'utente SELinux %s non è definito"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Impossibile interrogare l'utente per %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Impossibile modificare l'utente SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "L'utente SELinux %s è definito nella policy, non può essere eliminato"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Impossibile eliminare l'utente SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Impossibile elencare gli utenti SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Impossibile elencare i ruoli per l'utente %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "E' richiesto il protocollo udp o tcp"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "E' richiesta la porta"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Impossibile creare una chiave per %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "E' richiesto il Tipo"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Impossibile controllare se la porta %s/%s è definita"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Porta %s/%s già definita"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Impossibile creare la porta per %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Impossibile creare il contesto per %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Impossibile impostare l'utente nel contesto della porta per %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Impossibile impostare il ruolo nel contesto della porta per %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Impossibile impostare il tipo nel contesto della porta per %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Impossibile impostare i campi mls nel contesto della porta per %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Impossibile impostare il contesto della porta per %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Impossibile aggiungere la porta %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Richiede setype o serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Richiede setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "La porta %s/%s non è definita"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Impossibile interrogare la porta %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Impossibile modificare la porta %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "La porta %s/%s è definita nella policy, non può essere eliminata"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Impossibile eliminare la porta %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Impossibile elencare le porte"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "E' richiesto un Tipo SELinux"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Impossibile creare la chiave per %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Impossibile controllare se l'interfaccia %s è definita"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Interfaccia %s già definita"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Impossibile creare l'interfaccia per %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Impossibile creare il contesto per %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Impossibile impostare l'utente nel contesto dell'interfaccia per %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Impossibile impostare il ruolo nel contesto dell'interfaccia per %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Impossibile impostare il tipo nel contesto dell'interfaccia per %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Impossibile impostare i campi mls nel contesto dell'interfaccia per %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Impossibile impostare il contesto dell'interfaccia per %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Impossibile impostare il contesto dei messaggi per %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Impossibile aggiungere l'interfaccia %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "L'interfaccia %s non è definita"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Impossibile interrogare l'interfaccia %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Impossibile modificare l'interfaccia %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "L'interfaccia %s è definita nella policy, non può essere eliminata"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Impossibile eliminare l'interfaccia %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Impossibile elencare le interfacce"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Impossibile controllare se il contesto del file per %s è definito"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Contesto del file per %s già definito"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Impossibile creare contesto del file per %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Impossibile impostare l'utente nel contesto del file per %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Impossibile impostare il ruolo nel contesto del file per %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Impossibile impostare il tipo nel contesto del file per %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Impossibile impostare i campi mls nel contesto del file per %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Impossibile impostare il contesto del file per %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Impossibile aggiungere il contesto del file per %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Richiesto setype, serange o seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Il contesto del file per %s non è definito"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Impossibile interrogare il contesto del file per %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Impossibile modificare il contesto del file per %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Il contesto del file per %s è definito nella policy, non può essere eliminato"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Impossibile eliminare il contesto del file per %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Impossibile elencare i contesti del file"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Impossibile elencare i contesti del file locale"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Richiede valore"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Impossibile controllare se la booleana %s è definita"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "La booleana %s non è definita"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Impossibile interrogare il contesto del file %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Impossibile modificare la booleana %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "La booleana %s è definita nella policy, non può essere eliminata"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Impossibile eliminare la booleana %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Impossibile elencare le booleane"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Generazione file tipo enforcement: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Compilazione policy"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANTE **********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Per poter caricare questo pacchetto di policy appena creato nel kernel,\n"
+"vi è richiesto di eseguire \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Errore opzioni: %s "
diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po
new file mode 100644
index 0000000..d1ef48d
--- /dev/null
+++ b/policycoreutils/po/ja.po
@@ -0,0 +1,1042 @@
+# translation of ja.po to Japanese
+# translation of ja.po to
+# translation of ja.po to
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Takuro Nagamoto <tnagamot@redhat.com>, 2006.
+# Noriko Mizumoto <noriko@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ja\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-28 15:56+1000\n"
+"Last-Translator: Noriko Mizumoto <noriko@redhat.com>\n"
+"Language-Team: Japanese <fedora-trans-ja@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "使い方: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: ポリシーをロードできません: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY の設定に失敗しました\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "パスワード:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "シャドーパスワードファイルに該当するエントリが見つかりません。\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass が /dev/tty を開けません\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd ファイルに有効なエントリが見つかりません。\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "メモリの空き容量がありません。\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "エラーが発生しました。シェルが有効ではありません。\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "環境を消去できません\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "機能の初期化中にエラーが発生、中止します。\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "機能の設定中にエラーが発生、中止します。\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS の設定中にエラーが発生、中止します。\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "機能をドロップ中にエラーが発生、中止します。\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid の変更中にエラーが発生、中止します。\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS のリセット中にエラーが発生、中止します\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID 機能をドロップ中にエラーが発生、中止します\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "機能を解放中にエラーが発生\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "監査システムに接続中にエラーが発生しました。\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "メモリの割り当て中にエラーが発生しました。\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "監査メッセージの送信中にエラーが発生しました。\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "施行モードを確定できませんでした。\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "エラー! %s を開けませんでした。\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %s の現在のコンテキストを取得できませんでした、再ラベルを行っている tty ではありません。\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %s の新しいコンテキストを取得できませんでした、 再ラベルを行っている tty ではありません。\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s の新しいコンテキストを設定できませんでした。\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s 変更されたラベル\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "警告! %s のコンテキストを復元できませんでした。\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "エラー: 複数のロールが指定されています\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "エラー: 複数のタイプが指定されています\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "残念ながら、 -l は SELinux MLS サポートがないと使用できません。\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "エラー: 複数のレベルが指定されています\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "デフォルトタイプを取得できませんでした。\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "新しいコンテキストの取得に失敗しました。\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "新しいロール %s の設定に失敗しました\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "新しいタイプ %s の設定に失敗しました\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "レベル %s で新しい範囲をビルドするのに失敗しました\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "新しい範囲 %s の設定に失敗しました\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "新しいコンテキストの文字列への変換に失敗しました\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s は有効なコンテキストではありません\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "new_context にメモリを割り当てることができません"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "空のシグナルセットを取得できません\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP ハンドラを設定できません\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "残念ながら、 newrole は SELinux カーネル上でしか使用できません。\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context の取得に失敗しました。\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "エラー! tty 情報を読み出しできませんでした。\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s を認証中です。\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM の初期化に失敗しました\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: %s のパスワードが間違っています\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: フォークの失敗: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty ラベルを復元できません...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty の正常終了に失敗しました\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "ディスクリプタを終了できませんでした。\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "シェルの argv0 割り当て中にエラーが発生しました。\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec コンテキストを %s に設定できませんでした。\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "環境を復元できません、中止します\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "シェルの実行に失敗しました\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"使い方: run_init <script> <args ...>\n"
+" ここで、 <script> は実行する init スクリプトの名前、\n"
+" <args ...> はそのスクリプトに対する引数になります。"
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "アカウント情報の取得に失敗しました\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s のパスワードが間違っています\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "ファイル %s を開けませんでした\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "ファイル %s にコンテキストがありません\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "残念ながら、 run_init は SELinux カーネル上でしか使用できません。\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "認証に失敗しました。\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "少くともカテゴリが 1 つ必要です"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%s で '+' を使って感度レベルを修正することができません"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s はすでに %s にあります"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s は %s にありません"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "他のタイプのカテゴリで +/- を結合できません"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "複数の感度を持てません"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "使い方 %s CATEGORY ファイル ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "使い方 %s -l CATEGORY ユーザー ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "使い方 %s [[+|-]CATEGORY],...]q ファイル ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "使い方 %s -l [[+|-]CATEGORY],...]q ユーザー ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "使い方 %s -d ファイル ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "使い方 %s -l -d ユーザー ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "使い方 %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "使い方 %s -L -l ユーザー"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "オプションリストを終了するには -- を使います。 例えば、"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "2 つまたはそれ以上の引数が必要です"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s が定義されていません"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr " %s は %s オブジェクトに対して有効ではありません\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "MLS 以外のマシンでは範囲はサポートされません"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "ロールを指定する必要があります"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "プレフィックスを指定する必要があります"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "オプションエラー %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "無効な値 %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "MLS 以外のマシンでは変換はサポートされません"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s を開けません: MLS 以外のマシンでは変換はサポートされません"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "変換に空白 '%s' を含ませることはできません"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "無効なレベル '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s はすでに変換で定義されています"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s は変換で定義されていません"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux ポリシーが管理されていないか、 store にアクセスできないかのいずれかです。"
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "ポリシー store を読み込めません"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage 接続を確立できませんでした"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s のキーを作成できませんでした"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%s のログインマッピングが定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s のログインマッピングはすでに定義されています"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux ユーザー %s は存在していません"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s のログインマッピングを作成できませんでした"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s の名前を設定できませんでした"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%s の MLS範囲を設定できませんでした"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%s の SELinux ユーザーを設定できませんでした"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage トランザクションを起動できませんでした"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s のログインマッピングを追加できませんでした"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser または serange が必要です"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s のログインマッピングは定義されていません"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "%s の seuser をクエリーできませんでした"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s のログインマッピングを修正できませんでした"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s のログインマッピングはポリシーに定義されています、削除できません"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s のログインマッピングを削除できませんでした"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "ログインマッピングの一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr " SELinux ユーザー %s が定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux ユーザー %s はすでに定義されています"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%s の SELinux ユーザーを作成できませんでした"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "ロール %s を %s に追加できませんでした"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "MLS レベルを %s に設定できませんでした"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "無効なプレフィックス %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "プレフィックス %s を %s に追加できませんでした"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s のキーを抽出できませんでした"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux ユーザー %s を追加できませんでした"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "プレフィックス、ロール、レベル、または範囲のいずれかが必要です"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "プレフィックスかロールが必要です"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux ユーザー %s は定義されていません"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s のユーザーをクエリーできませんでした"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux ユーザー %s を修正できませんでした"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux ユーザー %s はポリシーで定義されています、削除できません"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux ユーザー %s を削除できませんでした"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux ユーザーの一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "ユーザー %s のロール一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "プロトコル udp か tcp が必要です"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "ポートが必要です"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s のキーを作成できませんでした"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "タイプが必要です"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "ポート %s/%s が定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "ポート %s/%s はすでに定義されています"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s のポートを作成できませんでした"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s のコンテキストを作成できませんでした"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s のポートコンテキストにユーザーを設定できませんでした"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s のポートコンテキストにロールを設定できませんでした"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s のポートコンテキストにタイプを設定できませんでした"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s のポートコンテキストに mls フィールドを設定できませんでした"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s のポートコンテキストを設定できませんでした"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "ポート %s/%s を追加できませんでした"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype か serange が必要です"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype が必要です"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "ポート %s/%s は定義されています"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "ポート %s/%s をクエリーできませんでした"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "ポート %s/%s を修正できませんでした"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "ポート %s/%s はポリシーで定義されています、 削除できません"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "ポート %s/%s を削除できませんでした"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "ポートの一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux タイプが必要です"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s のキーを作成できませんでした"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "インターフェース %s が定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "インターフェース %s はすでに定義されています"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s のインターフェースを作成できませんでした"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s のコンテキストを作成できませんでした"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s のインターフェースコンテキストにユーザーを設定できませんでした"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s のインターフェースコンテキストにロールを設定できませんでした"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s のインターフェースコンテキストにタイプを設定できませんでした"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s のインターフェースコンテキストに mls フィールドを設定できませんでした"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s のインターフェースコンテキストを設定できませんでした"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s のメッセージコンテキストを設定できませんでした"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "インターフェース %s を追加できませんでした"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "インターフェース %s は定義されていません"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "インターフェース %s をクエリーできませんでした"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "インターフェース %s を修正できませんでした"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "インターフェース %s はポリシーで定義されています、 削除できません"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "インターフェース %s を削除できませんでした"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "インターフェースの一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s のファイルコンテキストが定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s のファイルコンテキストはすでに定義されています"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s のファイルコンテキストを作成できませんでした"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s のファイルコンテキストにユーザーを設定できませんでした"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s のファイルコンテキストにロールを設定できませんでした"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s のファイルコンテキストにタイプを設定できませんでした"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s のファイルコンテキストに mls フィールドを設定できませんでした"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s のファイルコンテキストを設定できませんでした"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s のファイルコンテキストを追加できませんでした"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype、 serange、または seuser のいずれかが必要です"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s のファイルコンテキストは定義されています"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s のファイルコンテキストをクエリーできませんでした"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s のファイルコンテキストを修正できませんでした"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s のファイルコンテキストはポリシーで定義されています、 削除できません"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s のファイルコンテキストを削除できませんでした"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "ファイルコンテキストの一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "ローカルファイルのコンテキスト一覧を表示できませんでした"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "値が必要です"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "boolean %s が定義されているか確認できませんでした"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "boolean %s は定義されていません"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "ファイルコンテキスト %s をクエリーできませんでした"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "boolean %s を修正できませんでした"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "boolean %s はポリシーで定義されています、 削除できません"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "boolean %s を削除できませんでした"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "boolean の一覧を表示できませんでした"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "タイプ施行ファイルを生成中: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "ポリシーをコンパイル中"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** 重要 ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"新たに作成されたポリシーパッケージをカーネルにロードするためには、\n"
+"次を実行する必要があります。\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "オプションエラー: %s "
+
diff --git a/policycoreutils/po/ka.po b/policycoreutils/po/ka.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/ka.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/kn.po b/policycoreutils/po/kn.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/kn.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/ko.po b/policycoreutils/po/ko.po
new file mode 100644
index 0000000..69ceb67
--- /dev/null
+++ b/policycoreutils/po/ko.po
@@ -0,0 +1,1053 @@
+# translation of ko.po to Korean
+# translation of ko.po to
+# translation of ko.po to
+# translation of ko.po to
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# , 2006.
+# Eunju Kim <eukim@redhat.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: ko\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-29 15:30+1000\n"
+"Last-Translator: Eunju Kim <eukim@redhat.com>\n"
+"Language-Team: Korean <ko@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "사용법: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: 정책을 읽어올 수 없습니다: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY 설정을 실패했습니다\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "암호:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "새도우 암호 파일에서 엔트리를 찾을 수 없습니다.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass는 /dev/tty를 열 수 없습니다\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "암호파일에서 유효한 엔트리를 찾을 수 없습니다.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "메모리가 다 찼습니다!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "오류! 쉘이 유효하지 않습니다.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "환경을 삭제할 수 없습니다\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "기능 초기화 오류, 중지합니다.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "기능 설정 오류, 중지합니다.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS 설정 오류, 중지합니다\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "기능 취소 오류, 중지합니다\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid 변경 오류, 중지합니다.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS 재설정 오류, 중지합니다\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID 기능 취소 오류, 중지합니다\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps를 해제하는 도중 오류 발생\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "감사(audit) 시스템에 연결하는데 오류 발생.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "메모리 할당하는데 오류 발생.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "감사(audit) 메세지를 보내는데 오류 발생.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "강제모드를 결정할 수 없습니다.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "오류! %s를 열 수 없습니다.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! %s에 사용되는 대한 최근 문맥을 찾을 수 없습니다, tty 레이블 변경이 되지 "
+"않습니다.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! %s에 사용되는 대한 새로운 문맥을 찾을 수 없습니다. tty 레이블 변경이 되"
+"지 않습니다.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s에 사용되는 새로운 문맥을 설정할 수 없습니다\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s 변경된 레이블.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "경고! %s에 사용되는 문맥을 복구할 수 없습니다\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "오류: 다중 임무가 지정되었습니다\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "오류: 다중 형식이 지정되었습니다\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "죄송합니다, -l 은 SELinux MLS 지원에서 사용될 것입니다.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "오류: 다중 레벨이 지정되었습니다\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "초기 형식을 가질 수 없습니다.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "새로운 문맥을 갖는데 실패했습니다.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "새로운 임무 %s를 설정하는데 실패했습니다\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "새로운 형식 %s를 설정하는데 실패했습니다\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s 레벨의 새로운 범위를 개발하는데 실패했습니다\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "새로운 범위 %s를 설정하는데 실패했습니다\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "새로운 문맥을 문자열로 변환하는데 실패했습니다\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s는 유효한 문맥이 아닙니다\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "새 문맥에 해당하는 메모리를 할당할 수 없습니다"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "비어있는 시그널 모음을 얻을 수 없습니다\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP 처리기를 설정할 수 없습니다\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "죄송합니다, newrole은 오직 SELinux 커널에서만 사용될 것입니다.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "오래된 문맥를 갖는데 실패했습니다.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "오류! tty 정보를 검색할 수 없습니다.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s 인증.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM을 초기화하는데 실패하였습니다\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "새로운 임무: %s에 대한 잘못된 암호\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "새로운 임무: 포크 작업(forking)이 실패했습니다: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty 레이블을 복구할 수 없습니다...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "올바르게 tty를 종료하는 것을 실패했습니다\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "디스크립터를 종료할 수 없습니다.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "쉘의 argv0을리 할당하는데 오류 발생.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "%s에 실행가능한 문맥을 설정할 수 없습니다.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "환경을 복구할 수 없음, 중지합니다\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "쉘을 실행하는데 실패하였습니다\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"사용법: run_init <script> <args ...>\n"
+" 위치: <script> 은 실행 초기 스크립트명,\n"
+" <args ...> 스크립에 대한 인자(arguments) 입니다."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "계정 정보를 갖는데 실패했습니다.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s에 대한 잘못된 암호\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "%s 파일을 열 수 없습니다\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s 파일안에 내용이 없습니다\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "죄송합니다. run_init은 단지 SELinux 커널에서만 사용될 것입니다.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "인증 실패.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "최소 하나의 카테고리가 필요합니다"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%s에 '+'를 사용하여 민감도 수준을 수정할 수 없습니다"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s는 이미 %s 안에 있습니다"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s는 %s 안에 없습니다"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/-를 다른 형식의 카테고리와 결합할 수 없습니다"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "다중 민감도를 가질 수 없습니다"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "사용량 %s 카테고리 파일 ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "사용량 %s -| 카테고리 사용자 ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "사용량 %s [[+|-]카테고리],...]q 파일 ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "사용자 %s -l [[+|-]카테고리],...]q 사용자 ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "사용량 %s -d 파일 ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "사용량 %s -l -d 사용자 ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "사용량 %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "사용량 %s -L -l 사용자"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "옵션 목록을 끝내기 위해 --를 사용. 예)"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "2 혹은 그 이상의 인자가 필요합니다"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s은 정의되지 않았습니다"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s는 %s 객체에 대해 유효하지 않습니다\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "범위는 Non MLS 장치에서 지원되지 않습니다"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "임무를 반드시 지정해야 합니다"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "접두사(prefix)를 반드시 지정해야 합니다"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "옵션 오류 %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "유효하지 않은 값 %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "번역은 MLS가 아닌 장치에서 지원되지 않습니다"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s를 열 수 없습니다: 번역은 MLS가 아닌 장치에서 지원되지 않습니다"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "번역은 공백 '%s'를 포함할 수 없습니다 "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "유효하지 않은 레벨 '%s'"
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s는 번역에서 이미 정의되었습니다"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s는 번역에서 정의되지 않았습니다"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux 정책은 관리되지 않거나 저장할 수 없습니다."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "정책을 읽을 수 없습니다."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage 연결을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s에 사용되는 키를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%s에 대한 로그인 맵핑이 지정되었는지를 확인할 수 없습니다."
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s에 대한 로그인 맵핑이 이미 지정되었습니다"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux 사용자 %s 가 존재하지 않습니다"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s에 대한 로그인 맵핑을 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s에 대한 이름을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%s 에 대한 MLS 범위를 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%s에 대한 SELinu 사용자를 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage 트랜잭션을 시작할 수 없습니다"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s에 대한 로그인 맵핑을 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser 또는 serange 필요"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s에 대한 로그인 맵핑이 지정되지 않았습니다"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "%s에 대한 seuser를 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s에 대한 로그인 맵핑을 수정할 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s에 대한 로그인 맵핑이 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s에 대한 로그인 맵핑을 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "로그인 맵핑 목록을 만들 수 없습니다"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "%s에 대한 SELinux 사용자가 지정되었는지 확인할 수 없습니다"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "%s에 대한 SELinux 사용자가 이미 지정되었습니다"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%s에 대한 SELinux 사용자를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%s에 대한 %s의 역할을 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%s에 대한 MLS 레벨을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "유효하지 않은 접두사 %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%s에 대한 %s의 접두사를 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s에 대한 키를 추출할 수 없습니다"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "%s에 대한 SELinux 사용자를 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "접두사, 역할, 레벨 또는 범위 필요"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "접두사 또는 역할 필요"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "%s에 대한 SELinux 사용자가 지정되지 않았습니다"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s에 대한 사용자를 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "%s에 대한 SELinux 사용자를 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "%s에 대한 SELinux 사용자가 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "%s에 대한 SELinux 사용자를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux 사용자 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "%s 사용자에 대한 역할 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "프로토콜 udp 또는 tcp 필요 "
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "포트 필요"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s 에 대한 키를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "유형 필요"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "%s/%s에 대한 포트가 지정되었는지 확인할 수 없습니다 "
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "%s/%s에 대한 포트가 이미 지정되었습니다"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s 에 대한 포트를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s 에 대한 문맥을 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s 에 대한 포트 문맥의 사용자를 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s 에 대한 포트 문맥의 역할을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s 에 대한 포트 문맥의 유형을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s 에 대한 포트 문맥의 mls 항목을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s 에 대한 포트 문맥을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s 에 대한 포트를 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype 또는 serange 필요"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype 필요"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "%s/%s에 대한 포트가 지정되지 않았습니다"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "%s/%s에 대한 포트를 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "%s/%s에 대한 포트를 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "%s/%s에 대한 포트가 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "%s/%s에 대한 포트를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "포트 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux 유형 필요"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s에 대한 키를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "%s에 대한 인터페이스가 지정되었는지 확인할 수 없습니다"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s에 대한 인터페이스가 이미 지정되었습니다"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s에 대한 인터페이스를 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s에 대한 문맥을 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s 에 대한 인터페이스 문맥의 사용자를 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s 에 대한 인터페이스 문맥의 역할을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s 에 대한 인터페이스 문맥의 유형을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s 에 대한 인터페이스 문맥의 mls 문맥을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s 에 대한 인터페이스 문맥을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s에 대한 메세지 문맥을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s에 대한 인터페이스를 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s에 대한 인터페이스가 지정되지 않았습니다"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "%s에 대한 인터페이스를 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "%s에 대한 인터페이슬 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "%s에 대한 인터페이스가 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "%s에 대한 인터페이스를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "인터페이스 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s에 대한 파일 문맥이 지정되었는지 확인할 수 없습니다"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s에 대한 파일 문맥이 이미 지정되었습니다"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s에 대한 파일 문맥을 생성할 수 없습니다"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s에 대한 파일 문맥의 사용자를 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s에 대한 파일 문맥의 역할을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s에 대한 파일 문맥의 유형을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s에 대한 파일 문맥의 mls 항목을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s에 대한 파일 문맥을 설정할 수 없습니다"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s에 대한 파일 문맥을 추가할 수 없습니다"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange 또는 seuser 필요"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s에 대한 파일 문맥이 저정되지 않았습니다"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s에 대한 파일 문맥을 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s에 대한 파일 문맥을 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s에 대한 파일 문맥이 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s에 대한 파일 문맥을 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "파일 문맥 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "로컬 파일 문맥 목록을 만들수 없습니다"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "값 필요"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "%s에 대한 부울이 지정되었는지 확인할 수 없습니다"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "%s에 대하 부울이 지정되지 않았습니다"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "%s에 대한 파일 문맥을 질의할 수 없습니다"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "%s에 대한 부을을 수정할 수 없습니다"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "%s에 대한 부울이 정책에 지정되어 있어 이를 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "%s에 대한 부울을 삭제할 수 없습니다"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "부울 목록을 만들수 없습니다"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "유형 강조 파일을 생성중 입니다: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "정책을 컴파일하는 중입니다"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** 중요 ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"새로 생성된 정책 팩키지를 커넬\n"
+"로 읽어오기 위해,\n"
+"를 실행해야 합니다\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "옵션 오류: %s "
+
diff --git a/policycoreutils/po/ku.po b/policycoreutils/po/ku.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/ku.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/lo.po b/policycoreutils/po/lo.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/lo.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/lt.po b/policycoreutils/po/lt.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/lt.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/lv.po b/policycoreutils/po/lv.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/lv.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/mk.po b/policycoreutils/po/mk.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/mk.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/ml.po b/policycoreutils/po/ml.po
new file mode 100644
index 0000000..e7ea2f7
--- /dev/null
+++ b/policycoreutils/po/ml.po
@@ -0,0 +1,1041 @@
+# translation of ml.po to Malayalam
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Ani Peter <apeter@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ml\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-28 17:44+0530\n"
+"Last-Translator: Ani Peter <apeter@redhat.com>\n"
+"Language-Team: Malayalam\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "ഉപയോഗിക്കേണ്ട വിധം: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: പോളിസി ലോഡ് ചെയ്യുവാന് സാധിക്കുന്നില്ല: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "പാസ്വേര്ഡ്:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "shadow ഫൈലില് നിങ്ങളുടെ എന്ട്രി ലഭ്യമല്ല.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpassന് /dev/tty തുറക്കുവാന് സാധിക്കുന്നില്ല\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd ഫൈലില് നിങ്ങളുടെ എന്ട്രി ലഭ്യമല്ല.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "മെമ്മറി ലഭ്യമല്ല!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "പിഴവ്! ഷെല്ല അസാധുവാണ്.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "എന്വിറോണ്മെന്റ് വെടിപ്പാക്കുവാന് സാധ്യമല്ല\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "initing ല് പിഴവ്, നിറ്ത്തുന്നു.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "ക്രമീകരണങ്ങളില് പിഴവ്, നിറ്ത്തുന്നു.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS സെറ്റ് ചെയ്യുന്നതില് പിഴവ്,നിറ്ത്തുന്നു\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "droppingല് പിഴവ്, നിറ്ത്തുന്നു\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid മാറ്റുന്നതില് പിഴവ്, നിറ്ത്തുന്നു.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS റീസെറ്റ് ചെയ്യുന്നതില് പിഴവ്,നിറ്ത്തുന്നു\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Error dropping SETUID capability, aborting\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps ഫ്രീ ചെയ്യുന്നതില് പിഴവ്\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "ഓഡിറ്റ് സിസ്റ്റത്തിലേക്ക് കണക്കറ്റ് ചെയ്യുന്നതില് പിഴവ്.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "memory allocate ചെയ്യുന്നതില് പിഴവ് .\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "ഓഡിറ്റ് സന്ദേശം അയക്കുന്നതില് പിഴവ്.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Could not determine enforcing mode.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "പിഴവ്! %s തുറക്കുവാന് സാധിച്ചില്ല.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Could not get current context for %s, not relabeling tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Could not get new context for %s, not relabeling tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Could not set new context for %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s ലേബുലകളില് മാറ്റം വരുത്തി.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "മുന്നറിയിപ്പ്! %s-നുളള കോണ്ടെക്സ്റ്റ് വീണ്ടും സംഭരിക്കുവാന് സാധ്യമല്ല\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "പിഴവ്: ഒന്നില് കൂടുതല് റോളുകള് പറഞ്ഞിരിക്കുന്നു\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "പിഴവ്: ഒന്നില് കൂടുതല് ടൈപ്പുകള് പറഞ്ഞിരിക്കുന്നു\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "ക്ഷമിക്കണം, SELinux kernel സപ്പോറ്ട്ടില് -l ഉപയോഗിക്കുവുന്നതാണ്.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "പിഴവ്: ഒന്നില് കൂടുതല് ലവലുകള് പറഞ്ഞിരിക്കുന്നു\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "ഡീഫോള്ട്ട് ടൈപ്പ് കിട്ടുവാന് സാധിച്ചില്ല.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "new context ലഭിക്കുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "%s എന്ന പുതിയ റോള് സെറ്റ് ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "%s എന്ന പുതിയ ടൈപ്പ് സെറ്റ് ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s ലവലില് പുതിയ റെയ്ന്ച് ഉണ്ടാക്കുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "പുതിയ റോള് %s സെറ്റ് ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "പുതിയ context നെ stringലേക്ക് convert ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s അസാധുവായ context ആണ്\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "പുതിയ കോണ്ടെക്സ്റ്റിന് മെമ്മറി നല്കുവാന് സാധ്യമായില്ല (_c)"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "ശൂന്യമായ സിഗ്നല് സെറ്റ് ലഭ്യമാക്കുവാന് സാധ്യമായില്ല\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP ഹാന്ഡ്ലര് ക്രമികരിക്കുവാന് സാധ്യമായില്ല\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "ക്ഷമിക്കണം, SELinux kernelല് മാത്രം newrole ഉപയോഗിക്കുവുന്നതാണ്.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context ലഭിക്കുന്നതില് പരാജയപ്പെട്ടു.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "പിഴവ്! tty information retrieve ചെയ്യുവാന് സാധിച്ചില്ല.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "ഓഥന്റിക്കേറ്റിംഗ് %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM initialize ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: %sന് തെറ്റായ പാസ്വേഡ് \n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: forking പരാജയപ്പെട്ടു: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty ലേബല് വീണ്ടെടുക്കുവാന് സാധ്യമായില്ല...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty അടയ്ക്കുന്നതില് പരാജയം\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "descriptors അടയ്ക്കുവാന് സാധിച്ചില്ല.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "ഷെല്ലിന്റെ argv0 നല്കുന്നതില് പിഴവ് .\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec context %sലേക്ക് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "എന്വിറോണ്മെന്റ് വീണ്ടെടുക്കുവാന് സാധ്യമായില്ല, നിര്ത്തുന്നു\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "ഷെല്ല് exec ചെയ്യുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> പ്രവറ്ത്തിപ്പിക്കുവാനുളള init scriptന്റെ പേര്,\n"
+" <args ...> സ്ക്രിപ്പ്റ്റിനുളള arguments."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "അക്കൌണ്ട് വിവരം ലഭിക്കുന്നതില് പരാജയപ്പെട്ടു\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %sന് തെറ്റായ പാസ്വേഡ് \n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "ഫൈല് %s തുറക്കുവാന് സാധിച്ചില്ല\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s ഫൈലില് context ഇല്ല\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "ക്ഷമിക്കണം, SELinux kernelല് മാത്രം run_init ഉപയോഗിക്കുവുന്നതാണ്.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "ഓഥന്റിക്കേഷന് പരാജയപ്പെട്ടു.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "ഒരു കാറ്റഗറി എന്കിലും ആവശ്യമുണ്ട്"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%sല് '+' ഉപയോഗിച്ച് sensitivity levels പരിഷ്ക്കരിക്കുവാന് സാധ്യമല്ല"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "നിലവില് %sല് %s ഉണ്ട്"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%sല് %s ഇല്ല"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "മറ്റ് കാറ്റഗറികളോടൊപ്പം +/- കൂട്ടിചേറ്ക്കുവാന് സാധ്യമല്ല"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "ഒന്നില് കൂടുതല് sensitivities ഉണ്ടാകുവാന് പാടില്ല"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s CATEGORY File ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -l CATEGORY user ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -l [[+|-]CATEGORY],...]q user ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -l -d user ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "ഉപയോഗിക്കേണ്ട് വിധം %s -L -l user"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "ഓപ്ഷന് ലിസ്റ്റ് അവസാനിപ്പിക്കുന്നതിന് -- ഉപയോഗിക്കുക. ഉദാഹരണത്തിന്"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "പ്രഫിക്സ് അല്ലെന്കില് റോളുകള് ആവശ്യമുണ്ട്"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%sഎന്ന SELinux യൂസറ് define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s ഒബ്ജക്റ്റുകള്ക്ക് %s അസാധുവാണ് \n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "non-MLS മഷീനുകളില് തറ്ജിമകള് സപ്പോറ്ട്ട് ചെയ്യുന്നില്ല"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "ഒരു റോള് പറഞ്ഞിരിക്കണം"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "ഒരു prefix പറഞ്ഞിരിക്കണം"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "ഉപാധിയില് പിഴവ്: %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "അസാധുവായ ലവല് ആണ് '%s' "
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "non-MLS മഷീനുകളില് തറ്ജിമകള് സപ്പോറ്ട്ട് ചെയ്യുന്നില്ല"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s തുറക്കുവാന് സാധിക്കുന്നില്ല: non-MLS മഷീനുകളില് തറ്ജിമകള് സപ്പോറ്ട്ട് ചെയ്യുന്നി"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "തറ്ജിമകളില് spaces '%s' ഉണ്ടാകുവാന് പാടില്ല"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "അസാധുവായ ലവല് ആണ് '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s already defined in translations"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s not defined in translations"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux policy മാനേജ് ചെയ്തിട്ടില്ല അല്ലെന്കില് സ്റ്റോറില് അക്സസ്സില്ല. "
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "പോളിസി സ്റ്റോറ് വായിക്കുവാന് സാധിക്കുന്നില്ല."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage കണക്ഷന് സ്ഥാപിക്കുവാന് സാധ്യമല്ല"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%sയ്ക്ക് ഒരു കീ ഉണ്ടാക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് define ചെയ്തിട്ടണ്ട്"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "%s എന്ന Linux യൂസറ് നിലവിലില്ല"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് ഉണ്ടാക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%sന് പേര് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%sന് MLS റയ്ന്ച് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%sന് SELinux യൂസറിനെ സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage transaction ആരംഭിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser അല്ലെന്കില് serange ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Could not query seuser for %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് പരിഷ്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധ്യമല്ല"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%sനുളള ലോഗിന് മാപ്പിംങ് പരിഷ്കരിക്കുവാന് നീക്കം ചെയ്യുവാന് സാസാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "ലോഗിന് മാപ്പിംങുകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "%sഎന്ന SELinux യൂസറ് define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "%sഎന്ന SELinux യൂസറ് define ചെയ്തിട്ടുണ്ട്"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%sഎന്ന SELinux യൂസറ് സൃഷ്ടിക്കുവാന് സാധിച്ചില്ല "
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%sന് റോള് %s ചേറ്ക്കുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%sന് MLS ലവല് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "അസാധുവായ പ്രിഫിക്സ് ആണ്%s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%sന് പ്രഫിക്സ് %s ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%sന് കീ extract ചെയ്യുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux യൂസറ് %s ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "പ്രഫിക്സ്, റോളുകള്,ലവലുകള് അല്ലെന്കില് റയിന്ചുകള് ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "പ്രഫിക്സ് അല്ലെന്കില് റോളുകള് ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "%sഎന്ന SELinux യൂസറ് define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Could not query user for %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux യൂസറ് %sനെ പരിഷ്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux യൂസറ് %sനെ പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധ്യമല്ല"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "%sന് SELinux യൂസറിനെ നീക്കം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux യൂസറുകളെ ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "യൂസറ് %sനുളള റോളുകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "udp അല്ലെന്കില് tcp എന്ന പ്രോട്ടോക്കോളുകള് ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "പോറ്ട്ട് ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%sയ്ക്ക് കീ സൃഷ്ടിക്കുവാന് സാധിച്ചില്ല "
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "ടൈപ്പ് ആവശ്യമുണ്ട്ല്ല "
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "%s/%sഎന്ന പോറ്ട്ട് define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "പോറ്ട്ട് %s/%s already defined"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%sഎന്ന പോറ്ട്ട് സൃഷ്ടിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%sന് context സൃഷ്ടിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%sന് പോറ്ട്ട് contextല് യൂസറ് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%sന് പോറ്ട്ട് contextല് റോള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%sന് പോറ്ട്ട് contextല് യൂസറ് ടൈപ്പ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%sന് പോറ്ട്ട് contextല് mls ഫീല്ഡുകള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%sന് പോറ്ട്ട് context സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s എന്ന പോറ്ട്ട് ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype അല്ലന്കില് serange ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "പോറ്ട്ട് %s/%s define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "%s/%s എന്ന പോറ്ട്ട് ചോദ്യം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "പോറ്ട്ട് %s/%s പരിഷ്ക്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "പോറ്ട്ട് %s/%s പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "പോറ്ട്ട് %s/%s നീക്കം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "പോറ്ട്ടുകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux Type ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%sയ്ക്ക് കീ ഉണ്ടാക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് define ചെയ്തിട്ടുണ്ട്"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് ഉണ്ടാക്കവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%sന് context ഉണ്ടാക്കവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് contextല് യൂസറ് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് contextല് റോള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് contextല് ടൈപ്പ് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് contextല് mls ഫീള്ഡുകള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%sന് ഇന്റ്ററ്ഫെയ്സ് context സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%sന് മെസ്സേജ് context സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് ചോദ്യം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് പരിഷ്ക്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "%s എന്ന ഇന്റ്ററ്ഫെയ്സ് നീക്കം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "ഇന്റ്ററ്ഫെയ്സുകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%sനുളള ഫൈല് context define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%sനുളള ഫൈല് context define ചെയ്തിട്ടുണ്ട്"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%sനുളള ഫൈല് context ഉണ്ടാക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%sനുളള ഫൈല് contextല് യൂസറ് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%sനുളള ഫൈല് contextല് റോള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%sനുളള ഫൈല് contextല് ടൈപ്പ് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%sനുളള ഫൈല് contextല് mls ഫീള്ഡുകള് സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%sന് ഫൈല് context സെറ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%sനുളള ഫൈല് context ചേറ്ക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange അല്ലന്കില് seuser ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%sനുളള ഫൈല് context define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%sനുളള ഫൈല് context ചോദ്യം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%sനുളള ഫൈല് context പരിഷ്ക്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%sനുളള ഫൈല് context പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%sനുളള ഫൈല് context നീക്കം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "ഫൈല് contextകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "ലോക്കല് ഫൈല് contextകള് ലിസ്റ്റ് ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "മൂല്ല്യം ആവശ്യമുണ്ട്"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "ബൂള്യന് ആകുന്ന %s define ചെയ്തിട്ടുണ്ടോ എന്ന് പരിശോധിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "ബൂള്യന് %s define ചെയ്തിട്ടില്ല"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "context ചോദ്യം ചെയ്യുവാന് സാധിക്കാഞ്ഞ ഫൈല് ആണ് %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "ബൂ്ബള്യന് %s പരിഷ്കരിക്കുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "%s ബൂള്യന് പോളിസിയില് define ചെയ്തിട്ടുണ്ട്, നീക്കം ചെയ്യുവാന് സാധിക്കില്ല"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "ബൂള്യന് %s നീക്കം ചെയ്യുവാന് സാധിച്ചില്ല"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "ബൂള്യനുകള് ലിസ്റ്റ് ചെയ്യുവാന് അസാധ്യം"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Generating type enforcment file: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "പോളിസി compile ചെയ്യുന്നു"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"പുതുതായി സൃഷ്ടിക്കപ്പെട്ട പോളിസി പാക്കേജ് കേറ്ണലിലേക്ക് ലോഡ് ചെയ്യുന്നതിനായി,\n"
+"നിങ്ങള് semodule -i %s.pp\n"
+"\n"
+"പ്രവറ്ത്തിപ്പിക്കുക \n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "ഉപാധിയില് പിഴവ്: %s "
+
diff --git a/policycoreutils/po/mr.po b/policycoreutils/po/mr.po
new file mode 100644
index 0000000..3186034
--- /dev/null
+++ b/policycoreutils/po/mr.po
@@ -0,0 +1,1041 @@
+# translation of mr.po to Marathi
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Rahul Bhalerao <rbhalera@redhat.com>, 2006.
+# Rahul Bhalerao <b.rahul.pm@gmail.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: mr\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-14 05:09+0530\n"
+"Last-Translator: Rahul Bhalerao <b.rahul.pm@gmail.com>\n"
+"Language-Team: Marathi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "वापर: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: धोरण भारित करू शकत नाही: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY निर्धारित करण्यात असफल\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "गुप्तशब्द:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "तुमची नोंद छाया passwd फाइलमध्ये सापडू शकली नाही.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass /dev/tty उघडू शकत नाही\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "passwd फाइलमध्ये वैध प्रविष्ट सापडू शकले नाही.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "स्मृतीबाहेर!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "चूक! शेल वैध नाही.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "पर्यावरण साफ करण्यास असमर्थ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "क्षमता आरंभण्यात चूक, सोडत आहे.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "क्षमता निर्धारित करण्यात चूक, सोडत आहे\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS निर्धारित करण्यात चूक, सोडत आहे\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "क्षमता सोडण्यात चूक, सोडत आहे\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid बदलण्यात चूक, सोडत आहे.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS पुनःनिर्धारित करण्यात चूक, सोडत आहे\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID क्षमता सोडण्यात चूक, सोडत आहे\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps मुक्त करण्यात चूक\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "ऑडिट प्रणालीस जोडण्यात चूक\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "स्मृती वाटपात चूक.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "ऑडिट संदेश पाठवण्यात चूक.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "बलप्रविष्ट रीत ठरवता आली नाही.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "चूक! %s उघडू शकलो नाही.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %s साठी चालू संदर्भ मिळवता आला नाही, tty ला पुनःलेबलिंग करत नाही.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %s साठी नविन संदर्भ मिळवता आला नाही, tty ला पुनःलेबलिंग करत नाही.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s साठी नविन संदर्भ निर्धारित करता आला नाही\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s बदललेली लेबले.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "सुचना! %s साठी संदर्भ पुनःरक्षित करता आला नाही\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "चूक: बहू भूमिका दर्शवल्या\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "चूक: बहू प्रकार दर्शवले\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "क्षमा, -l SELinux MLS आधारासह वापरता येऊ शकतो.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "चूक: बहू स्तर दर्शवले\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "मुलभूत प्रकार मिळवता आला नाही.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "नविन संदर्भ मिळवण्यास अपयशी.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "निवन भुमिका %s निर्धारित करण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "निवन प्रकार %s निर्धारित करण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "निवन परिसीमा %s स्तरासह बनवण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "नविन परिसीमा %s निर्धारित करण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "नविन संदर्भास स्ट्रींगमध्ये रुपांतरित करण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s वैध संदर्भ नाही\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "new_context साठी स्मृती वाटप करण्यास असमर्थ"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "रिकामा इशारा संच मिळवण्यास असमर्थ\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP हाताळक निर्धारित करण्यास असमर्थ\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "क्षमा, newrole फक्त SELinux कर्नलवरच वापरता येऊ शकतो.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "old_context मिळवण्यात अपयशी.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "चूक! tty माहिती मिळवता आली नाही.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "%s ला अधिप्रमाणित करत आहे.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM आरंभण्यात अपयशी\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: %s साठी अयोग्य गुप्तशब्द\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: अपयश फोर्कींग: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty लेबल पुनःरक्षित करण्यास असमर्थ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty व्यवस्थित बंद करण्यात अपयश\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "वर्णक बंद करता आले नाहीत.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "शेलचा argv0 वाटण्यात चूक.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec संदर्भ %s वर निर्धारित करता आला नाही.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "पर्यावरण पुनःरक्षित करण्यास असमर्थ, सोडत आहे\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "शेल exec करण्यात अपयश\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"वापर: run_init <script> <args ...>\n"
+" जेथे: <script> हे चालवायच्या init स्क्रीप्टचे नाव आहे,\n"
+" <args ...> हे त्या स्क्रीप्टचे आर्ग्यूमेंट्स आहेत."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "खाते माहिती मिळवण्यात अपयशी\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s साठी अयोग्य गुप्तशब्द\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "फाइल %s उघडता आली नाही\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s फाइलमध्ये संदर्भ नाही\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "क्षमा, run_init फक्त SELinux कर्नलवर वापरले जाऊ शकते.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "अधिप्रमाणन अपयशी.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "निदान एक प्रवर्ग आवश्यक"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "'+' वापरून %s वरील संवेदनशीलता बदलता येत नाही"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s आधीच %s मध्ये आहे"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s %s मध्ये नाही"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/- यांना इतर प्रकारच्या प्रवर्गांशी जोडू शकत नाही"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "बहू संवेदनशीलता असू शकत नाहीत"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "वापर %s CATEGORY File ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "वापर %s -l CATEGORY user ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "वापर %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "वापर %s -l [[+|-]CATEGORY],...]q user ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "वापर %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "वापर %s -l -d user ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "वापर %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "वापर %s -L -l user"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "पर्याय यादी संपवण्यासाठी -- वापरा. उदाहरणार्थ"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "२ किंवा अधिक आग्यूमेंट्सची गरज"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s व्याख्यीत नाही"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s वैध नाही %s ऑब्जेक्ट्ससाठी\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "परिसीमा Non MLS मशीनींवर समर्थित नाही"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "तुम्ही एक भुमिका दर्शवलीच पाहिजे"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "तुम्ही एक पूर्वपद दर्शवलेच पाहिजे"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "पर्याय चूक %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "अवैध मूल्य %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "अनुवाद non-MLS मशीनींवर समर्थित नाहीत"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s उघडण्यास असमर्थ: अनुवाद non-MLS मशीनींवर समर्थित नाहीत"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "अनुवादांत मोकळ्या जागा '%s' असू शकत नाहीत "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "अवैध स्तर '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s अनुवादांत आधिच व्याख्यीत"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s अनुवादांत व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux धोरण व्यवस्थापित नाही किंवा भंडार मिळू शकत नाही."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "धोरण भंडार वाचू शकत नाही."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage जोडणी प्रस्तापित करू शकत नाही"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s साठी कळ निर्माण करू शकत नाही"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%s साठी लॉगीन मॅपिंग व्याख्यीत केली आहे का हे तपासू शकलो नाही"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s साठी लॉगीन मॅपिंग आधिच व्याख्यीत केलेली आहे"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux उपयोक्ता %s अस्तित्वात नाही"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s साठी लॉगीन मॅपिंग निर्माण करू शकलो नाही"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s साठी नाव ठेवता आले नाही"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "MLS परिसीमा %s साठी निर्धारित करता आली नाही"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "SELinux उपयोक्ता %s साठी निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage व्यवहार सुरू करता आला नाही"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s साठी लॉगीन मॅपिंग जमा करता आले नाही"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser किंवा serange आवश्यक"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s साठी लॉगीन मॅपिंग व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "seuser ला %s साठी प्रश्न करू शकलो नाही"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s साठी लॉगीन मॅपिंग बदलू शकलो नाही"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s साठी लॉगीन मॅपिंग धोरणात व्याख्यीत आहे, ती नष्ट करता येत नाही "
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s साठी लॉगीन मॅपिंग नष्ट करू शकलो नाही"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "लॉगीन मॅपिंग्सची यादी करू शकलो नाही"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "SELinux उपयोक्ता %s व्याखीत असल्याचे तपासू शकलो नाही"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux उपयोक्ता %s आधिच व्याख्यीत आहे"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "SELinux उपयोक्ता %s साठी निर्माण करता आला नाही"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "भुमिका %s जमा करता आली नाही %s करता"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%s साठी MLS स्तर निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "अवैध पूर्वपद %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "पूर्वपद %s जमा करता आले नाही %s करीता"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s साठी कळ खेचता आली नाही"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux उपयोक्ता %s जोडता आला नाही"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "पूर्वपद, भुमिका, स्तर किंवा परिसीमा आवश्यक"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "पूर्वपद किंवा भुमिका आवश्यक"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux उपयोक्ता %s व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s साठी उपयोक्त्यास प्रश्न करू शकत नाही"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux उपयोक्ता %s मध्ये बदल करता आले नाही"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux उपयोक्ता %s धोरणामध्ये व्याख्यीत आहे, नष्ट करता येणार नाही"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux उपयोक्ता %s नष्ट करता आला नाही"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux उपयोक्त्यांची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "उपयोक्ता %s साठी भुमिकांची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "प्रोटोकॉल udp किंवा tcp आवश्यक आहे"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "पोर्ट आवश्यक आहे"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s साठी कळ निर्माण करता आली नाही"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "प्रकार आवश्यक आहे"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "%s/%s पोर्ट व्याख्यीत आहे काय हे तपासता आले नाही"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "पोर्ट %s/%s आधिच व्याख्यीत"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s साठी पोर्ट निर्माण करता आले नाही"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s साठी संदर्भ निर्माण करता आला नाही"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s च्या पोर्ट संदर्भात उपयोक्त्यास निर्धारित करता आले नाही"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s साठी पोर्ट संदर्भात भुमिका निर्धारित करता आली नाही"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s साठी पोर्ट संदर्भात प्रकार निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s साठी पोर्ट संदर्भात mls क्षेत्रे निर्धारित करता आली नाहीत"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s साठी पोर्ट संदर्भ निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s पोर्ट जोडू शकत नाही"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype किंवा serange आवश्यक"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype आवश्यक"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "पोर्ट %s/%s व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "पोर्ट %s/%s ला प्रश्न करता आले नाही"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "पोर्ट %s/%s मध्ये बदल करता आले नाहीत"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "पोर्ट %s/%s धोरणात व्याख्यीत आहे, नष्ट करता येणार नाही"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "पोर्ट %s/%s नष्ट करता आले नाही"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "पोर्टांची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux प्रकार आवश्यक आहे"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s साठी कळ बनवू शकलो नाही"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "इंटरफेस %s व्याख्यीत आहे काय हे तपासता आले नाही"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "इंटरफेस %s आधिच व्याख्यीत"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s साठी इंटरफेस निर्माण करता आला नाही"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s साठी संदर्भ निर्माण करता आला नाही"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s च्या इंटरफेस संदर्भात उपयोक्ता निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s च्या इंटरफेस संदर्भामध्ये भुमिका निर्धारित करता आली नाही"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s च्या इंटरफेस संदर्भात प्रकार निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s च्या इंटरफेस संदर्भात mls क्षेत्रे निर्धारित करता आली नाहीत"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s साठी इंटरफेस संदर्भ निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s साठी संदेश संदर्भ निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "इंटरफेस %s जमा करता आला नाही"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "इंटरफेस %s व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "इंटरफेस %s ला प्रश्न करता आले नाही"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "इंटरफेस %s मध्ये बदल करता आले नाही"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "इंटरफेस %s धोरणात व्याख्यीत आहे, नष्ट करता येणार नाही"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "इंटरफेस %s नष्ट करता आला नाही"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "इंटरफेसची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s साठी संदर्भ फाइल व्याख्यीत आहे काय हे तपासता आले नाही"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s साठी फाइल संदर्भ आधिच व्याख्यीत"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s साठी फाइल संदर्भ निर्माण करता आला नाही"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s साठी फाइल संदर्भात उपयोक्ता निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s साठी फाइल संदर्भात भुमिका निर्धारित करता आली नाही"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s च्या फाइल संदर्भात प्रकार निर्धआरित करता आला नाही"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s साठी फाइल संदर्भात mls क्षेत्रे निर्धारित करता आले नाहीत"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s साठी फाइल संदर्भ निर्धारित करता आला नाही"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s साठी फाइल संदर्भ जोडता आला नाही"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange किंवा seuser आवश्यक"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s साठी फाइल संदर्भ व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s साठी फाइल संदर्भास प्रश्न करता आले नाही"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s साठी फाइल संदर्भात बदल करता आले नाही"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s साठी फाइल संदर्भ धोरणात व्याख्यीत, नष्ट करता येणार नाही"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s साठी फाइल संदर्भ नष्ट करता आला नाही"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "फाइल संदर्भांची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "स्थानिक फाइल संदर्भांची यादी करता आली नाही"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "मूल्य आवश्यक"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "boolean %s व्याख्यीत आहे काय हे तपासता आले नाही"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "boolean %s व्याख्यीत नाही"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "फाइल संदर्भ %s ला प्रश्न करता आले नाही"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "boolean %s मध्ये बदल करता आले नाही"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "boolean %s धोरणात व्याख्यीत आहे, नष्ट करता येणार नाही"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "boolean %s नष्ट करता आले नाही"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "booleans ची यादी करता आली नाही"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "प्रकार बलप्रविष्ट फाइल उत्पन्न करत आहे: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "धोरम कंपाइल करत आहे"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** महत्वाचे ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"हे नव्याने बनवलेले धोरण संकुल कर्नलमध्ये भारित करण्यासाठी,\n"
+"तुम्हास हे चालवावे लागेल \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "पर्याय चूक: %s"
+
diff --git a/policycoreutils/po/ms.po b/policycoreutils/po/ms.po
new file mode 100644
index 0000000..23d00e6
--- /dev/null
+++ b/policycoreutils/po/ms.po
@@ -0,0 +1,1132 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2007-01-22 01:13+0800\n"
+"Last-Translator: Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, fuzzy, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "penggunaan: %s [pilihan]"
+
+#: ../load_policy/load_policy.c:66
+#, fuzzy, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "Tentutetap Polisi SELinux"
+
+#: ../newrole/newrole.c:188
+#, fuzzy, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM: gagal untuk melepaskan pengesah."
+
+#: ../newrole/newrole.c:218
+#: ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Katalaluan:"
+
+#: ../newrole/newrole.c:243
+#: ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250
+#: ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, fuzzy, c-format
+msgid "Out of memory!\n"
+msgstr "Memori tidak cukup."
+
+#: ../newrole/newrole.c:332
+#, fuzzy, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Ralat - nama kumpulan volum %s adalah tidak sah."
+
+#: ../newrole/newrole.c:389
+#, fuzzy, c-format
+msgid "Unable to clear environment\n"
+msgstr "RALAT: Tidak boleh menginitialisasikan persekitaran grafikal."
+
+#: ../newrole/newrole.c:436
+#: ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444
+#: ../newrole/newrole.c:519
+#, fuzzy, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "ralat menetapkan sifat terminal"
+
+#: ../newrole/newrole.c:450
+#, fuzzy, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "ralat menetapkan sifat terminal"
+
+#: ../newrole/newrole.c:458
+#: ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470
+#: ../newrole/newrole.c:525
+#: ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482
+#: ../newrole/newrole.c:536
+#, fuzzy, c-format
+msgid "Error freeing caps\n"
+msgstr "Amaran: Cap dikunci"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, fuzzy, c-format
+msgid "Error allocating memory.\n"
+msgstr "Ralat membaca maklumat memori sistem:"
+
+#: ../newrole/newrole.c:593
+#, fuzzy, c-format
+msgid "Error sending audit message.\n"
+msgstr "Terdapat ralat RPM. Mesejnya ialah:\n"
+
+#: ../newrole/newrole.c:634
+#: ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, fuzzy, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Tidak Dapat Membuka Pakej"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, fuzzy, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../newrole/newrole.c:710
+#, fuzzy, c-format
+msgid "%s changed labels.\n"
+msgstr "Label Berulang"
+
+#: ../newrole/newrole.c:716
+#, fuzzy, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Tidak dapat menyoal konteks fail untuk %s"
+
+#: ../newrole/newrole.c:772
+#, fuzzy, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "banyak opsyen -l or -t dinyatakan"
+
+#: ../newrole/newrole.c:780
+#, fuzzy, c-format
+msgid "Error: multiple types specified\n"
+msgstr "banyak opsyen -l or -t dinyatakan"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, fuzzy, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "banyak opsyen -l or -t dinyatakan"
+
+#: ../newrole/newrole.c:814
+#, fuzzy, c-format
+msgid "Couldn't get default type.\n"
+msgstr "tidak dapat menetapkan konteks keselamatan bagi `%s': %s"
+
+#: ../newrole/newrole.c:824
+#, fuzzy, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+"Gagal menghantar konteks alchemist: \n"
+"%s"
+
+#: ../newrole/newrole.c:831
+#, fuzzy, c-format
+msgid "failed to set new role %s\n"
+msgstr "Gagal menyimpan direktori baru dalam %s"
+
+#: ../newrole/newrole.c:838
+#, fuzzy, c-format
+msgid "failed to set new type %s\n"
+msgstr "Gagal menyimpan direktori baru dalam %s"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, fuzzy, c-format
+msgid "failed to set new range %s\n"
+msgstr "Gagal menyimpan direktori baru dalam %s"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, fuzzy, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s adalah nama hos yang tidak sah"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, fuzzy, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "%s: tidak dapat menetapkan lengahan kegagalan: %s\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, fuzzy, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+"Gagal menghantar konteks alchemist: \n"
+"%s"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020
+#: ../run_init/run_init.c:126
+#, fuzzy, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM: gagal untuk melepaskan pengesah."
+
+#: ../newrole/newrole.c:1029
+#, fuzzy, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "Sila tetapkan katalaluan bagi %s."
+
+#: ../newrole/newrole.c:1056
+#, fuzzy, c-format
+msgid "newrole: failure forking: %s"
+msgstr "Kegagalan rangkaian hos %1"
+
+#: ../newrole/newrole.c:1059
+#: ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061
+#: ../newrole/newrole.c:1088
+#, fuzzy, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Gagal menyimpan direktori baru dalam %s"
+
+#: ../newrole/newrole.c:1117
+#, fuzzy, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Tidak dapat memperuntukkan partisyen"
+
+#: ../newrole/newrole.c:1140
+#, fuzzy, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Ralat membaca maklumat memori sistem:"
+
+#: ../newrole/newrole.c:1147
+#: ../run_init/run_init.c:405
+#, fuzzy, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Tidak dapat menetapkan konteks exec ke %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, fuzzy, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "tidak dapat mengambil pakej asal, batal"
+
+#: ../newrole/newrole.c:1184
+#, fuzzy
+msgid "failed to exec shell\n"
+msgstr "Gagal untuk melekapkan partisyen."
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, fuzzy, c-format
+msgid "failed to get account information\n"
+msgstr "Gagal menukar maklumat usia untuk %s: %s\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, fuzzy, c-format
+msgid "Could not open file %s\n"
+msgstr "tidak dapat membuka fail tetapan `%s': %s"
+
+#: ../run_init/run_init.c:336
+#, fuzzy, c-format
+msgid "No context in file %s\n"
+msgstr "akhir fail tidak dijangka dalam %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, fuzzy, c-format
+msgid "authentication failed.\n"
+msgstr "Pengesahan gagal"
+
+#: ../scripts/chcat:75
+#: ../scripts/chcat:145
+#, fuzzy
+msgid "Requires at least one category"
+msgstr "Peranti RAID jenis %s memerlukan sekurang-kurangnya %s ahli."
+
+#: ../scripts/chcat:89
+#: ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, fuzzy, c-format
+msgid "%s is already in %s"
+msgstr "gid %s telah digunakan."
+
+#: ../scripts/chcat:164
+#: ../scripts/chcat:174
+#, fuzzy, c-format
+msgid "%s is not in %s"
+msgstr "%s tidak dilaksanakan.\n"
+
+#: ../scripts/chcat:237
+#: ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+#, fuzzy
+msgid "Can not have multiple sensitivities"
+msgstr "Profil \"%s\" tidak dapat dipadam!"
+
+#: ../scripts/chcat:293
+#, fuzzy, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Penggunaan: %s [PILIHAN]... FAIL\n"
+
+#: ../scripts/chcat:294
+#, fuzzy, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Nama Pengguna Teruk"
+
+#: ../scripts/chcat:295
+#, fuzzy, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Penggunaan: %s [PILIHAN]... FAIL\n"
+
+#: ../scripts/chcat:296
+#, fuzzy, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Nama Pengguna Teruk"
+
+#: ../scripts/chcat:297
+#, fuzzy, c-format
+msgid "Usage %s -d File ..."
+msgstr "Penggunaan: %s [PILIHAN]... FAIL\n"
+
+#: ../scripts/chcat:298
+#, fuzzy, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Edit Pengguna"
+
+#: ../scripts/chcat:299
+#, fuzzy, c-format
+msgid "Usage %s -L"
+msgstr "Penggunaan: %s"
+
+#: ../scripts/chcat:300
+#, fuzzy, c-format
+msgid "Usage %s -L -l user"
+msgstr "Edit Pengguna"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+#, fuzzy
+msgid "Requires 2 or more arguments"
+msgstr "64 MB atau lebih"
+
+#: ../semanage/semanage:132
+#, fuzzy, c-format
+msgid "%s not defined"
+msgstr "tidak ditakrif"
+
+#: ../semanage/semanage:156
+#, fuzzy, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "$0: konfigurasi bagi ${1} tidak dijumpai."
+
+#: ../semanage/semanage:183
+#: ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+#, fuzzy
+msgid "You must specify a role"
+msgstr "Anda mesti nyatakan peranti."
+
+#: ../semanage/semanage:251
+#, fuzzy
+msgid "You must specify a prefix"
+msgstr "Anda mesti nyatakan peranti."
+
+#: ../semanage/semanage:300
+#, fuzzy, c-format
+msgid "Options Error %s "
+msgstr "Ralat Pilihan: %s"
+
+#: ../semanage/semanage:304
+#, fuzzy, c-format
+msgid "Invalid value %s"
+msgstr "Nilai tidak sah"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179
+#: ../semanage/seobject.py:193
+#, fuzzy, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Nama Perkongsian tidak boleh mengandungi ruang"
+
+#: ../semanage/seobject.py:182
+#, fuzzy, python-format
+msgid "Invalid Level '%s' "
+msgstr "_Aras RAID:"
+
+#: ../semanage/seobject.py:185
+#, fuzzy, python-format
+msgid "%s already defined in translations"
+msgstr "Simpan masih dalam process"
+
+#: ../semanage/seobject.py:197
+#, fuzzy, python-format
+msgid "%s not defined in translations"
+msgstr "%s: %s: bukan dalam format a.out\n"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+#, fuzzy
+msgid "Cannot read policy store."
+msgstr "gagal baca fail menu:%s"
+
+#: ../semanage/seobject.py:228
+#, fuzzy
+msgid "Could not establish semanage connection"
+msgstr "Tidak dapat menetapkan konteks default untuk %s untuk program %s.\n"
+
+#: ../semanage/seobject.py:247
+#: ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352
+#: ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504
+#: ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093
+#: ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207
+#: ../semanage/seobject.py:1241
+#, fuzzy, python-format
+msgid "Could not create a key for %s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:251
+#: ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356
+#: ../semanage/seobject.py:362
+#, fuzzy, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Tidak dapat memeriksa jika konteks fail untuk %s telah dinyatakan"
+
+#: ../semanage/seobject.py:253
+#, fuzzy, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Tiada 'Mountpoints' dikenalpasti"
+
+#: ../semanage/seobject.py:257
+#, fuzzy, python-format
+msgid "Linux User %s does not exist"
+msgstr "Partisyen Diminta Tidak Wujud"
+
+#: ../semanage/seobject.py:261
+#, fuzzy, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:265
+#: ../semanage/seobject.py:447
+#, fuzzy, python-format
+msgid "Could not set name for %s"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../semanage/seobject.py:270
+#: ../semanage/seobject.py:457
+#, fuzzy, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../semanage/seobject.py:274
+#, fuzzy, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Tidak dapat menetapkan pengguna dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:278
+#: ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368
+#: ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539
+#: ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705
+#: ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776
+#: ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944
+#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073
+#: ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148
+#: ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+#, fuzzy
+msgid "Could not start semanage transaction"
+msgstr "Tidak dapat menetapkan konteks default untuk %s untuk program %s.\n"
+
+#: ../semanage/seobject.py:282
+#: ../semanage/seobject.py:286
+#, fuzzy, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Tidak dapat menambah konteks fail untuk %s"
+
+#: ../semanage/seobject.py:301
+#, fuzzy
+msgid "Requires seuser or serange"
+msgstr "Memerlukan setype, serange atau seuser"
+
+#: ../semanage/seobject.py:311
+#: ../semanage/seobject.py:358
+#, fuzzy, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Konteks fail %s tidak dinyatakan"
+
+#: ../semanage/seobject.py:315
+#, fuzzy, python-format
+msgid "Could not query seuser for %s"
+msgstr "Tidak dapat menyoal konteks fail untuk %s"
+
+#: ../semanage/seobject.py:334
+#: ../semanage/seobject.py:338
+#, fuzzy, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Tidak dapat mengubahsuai konteks fail untuk %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373
+#: ../semanage/seobject.py:377
+#, fuzzy, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Tidak dapat memadam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:391
+#, fuzzy
+msgid "Could not list login mappings"
+msgstr "Tidak dapat menyenaraikan konteks fail"
+
+#: ../semanage/seobject.py:437
+#: ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566
+#: ../semanage/seobject.py:572
+#, fuzzy, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Tidak dapat memeriksa jika konteks fail untuk %s telah dinyatakan"
+
+#: ../semanage/seobject.py:439
+#, fuzzy, python-format
+msgid "SELinux user %s is already defined"
+msgstr "$file bukan milik \"$user\""
+
+#: ../semanage/seobject.py:443
+#, fuzzy, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:452
+#, fuzzy, python-format
+msgid "Could not add role %s for %s"
+msgstr "Tidak dapat menambah konteks fail untuk %s"
+
+#: ../semanage/seobject.py:461
+#, fuzzy, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../semanage/seobject.py:463
+#: ../semanage/seobject.py:530
+#, fuzzy, python-format
+msgid "Invalid prefix %s"
+msgstr "prefix tidak dikenali: %s"
+
+#: ../semanage/seobject.py:466
+#, fuzzy, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Tidak dapat menambah konteks fail untuk %s"
+
+#: ../semanage/seobject.py:469
+#, fuzzy, python-format
+msgid "Could not extract key for %s"
+msgstr "Tidak dapat membuka %s untuk salinan: %s"
+
+#: ../semanage/seobject.py:477
+#: ../semanage/seobject.py:481
+#, fuzzy, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Pengguna %s tidak dapat dipadam: %s.\n"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+#, fuzzy
+msgid "Requires prefix or roles"
+msgstr "Memerlukan setype, serange atau seuser"
+
+#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:568
+#, fuzzy, python-format
+msgid "SELinux user %s is not defined"
+msgstr "Jenis terminal `%s' tidak ditakrifkan."
+
+#: ../semanage/seobject.py:514
+#, fuzzy, python-format
+msgid "Could not query user for %s"
+msgstr "Tidak dapat menyoal konteks fail untuk %s"
+
+#: ../semanage/seobject.py:543
+#: ../semanage/seobject.py:547
+#, fuzzy, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Pengguna %s tidak dapat dipadam: %s.\n"
+
+#: ../semanage/seobject.py:574
+#, fuzzy, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "$file bukan milik \"$user\""
+
+#: ../semanage/seobject.py:582
+#: ../semanage/seobject.py:586
+#, fuzzy, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Pengguna %s tidak dapat dipadam: %s.\n"
+
+#: ../semanage/seobject.py:598
+#, fuzzy
+msgid "Could not list SELinux users"
+msgstr "Tidak dapat menyenaraikan konteks fail"
+
+#: ../semanage/seobject.py:604
+#, fuzzy, python-format
+msgid "Could not list roles for user %s"
+msgstr "Tidak dapat menetapkan pengguna dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:638
+#, fuzzy
+msgid "Protocol udp or tcp is required"
+msgstr "Nama Perkongsian diperlukan"
+
+#: ../semanage/seobject.py:640
+#, fuzzy
+msgid "Port is required"
+msgstr "Nama Perkongsian diperlukan"
+
+#: ../semanage/seobject.py:651
+#, fuzzy, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:662
+#, fuzzy
+msgid "Type is required"
+msgstr "Nama Perkongsian diperlukan"
+
+#: ../semanage/seobject.py:668
+#: ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:770
+#, fuzzy, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Tidak dapat memeriksa sama ada boolean %s dinyatakan"
+
+#: ../semanage/seobject.py:670
+#, fuzzy, python-format
+msgid "Port %s/%s already defined"
+msgstr "Seksyen %s telah ditakrif"
+
+#: ../semanage/seobject.py:674
+#, fuzzy, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:680
+#, fuzzy, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:684
+#, fuzzy, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Tidak dapat menetapkan pengguna dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:688
+#, fuzzy, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Tidak dapat menetapkan tugas dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:692
+#, fuzzy, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Tidak dapat menetapkan jenis dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:697
+#, fuzzy, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Tidak dapat menetapkan medan mls dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:701
+#, fuzzy, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../semanage/seobject.py:709
+#: ../semanage/seobject.py:713
+#, fuzzy, python-format
+msgid "Could not add port %s/%s"
+msgstr "Tidak dapat menambah antaramuka %s"
+
+#: ../semanage/seobject.py:722
+#: ../semanage/seobject.py:919
+#, fuzzy
+msgid "Requires setype or serange"
+msgstr "Memerlukan setype, serange atau seuser"
+
+#: ../semanage/seobject.py:724
+#, fuzzy
+msgid "Requires setype"
+msgstr "Memerlukan nilai"
+
+#: ../semanage/seobject.py:732
+#: ../semanage/seobject.py:766
+#, fuzzy, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Boolean %s tidak dinyatakan"
+
+#: ../semanage/seobject.py:736
+#, fuzzy, python-format
+msgid "Could not query port %s/%s"
+msgstr "Tidak dapat menyoal antaramuka %s"
+
+#: ../semanage/seobject.py:751
+#: ../semanage/seobject.py:755
+#, fuzzy, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Tidak dapat mengubah boolean %s"
+
+#: ../semanage/seobject.py:772
+#, fuzzy, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Antaramuka %s dinyatakan dalam polisi, tidak boleh dipadam"
+
+#: ../semanage/seobject.py:780
+#: ../semanage/seobject.py:784
+#, fuzzy, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Tidak dapat memadam boolean %s"
+
+#: ../semanage/seobject.py:792
+#: ../semanage/seobject.py:811
+#, fuzzy
+msgid "Could not list ports"
+msgstr "Tidak dapat menyenaraikan boolean"
+
+#: ../semanage/seobject.py:855
+#: ../semanage/seobject.py:1027
+#, fuzzy
+msgid "SELinux Type is required"
+msgstr "Nama Perkongsian diperlukan"
+
+#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960
+#: ../semanage/seobject.py:1031
+#, fuzzy, python-format
+msgid "Could not create key for %s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:863
+#: ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:970
+#, fuzzy, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Tidak dapat memeriksa sama ada boolean %s dinyatakan"
+
+#: ../semanage/seobject.py:865
+#, fuzzy, python-format
+msgid "Interface %s already defined"
+msgstr "Seksyen %s telah ditakrif"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Tidak dapat mencipta antaramuka untuk %s"
+
+#: ../semanage/seobject.py:874
+#: ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Tidak dapat mencipta konteks untuk %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Tidak dapat menetapkan pengguna dalam konteks antaramuka untuk %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Tidak dapat menetapkan tugas dalam konteks antaramuka untuk %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Tidak dapat menetapkan jenis dalam konteks antaramuka untuk %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Tidak dapat menetapkan medan mls dalam konteks antaramuka untuk %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Tidak dapat menetapkan konteks antaramuka untuk %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Tidak dapat menetapkan konteks mesej untuk %s"
+
+#: ../semanage/seobject.py:907
+#: ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Tidak dapat menambah antaramuka %s"
+
+#: ../semanage/seobject.py:929
+#: ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Antaramuka %s tidak dinyatakan"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Tidak dapat menyoal antaramuka %s"
+
+#: ../semanage/seobject.py:948
+#: ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Tidak dapat mengubah antaramuka %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Antaramuka %s dinyatakan dalam polisi, tidak boleh dipadam"
+
+#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Tidak dapat memadam antaramuka %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Tidak dapat menyenaraikan antaramuka"
+
+#: ../semanage/seobject.py:1035
+#: ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136
+#: ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Tidak dapat memeriksa jika konteks fail untuk %s telah dinyatakan"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Konteks fail %s telah dinyatakan"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Tidak dapat mencipta konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Tidak dapat menetapkan pengguna dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Tidak dapat menetapkan tugas dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Tidak dapat menetapkan jenis dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Tidak dapat menetapkan medan mls dalam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Tidak dapat menetapkan konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1077
+#: ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Tidak dapat menambah konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Memerlukan setype, serange atau seuser"
+
+#: ../semanage/seobject.py:1099
+#: ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Konteks fail %s tidak dinyatakan"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Tidak dapat menyoal konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1120
+#: ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Tidak dapat mengubahsuai konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152
+#: ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Tidak dapat memadam konteks fail untuk %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Tidak dapat menyenaraikan konteks fail"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Tidak dapat menyenaraikan konteks fail tempatan"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Memerlukan nilai"
+
+#: ../semanage/seobject.py:1211
+#: ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Tidak dapat memeriksa sama ada boolean %s dinyatakan"
+
+#: ../semanage/seobject.py:1213
+#: ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Boolean %s tidak dinyatakan"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Tidak dapat menyoal fail konteks %s"
+
+#: ../semanage/seobject.py:1229
+#: ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Tidak dapat mengubah boolean %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Boolean %s dinyatakan dalam polisi, tidak boleh dipadam"
+
+#: ../semanage/seobject.py:1261
+#: ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Tidak dapat memadam boolean %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Tidak dapat menyenaraikan boolean"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189
+#: ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Menghimpun polisi"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** PENTING ************************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Ralat Pilihan: %s"
+
diff --git a/policycoreutils/po/my.po b/policycoreutils/po/my.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/my.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/nb.po b/policycoreutils/po/nb.po
new file mode 100644
index 0000000..434c379
--- /dev/null
+++ b/policycoreutils/po/nb.po
@@ -0,0 +1,1027 @@
+# Norwegian bokmål translation of policycoreutils.
+# Copyright (C) 2006 Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# Kjartan Maraas <kmaraas@gnome.org>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-10-05 14:09+0200\n"
+"Last-Translator: Kjartan Maraas <kmaraas@gnome.org>\n"
+"Language-Team: Norwegian bokmal <i18n-nb@lister.ping.uio.no>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "bruk: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/nl.po b/policycoreutils/po/nl.po
new file mode 100644
index 0000000..0d27088
--- /dev/null
+++ b/policycoreutils/po/nl.po
@@ -0,0 +1,1048 @@
+# translation of policycoreutils to Dutch
+# This file is distributed under the same license as the policycoreutils package.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+#
+# Peter van Egdom <p.van.egdom@gmail.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-25 10:08+0100\n"
+"Last-Translator: Peter van Egdom <p.van.egdom@gmail.com>\n"
+"Language-Team: Dutch <vertaling@nl.linux.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "gebruik: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Kan beleid: %s niet laden\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "instellen van PAM_TTY is mislukt\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Wachtwoord:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Kan uw item in het shadow passwd bestand niet vinden.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass kan /dev/tty niet openen\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "kan geen geldig item in het passwd bestand vinden.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Geheugen is vol!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Fout! Shell is niet geldig.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Niet in staat om de omgeving op te schonen\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Fout bij het initialiseren van capabilities, afbreken.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Fout bij het instellen van capabilities, afbreken.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Fout bij het instellen van KEEPCAPS, afbreken\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Fout bij het uitzetten van capabilities, afbreken\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Fout bij het veranderen van uid, afbreken.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Fout bij het opnieuw instellen van KEEPCAPS, afbreken\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Fout bij het uitzetten van SETUID capability, afbreken\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Fout bij het vrijgeven van caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Fout bij het verbinden met het audit systeem.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Fout bij het toewijzen van geheugen.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Fout bij het versturen van audit melding.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Kon enforcing mode niet vaststellen.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Fout! Kon %s niet openen.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Kon huidige context niet verkrijgen voor %s, opnieuw labelen van tty "
+"gaat niet door.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Kon geen nieuwe context verkrijgen voor %s, opnieuw labelen van tty "
+"gaat niet door.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Kon geen nieuwe context instellen voor %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s heeft andere labels.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Waarschuwing! Kon context voor %s niet terugzetten\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Fout: meerdere rollen opgegeven\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Fout: meerdere typen opgegeven\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Sorry, -l mag alleen worden gebruikt met SELinux MLS ondersteuning.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Fout: meerdere levels opgegeven\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Kon standaardtype niet verkrijgen.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "verkrijgen van nieuwe context is mislukt.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "instellen van nieuwe rol %s is mislukt\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "instellen van nieuw type %s is mislukt\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "samenstellen van nieuw bereik met niveau %s is mislukt\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "instellen van nieuw bereik %s is mislukt\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "converteren van nieuwe context naar string is mislukt\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s is geen geldige context\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Niet in staat om geheugen te reserveren voor new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Niet in staat om een lege signaalverzameling te verkrijgen\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Niet in staat om SIGHUP verwerker in te stellen\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Sorry, newrole mag alleen worden gebruikt op een SELinux kernel.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "verkrijgen van old_context is mislukt.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Fout! Kon tty informatie niet verkrijgen.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Authenticeren van %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "initialiseren van PAM is mislukt\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: incorrect wachtwoord voor %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: forking mislukt: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Niet in staat om tty label terug te zetten...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Afsluiten van tty op een juiste manier is mislukt\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Kon indicators niet sluiten.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Fout bij het toewijzen van argv0 van de shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Kon exec context niet instellen naar %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Niet in staat om de omgeving terug te zetten, afbreken\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "uitvoeren van shell is mislukt\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"GEBRUIK: run_init <script> <argumenten ...>\n"
+" waar: <script> de naam is van het init script dat moet worden uitgevoerd,\n"
+" <argumenten ...> de argumenten zijn voor dat script."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "verkrijgen van account-informatie is mislukt\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: incorrect wachtwoord voor %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Kon bestand %s niet openen\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Geen context in bestand %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Sorry, run_init mag alleen worden gebruikt op een SELinux kernel.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "authenticatie mislukt.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Vereist tenminste één categorie"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+"Kan sensitivity niveaus door gebruik te maken van '+' op %s niet wijzigen"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s is al in %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s is niet in %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kan +/- niet combineren met andere typen categorieën"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Kan geen meerdere sensitivities hebben"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Gebruik %s CATEGORIE bestand ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Gebruik %s -l CATEGORIE gebruiker ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Gebruik %s [[+|-]CATEGORIE],...]q bestand ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Gebruik %s -l [[+|-]CATEGORIE],...]q gebruiker ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Gebruik %s -d bestand ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Gebruik %s -l -d gebruiker ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Gebruik %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Gebruik %s -L -l gebruiker"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Gebruik -- om de optielijst te beëindigen. Bijvoorbeeld"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Vereist 2 of meer argumenten"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s niet gedefinieerd"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s niet geldig voor %s objecten\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "bereik niet ondersteund op niet-MLS machines"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "U moet een rol aangeven"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "U moet een prefix aangeven"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Fout in opties %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Ongeldige waarde %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "vertalingen niet ondersteund op niet-MLS machines"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Niet in staat om %s te openen: vertalingen zijn niet ondersteund op niet-MLS "
+"machines"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Vertalingen kunnen geen spaties bevatten '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Ongeldig niveau '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s is al gedefinieerd in vertalingen"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s niet gedefinieerd in vertalingen"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux policy is niet beheerd of store kan niet worden benaderd."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Kan policy store niet lezen."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Kon semanage-connectie niet tot stand brengen"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Kon geen sleutel aanmaken voor %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Kon niet controleren of login mapping voor %s is gedefinieerd"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Login mapping voor %s is al gedefinieerd"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux gebruiker %s bestaat niet"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Kon geen login mapping aanmaken voor %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Kon naam niet instellen voor %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Kon MLS bereik niet instellen voor %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Kon SELinux gebruiker niet instellen voor %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Kon semanage transactie niet starten"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Kon login mapping voor %s niet toevoegen"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Vereist seuser of serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Login mapping voor %s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Kon seuser niet opvragen voor %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Kon login mapping voor %s niet veranderen"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Login mapping voor %s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Kon login mapping voor %s niet verwijderen"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Kon login mappings niet tonen"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Kon niet controleren of SELinux gebruiker %s is gedefinieerd"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux gebruiker %s is al gedefinieerd"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Kon geen SELinux gebruiker aanmaken voor %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Kon rol %s voor %s niet toevoegen"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Kon MLS niveau niet instellen voor %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Ongeldige prefix %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Kon prefix %s voor %s niet toevoegen"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Kon sleutel voor %s niet uitpakken"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Kon SELinux gebruiker %s niet toevoegen"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Vereist prefix, rollen, niveau of bereik"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Vereist prefix of rollen"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux gebruiker %s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Kon gebruiker niet opvragen voor %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Kon SELinux gebruiker %s niet veranderen"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"SELinux gebruiker %s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Kon SELinux gebruiker %s niet verwijderen"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Kon SELinux gebruikers niet tonen"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Kon rollen voor gebruiker %s niet tonen"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protocol udp of tcp is vereist"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Poort is vereist"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Kon geen sleutel aanmaken voor %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Type is vereist"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Kon niet controleren of poort %s/%s is gedefinieerd"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Poort %s/%s is al gedefinieerd"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Kon geen poort aanmaken voor %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Kon geen context aanmaken voor %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Kon gebruiker in poort context niet instellen voor %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Kon rol in poort context niet instellen voor %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Kon type in poort context niet instellen voor %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Kon mls velden in poort context niet instellen voor %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Kon poort context niet instellen voor %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Kon poort %s/%s niet toevoegen"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Vereist setype of serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Vereist setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Poort %s/%s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Kon poort %s/%s niet opvragen"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Kon poort %s/%s niet veranderen"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Poort %s/%s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Kon poort %s/%s niet verwijderen"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Kon poorten niet tonen"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux type is vereist"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Kon geen sleutel aanmaken voor %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Kon niet controleren of interface %s is gedefinieerd"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Interface %s is al gedefinieerd"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Kon geen interface aanmaken voor %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Kon geen context aanmaken voor %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Kon gebruiker in interface context niet instellen voor %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Kon rol in interface context niet instellen voor %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Kon type in interface context niet instellen voor %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Kon mls velden in interface context niet instellen voor %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Kon interface context niet instellen voor %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Kon message context niet instellen voor %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Kon interface %s niet toevoegen"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Interface %s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Kon interface %s niet opvragen"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Kon interface %s niet veranderen"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Interface %s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Kon interface %s niet verwijderen"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Kon interfaces niet tonen"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Kon niet controleren of bestandscontext voor %s is gedefinieerd"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Bestandscontext voor %s is al gedefinieerd"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Kon geen bestandscontext aanmaken voor %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Kon gebruiker in bestandscontext niet instellen voor %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Kon rol in bestandscontext niet instellen voor %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Kon type in bestandscontext niet instellen voor %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Kon mls velden in bestandscontext niet instellen voor %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Kon bestandscontext niet instellen voor %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Kon bestandscontext voor %s niet toevoegen"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Vereist setype, serange of seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Bestandscontext voor %s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Kon bestandscontext voor %s niet opvragen"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Kon bestandscontext voor %s niet veranderen"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Bestandscontext voor %s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Kon bestandscontext voor %s niet verwijderen"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Kon bestandscontexts niet tonen"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Kon lokale bestandscontexts niet tonen"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Vereist waarde"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Kon niet controleren of boolean %s is gedefinieerd"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Boolean %s is niet gedefinieerd"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Kon bestandscontext %s niet opvragen"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Kon boolean %s niet veranderen"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Boolean %s is gedefinieerd in policy, kan niet worden verwijderd"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Kon boolean %s niet verwijderen"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Kon booleans niet tonen"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Genereren van type enforcement bestand: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Samenstellen van policy"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** BELANGRIJK **********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Om dit nieuw aangemaakte policy-pakket in de kernel te laden,\n"
+"dient u het volgende commando uit te voeren \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Fout in opties: %s "
diff --git a/policycoreutils/po/nn.po b/policycoreutils/po/nn.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/nn.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/no.po b/policycoreutils/po/no.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/no.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/nso.po b/policycoreutils/po/nso.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/nso.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/or.po b/policycoreutils/po/or.po
new file mode 100644
index 0000000..9397073
--- /dev/null
+++ b/policycoreutils/po/or.po
@@ -0,0 +1,1041 @@
+# translation of or.po to Oriya
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+#
+# Subhransu Behera <sbehera@redhat.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: or\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 11:49+0530\n"
+"Last-Translator: Subhransu Behera <sbehera@redhat.com>\n"
+"Language-Team: Oriya <oriya-group@lists.sarovar.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: Plural-Forms: nplurals=2; plural=(n!=1);\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "ବ୍ଯବହାର ବିଧି: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: ଏହି ନିତୀ କୁ ଧାରଣ କରି ପାରିବ ନାହିଁ: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTY କୁ ସେଟ କରିବା ରେ ଅସଫଳ\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "ପ୍ରବେଶ ସଙ୍କେତ:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "ଛାୟାଙ୍କିତ ପ୍ରବେଶ ସଙ୍କେତ ଫାଇଲ ରେ ଆପଣଙ୍କ ର ପ୍ରବେଶ କୁ ପାଇ ପାରିବ ନାହିଁ \n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass ନିର୍ଦ୍ଦେଶ ଟି /dev/tty କୁ ଖୋଲି ପାରିବ ନାହିଁ\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "ପ୍ରବେଶ ସଙ୍କେତ ଫାଇଲରେ ବୈଧ ପ୍ରବିଷ୍ଟିକୁ ପାଇ ପାରିବ ନାହିଁ।\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "ସ୍ମୃତି ବହିର୍ଭୁତ!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "ତୃଟି! ଆବରଣ ଟି ବୈଧ ନୁହେଁ \n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "ପରିବେଶକୁ ସଫା କରିବାରେ ଅସମର୍ଥ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "ସାମର୍ଥ୍ଯ ମାନଙ୍କ ର ପ୍ରାରମ୍ଭିକରଣ ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି \n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "ସାମର୍ଥ୍ଯ ମାନଙ୍କୁ ବିନ୍ଯାସ କରିବା ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS କୁ ବିନ୍ଯାସ କରିବା ସମୟରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "ସାମର୍ଥ୍ଯ ମାନଙ୍କୁ ତ୍ଯାଗ କରିବା ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି \n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "ୟୁ.ଆଇ.ଡି. କୁ ପରିବର୍ତ୍ତନ କରିବା ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି \n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS କୁ ପୁନଃ ସ୍ଥାପନ କରିବା ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି \n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID ସାମର୍ଥ୍ଯ କୁ ତ୍ଯାଗ କରିବା ସମୟ ରେ ତୃଟି, ପରିତ୍ଯାଗ କରୁଅଛି \n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "caps କୁ ମୁକ୍ତ କରିବା ସମୟରେ ତୃଟି\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "ହିସାବ ର ଯାଞ୍ଚ ତନ୍ତ୍ର କୁ ସଂଯୋଗ କରିବା ସମୟ ରେ ତୃଟି \n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "ସ୍ମୃତି ବାଣ୍ଟିବା ସମୟ ରେ ତୃଟି \n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "ହିସାବ ର ଯାଞ୍ଚ ସନ୍ଦେଶ ପଠାଇବା ସମୟ ରେ ତୃଟି \n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "ପ୍ରଚଳିତ ଧାରା କୁ ସ୍ଥିର କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "ତୃଟି! %s କୁ ଖୋଲି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %s ପାଇଁ ପ୍ରଚଳିତ ପ୍ରସଙ୍ଗ ଟି ପାଇ ପାରିଲା ନାହିଁ, tty କୁ ପୁନଃସୂଚିତ କରୁ ନାହିଁ \n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %s ପାଇଁ ପ୍ରଚଳିତ ପ୍ରସଙ୍ଗ ଟି ପାଇ ପାରିଲା ନାହିଁ, tty କୁ ପୁନଃସୂଚିତ କରୁ ନାହିଁ \n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %s ପାଇଁ ପ୍ରଚଳିତ ପ୍ରସଙ୍ଗ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s ପରିବର୍ତ୍ତିତ ସୂଚକ ମାନ।\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "ଚେତାବନୀ! %s ପାଇଁ ପ୍ରସଙ୍ଗକୁ ପୁନଃସ୍ଥାପନ କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "ତୃଟି: ଏକାଧିକ ଦାୟିତ୍ବ ମାନଙ୍କୁ ଉଲ୍ଲେଖିତ କରା ଯାଇଛି\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "ତୃଟି: ଏକାଧିକ ପ୍ରକାର ମାନଙ୍କୁ ଉଲ୍ଲେଖିତ କରା ଯାଇଛି\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "କ୍ଷମା କରିବେ, -l ଟି ବୋଧହୁଏ SELinux MLS ସହାୟକ ସହିତ ବ୍ଯବହ୍ରୁତ ହେବ \n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "ତୃଟି: ଏକାଧିକ ସ୍ତର ମାନଙ୍କୁ ଉଲ୍ଲେଖିତ କରା ଯାଇଛି\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ପ୍ରକାର କୁ ପାଇ ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "ନୂତନ ପ୍ରସଙ୍ଗ କୁ ପାଇବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "ନୂତନ ଦାୟିତ୍ବ %s କୁ ସେଟ କରିବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "ନୂତନ ପ୍ରକାର %s କୁ ସେଟ କରିବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s ସ୍ତର ରେ ନୂତନ ପରିସର ନିର୍ମାଣ କରିବାରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "ନୂତନ ପରିସର %s କୁ ସେଟ କରିବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "ନୂତନ ପ୍ରସଙ୍ଗ କୁ ବାକ୍ଯ ଖଣ୍ଡ ରେ ରୂପାନ୍ତରିତ କରିବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s ଟି ଗୋଟିଏ ବୈଧ ପ୍ରସଙ୍ଗ ନୁହେଁ \n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "ନୂତନ ପ୍ରସଙ୍ଗ ପାଇଁ ସ୍ମୃତି ବାଣ୍ଟିବାରେ ଅସମର୍ଥ (_c)"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "ଖାଲି ସଙ୍କେତ ସେଟକୁ ପାଇବାରେ ଅସମର୍ଥ\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP ନିୟନ୍ତ୍ରକକୁ ବିନ୍ଯାସ କରିବାରେ ଅସମର୍ଥ\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "କ୍ଷମା କରିବେ, ନୂତନ ଦାୟିତ୍ବ ବୋଧହୁଏ କେବଳ SELinux କର୍ଣ୍ଣଲ ରେ ବ୍ଯବହ୍ରୁତ ହେବ \n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "ପୂରାତନ_ପ୍ରସଙ୍ଗ କୁ ପାଇବା ରେ ଅସଫଳ \n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "ତୃଟି! tty ସୂଚନା କୁ ପୁନରୁଦ୍ଧାର କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "ବୈଧିକ୍ରୁତ କରୁଅଛି %s \n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM ର ପ୍ରାରମ୍ଭିକରଣ କରିବା ରେ ଅସଫଳ\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "ନୂତନ ଦାୟିତ୍ବ: %s ଭୂଲ ପ୍ରବେଶ ସଙ୍କେତ \n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "ନୂତନ ଦାୟିତ୍ବ: ଶାଖାଯୁକ୍ତ କରିବା ସମୟ ରେ ତୃଟି: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty ସୂଚକକୁ ପୁନଃସ୍ଥାପନ କରିବାରେ ଅସମର୍ଥ...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "tty କୁ ସୁଚାରୁରୂପେ ବନ୍ଦ କରିବାରେ ବିଫଳ\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "ନିରୂପକ ମାନଙ୍କୁ ବନ୍ଦ କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "ଆବରଣର argv0 କୁ ବାଣ୍ଟିବା ସମୟରେ ତୃଟି।\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "exec ପ୍ରସଙ୍ଗ କୁ %s ରେ ସେଟ କରି ପାରିଲା ନାହିଁ \n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "ପରିବେଶକୁ ପୁନଃସ୍ଥାପନ କରିବାରେ ଅସମର୍ଥ, ପରିତ୍ଯାଗ କରୁଅଛି\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "ଆବରଣ କୁ ନିଷ୍ପାଦିତ କରିବା ରେ ଅକ୍ରୁତକାର୍ଯ୍ଯ \n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"ବ୍ଯବହାର ବିଧି: run_init <script> <args ...>\n"
+" ଯେଉଁଠାରେ: <script> ଚଲାଯିବା କୁ ଥିବା ସ୍କ୍ରିପ୍ଟ ର ନାମ,\n"
+" <args ...> ସେହି ସ୍କ୍ରିପ୍ଟ ର ସ୍ବତନ୍ତ୍ରଚର"
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "ହିସାବ ଖାତା ସୂଚନା ପାଇବାରେ ବିଫଳ\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s ପାଇଁ ଭୂଲ ପ୍ରବେଶ ସଙ୍କେତ\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "%s ଫାଇଲ କୁ ଖୋଲି ପାରୁ ନାହିଁ\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s ଫାଇଲ ରେ କୌଣସି ପ୍ରସଙ୍ଗ ନାହିଁ\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "କ୍ଷମା କରିବେ, run_init ନିର୍ଦ୍ଦେଶ ଟି ବୋଧହୁଏ କେବଳ SELinux କର୍ଣ୍ଣଲ ରେ ବ୍ଯବହ୍ରୁତ ହେବ \n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "ବୈଧିକରଣ ଅସଫଳ ହୋଇ ଗଲା \n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "ଅତିକମ ରେ ଗୋଟିଏ ବିଭାଗ ଆବଶ୍ଯକ କରି ଥାଏ"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%s ରେ '+' ବ୍ଯବହାର କରି ସମ୍ବଦେନଶୀଳ ସ୍ତର ମାନଙ୍କୁ ରୂପାନ୍ତରିତ କରି ପାରିବ ନାହିଁ"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s ଟି ପୂର୍ବରୁ %s ରେ ରହିଛି"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s ଟି %s ରେ ନାହିଁ"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/- କୁ ଅନ୍ଯାନ୍ଯ ବିଭାଗ ମାନଙ୍କ ସହିତ ମିଶ୍ରଣ କରି ପାରିବ ନାହିଁ"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "ଏକାଧିକ ସମ୍ବେଦନଶୀଳ ଉପାଦାନ ରହି ପାରିବ ନାହିଁ"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s ବିଭାଗୀୟ ଫାଇଲ ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s -l ବିଭାଗୀୟ ଚାଳକ ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s [[+|-]ବିଭାଗୀୟ],...]q ଫାଇଲ ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s -l [[+|-]ବିଭାଗୀୟ],...]q ଚାଳକ ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s -d ଫାଇଲ ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "ବ୍ଯବହାର ବିଧି %s -l -d ଚାଳକ ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "ବ୍ଯବହାର ବିଧି %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "ବ୍ଯବହାର ବିଧି %s -L -l ଚାଳକ"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "ପସନ୍ଦ ର ତାଲିକା କୁ ସମାପ୍ତ କରିବା ପାଇଁ -- କୁ ବ୍ଯବହାର କରନ୍ତୁ | ଉଦାହରଣ ସ୍ବରୂପ"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "୨ କିମ୍ବା ତତ୍ବାଧିକ ସନ୍ଦେଶ ଆବଶ୍ଯକ"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s କୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇ ନାହିଁ"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s ବସ୍ତୁ ମାନଙ୍କ ପାଇଁ %s ଟି ବୈଧ ନୁହେଁ \n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "non-MLS ଯନ୍ତ୍ର ମାନଙ୍କ ରେ ପରିସର ଟି ସହାୟକ ହେଲା ନାହିଁ"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "ଆପଣ ଗୋଟିଏ ଦାୟିତ୍ବ ଉଲ୍ଲେଖିତ କରିବା ଉଚିତ"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "ଆପଣ ଗୋଟିଏ ଉପସର୍ଗ ଉଲ୍ଲେଖିତ କରିବା ଉଚିତ"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "ପସନ୍ଦ େର ତୃଟି %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "ଅବୈଧ ମୂଲ୍ଯ %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "non-MLS ଯନ୍ତ୍ର ମାନଙ୍କ ରେ ଅନୁବାଦ ଗୁଡିକ ସହାୟକ ହେଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "%s କୁ ଖୋଲିବା ରେ ଅସଫଳ: non-MLS ଯନ୍ତ୍ର ମାନଙ୍କ ରେ ଅନୁବାଦ ଗୁଡିକ ସହାୟକ ହେଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "ଅନୁବାଦ ଗୁଡିକ ଖାଲି ସ୍ଥାନ ଧାରଣ କରି ପାରିବେ ନାହିଁ '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "ଅବୈଧ ସ୍ତର '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s ଟି ପୂର୍ବରୁ ଅନୁବାଦ ମାନଙ୍କ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s ଟି ଅନୁବାଦ ମାନଙ୍କ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux ନୀତି ଟି ପରିଚାଳିତ ହେଉ ନାହିଁ କିମ୍ବା ଭଣ୍ଡାର କୁ ପ୍ରବେଶାନୁମତି ନାହିଁ"
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "ସଞ୍ଚୟ କରିବା ନୀତି କୁ ପଢି ପାରୁ ନାହିଁ"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage ସଂଯୋଗ କୁ ସ୍ଥାପିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%s ପାଇଁ ଗୋଟିଏ ଚାବି ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ ର ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux ଚାଳକ %s ଅବସ୍ଥିତ ନାହିଁ"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%s ପାଇଁ ନାମ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "%s ପାଇଁ ଏମ୍.ଏଲ.ଏସ୍. ପରିସର କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "%s ପାଇଁ SELinux ଚାଳକ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage ବିନିମୟ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser କିମ୍ବା serange ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ ର ବ୍ଯାଖ୍ଯା କରାଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "%s ପାଇଁ seuser କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ ଟି ନିୟମ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରିହେବ ନାହିଁ"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%s ପାଇଁ ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ କୁ ଅପସାରଣ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "ଲଗଇନ୍ ପ୍ରତିଚିତ୍ରଣ କୁ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "%s SELinux ଚାଳକ ର ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux ଚାଳକ %s କୁ ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "%s ପାଇଁ SELinux ଚାଳକ କୁ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%s ପାଇଁ %s ଦାୟିତ୍ବ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%s ପାଇଁ ଏମ୍.ଏଲ.ଏସ୍. ସ୍ତର କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "ଅବୈଧ ଉପସର୍ଗ %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%s ପାଇଁ %s ଉପସର୍ଗ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%s ପାଇଁ ଚାବି କୁ ନିର୍ଯ୍ଯାସ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux ଚାଳକ %s କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "ଉପସର୍ଗ, ଦାୟିତ୍ବ, ସ୍ତର କିମ୍ବା ପରିସର ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "ଉପସର୍ଗ କିମ୍ବା ଦାୟିତ୍ବ ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux ଚାଳକ %s କୁ ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରାଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%s ପାଇଁ ଚାଳକ କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux ଚାଳକ %s କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux ଚାଳକ %s କୁ ନୀତି ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux ଚାଳକ %s କୁ ଅପସାରଣ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux ଚାଳକ କୁ ଗୋଟିଏ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr " %s ଚାଳକ ର ଦାୟିତ୍ବ କୁ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "ୟୁ.ଡି.ପି. କିମ୍ବା ଟି.ସି.ପି. ପ୍ରୋଟୋକଲ ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "ସଂଯୋଗିକୀ ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%s ପାଇଁ ଚାବି ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "ପ୍ରକାର ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "%s/%s ସଂଯୋଗିକୀ ର ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%s ପାଇଁ ପ୍ରସଙ୍ଗ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ପ୍ରସଙ୍ଗ ରେ ଚାଳକ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ପ୍ରସଙ୍ଗ ରେ ଦାୟିତ୍ବ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ପ୍ରସଙ୍ଗ ରେ କିଛି ଭିନ୍ନତା କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ପ୍ରସଙ୍ଗ ରେ ଏମ୍.ଏଲ.ଏସ୍. କ୍ଷେତ୍ର କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s ପାଇଁ ସଂଯୋଗିକୀ ପ୍ରସଙ୍ଗ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype କିମ୍ବା serange କୁ ଆବଶ୍ଯକ କରେ"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype କୁ ଆବଶ୍ଯକ କରେ"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "%s/%s ସଂଯୋଗିକୀ ଟି ନିୟମ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରିହେବ ନାହିଁ"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "%s/%s ସଂଯୋଗିକୀ କୁ ଅପସାରଣ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "ସଂଯୋଗିକୀ ମାନଙ୍କୁ ତାଲିକା ରେ ଲେଖି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux ପ୍ରକାର ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s ପାଇଁ ଚାବି ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ ର ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ ର ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s ପାଇଁ ପ୍ରସଙ୍ଗ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ପ୍ରସଙ୍ଗ ରେ ଚାଳକ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ପ୍ରସଙ୍ଗ ରେ ଦାୟିତ୍ବ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ପ୍ରସଙ୍ଗ ରେ ପ୍ରକାର ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ପ୍ରସଙ୍ଗ ରେ ଏମ୍.ଏଲ.ଏସ୍. କ୍ଷେତ୍ର ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s ପାଇଁ ଅନ୍ତରାପ୍ରୁଷ୍ଠ ପ୍ରସଙ୍ଗ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s ପାଇଁ ସନ୍ଦେଶ ପ୍ରସଙ୍ଗ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ ର ବ୍ଯାଖ୍ଯା କରାଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ ଟି ନିୟମ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "%s ଅନ୍ତରାପ୍ରୁଷ୍ଠ କୁ ଅପସାରଣ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "ଅନ୍ତରାପ୍ରୁଷ୍ଠ ମାନଙ୍କୁ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ର ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ପୂର୍ବରୁ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ସ୍ରୁଷ୍ଟି କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ରେ ଚାଳକ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ର ଦାୟିତ୍ବ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ର ପ୍ରକାର କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ରେ ଏମ୍.ଏଲ.ଏସ୍. କ୍ଷେତ୍ର କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ସେଟ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ଯୋଗ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange କିମ୍ବା seuser କୁ ଆବଶ୍ଯକ କରିଥାଏ"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ର ବ୍ଯାଖ୍ଯା କରାଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ ଟି ନୀତି ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରି ପାରିବ ନାହିଁ"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%s ପାଇଁ ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ଅପସାରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "ସ୍ଥାନୀୟ ଫାଇଲ ପ୍ରସଙ୍ଗକୁ ତାଲିକାରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "ମୂଲ୍ଯ ଆବଶ୍ଯକ"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "ବୁଲିଆନ %s ଟି ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି କି ନାହିଁ ତାହା ଯାଞ୍ଚ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "ବୁଲିଆନ %s ଟି ବ୍ଯାଖ୍ଯା କରାଯାଇ ନାହିଁ"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "ଫାଇଲ ପ୍ରସଙ୍ଗ କୁ %s କୁ ପ୍ରଶ୍ନ ପଚାରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "ବୁଲିଆନ %s କୁ ରୂପାନ୍ତରିତ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "ବୁଲିଆନ %s ଟି ନିୟମ ରେ ବ୍ଯାଖ୍ଯା କରା ଯାଇଛି, ଏହାକୁ ଅପସାରଣ କରିହେବ ନାହିଁ"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "ବୁଲିଆନ %s କୁ ଅପସାରଣ କରି ପାରିଲା ନାହିଁ"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "ବୁଲିଆନ ମାନଙ୍କୁ ତାଲିକା ରେ ଲେଖି ପାରିଲା ନାହିଁ"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "ପ୍ରକାର ପ୍ରବର୍ତ୍ତନ ଫାଇଲ କୁ ଉତ୍ପନ୍ନ କରୁଅଛି: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "ନିୟମ କୁ ସଙ୍କଳନ କରୁଛି"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** ଗୁରୁତ୍ବପୂର୍ଣ୍ଣ ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"ନୂତନ ଭାବରେ ସ୍ରୁଷ୍ଟି କରା ଯାଇଥିବା policy ପ୍ଯାକେଜ କୁ କର୍ଣ୍ଣଲ ରେ ଧାରଣ କରିବା ପାଇଁ,\n"
+"ଆପଣଙ୍କୁ ନିମ୍ନଲିଖିତ ଏକକାଂଶ ମାନଙ୍କୁ ନିଷ୍ପାଦିତ କରିବା ପାଇଁ ହେବ \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "ପସନ୍ଦ ମାନଙ୍କ ର ତୃଟି: %s "
diff --git a/policycoreutils/po/pa.po b/policycoreutils/po/pa.po
new file mode 100644
index 0000000..ebed471
--- /dev/null
+++ b/policycoreutils/po/pa.po
@@ -0,0 +1,1031 @@
+# translation of pa.po to Punjabi
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# A S Alam <apbrar@gmail.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: pa\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-24 09:13+0530\n"
+"Last-Translator: A S Alam <apbrar@gmail.com>\n"
+"Language-Team: Punjabi <fedora-trans-pa@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "ਵਰਤੋਂ: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "ਗੁਪਤ-ਕੋਡ:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "ਮੈਮੋਰੀ ਖਤਮ ਹੋ ਗਈ ਹੈ!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "ਗਲਤੀ! ਸ਼ੈੱਲ ਗਲਤ ਹੈ।\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "ਵਾਤਾਵਰਨ ਸਾਫ਼ ਕਰਨ ਲਈ ਅਸਫ਼ਲ\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "ਵਰਤੋਂ %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "ਚੋਣ ਗਲਤੀ %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype ਲੋੜੀਦਾ"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "ਪੋਰਟ %s/%s ਦਿੱਤੀ ਨਹੀਂ ਗਈ"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%s ਲਈ ਕੁੰਜੀ ਬਣਾਈ ਨਹੀਂ ਜਾ ਸਕੀ"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "ਇੰਟਰਫੇਸ %s ਪਹਿਲਾਂ ਹੀ ਮੌਜੂਦ ਹੈ"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%s ਲਈ ਇੰਟਰਫੇਸ ਬਣਾਇਆ ਨਹੀਂ ਜਾ ਸਕਿਆ"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "ਇੰਟਰਫੇਸ %s ਦਿੱਤਾ ਨਹੀਂ ਗਿਆ"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "ਮੁੱਲ ਲੋੜੀਦਾ ਹੈ"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** ਖਾਸ ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "ਚੋਣ ਗਲਤੀ:%s "
diff --git a/policycoreutils/po/pl.po b/policycoreutils/po/pl.po
new file mode 100644
index 0000000..d84de43
--- /dev/null
+++ b/policycoreutils/po/pl.po
@@ -0,0 +1,1049 @@
+# translation of pl.po to Polish
+# Piotr Drąg <raven@pmail.pl>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: pl\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-21 20:32+0200\n"
+"Last-Translator: Piotr Drąg <raven@pmail.pl>\n"
+"Language-Team: Polish <pl@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "użycie: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Nie można wczytać polityki: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "ustawienie PAM_TTY nie powiodło się\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Hasło:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Nie można znaleźć wpisu w pliku passwd shadow.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass nie może otworzyć /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "nie można znaleźć prawidłowego wpisu w pliku passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Brak pamięci!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Błąd! Powłoka jest nieprawidłowa.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Nie można wyczyścić środowiska\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Błąd podczas inicjowania możliwości, przerywanie.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Błąd podczas ustawiania możliwości, przerywanie\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Błąd podczas ustawiania KEEPCAPS, przerywanie\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Błąd podczas opuszczania możliwości, przerywanie\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Błąd podczas zmieniania UID, przerywanie.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Błąd podczas przywracania KEEPCAPS, przerywanie.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Błąd podczas opuszczania możliwości SETUID, przerywanie\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Błąd podczas zwalniania caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Błąd podczas łączenia się z systemem audit.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Błąd podczas przydzielania pamięci.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Błąd podczas wysyłania komunikatu audit.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Nie można ustalić trybu wymuszania.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Błąd! Nie można otworzyć %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Nie można uzyskać bieżącego kontekstu dla %s, ponowne nadanie etykiety "
+"TTY nie odbędzie się.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Nie można uzyskać nowego kontekstu dla %s, ponowne nadanie etykiety TTY "
+"nie odbędzie się.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Nie można ustawić nowego kontekstu dla %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s zmienił etykiety.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Ostrzeżenie! Nie można przywrócić kontekstu dla %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Błąd: zostało określone wiele ról\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Błąd: zostało określone wiele typów\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Przepraszamy, -l może zostać użyte z obsługą MLS SELinuksa.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Błąd: zostało określonych wiele poziomów\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Nie można uzyskać domyślnego typu.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "uzyskanie nowego kontekstu nie powiodło się.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "ustawienie nowej roli %s nie powiodło się\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "ustawienie nowego typu %s nie powiodło się\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "zbudowanie nowego zasięgu z poziomem %s nie powiodło się\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "ustawienie nowego zasięgu %s nie powiodło się\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+"przekonwertowanie nowego kontekstu na łańcuch tekstowy nie powiodło się\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nie jest prawidłowym kontekstem\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Nie można przydzielić pamięci dla new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Nie można uzyskać pustego ustawienia sygnału\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Nie można ustawić obsługi SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Przepraszamy, newrole może zostać użyte tylko na jądrze SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "uzyskanie old_context nie powiodło się.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Błąd! Nie można pobrać informacji o TTY.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Uwierzytelnianie %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "inicjowanie PAM nie powiodło się\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: niepoprawne hasło dla %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: rozgałęzienie nie powiodło się: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Nie można przywrócić etykiety TTY...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "poprawne zamknięcie TTY nie powiodło się\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Nie można zamknąć deskryptorów.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Błąd podczas przydzielania argv0 powłoki.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Nie można ustawić kontekstu wykonywania dla %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Nie można przywrócić środowiska, przerywanie\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "wykonanie powłoki nie powiodło się\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"UŻYCIE: run_init <skrypt> <argumenty ...>\n"
+" gdzie: <skrypt> jest nazwą skryptu init do uruchomienia,\n"
+" a <args ...> są argumentami dla tego skryptu."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "uzyskanie informacji o koncie nie powiodło się\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: nieprawidłowe hasło dla %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Nie można otworzyć pliku %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Brak kontekstu w pliku %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+"Przepraszamy, run_init może zostać uruchomione tylko na jądrze SELinuksa.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "uwierzytelnianie nie powiodło się.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Wymagana jest co najmniej jedna kategoria"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Nie można zmodyfikować poziomów czułości używając \"+\" na %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s jest już w %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nie jest w %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Nie można łączyć +/- z innymi typami kategorii"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nie można posiadać wielu czułości"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Użycie %s KATEGORIA Plik ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Użycie %s -l KATEGORIA użytkownik ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Użycie %s [[+|-]KATEGORIA],...]q Plik ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Użycie %s -l [[+|-]KATEGORIA],...]q użytkownik ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Użycie %s -d Plik ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Użycie %s -l -d użytkownik ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Użycie %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Użycie %s -L -l użytkownik"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Użyj --, aby zakończyć listę opcji. Na przykład"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /dokumenty/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential jużytkownik"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Wymagane są 2 argumenty lub więcej"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nie został określony"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s nie jest prawidłowy dla obiektów %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "zasięg nie jest obsługiwany na komputerach bez MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Musisz określić rolę"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Musisz określić przedrostek"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Błąd opcji %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Nieprawidłowa wartość %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "tłumaczenia nie są obsługiwane na komputerach bez MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Nie można otworzyć %s: tłumaczenia nie są obsługiwane na komputerach bez MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Tłumaczenia nie mogą zawierać spacji \"%s\" "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Nieprawidłowy poziom \"%s\" "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s zostało już określone w tłumaczeniach"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nie został określony w tłumaczeniach"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"Polityka SELinuksa nie jest zarządzana lub nie można uzyskać dostępu do "
+"składu."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Nie można odczytać składu polityk."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Nie można nawiązać połączenia semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Nie można utworzyć klucza dla %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Nie można sprawdzić, jeśli mapowanie loginu dla %s zostało określone"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mapowanie loginu dla %s zostało już określone"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Użytkownik linuksowy %s nie istnieje"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Nie można utworzyć mapowania loginu dla %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Nie można ustawić nazwy %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Nie można ustawić zasięgu MLS dla %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Nie można ustawić użytkownika SELinuksowego dla %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Nie można uruchomić transakcji semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Nie można dodać mapowania loginu do %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Wymagane jest seuser lub serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Mapowanie loginu dla %s nie zostało określone"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Nie można odpytać seuser dla %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Nie można zmodyfikować mapowania loginu dla %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Mapowanie loginu dla %s zostało określone w polityce, nie może zostać "
+"usunięte"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Nie można usunąć mapowania loginu dla %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Nie można wyświetlić listę mapowań loginów"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Nie można sprawdzić, jeśli użytkownik SELinuksowy został określony"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "Użytkownik SELinuksowy %s został już określony"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Nie można utworzyć użytkownika SELinuksowego dla %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Nie można dodać roli %s do %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Nie można ustawić poziomu MLS dla %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Nieprawidłowy przedrostek %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Nie można dodać przedrostka %s do %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Nie można rozpakować klucza dla %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Nie można dodać użytkownika SELinuksowego %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Wymagany jest przedrostek, role, poziom lub zasięg"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Wymagany jest przedrostek lub role"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "Użytkownik SELinuksowy %s nie został określony"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Nie można odpytać użytkownika dla %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Nie można zmodyfikować użytkownika SELinuksowego %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"Użytkownik SELinuksowy %s nie został określony w polityce, nie może zostać "
+"usunięty"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Nie można usunąć użytkownika SELinuksowego %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Nie można wyświetlić listy użytkowników SELinuksowych"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Nie można wyświetlić listy ról dla użytkownika %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Wymagany jest protokół UDP lub TCP"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Wymagany jest port"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Nie można utworzyć klucza %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Wymagany jest typ"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Nie można sprawdzić, jeśli port %s/%s został określony"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s został już określony"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Nie można utworzyć portu dla %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Nie można utworzyć kontekstu dla %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Nie można ustawić użytkownika w kontekście portu dla %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Nie można ustawić roli w kontekście portu dla %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Nie można ustawić typu w kontekście portu dla %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Nie można ustawić pól MLS w kontekście portu dla %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Nie można ustawić kontekstu portu dla %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Nie można dodać portu %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Wymagane jest setype lub serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Wymagane jest setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s nie został określony"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Nie można odpytać portu %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Nie można zmodyfikować portu %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s został określony w polityce, nie może zostać usunięty"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Nie można usunąć portu %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Nie można wyświetlić listy portów"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Wymagany jest typ SELinuksa"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Nie można utworzyć klucza dla %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Nie można sprawdzić, jeśli interfejs %s został określony"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Interfejs %s został już określony"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Nie można utworzyć interfejsu dla %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Nie można utworzyć kontekstu dla %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Nie można ustawić użytkownika w kontekście interfejsu dla %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Nie można ustawić roli w kontekście interfejsu dla %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Nie można ustawić typu w kontekście interfejsu dla %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Nie można ustawić pól MLS w kontekście interfejsu dla %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Nie można ustawić kontekstu interfejsu dla %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Nie można ustawić kontekstu komunikatu dla %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Nie można dodać interfejsu %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Interfejs %s nie został określony"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Nie można odpytać interfejsu %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Nie można zmodyfikować interfejsu %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Interfejs %s został określony w polityce, nie może zostać usunięty"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Nie można usunąć interfejsu %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Nie można wyświetlić listy interfejsów"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Nie można sprawdzić, jeśli kontekst pliku dla %s został określony"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Kontekst pliku dla %s nie został określony"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Nie można określić kontekstu pliki dla %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Nie można ustawić użytkownika w kontekście pliku dla %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Nie można ustawić roli w kontekście pliku dla %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Nie można określić typu w kontekście pliku dla %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Nie można ustawić pól MLS w kontekście pliku dla %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Nie można ustawić kontekstu pliku dla %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Nie można dodać kontekstu pliku dla %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Wymagane jest setype, serange lub seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Kontekst pliku dla %s nie został określony"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Nie można odpytać kontekstu pliku dla %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Nie można zmodyfikować kontekstu pliku dla %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Kontekst pliku dla %s został określony w polityce, nie może zostać usunięty"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Nie można usunąć kontekstu pliku dla %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Nie można wyświetlić listy kontekstów plików"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Nie można wyświetlić listy lokalnych kontekstów plików"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Wymagana jest wartość"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Nie można sprawdzić, jeśli wartość logiczna %s została określona"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Wartość logiczna %s nie została określona"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Nie można odpytać kontekstu pliku %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Nie można zmodyfikować wartości logicznej %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+"Wartość logiczna %s została określona w polityce, nie może zostać usunięta"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Nie można usunąć wartości logicznej %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Nie można wyświetlić listy wartości logicznych"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Tworzenie pliku typu narzuconego: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Kompilowanie polityki"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** WAŻNE ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Aby wczytać ten nowo utworzony pakiet do jądra, musisz wykonać \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Błąd opcji: %s "
diff --git a/policycoreutils/po/policycoreutils.pot b/policycoreutils/po/policycoreutils.pot
new file mode 100644
index 0000000..050b10f
--- /dev/null
+++ b/policycoreutils/po/policycoreutils.pot
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/pt.po b/policycoreutils/po/pt.po
new file mode 100644
index 0000000..5c31712
--- /dev/null
+++ b/policycoreutils/po/pt.po
@@ -0,0 +1,1052 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 10:51+0000\n"
+"Last-Translator: José Nuno Coelho Pires <jncp@netcabo.pt>\n"
+"Language-Team: pt <kde-i18n-pt@kde.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-POFile-SpellExtra: SETUID tty ze odt tcp ConfidencialEmpresa getpass PAM\n"
+"X-POFile-SpellExtra: TTY serange PAMTTY SELinux semodule chcat init\n"
+"X-POFile-SpellExtra: newrole setype udp runinit passwd pp semanage\n"
+"X-POFile-SpellExtra: KEEPCAPS bq shadow UID MLS seuser dev SIGHUP\n"
+"X-POFile-SpellExtra: novocontexto argv\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "utilização: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Não é possível carregar a política: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "não foi possível definir o PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Senha:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "O seu item não foi encontrado no ficheiro de senhas 'shadow'.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "O 'getpass' não consegue aceder ao /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "não foi possível encontrar um item válido no ficheiro 'passwd'.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Sem memória!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Erro! A linha de comandos não é válida.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Não foi possível limpar o ambiente\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Erro ao iniciar as capacidades, a interromper.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Erro ao atribuir as capacidades, a interromper\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Erro ao atribuir o KEEPCAPS, a interromper\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Erro ao remover as capacidades, a interromper\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Erro ao mudar de UID, a interromper.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Erro ao reiniciar o KEEPCAPS, a interromper\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Erro ao remover a capacidade de SETUID, a interromper\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Erro ao libertar as capacidades\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Erro ao ligar-se ao sistema de auditoria.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Erro ao reservar memória.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Erro ao enviar a mensagem de auditoria.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Não é possível determinar o modo de aplicação do SELinux.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Erro! Não foi possível aceder ao %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Não foi possível obter o contexto actual do %s; o TTY não mudará de "
+"etiqueta.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Não foi possível obter o novo contexto do %s; o TTY não mudará de "
+"etiqueta.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Não foi possível definir o novo contexto do %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "O %s mudou de etiquetas.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Atenção! Não foi possível repor o contexto do %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Erro: foram definidos vários papéis\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Erro : foram definidos vários tipos\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+"Desculpe, mas o -l só pode ser usado com o suporte para MLS do SELinux.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Erro: foram definidos vários níveis\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Não foi possível obter o tipo predefinido.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "não foi possível obter o novo contexto.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "não foi possível definir o novo papel %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "não foi possível definir o novo tipo %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "não foi possível criar um novo intervalo com o nível %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "não foi possível definir o novo intervalo %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "não foi possível converter o novo contexto para texto\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "o %s não é um contexto válido\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Não é possível reservar memória para o novo_contexto"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Não é possível obter o conjunto de sinais vazios\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Não é possível atribuir a rotina do SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+"Desculpe, mas o 'newrole' só pode ser usado num 'kernel' com SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "não foi possível obter o contexto antigo.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Erro! Não foi possível obter a informação do TTY.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "A autenticar o %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "não foi possível inicializar o PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: a senha do %s é incorrecta\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: não foi possível criar um sub-processo: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Não foi possível repor a legenda do TTY...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "não foi possível fechar devidamente o TTY\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Não foi possível fechar os descritores.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Erro ao reservar o argv0 da linha de comandos.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Não foi possível mudar o contexto de execução para %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Não foi possível repor o ambiente, a interromper\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "não foi possível executar a linha de comandos\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"UTILIZAÇÃO: run_init <programa> <argumentos...>\n"
+" onde: <programa> é o nome do programa do 'init' a executar,\n"
+" <argumentos ...> são os argumentos desse programa."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "não foi possível obter as informações da conta\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: a senha do %s é incorrecta\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Não foi possível aceder ao ficheiro %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Não existe qualquer contexto no ficheiro %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+"Desculpe, mas o 'run_init' só poderá ser usado num 'kernel' com SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "a autenticação falhou.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "É necessária pelo menos uma categoria"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Não é possível modificar os níveis de sensibilidade com o '+' no %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "O %s já está em %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "O %s não está em %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Não é possível combinar o +/- com outros tipos de categorias"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Não é possível ter várias sensibilidades"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Utilização %s CATEGORIA Ficheiro ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Utilização %s -l CATEGORIA utilizador ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Utilização %s [[+|-]CATEGORIA],...]q Ficheiro ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Utilização %s -l [[+|-]CATEGORIA],...]q utilizador ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Utilização %s -d Ficheiro ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Utilização %s -l -d utilizador ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Utilização %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Utilização %s -L -l utilizador"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Use o -- para terminar a lista de opções. Por exemplo"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -ConfidencialEmpresa /documentos/plano-negócio.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +ConfidencialEmpresa ze"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "São necessários 2 ou mais argumentos"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "O %s não está definido"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "O %s não é válido para os objectos %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "o intervalo não é suportado em máquinas não-MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Precisa de indicar um papel"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Precisa de indicar um prefixo"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Erro nas Opções %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "O valor %s é inválido"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "as traduções não são suportadas em máquinas não-MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Não é possível aceder ao %s: as traduções não são suportadas nas máquinas "
+"não-MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "As traduções não poderão conter espaços '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Nível '%s' Inválido "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "O %s já está definido nas traduções"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "O %s não está definido nas traduções"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"A política do SELinux não é gerida ou não é possível aceder ao armazém."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Não é possível ler o armazém de políticas."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Não é possível estabelecer uma ligação ao 'semanage'"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Não é possível criar uma chave para o %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+"Não foi possível ver se o mapeamento de autenticação do %s está definido"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "O mapeamento de autenticação do %s já está definido"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "O utilizador de Linux %s não existe"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Não foi possível criar o mapeamento de autenticação do %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Não foi possível definir o nome do %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Não foi possível definir o intervalo do MLS do %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Não foi possível definir o utilizador do SELinux para o %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Não foi possível iniciar a transacção do 'semanage'"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Não foi possível adicionar o mapeamento de autenticação do %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Necessita do 'seuser' ou do 'serange'"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "O mapeamento de autenticação do %s não está definido"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Não foi possível pesquisar o 'seuser' por %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Não foi possível modificar o mapeamento de autenticação do %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"O mapeamento de autenticação do %s está definido na política e não pode ser "
+"removido"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Não foi possível remover o mapeamento de autenticação do %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Não foi possível listar os mapeamentos de autenticação"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Não foi possível verificar se o utilizador %s do SELinux está definido"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "O utilizador %s do SELinux já está definido"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Não foi possível criar o utilizador do SELinux do %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Não foi possível adicionar o papel %s para o %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Não foi possível definir o nível do MLS do %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "O prefixo %s é inválido"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Não foi possível adicionar o prefixo %s do %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Não foi possível extrair a chave do %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Não foi possível adicionar o utilizador do SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "É necessário um prefixo, papéis, um nível ou um intervalo"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "É necessário um prefixo ou papéis"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "O utilizador do SELinux %s não está definido"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Não foi possível pesquisar o utilizador %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Não foi possível modificar o utilizador do SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+"O utilizador do SELinux %s está definido na política, não pode ser removido"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Não foi possível remover o utilizador do SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Não foi possível listar os utilizadores do SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Não foi possível listar os papéis do utilizador %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "É obrigatório o protocolo 'udp' ou 'tcp'"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "O porto é obrigatório"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Não foi possível criar uma chave para o %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "O tipo é obrigatório"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Não foi possível verificar se o porto %s/%s está definido"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "O porto %s/%s já está definido"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Não foi possível criar o porto %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Não foi possível criar o contexto do %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Não foi possível definir o utilizador no contexto do porto %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Não foi possível definir o papel no contexto do porto %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Não foi possível definir o tipo no contexto do porto %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Não foi possível definir os campos de MLS no contexto do porto %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Não foi possível definir o contexto do porto %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Não foi possível adicionar o porto %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Necessita de um 'setype' ou 'serange'"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Necessita de um 'setype'"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "O porto %s/%s não está definido"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Não foi possível pesquisar o porto %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Não foi possível modificar o porto %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "O porto %s/%s está definido na política, não pode ser removido"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Não foi possível remover o porto %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Não foi possível listar os portos"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "O Tipo do SELinux é obrigatório"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Não foi possível criar a chave do %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Não foi possível verificar se a interface %s está definida"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "A interface %s já está definida"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Não foi possível criar a interface %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Não foi possível criar o contexto de %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Não foi possível definir o utilizador no contexto da interface %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Não foi possível definir o papel no contexto da interface %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Não foi possível definir o tipo no contexto da interface %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Não foi possível definir os campos de MLS no contexto da interface %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Não foi possível definir o contexto da interface %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Não foi possível definir o contexto da mensagem %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Não foi possível adicionar a interface %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "A interface %s não está definida"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Não foi possível pesquisar a interface %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Não foi possível modificar a interface %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "A interface %s está definida na política, não pode ser removida"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Não foi possível remover a interface %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Não foi possível listar as interfaces"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Não foi possível verificar se o contexto do ficheiro %s está definido"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "O contexto do ficheiro %s já está definido"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Não foi possível criar o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Não foi possível definir o utilizador no contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Não foi possível definir o papel no contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Não foi possível definir o tipo no contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Não foi possível definir os campos do MLS no contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Não foi possível definir o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Não foi possível adicionar o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Necessita de um 'setype', 'serange' ou 'seuser'"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "O contexto do ficheiro %s não está definido"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Não foi possível pesquisar o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Não foi possível modificar o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"O contexto do ficheiro %s está definido na política, não pode ser removido"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Não foi possível remover o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Não foi possível listar os contextos do ficheiro"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Não foi possível listar os contextos do ficheiro local"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "É necessário um valor"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Não foi possível verificar se o booleano %s está definido"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "O booleano %s não está definido"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Não foi possível pesquisar o contexto do ficheiro %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Não foi possível modificar o booleano %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "O booleano %s está definido na política, não pode ser removido"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Não foi possível remover o booleano %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Não foi possível listar os booleanos"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "A gerar o ficheiro de aplicação do tipo: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "A compilar a política"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANTE ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Para poder carregar este pacote de políticas acabado de criar no 'kernel',\n"
+"é preciso executar\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Erro nas Opções: %s "
diff --git a/policycoreutils/po/pt_BR.po b/policycoreutils/po/pt_BR.po
new file mode 100644
index 0000000..16d2b5c
--- /dev/null
+++ b/policycoreutils/po/pt_BR.po
@@ -0,0 +1,1062 @@
+# translation of pt_BR.po to Brazilian Portuguese
+# translation of pt_BR.po to Brazilian Portuguese
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Valnir Ferreira Jr., 2006.
+# Diego Búrigo Zacarão <diegobz@gmail.com>, 2006.
+# Igor Pires Soares <igor@projetofedora.org>, 2006.
+# Diego Búrigo Zacarão <diegobz@gmail.com>, 2006.
+# Valnir Ferreira Jr., 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: pt_BR\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 14:54+1000\n"
+"Last-Translator: Valnir Ferreira Jr.\n"
+"Language-Team: Brazilian Portuguese\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "uso: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Impossível carregar política: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "falhou ao definir PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Senha:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Impossível achar a sua entrada no arquivo de senha shadow.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass não pode abrir /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "impossível encontrar entrada válida no arquivo passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Memória insuficiente!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Erro! Shell não é valido.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Impossível limpar ambiente\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Erro ao iniciar potencialidades, abortando.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Erro ao tentar definir potencialidades, abortando.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Erro ao tentar definir KEEPCAPS, abortando\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Erro ao remover potencialidades, abortando.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Erro ao mudar uid, abortando.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Erro ao restaurar KEEPCAPS, abortando\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Erro ao remover a potencialidade SETUID, abortando.\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Erro ao liberar caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Erro ao conectar com sistema audit.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Erro ao alocar memória.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Erro ao enviar mensagem audit.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Impossível determinar modo forçado.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Erro! Impossível abrir %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Impossível obter o atual contexto para %s, não reetiquetar tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Impossível obter novo contexto para %s, não reetiquetar tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Impossível definir novo contexto para %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s etiquetas alteradas.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Atenção! Impossível restaurar contexto para %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Erro: múltiplas roles especificadas\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Erro: múltiplos tipos especificados\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Desculpe, -l pode ser usado com suporte SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Erro: múltiplos níveis especificados\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Impossível obter o tipo padrão.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "falhou ao obter novo contexto.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "falhou ao definir nova role %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "falhou ao definir novo tipo %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "falhou ao construir novo intervalo com níveis %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "falhou ao definir novo intervalo %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "falhou ao converter novo contexto para uma seqüência de caracteres\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s não é um contexto válido\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Impossível alocar memória para new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Impossível obter signal set vazio\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Impossível configurar tratador de SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Desculpe, newrole pode ser usado somente sobre um kernel SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "falhou ao obter contexto antigo.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Erro! Impossível recuperar informações de tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autenticando %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "falhou ao inicializar o PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: senha incorreta para %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: falha de bifurcação: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Impossível restaurar etiqueta tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Não foi possível fechar o tty adequadamente\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Impossível fechar descritores.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Erro ao alocar argv0 do shell.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Impossível definir contexto executável para %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Impossível restaurar o ambiente, abortando\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "falhou ao executar shell\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"USO: run_init <script> <args ...>\n"
+"onde: <script> é o nome do script de inicialização a ser executado,\n"
+" <args ...> são os argumentos para esse script."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "falhou ao obter informação da conta\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: senha incorreta para %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Impossível abrir arquivo %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Sem contexto no arquivo %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Desculpe, run_init somente pode ser usado sobre um kernel SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "autenticação falhou.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Requer pelo menos uma categoria"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Não se pode modificar os níveis de sensibilidade usando '+' em %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s já está em %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s não está em %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Não é possível combinar +/- com outros tipos de categorias"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Não se pode ter sensibilidades múltiplas"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Uso %s CATEGORY Arquivo ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Uso %s -l CATEGORY usuário ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Uso %s [[+|-]CATEGORY],...]q Arquivo ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Uso %s -l [[+|-]CATEGORY],...]q usuário ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Uso %s -d Arquivo ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Uso %s -l -d usuário ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Uso %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Uso %s -L -l usuário"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Use -- para determinar o fim da lista de opções. Por exemplo"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -EmpresaConfidencial /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +EmpresaConfidencial juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Requer 2 ou mais argumentos"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s não definido"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s não é válido para objetos %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "intervalo não suportado em máquinas não-MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Você deve especificar uma role"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Você deve especificar um prefixo"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Erro de Opções %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Valor inválido %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "traduções não suportadas em maquinas não-MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Impossível abrir %s: traduções não suportadas em máquinas não-MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Traduções não podem conter espaços '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Nível Inválido '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s já definido nas traduções"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s não definido nas traduções"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "Política SELinux não é controlada ou não é possível acessar os dados."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Impossível ler dados da política"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Impossível estabelecer uma conexão semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Impossível criar uma chave para %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Impossível verificar se o mapeamento de login para %s está definido"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mapeamento de login para %s já está definido"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Usuário Linux %s não existe"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Não foi possível criar mapeamento de login para %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Impossível definir nome para %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Impossível definir intervalo MLS para %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Impossível definir usuário SELinux para %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Impossível iniciar transação semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Impossível adicionar mapeamento de login para %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Requer seuser ou serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Mapeamento de login para %s não está definido"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Impossível consultar seuser para %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Impossível modificar mapeamento de login para %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Mapeamento de login para %s está definido na política, não pode ser excluído"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Impossível excluir mapeamento de login para %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Impossível listar mapeamentos de logins"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Impossível checar se usuário SELinux %s está definido"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "Usuário SELinux %s já está definido"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Impossível criar usuário SELinux for %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Impossível adicionar role %s para %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Impossível definir nível MLS para %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Prefixo inválido %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Impossível adicionar prefixo %s para %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Impossível extrair chave para %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Impossível adicionar usuário SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Requer prefixo, roles, nível ou intervalo"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Requer prefixo ou roles"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "Usuário SELinux %s não está definido"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Impossível consultar usuário para %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Impossível modificar usuário SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "Usuário SELinux %s está definido na política, não pode ser excluído"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Impossível excluir usuário SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Impossível listar usuários SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Impossível listar roles para o usuário %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protocolo udp ou tcp é requerido"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Porta é requerida"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Impossível criar uma chave para %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Tipo é requerido"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Impossível checar se a porta %s/%s está definida"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Porta %s/%s já está definida"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Impossível criar porta para %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Impossível criar contexto para %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Impossível definir usuário no contexto da porta para %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Impossível definir role no contexto da porta para %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Impossível definir tipo no contexto da porta para %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Impossível definir campos mls no contexto da porta para %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Impossível definir contexto da porta para %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Impossível adicionar porta %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Requer setype ou serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Requer setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "A porta %s/%s não está definida"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Impossível consultar porta %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Impossível modificar porta %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "A porta %s/%s está definida na política, não pode ser excluída"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Impossível excluir porta %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Impossível listar portas"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Tipo SELinux é requerido"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Impossível criar chave para %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Impossível checar se a interface %s está definida"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Interface %s já definida"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Impossível criar interface para %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Impossível criar contexto para %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Impossível definir usuário no contexto da interface para %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Impossível definir role no contexto da interface para %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Impossível definir tipo no contexto da interface para %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Impossível definir campos mls no contexto da interface para %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Impossível definir contexto da interface para %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Impossível definir contexto da mensagem para %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Impossível adicionar interface %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "A interface %s não está definida"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Impossível consultar interface %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Impossível modificar interface %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "A interface %s está definida na política, não pode ser excluída"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Impossível excluir interface %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Impossível listar interfaces"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Impossível checar se o contexto do arquivo para %s está definido"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Contexto do arquivo para %s já definido"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Impossível criar contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Impossível definir usuário no contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Impossível definir role no contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Impossível definir tipo no contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Impossível definir campos mls no contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Impossível definir contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Impossível adicionar contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Requer setype, serange ou seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Contexto de arquivo para %s não está definido"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Impossível consultar contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Impossível modificar contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Contexto de arquivo para %s está definido na política, não pode ser excluído"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Impossível excluir contexto de arquivo para %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Impossível listar contextos de arquivos"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Impossível listar contextos de arquivos locais"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Requer valor"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Impossível checar se Booleano %s está definido"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Booleano %s não está definido"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Impossível consultar contexto de arquivo %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Impossível modificar booleano %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Booleano %s está definido na política, não pode ser excluído"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Impossível excluir booleano %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Impossível listar portas booleanas"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Gerando tipo de arquivo aplicativo: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Compilando política"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** IMPORTANTE ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Para carregar este pacote de políticas criado recentemente no kernel\n"
+"é necessário que você execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Erro de Opções: %s "
diff --git a/policycoreutils/po/ro.po b/policycoreutils/po/ro.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/ro.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/ru.po b/policycoreutils/po/ru.po
new file mode 100644
index 0000000..243ce68
--- /dev/null
+++ b/policycoreutils/po/ru.po
@@ -0,0 +1,1038 @@
+# translation of ru.po to Russian
+#
+# Andrew Martynov <andrewm@inventa.ru>, 2006.
+# Yulia Poyarkova <ypoyarko@redhat.com>, 2006.
+msgid ""
+msgstr ""
+"Project-Id-Version: ru\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-01 03:12+0300\n"
+"Last-Translator: Andrew Martynov <andrewm@inventa.ru>\n"
+"Language-Team: Russian <fedora-trans-ru@redhat.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "Использование: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Невозможно загрузить политику: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "сбой установки PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Пароль:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Невозможно найти вашу запись в теневом файле паролей.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass не может открыть /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "невозможно найти корректную запись в файле passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Недостаточно памяти!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Ошибка! Оболочка не верна.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Невозможно очистить окружение\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Ошибка инициализации, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Ошибка настройки возможностей, аварийное завершение\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Ошибка установки KEEPCAPS, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Ошибка сброса возможностей, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Ошибка смены uid, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Ошибка сброса KEEPCAPS, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Ошибка сброса возможности SETUID, аварийное завершение.\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Ошибка освобождения возможностей\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Ошибка соединения с системой аудита.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Ошибка выделения памяти.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Ошибка отправки сообщения аудита.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Невозможно определить режим блокировок (enforcing).\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Ошибка! Невозможно открыть %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Невозможно получить текущий контекст для %s, метка tty не изменяется.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Невозможно получить новый контекст для %s, метка tty не изменяется.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Невозможно задать новый контекст для %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s изменило метки.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Внимание! Невозможно восстановить контекст для %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Ошибка: указано несколько ролей\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Ошибка: указано несколько типов\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Извините, -l может быть использована с поддержкой SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Ошибка: указано несколько уровней\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Невозможно получить тип по умолчанию.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "сбой получения нового контекста.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "сбой задания новой роли %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "сбой задания нового типа %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "сбой построения нового диапазона с уровнем %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "сбой задания нового диапазона %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "сбой преобразования нового контекста в строку\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s не является верным контекстом\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Невозможно выделить память для new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Невозможно получить набор пустых сигналов\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Невозможно получить обработчик SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Извините. newrole может быть использована только для ядра с SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "сбой получения старого_контекста.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Ошибка! Невозможно получить информацию о tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Проверка подлинности %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "сбой инициализации PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: неверный пароль %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: сбой выполнения fork: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Невозможно восстановить метку tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Ошибка корректного закрытия tty\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Невозможно закрыть дескрипторы.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Ошибка выделения argv0 оболочки.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Невозможно задать контекст исполнения для %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Невозможно восстановить окружение, аварийное завершение\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "сбой запуска оболочки\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"Использование: run_init <сценарий> <аргументы ...>\n"
+" где: <сценарий> - это имя запускаемого сценария инициализации,\n"
+" <аргументы ...> - передаваемые сценарию аргументы."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "сбой получения сведений учетной записи\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: неверный пароль для %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Невозможно открыть файл %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Нет контекста в файле %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Извините, run_init может быть использовано только для ядра с SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "сбой проверки подлинности.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Требуется как минимум одна категория"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Нельзя изменить уровень чувствительности используя '+' на %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s уже в %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s не в %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Невозможно объединить +/- с другими типами категорий"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Нельзя иметь несколько уровней чувствительности"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Использование %s КАТЕГОРИЯ Файл ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Использование %s -l КАТЕГОРИЯ пользователь ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Использование %s [[+|-]КАТЕГОРИЯ],...]q Файл ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Использование %s -l [[+|-]КАТЕГОРИЯ],...]q пользователь ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Использование %s -d Файл ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Использование %s -l -d пользователь ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Использование %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Использование %s -L -l пользователь"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Используйте -- чтобы указать завершение списка параметров. На пример"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Требуетсе 2 или более аргумента"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s не определен"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s не является допустимой для объектов %s\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "диапазоны не поддерживаются на машинах без MLS"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Необходимо указать роль"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Необходимо указать префикс"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Ошибка параметров %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Недопустимое значение %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "переводы не поддерживаются для машин без MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Невозможно открыть %s: переводы не поддерживаются на машинах без MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Переводы не могут включать пробелы '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Недопустимый уровень '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s уже определен в переводе"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s не определено в переводе"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "Политика SELinux не поддерживает управление или хранилище недоступно."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Невозможно прочитать хранилище политики."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Невозможно установить semanage соединение"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Невозможно создать ключ для %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Невозможно проверить, определено ли сопоставление входа для %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Сопоставление входа для %s уже определено"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux пользователь %s не существует"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Невозможно создать сопоставление входа для %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Невозможно задать имя для %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Невозможно задать диапазон MLS для %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Невозможно задать пользователя SELinux для %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Невозможно начать semanage транзакцию"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Невозможно добавить сопоставление входа для %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Необходим seuser или serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Сопоставление входа для %s не определено"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Невозможно запросить seuser для %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Невозможно изменить сопоставление входа для %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Сопоставление входа для %s определено в политике и не может быть удалено"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Невозможно удалить сопоставление входа для %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Невозможно выполнить перечисление сопоставлений входа"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Невозможно проверить, определен ли пользователь SELinux %s"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux пользователь %s уже определен"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Невозможно создать пользователя SELinux для %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Невозможно добавить роль %s для %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Невозможно задать уровень MLS для %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Недопустимый префикс %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Невозможно добавить префикс %s для %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Невозможно извлечь ключ для %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Невозможно добавить пользователя SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Необходим префикс, роль, уровень или диапазон"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Необходим префикс или роль"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux пользователь %s не определен"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Невозможно запросить пользователя %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Невозможно изменить SELinux пользователя %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux пользователь %s определен в политике и не может быть удален"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Невозможно удалить пользователя SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Невозможно выполнить перечисление пользователей SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Невозможно выполнить перечисление ролей пользователя %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Необходимо задание tcp или udp протокола"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Необходимо значение порта"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Невозможно создать ключ для %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Требуется задание типа"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Невозможно проверить, определен ли порт %s/%s"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Порт %s/%s уже определен"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Невозможно создать порт для %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Невозможно создать контекст %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Невозможно задать пользователя в контексте порта для %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Невозможно задать роль в контексте порта для %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Невозможно задать тип в контексте порта для %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Невозможно задать поля mls в контексте порта для %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Невозможно задать контекст порта для %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Невозможно добавить порт %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Необходим setype или serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Необходим setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Порт %s/%s не определен"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Невозможно запросить порт %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Невозможно изменить порт %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Порт %s/%s определен в политике и не может быть удален"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Невозможно удалить порт %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Невозможно выполнить перечисление портов"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Требуется SELinux Type"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Невозможно создать ключ для %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Невозможно проверить, определен ли интерфейс %s"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Интерфейс %s уже определен"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Невозможно создать интерфес для %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Невозможно создать контекст для %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Невозможно задать пользователя в контексте интерфейса для %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Невозможно задать роль в контексте интерфейса для %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Невозможно задать тип в контексте интерфейса для %s."
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Невозможно задать поля mls в контексте интерфейса для %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Невозможно задать контекст интерфейса для %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Невозможно задать контекст сообщения для %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Невозможно добавить интерфейс %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Интерфейс %s yt определен"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Невозможно запросить интерфейс %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Невозможно изменить интерфейс %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Интерфейс %s определен в политике и не может быть удален"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Невозможно удалить интерфейс %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Невозможно выполнить перечисление интерфейсов"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Невозможно проверить, определен ли контекст файла для %s"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Контекст файла для %s уже определен"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Невозможно создать контекст файла для %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Невозможно задать пользователя в контексте файла для %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Невозможно задать роль в контексте файла для %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Невозможно задать тип в контексте файла для %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Невозможно задать поля msl в контексте файла для %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Невозможно задать контекст файла для %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Невозможно добавить контекст файла для %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Необходим setyp, serange или seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Контекст файла для %s не определен"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Невозможно запросить контекст файла для %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Невозможно изменить контекст файла для %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Контекст файла для %s определен в политике и не может быть удален"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Невозможно удалить контекст файла для %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Невозможно выполнить перечисление контекстов файлов"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Невозможно отобразить контекст локальных файлов"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Требуется значение"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Невозможно проверить, определен ли переключатель %s"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Переключатель %s не определен"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Невозможно запросить контекст файла %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Невозможно изменить переключатель %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Переключатель %s не определен в политике и не может быть удален"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Невозможно удалить переключатель %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Невозможно выполнить перечисление переключателей"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Создается новый type enforcment файл: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Компиляция политики"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** В А Ж Н О ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Для того, чтобы загрузить только что созданный пакет политики в ядро,\n"
+"вам необходимо выполнить команду \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Ошибка параметров: %s "
+
diff --git a/policycoreutils/po/si.po b/policycoreutils/po/si.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/si.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/sk.po b/policycoreutils/po/sk.po
new file mode 100644
index 0000000..7b5cd5c
--- /dev/null
+++ b/policycoreutils/po/sk.po
@@ -0,0 +1,1042 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-09-04 17:56+0100\n"
+"Last-Translator: Mike Karas <zoliqe@gmail.com>\n"
+"Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Slovak\n"
+"X-Poedit-Country: SLOVAKIA\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "použitie: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Nemožno načítať politiku: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "zlyhanie nastavenia PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Heslo:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Nemožno nájsť vašu položku v súbore shadow passwd.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass nemôže otvoriť /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, fuzzy, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "nemožno nájsť vašu položku v súbore passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Nedostatok pamäte!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Chyba! Shell nie je správny.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Chyba pri inite schopností, končím.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, fuzzy, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Chyba pri inite schopností, končím.\n"
+
+#: ../newrole/newrole.c:450
+#, fuzzy, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Chyba resetu KEEPCAPS, končím\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Chyba pri zahadzovaní schopností, končím.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Chyba zmeny uid, končím.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Chyba resetu KEEPCAPS, končím\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Chyba zahadzovania SETUID schopnosti, končím\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Chyba pripojenia do audit systému.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Chyba alokácie pamäte.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Chyba odosielania audit správy.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Nemožno určiť vynucovací režim.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Chyba! Nemožno otvoriť %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Nemožno zistiť súčasný kontext pre %s, ne-reklasifikujem tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Nemožno zistiť nový kontext pre %s, ne-reklasifikujem tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Nemožno nastaviť nový kontext pre %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s zmenených klasifikácii.\n"
+
+#: ../newrole/newrole.c:716
+#, fuzzy, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Varovanie! Nemožno obnoviť kontext pre %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Chyba: zadané viacnásobné role\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Chyba: zadané viacnásobné typy\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "-l môže byť použité s podporou SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Chyba: zadané viacnásobné úrovne\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Nemožno zistiť implicitný typ.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "zlyhanie zistenia nového kontextu.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "zlyhanie nastavenia novej role %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "zlyhanie nastavenia nového typu %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "zlyhanie vytvorenia nového rozsahu s úrovňou %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "zlyhanie nastavenia nového rozsahu %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "zlyhanie konverzie nového kontextu na reťazec\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nie je správny kontext\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Nová rola môže byť použitá iba na SELinux jadre.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "zlyhanie získania old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Chyba: Nemožno získať informáciu o tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autentifikácia %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "zlyhanie inicializácie PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "nová rola: nesprávne heslo pre %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "nová rola: zlyhanie rozdeľovania: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, fuzzy, c-format
+msgid "Failed to close tty properly\n"
+msgstr "zlyhanie nastavenia nového typu %s\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Nemožno zatvoriť popisovače.\n"
+
+#: ../newrole/newrole.c:1140
+#, fuzzy, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Chyba alokácie pamäte.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Nemožno nastaviť exec kontext pre %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "zlyhanie spustenia shell-u\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"POUŽITIE: run_init <skript> <params ...>\n"
+" kde: <skript> je názov init skriptu pre spustenie,\n"
+" <params ...> sú parametre pre tento skript."
+
+#: ../run_init/run_init.c:139
+#, fuzzy, c-format
+msgid "failed to get account information\n"
+msgstr "zlyhanie zistenia nového kontextu.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: nesprávne heslo pre %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Nemožno otvoriť súbor %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Žiaden kontext v súbore %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "run_init môže byť použitý len na SELinux jadre.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "autentifikácia zlyhala.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Vyžaduje najmenej jednu kategóriu"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Nemožno zmeniť úrovne citlivosti použitím '+' na %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s je už v %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nie je v %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Nemožno kombinovať +/- s inými typmi kategorii"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nemožno mať viacnásobné citlivosti"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Použitie %s KATEGORIA Súbor ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Použitie %s -l KATEGORIA užívateľ ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Použitie %s [[+|-]KATEGORIA],...]q Súbor ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Použitie %s -l [[+|-]KATEGORIA],...]q užívateľ ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Použitie %s -d Súbor ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Použitie %s -l -d užívateľ ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Použitie %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Použitie %s -L -l užívateľ"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Použite -- pre ukončenie zoznamu volieb. Napríklad"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Vyžaduje 2 alebo viac parametrov"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nie je definované"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s nie je platné pre %s objekty\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "rozsah nie je podporovaný na nie-MLS strojoch"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Musíte zadať rolu"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Musíte zadať prefix"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Chyba volieb %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Neplatná hodnota %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "preklady nie sú podporované na nie-MLS strojoch"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Nepodarilo sa otvoriť %s: preklady nie sú podporované na nie-MLS strojoch"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Preklady nemôžu obsahovať medzery '%s'"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Neplatná úroveň '%s'"
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s je už definované v prekladoch"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nie je definované v prekladoch"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+"Pravidlá SELinuxu nie sú spravované, alebo nemožno pristupovať k pamäti."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Nemožno načítať pravidlo z pamäte."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Nemožno vytvoriť spojenie na semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Nemožno vytvoriť kľúč pre %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Nemožno skontrolovať či mapovanie loginu pre %s je definované"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Mapovanie loginu pre %s je už definované"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linuxový užívateľ %s neexistuje"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Nemožno vytvoriť mapovanie loginu pre %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Nemožno nastaviť meno pre %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Nemožno nastavit MLS rozsah pre %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Nemožno nastaviť SELinux užívateľa pre %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Nemožno začať semanage prenos"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Nemožno pridat mapovanie loginu pre %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Vyžaduje seuser alebo serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Mapovanie loginu pre %s nie je definované"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Nemožno overiť seuser pre %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Nemožno zmeniť mapovanie loginu pre %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Mapovanie loginu pre %s je definované v pravidlách, nemôže byť zmazané"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Nemožno zmazať mapovanie loginu pre %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Nemožno listovať mapovaniami loginov"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Nemožno skontrolovať či SELinux užívateľ %s je definovaný"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux užívateľ %s je už definovaný"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Nemožno vytvoriť SELinux užívateľa pre %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Nemožno pridať rolu %s pre %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Nemožno nastaviť MLS úroveň pre %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, fuzzy, python-format
+msgid "Invalid prefix %s"
+msgstr "Neplatná hodnota %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Nemožno pridať prefix %s pre %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Nemožno extrahovať kľúč pre %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Nemožno pridať SELinux užívateľa %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Požaduje prefix, role, úroveň alebo rozsah"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Požaduje prefix alebo role"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux užívateľ %s nie je definovaný"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Nemožno overiť užívateľa pre %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Nemožno zmeniť SELinux užívateľa %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux užívateľ %s je definovaný v pravidlách, nemožno ho zmazať"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Nemožno zmazať SELinux užívateľa %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Nemožno listovať SELinux užívateľmi"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Nemožno listovať rolami pre užívateľa %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protokol udp alebo tcp je požadovaný"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Port je požadovaný"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Nemožno vytvoriť kľúč pre %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Typ je požadovaný"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Nemožno skontrolovať či port %s/%s je definovaný"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s je už definovaný"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Nemožno vytvoriť port pre %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Nemožno vytvoriť kontext pre %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Nemožno nastaviť užívateľa v kontexte portu pre %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Nemožno nastaviť rolu v kontexte portu pre %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Nemožno nastaviť typ v kontexte portu pre %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Nemožno nastaviť mls pole v kontexte portu pre %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Nemožno nastaviť kontext portu pre %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Nemožno pridať port %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Požaduje setype alebo serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Požaduje setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Por %s/%s nie je definovaný"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Nemožno overiť port %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Nemožno zmeniť port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s je definovaný v pravidlách, nemôže byť zmazaný"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Nemožno zmazať port %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Nemožno listovať portami"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux typ je požadovaný"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Nemožno vytvoriť kľúč pre %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Nemožno skontrolovať či rozhranie %s je definované"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Rozhranie %s je už definované"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Nemožno vytvoriť rozhranie pre %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Nemožno vytvoriť kontext pre %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Nemožno nastaviť užívateľa v kontexte rozhrania pre %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Nemožno nastaviť rolu v kontexte rozhrania pre %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Nemožno nastaviť typ v kontexte rozhrania pre %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Nemožno nastaviť mls pole v kontexte rozhrania pre %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Nemožno nastaviť kontext rozhrania pre %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Nemožno nastaviť kontext správy pre %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Nemožno pridať rozhranie %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Rozhranie %s nie je definované"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Nemožno overiť rozhranie %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Nemožno zmeniť rozhranie %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Rozhranie %s je definované v pravidlách, nemôže byť zmazané"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Nemožno zmazať rozhranie %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Nemožno listovať rozhraniami"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Nemožno skontrolovať či kontext súboru pre %s je definovaný"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Kontext súboru pre %s je už definovaný"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Nemožno vytvoriť kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Nemožno nastaviť užívateľa v kontexte súboru pre %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Nemožno nastaviť rolu v kontexte súboru pre %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Nemožno nastaviť typ v kontexte súboru pre %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Nemožno nastaviť mls pole v kontexte súboru pre %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Nemožno nastavit kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Nemožno pridať kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Požaduje setype, serange alebo seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Kontext súboru pre %s nie je definovaný"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Nemožno overiť kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Nemožno zmeniť kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Kontext súboru pre %s je definovaný v pravidlách, nemôže byť zmazaný"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Nemožno zmazať kontext súboru pre %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Nemožno listovať kontextami súboru"
+
+#: ../semanage/seobject.py:1168
+#, fuzzy
+msgid "Could not list local file contexts"
+msgstr "Nemožno listovať kontextami súboru"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Požaduje hodnotu"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Nemožno skontrolovať či logická hodnota %s je definovaná"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Logická hodnota %s nie je definovaná"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Nemožno overiť kontext súboru %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Nemožno zmeniť logickú hodnotu %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Logická hodnota %s je definovaná v pravidlách, nemožno ju zmazať"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Nemožno zmazať logickú hodnotu %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Nemožno listovať logickými hodnotami"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Vytváranie súboru vynútenia typov: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Zostavujem pravidlá"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** DÔLEŽITÉ ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Pre načítanie novo vytvoreného balíka pravidiel do jadra,\n"
+"musíte spustiť \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Chyba volieb: %s"
diff --git a/policycoreutils/po/sl.po b/policycoreutils/po/sl.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/sl.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/sq.po b/policycoreutils/po/sq.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/sq.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/sr.po b/policycoreutils/po/sr.po
new file mode 100644
index 0000000..89ee53e
--- /dev/null
+++ b/policycoreutils/po/sr.po
@@ -0,0 +1,1117 @@
+# Serbian translations for policycoreutils
+# Copyright (C) 2006 Red Hat, Inc.
+# This file is distributed under the same license as the policycoreutils package.
+# Miloš Komarčević <kmilos@gmail.com>, 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-03 00:01+0100\n"
+"Last-Translator: Miloš Komarčević <kmilos@gmail.com>\n"
+"Language-Team: Serbian (sr) <fedora@prevod.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "употреба: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Не могу да учитам полису: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "неуспело постављање PAM_TTY\n"
+
+#: ../newrole/newrole.c:218
+#: ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Лозинка:"
+
+#: ../newrole/newrole.c:243
+#: ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Не могу да пронађем Вашу ставку у shadow passwd датотеци.\n"
+
+#: ../newrole/newrole.c:250
+#: ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass не може да отвори /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "не могу да пронађем исправну ставку у passwd датотеци.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Недостатак меморије!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Грешка! Љуска није исправна.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Не могу да очистим окружење\n"
+
+#: ../newrole/newrole.c:436
+#: ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Грешка при иницијализацији могућности, одустајем.\n"
+
+#: ../newrole/newrole.c:444
+#: ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Грешка при постављању могућности, одустајем\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Грешка при постављању KEEPCAPS, одустајем\n"
+
+#: ../newrole/newrole.c:458
+#: ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Грешка при одбацивању могућности, одустајем.\n"
+
+#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Грешка при uid промени, одустајем.\n"
+
+#: ../newrole/newrole.c:470
+#: ../newrole/newrole.c:525
+#: ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Грешка при повраћају KEEPCAPS вредности, одустајем\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Грешка при одбацивању SETUID могућности, одустајем\n"
+
+#: ../newrole/newrole.c:482
+#: ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Грешка при ослобађању могућности\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Грешка при повезивању са системом за проверу.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Грешка при заузимању меморије.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Грешка при слању поруке за проверу.\n"
+
+#: ../newrole/newrole.c:634
+#: ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Не могу да одредим режим приморавања.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Грешка! Не могу да отворим %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Не могу да добавим текући контекст за %s, не означавам tty поново.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Не могу да добавим нови контекст за %s, не означавам tty поново.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Не могу да поставим нови контекст за %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s измени ознаке.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Упозорење! Не могу да вратим контекст за %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Грешка: назначене су вишеструке улоге\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Грешка: назначене су вишеструке врсте\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Жалим, -l се може користити са SELinux MLS подршком.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Грешка: назначени су вишеструки нивои\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Не могу да добавим подразумевану врсту.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "неуспело добављање новог контекста.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "неуспело постављање нове улоге %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "неуспело постављање нове врсте %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "неуспела изградња новог опсега са нивоом %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "неуспело постављање новог опсега %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "неуспело претварање новог контекста у ниску\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s није исправан контекст\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Не могу да заузмем меморију за new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Не могу да добавим празан скуп сигнала\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Не могу да поставим SIGHUP руковаоца\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Жалим, newrole се може користити само на SELinux језгру.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "неуспело добављање старог контекста.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Грешка! Не могу да прибавим tty информације.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Аутентификујем %s.\n"
+
+#: ../newrole/newrole.c:1020
+#: ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "неуспела PAM иницијализација\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: нетачна лозинка за %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: неуспело рачвање: %s"
+
+#: ../newrole/newrole.c:1059
+#: ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Не могу да вратим tty ознаку...\n"
+
+#: ../newrole/newrole.c:1061
+#: ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Није успело прописно tty затварање\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Не могу да затворим описнике.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Грешка при додели argv0 љуске.\n"
+
+#: ../newrole/newrole.c:1147
+#: ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Не могу да поставим извршни контекст на %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Не могу да вратим окружење, одустајем\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "неуспело извршавање љуске\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"УПОТРЕБА: run_init <скрипта> <аргументи ...>\n"
+" где: <скрипта> је име инит скрипте коју треба покренути,\n"
+" <аргументи ...> су аргументи за ту скрипту."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "неуспело добављање података о налогу\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: нетачна лозинка за %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Не могу да отворим датотеку %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Нема контекста у датотеци %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Жалим, run_init се може користити само на SELinux језгру.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "неуспела аутентификација.\n"
+
+#: ../scripts/chcat:75
+#: ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Захтева барем једну категорију"
+
+#: ../scripts/chcat:89
+#: ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Не могу се мењати нивои осетљивости користећи „+“ на %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s је већ у %s"
+
+#: ../scripts/chcat:164
+#: ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s није у %s"
+
+#: ../scripts/chcat:237
+#: ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Не могу се комбиновати +/- за другим врстама категорија"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Није могуће имати вишеструке осетљивости"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Употреба %s КАТЕГОРИЈА датотека ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Употреба %s -l КАТЕГОРИЈА корисник ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Употреба %s [[+|-]КАТЕГОРИЈА],...]q датотека ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Употреба %s -l [[+|-]КАТЕГОРИЈА],...]q корисник ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Употреба %s -d датотека ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Употреба %s -l -d корисник ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Употреба %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Употреба %s -L -l корисник"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Употребите -- да окончате списак опција. На пример"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Захтева 2 или више аргумената"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s није дефинисано"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s није исправно за %s објекте\n"
+
+#: ../semanage/semanage:183
+#: ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "опсег није подржан на не-MLS машинама"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Морате навести улогу"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Морате навести предметак"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Грешка опција %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Неисправна вредност %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "преводи нису подржани на не-MLS машинама"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Не могу да отворим %s: преводи нису подржани на не-MLS машинама"
+
+#: ../semanage/seobject.py:179
+#: ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Преводи не смеју садржати размаке „%s“ "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Неисправан ниво „%s“ "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s је већ дефинисано у преводима"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s није дефинисано у преводима"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux полисом се не управља или се складишту не може приступити."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Не могу да прочитам складиште полисе."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Не могу да успоставим semanage везу"
+
+#: ../semanage/seobject.py:247
+#: ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352
+#: ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504
+#: ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093
+#: ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207
+#: ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Не могу да направим кључ за %s"
+
+#: ../semanage/seobject.py:251
+#: ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356
+#: ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Не могу да проверим да ли је дефинисано пресликавање пријаве за %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Пресликавање пријаве за %s је већ дефинисано"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux корисник %s не постоји"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Не могу да направим празно пресликавање пријаве за %s"
+
+#: ../semanage/seobject.py:265
+#: ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Не могу да поставим име за %s"
+
+#: ../semanage/seobject.py:270
+#: ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Не могу да поставим MLS опсег за %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Не могу да поставим SELinux корисника за %s"
+
+#: ../semanage/seobject.py:278
+#: ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368
+#: ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539
+#: ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705
+#: ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776
+#: ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944
+#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073
+#: ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148
+#: ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Не могу да покренем semanage трансакцију"
+
+#: ../semanage/seobject.py:282
+#: ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Не могу да додам пресликавање пријаве за %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Захтева seuser или serange"
+
+#: ../semanage/seobject.py:311
+#: ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Пресликавање пријаве за %s није дефинисано "
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Не могу да испитам seuser-а за %s"
+
+#: ../semanage/seobject.py:334
+#: ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Не могу да изменим пресликавање пријаве за %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Пресликавање пријаве за %s је дефинисано у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:373
+#: ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Не могу да обришем пресликавање пријаве за %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Не могу да попишем пресликавања пријаве"
+
+#: ../semanage/seobject.py:437
+#: ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566
+#: ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Не могу да проверим да ли је дефинисан SELinux корисник %s"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux корисник %s је већ дефинисан"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Не могу да направим SELinux корисника за %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Не могу да додам улогу %s за %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Не могу да поставим MLS ниво за %s"
+
+#: ../semanage/seobject.py:463
+#: ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Неисправан предметак %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Не могу да додам предметак %s за %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Не могу да издвојим кључ за %s"
+
+#: ../semanage/seobject.py:477
+#: ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Не могу да додам SELinux корисника %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Захтева предметак, улоге, ниво или опсег"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Захтева предметак или улоге"
+
+#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux корисник %s није дефинисан"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Не могу да испитам корисника за %s"
+
+#: ../semanage/seobject.py:543
+#: ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Не могу да изменим SELinux корисника %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux корисник %s је дефинисан у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:582
+#: ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Не могу да обришем SELinux корисника %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Не могу да попишем SELinux кориснике"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Не могу да попишем улоге за корисника %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Неопходан је udp или tcp протокол"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Неопходан је порт"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Не могу да направим кључ за %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Неопходна је врста"
+
+#: ../semanage/seobject.py:668
+#: ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Не могу да проверим да ли је дефинисан порт %s/%s"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Порт %s/%s је већ дефинисан"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Не могу да направим порт за %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Не могу да направим контекст %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Не могу да поставим корисника у контексту порта за %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Не могу да поставим улогу у контексту порта за %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Не могу да поставим врсту у контексту порта за %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Не могу да поставим mls поља у контексту порта за %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Не могу да поставим контекст порта за %s/%s"
+
+#: ../semanage/seobject.py:709
+#: ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Не могу да додам порт %s/%s"
+
+#: ../semanage/seobject.py:722
+#: ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Захтева setype или serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Захтева setype"
+
+#: ../semanage/seobject.py:732
+#: ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Порт %s/%s није дефинисан"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Не могу да испитам порт %s/%s"
+
+#: ../semanage/seobject.py:751
+#: ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Не могу да изменим порт %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Порт %s/%s је дефинисан у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:780
+#: ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Не могу да обришем порт %s/%s"
+
+#: ../semanage/seobject.py:792
+#: ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Не могу да попишем портове"
+
+#: ../semanage/seobject.py:855
+#: ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux врста је неопходна"
+
+#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960
+#: ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Не могу да направим кључ за %s"
+
+#: ../semanage/seobject.py:863
+#: ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Не могу да проверим да ли је спрега %s дефинисана"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Спрега %s је већ дефинисана"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Не могу да направим спрегу за %s"
+
+#: ../semanage/seobject.py:874
+#: ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Не могу да направим контекст за %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Не могу да поставим корисника у контексту спреге за %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Не могу да поставим улогу у контексту спреге за %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Не могу да поставим врсту у контексту спреге за %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Не могу да поставим mls поља у контексту спреге за %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Не могу да поставим контекст спреге за %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Не могу да поставим контекст поруке за %s"
+
+#: ../semanage/seobject.py:907
+#: ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Не могу да додам спрегу %s"
+
+#: ../semanage/seobject.py:929
+#: ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Спрега %s није дефинисана"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Не могу да испитам спрегу %s"
+
+#: ../semanage/seobject.py:948
+#: ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Не могу да изменим спрегу %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Спрега %s је дефинисана у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Не могу да обришем спрегу %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Не могу да попишем спреге"
+
+#: ../semanage/seobject.py:1035
+#: ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136
+#: ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Не могу да проверим да ли је дефинисан контекст датотеке за %s"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Контекст датотеке за %s је већ дефинисан"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Не могу да направим контекст датотеке за %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Не могу да поставим корисника у контексту датотеке за %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Не могу да поставим улогу у контексту датотеке за %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Не могу да поставим врсту у контексту датотеке за %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Не могу да поставим mls поља у контексту датотеке за %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Не могу да поставим контекст датотеке за %s"
+
+#: ../semanage/seobject.py:1077
+#: ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Не могу да додам контекст датотеке за %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Захтева setype, serange или seuser"
+
+#: ../semanage/seobject.py:1099
+#: ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Контекст датотеке за %s није дефинисан"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Не могу да испитам контекст датотеке за %s"
+
+#: ../semanage/seobject.py:1120
+#: ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Не могу да изменим контекст датотеке %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Контекст датотеке за %s је дефинисан у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:1152
+#: ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Не могу да обришем контекст датотеке %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Не могу да попишем контексте датотека"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Не могу да попишем локалне контексте датотека"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Захтева вредност"
+
+#: ../semanage/seobject.py:1211
+#: ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Не могу да проверим да ли је дефинисан логички израз %s"
+
+#: ../semanage/seobject.py:1213
+#: ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Логички израз %s није дефинисан"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Не могу да испитам контекст датотеке %s"
+
+#: ../semanage/seobject.py:1229
+#: ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Не могу да изменим логички израз %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Логички израз %s је дефинисан у полиси, не може се брисати"
+
+#: ../semanage/seobject.py:1261
+#: ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Не могу да обришем логички израз %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Не могу да попишем логичке изразе"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Правим датотеку врсте приморавања: %s.te"
+
+#: ../audit2allow/audit2allow:189
+#: ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Компилирам полису"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"********************** ВАЖНО *************************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Да би учитали овај ново направљени пакет полисе у језгро,\n"
+"неопходно је да извршите \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Грешка опција: %s "
+
diff --git a/policycoreutils/po/sr@Latn.po b/policycoreutils/po/sr@Latn.po
new file mode 100644
index 0000000..527bd2c
--- /dev/null
+++ b/policycoreutils/po/sr@Latn.po
@@ -0,0 +1,1117 @@
+# Serbian(Latin) translations for policycoreutils
+# Copyright (C) 2006 Red Hat, Inc.
+# This file is distributed under the same license as the policycoreutils package.
+# Miloš Komarčević <kmilos@gmail.com>, 2006.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-03 00:01+0100\n"
+"Last-Translator: Miloš Komarčević <kmilos@gmail.com>\n"
+"Language-Team: Serbian (sr) <fedora@prevod.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "upotreba: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Ne mogu da učitam polisu: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "neuspelo postavljanje PAM_TTY\n"
+
+#: ../newrole/newrole.c:218
+#: ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Lozinka:"
+
+#: ../newrole/newrole.c:243
+#: ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Ne mogu da pronađem Vašu stavku u shadow passwd datoteci.\n"
+
+#: ../newrole/newrole.c:250
+#: ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass ne može da otvori /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "ne mogu da pronađem ispravnu stavku u passwd datoteci.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Nedostatak memorije!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Greška! Ljuska nije ispravna.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Ne mogu da očistim okruženje\n"
+
+#: ../newrole/newrole.c:436
+#: ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Greška pri inicijalizaciji mogućnosti, odustajem.\n"
+
+#: ../newrole/newrole.c:444
+#: ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Greška pri postavljanju mogućnosti, odustajem\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Greška pri postavljanju KEEPCAPS, odustajem\n"
+
+#: ../newrole/newrole.c:458
+#: ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Greška pri odbacivanju mogućnosti, odustajem.\n"
+
+#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Greška pri uid promeni, odustajem.\n"
+
+#: ../newrole/newrole.c:470
+#: ../newrole/newrole.c:525
+#: ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Greška pri povraćaju KEEPCAPS vrednosti, odustajem\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Greška pri odbacivanju SETUID mogućnosti, odustajem\n"
+
+#: ../newrole/newrole.c:482
+#: ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Greška pri oslobađanju mogućnosti\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Greška pri povezivanju sa sistemom za proveru.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Greška pri zauzimanju memorije.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Greška pri slanju poruke za proveru.\n"
+
+#: ../newrole/newrole.c:634
+#: ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Ne mogu da odredim režim primoravanja.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Greška! Ne mogu da otvorim %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Ne mogu da dobavim tekući kontekst za %s, ne označavam tty ponovo.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Ne mogu da dobavim novi kontekst za %s, ne označavam tty ponovo.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Ne mogu da postavim novi kontekst za %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s izmeni oznake.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Upozorenje! Ne mogu da vratim kontekst za %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Greška: naznačene su višestruke uloge\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Greška: naznačene su višestruke vrste\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Žalim, -l se može koristiti sa SELinux MLS podrškom.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Greška: naznačeni su višestruki nivoi\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Ne mogu da dobavim podrazumevanu vrstu.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "neuspelo dobavljanje novog konteksta.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "neuspelo postavljanje nove uloge %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "neuspelo postavljanje nove vrste %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "neuspela izgradnja novog opsega sa nivoom %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "neuspelo postavljanje novog opsega %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "neuspelo pretvaranje novog konteksta u nisku\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s nije ispravan kontekst\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Ne mogu da zauzmem memoriju za new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Ne mogu da dobavim prazan skup signala\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Ne mogu da postavim SIGHUP rukovaoca\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Žalim, newrole se može koristiti samo na SELinux jezgru.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "neuspelo dobavljanje starog konteksta.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Greška! Ne mogu da pribavim tty informacije.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autentifikujem %s.\n"
+
+#: ../newrole/newrole.c:1020
+#: ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "neuspela PAM inicijalizacija\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: netačna lozinka za %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: neuspelo račvanje: %s"
+
+#: ../newrole/newrole.c:1059
+#: ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Ne mogu da vratim tty oznaku...\n"
+
+#: ../newrole/newrole.c:1061
+#: ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Nije uspelo propisno tty zatvaranje\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Ne mogu da zatvorim opisnike.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Greška pri dodeli argv0 ljuske.\n"
+
+#: ../newrole/newrole.c:1147
+#: ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Ne mogu da postavim izvršni kontekst na %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Ne mogu da vratim okruženje, odustajem\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "neuspelo izvršavanje ljuske\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"UPOTREBA: run_init <skripta> <argumenti ...>\n"
+" gde: <skripta> je ime init skripte koju treba pokrenuti,\n"
+" <argumenti ...> su argumenti za tu skriptu."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "neuspelo dobavljanje podataka o nalogu\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: netačna lozinka za %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Ne mogu da otvorim datoteku %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Nema konteksta u datoteci %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Žalim, run_init se može koristiti samo na SELinux jezgru.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "neuspela autentifikacija.\n"
+
+#: ../scripts/chcat:75
+#: ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Zahteva barem jednu kategoriju"
+
+#: ../scripts/chcat:89
+#: ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Ne mogu se menjati nivoi osetljivosti koristeći „+“ na %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s je već u %s"
+
+#: ../scripts/chcat:164
+#: ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s nije u %s"
+
+#: ../scripts/chcat:237
+#: ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Ne mogu se kombinovati +/- za drugim vrstama kategorija"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Nije moguće imati višestruke osetljivosti"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Upotreba %s KATEGORIJA datoteka ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Upotreba %s -l KATEGORIJA korisnik ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Upotreba %s [[+|-]KATEGORIJA],...]q datoteka ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Upotreba %s -l [[+|-]KATEGORIJA],...]q korisnik ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Upotreba %s -d datoteka ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Upotreba %s -l -d korisnik ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Upotreba %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Upotreba %s -L -l korisnik"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Upotrebite -- da okončate spisak opcija. Na primer"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Zahteva 2 ili više argumenata"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s nije definisano"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s nije ispravno za %s objekte\n"
+
+#: ../semanage/semanage:183
+#: ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "opseg nije podržan na ne-MLS mašinama"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Morate navesti ulogu"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Morate navesti predmetak"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Greška opcija %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Neispravna vrednost %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "prevodi nisu podržani na ne-MLS mašinama"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "Ne mogu da otvorim %s: prevodi nisu podržani na ne-MLS mašinama"
+
+#: ../semanage/seobject.py:179
+#: ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Prevodi ne smeju sadržati razmake „%s“ "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Neispravan nivo „%s“ "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s je već definisano u prevodima"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s nije definisano u prevodima"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux polisom se ne upravlja ili se skladištu ne može pristupiti."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Ne mogu da pročitam skladište polise."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Ne mogu da uspostavim semanage vezu"
+
+#: ../semanage/seobject.py:247
+#: ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352
+#: ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504
+#: ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093
+#: ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207
+#: ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Ne mogu da napravim ključ za %s"
+
+#: ../semanage/seobject.py:251
+#: ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356
+#: ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Ne mogu da proverim da li je definisano preslikavanje prijave za %s"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Preslikavanje prijave za %s je već definisano"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux korisnik %s ne postoji"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Ne mogu da napravim prazno preslikavanje prijave za %s"
+
+#: ../semanage/seobject.py:265
+#: ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Ne mogu da postavim ime za %s"
+
+#: ../semanage/seobject.py:270
+#: ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Ne mogu da postavim MLS opseg za %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Ne mogu da postavim SELinux korisnika za %s"
+
+#: ../semanage/seobject.py:278
+#: ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368
+#: ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539
+#: ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705
+#: ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776
+#: ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944
+#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073
+#: ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148
+#: ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Ne mogu da pokrenem semanage transakciju"
+
+#: ../semanage/seobject.py:282
+#: ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Ne mogu da dodam preslikavanje prijave za %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Zahteva seuser ili serange"
+
+#: ../semanage/seobject.py:311
+#: ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Preslikavanje prijave za %s nije definisano "
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Ne mogu da ispitam seuser-a za %s"
+
+#: ../semanage/seobject.py:334
+#: ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Ne mogu da izmenim preslikavanje prijave za %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "Preslikavanje prijave za %s je definisano u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:373
+#: ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Ne mogu da obrišem preslikavanje prijave za %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Ne mogu da popišem preslikavanja prijave"
+
+#: ../semanage/seobject.py:437
+#: ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566
+#: ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Ne mogu da proverim da li je definisan SELinux korisnik %s"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux korisnik %s je već definisan"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Ne mogu da napravim SELinux korisnika za %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Ne mogu da dodam ulogu %s za %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Ne mogu da postavim MLS nivo za %s"
+
+#: ../semanage/seobject.py:463
+#: ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Neispravan predmetak %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Ne mogu da dodam predmetak %s za %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Ne mogu da izdvojim ključ za %s"
+
+#: ../semanage/seobject.py:477
+#: ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Ne mogu da dodam SELinux korisnika %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Zahteva predmetak, uloge, nivo ili opseg"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Zahteva predmetak ili uloge"
+
+#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux korisnik %s nije definisan"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Ne mogu da ispitam korisnika za %s"
+
+#: ../semanage/seobject.py:543
+#: ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Ne mogu da izmenim SELinux korisnika %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux korisnik %s je definisan u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:582
+#: ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Ne mogu da obrišem SELinux korisnika %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Ne mogu da popišem SELinux korisnike"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Ne mogu da popišem uloge za korisnika %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Neophodan je udp ili tcp protokol"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Neophodan je port"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Ne mogu da napravim ključ za %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Neophodna je vrsta"
+
+#: ../semanage/seobject.py:668
+#: ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Ne mogu da proverim da li je definisan port %s/%s"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s je već definisan"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Ne mogu da napravim port za %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Ne mogu da napravim kontekst %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Ne mogu da postavim korisnika u kontekstu porta za %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Ne mogu da postavim ulogu u kontekstu porta za %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Ne mogu da postavim vrstu u kontekstu porta za %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Ne mogu da postavim mls polja u kontekstu porta za %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Ne mogu da postavim kontekst porta za %s/%s"
+
+#: ../semanage/seobject.py:709
+#: ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Ne mogu da dodam port %s/%s"
+
+#: ../semanage/seobject.py:722
+#: ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Zahteva setype ili serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Zahteva setype"
+
+#: ../semanage/seobject.py:732
+#: ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s nije definisan"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Ne mogu da ispitam port %s/%s"
+
+#: ../semanage/seobject.py:751
+#: ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Ne mogu da izmenim port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s je definisan u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:780
+#: ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Ne mogu da obrišem port %s/%s"
+
+#: ../semanage/seobject.py:792
+#: ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Ne mogu da popišem portove"
+
+#: ../semanage/seobject.py:855
+#: ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux vrsta je neophodna"
+
+#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960
+#: ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Ne mogu da napravim ključ za %s"
+
+#: ../semanage/seobject.py:863
+#: ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Ne mogu da proverim da li je sprega %s definisana"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Sprega %s je već definisana"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Ne mogu da napravim spregu za %s"
+
+#: ../semanage/seobject.py:874
+#: ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Ne mogu da napravim kontekst za %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Ne mogu da postavim korisnika u kontekstu sprege za %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Ne mogu da postavim ulogu u kontekstu sprege za %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Ne mogu da postavim vrstu u kontekstu sprege za %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Ne mogu da postavim mls polja u kontekstu sprege za %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Ne mogu da postavim kontekst sprege za %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Ne mogu da postavim kontekst poruke za %s"
+
+#: ../semanage/seobject.py:907
+#: ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Ne mogu da dodam spregu %s"
+
+#: ../semanage/seobject.py:929
+#: ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Sprega %s nije definisana"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Ne mogu da ispitam spregu %s"
+
+#: ../semanage/seobject.py:948
+#: ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Ne mogu da izmenim spregu %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Sprega %s je definisana u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Ne mogu da obrišem spregu %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Ne mogu da popišem sprege"
+
+#: ../semanage/seobject.py:1035
+#: ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136
+#: ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Ne mogu da proverim da li je definisan kontekst datoteke za %s"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Kontekst datoteke za %s je već definisan"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Ne mogu da napravim kontekst datoteke za %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Ne mogu da postavim korisnika u kontekstu datoteke za %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Ne mogu da postavim ulogu u kontekstu datoteke za %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Ne mogu da postavim vrstu u kontekstu datoteke za %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Ne mogu da postavim mls polja u kontekstu datoteke za %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Ne mogu da postavim kontekst datoteke za %s"
+
+#: ../semanage/seobject.py:1077
+#: ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Ne mogu da dodam kontekst datoteke za %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Zahteva setype, serange ili seuser"
+
+#: ../semanage/seobject.py:1099
+#: ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Kontekst datoteke za %s nije definisan"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Ne mogu da ispitam kontekst datoteke za %s"
+
+#: ../semanage/seobject.py:1120
+#: ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Ne mogu da izmenim kontekst datoteke %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Kontekst datoteke za %s je definisan u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:1152
+#: ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Ne mogu da obrišem kontekst datoteke %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Ne mogu da popišem kontekste datoteka"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Ne mogu da popišem lokalne kontekste datoteka"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Zahteva vrednost"
+
+#: ../semanage/seobject.py:1211
+#: ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Ne mogu da proverim da li je definisan logički izraz %s"
+
+#: ../semanage/seobject.py:1213
+#: ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Logički izraz %s nije definisan"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Ne mogu da ispitam kontekst datoteke %s"
+
+#: ../semanage/seobject.py:1229
+#: ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Ne mogu da izmenim logički izraz %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Logički izraz %s je definisan u polisi, ne može se brisati"
+
+#: ../semanage/seobject.py:1261
+#: ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Ne mogu da obrišem logički izraz %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Ne mogu da popišem logičke izraze"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Pravim datoteku vrste primoravanja: %s.te"
+
+#: ../audit2allow/audit2allow:189
+#: ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Kompiliram polisu"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"********************** VAŽNO *************************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"Da bi učitali ovaj novo napravljeni paket polise u jezgro,\n"
+"neophodno je da izvršite \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Greška opcija: %s "
+
diff --git a/policycoreutils/po/sv.po b/policycoreutils/po/sv.po
new file mode 100644
index 0000000..ed08f5e
--- /dev/null
+++ b/policycoreutils/po/sv.po
@@ -0,0 +1,1040 @@
+# Swedish messages for policycoreutils.
+# Copyright (C) Christian Rose <menthos@menthos.com>, 2006.
+# Copyright (C) Magnus Larsson <fedoratrans@gmail.com>, 2007.
+#
+# $Id: sv.po 2244 2007-02-21 17:04:57Z ssmalley $
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2007-01-18 16:00-0500\n"
+"Last-Translator: Christian Rose <menthos@menthos.com>\n"
+"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "användning: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Kan inte läsa in policy: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "misslyckades med att sätta PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Lösenord:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Kan inte hitta din post i skugglösenordsfilen.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass kan inte öppna /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "kan inte hitta giltig post i passwd-filen.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Slut på minne!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Fel! Skalet är inte giltigt.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Kan inte rensa miljön\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Fel vid initiering av kapabiliteter, avbryter.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Fel vid sättning av kapabiliteter, avbryter\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Fel vid sättning av KEEPCAPS, avbryter\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Fel vid borttagning av kapabiliteter, avbryter\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Fel vid byte av uid, avbryter.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Fel vid återställning av KEEPCAPS, avbryter\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Fel vi borttagning av SETUID kapabilitet, avbryter\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Fel vid frigöring av caps\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Fel vid anslutning till granskningssystem.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Fel vid minnesallokering.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Fel vid skickande av granskningsmeddelande.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Kunde inte bestämma upprätthållande-läge.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Fel! Kunde inte öppna %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! Kunde inte hämta aktuellt kontext för %s, märker inte om tty.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! Kunde inte få nytt kontext för %s, märker inte om tty.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Kunde inte sätta nytt kontext för %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s ändrade märkningar.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Varning! Kunde inte återställa kontext för %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Fel: multipla roller specificerade\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Fel: flera typer angivna\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Ledsen, -Jag kan användas med SELinux MLS stöd.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Fel: flera nivåer angivna\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Kunde inte få tag i standardtyp.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "misslyckades med att få tag i nytt kontext.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "misslyckades med att ställa in ny roll %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "misslyckades med att ställa in ny typ %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "misslyckades med att bygga nytt intervall med nivå %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "misslyckades med att sätta nytt intervall %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "misslyckades med att konvertera nytt kontext till sträng\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s är inte ett giltigt kontext\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Kunde inte allokera minne för new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Kunde inte få tag i tomt signal-set\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Kan inte sätta SIGHUP-hanterare\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "Tyvärr, newrole kan endast användas på en SELinux-kärna.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "kunde inte få tag i old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Fel! Kunde inte få tag i tty-information.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Autentiserar %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "misslyckades med att initiera PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: felaktigt lösenord för %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: fel vid gaffling: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Kunde inte återställa tty-märkning...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Misslyckades att korrekt stänga tty\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Kunde inte stänga deskriptorerna.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Fel vid allokering av skalets argv0.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Kunde inte ställa in körningskontext till %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Kunde inte återställa miljön, avbryter\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "kunde ej exek skal\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"ANVÄNDNING: run_init <script> <args ...>\n"
+" där: <script> är namnet på init skript som ska köras,\n"
+" <args ...> är argumenten till det skriptet."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "misslyckades att få tag i kontoinformation\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: fel lösenord för %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Kunde inte öppna filen %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "Inget kontext i filen %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "Ledsen, run_init kan bara användas på en SELinux kärna.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "autentisering misslyckades.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Kräver minst en kategori"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Kan inte modifiera känslighetsnivå genom att använda '+' på %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s är redan i %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s finns inte i %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Kan inte kombinera +/- med andra typer av kategorier"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Kan inte ha flera känsligheter"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Användning %s KATEGORI fil ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Användning %s -l KATEGORI användare ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Användning %s [[+|-]KATEGORI],...]q fil ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Användning %s -l [[+|-]KATEGORI],...]q användare ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Användning %s -d fil ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Användning %s -l -d användare ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Användning %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Användning %s -L -l användare"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Använd -- för avsluta option listan. Till exempel"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -Hemligt /dok/affärsplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +Hemligt juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Kräver 2 eller fler argument"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s är inte definierad"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s inte giltig för %s objekt\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "intervall stöds inte av icke-MLS maskiner"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Du måste ange en roll"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Du måste ange ett prefix"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Flaggfel %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Ogiltigt värde %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "översättningar stöds inte på maskiner som inte har MLS"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Kan inte öppna %s: översättningar stöds inte på maskiner som inte har MLS"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Översättningar kan inte innehålla blanksteg \"%s\" "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Ogiltig nivå \"%s\" "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s är redan definierad i översättningar"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s är inte definierad i översättningar"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux policy är inte hanterad eller lager kan inte kommas åt."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Kan inte läsa policylager."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Kunde inte sätta upp en semanage-uppkoppling"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Kunde inte skapa en nyckel för %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Kunde inte kontrollera om inloggningskartläggning för %s är definierad"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "Inloggningskartläggning för %s är redan definierad"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linuxanvändaren %s finns inte"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Kunde inte skapa inloggningskartläggning för %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Kunde inte sätta namn för %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Kunde inte sätta MLS-intervall för %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Kunde inte sätta SELinux användare för %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Kunde inte starta semanage-transaktion"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Kunde inte lägga till inloggningskartläggning för %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Kräver seuser eller serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "Inloggningskartläggning för %s är inte definierad"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Kunde inte fråga seuser efter %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Kunde inte ändra inloggnings-kartläggning för %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+"Inloggningskartläggning för %s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Kunde inte ta bort inloggningkartläggning för %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Kunde inte lista inloggningsmappningar"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Kunde inte kontrollera om SELinux användare %s är definierad"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux användare %s är redan definierad"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Kunde inte skapa SELinux användare för %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Kunde inte lägga till roll %s för %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Kunde inte sätta MLS nivå för %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Ogiltigt prefix %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Kunde inte lägga till prefix %s för %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Kunde inte få ut nyckel för %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Kunde inte lägga till SELinux användare %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Kräver prefix, roller, nivå eller område"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Kräver prefix eller roller"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux användare %s är inte definierad"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Kan inte fråga användare för %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Kan inte modifiera SELinux användare %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux använda %s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Kan inte ta bort SELinux användare %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Kan inte lista SELinux användare"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Kan inte lista roller för användare %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Protokoll udp eller tcp krävs"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Port krävs"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Kunde inte skapa en nyckel för %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Typ krävs"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Kunde inte kontrollera om port %s/%s är definierad"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Port %s/%s redan definierad"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Kunde inte skapa port för %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Kunde inte skapa kontext för %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Kunde inte sätta användare i port-kontext för %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Kunde inte sätta roll i port-kontext för %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Kunde inte sätta typ i port-kontext för %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Kunde inte sätta mls-fält i port-kontext för %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Kunde inte sätta port-kontext för %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Kunde inte lägga till port %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Kräver setype eller serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Kräver setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Port %s/%s är inte definierad"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Kunde inte fråga port %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Kunde inte modifiera port %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Port %s/%s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Kan inte ta bort port %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Kunde inte lista portar"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux Type krävs"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Kunde inte skapa nyckel för %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Kunde inte kontrollera om gränssnittet %s är definierat"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Gränssnittet %s är redan definierat"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Kunde inte skapa gränssnitt för %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Kunde inte skapa-kontext för %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Kunde inte sätta använda i gränssnitts-kontext för %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Kunde inte sätta roll i gränssnittskontext för %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Kan inte sätta typ i gränssnitts-kontext för %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Kan inte sätta mls-fält i gränssnittskontext för %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Kan inte sätta gränssnittskontext för %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Kan inte sätta meddelande-kontext för %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Kunde inte lägga till gränssnittet %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Gränssnittet %s är inte definierat"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Kunde inte fråga gränssnittet %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Kunde inte ändra gränssnittet %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Gränssnitt %s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Kunde inte ta bort gränssnittet %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Kunde inte lista gränssnitt"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Kan inte kontrollera om fil-kontext för %s är definierat"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Filkontext för %s redan definierat"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Kunde inte skapa filkontext för %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Kunde inte sätta användare i filkontext för %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Kunde inte sätta roll i filkontext för %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Kunde inte sätta typ i filkontext för %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Kunde inte sätta mls-fält i filkontext för %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Kunde inte sätta filkontext för %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Kunde inte lägga till filkontext för %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Kräver setype, serange eller seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Filkontext för %s är inte definierad"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Kunde inte fråga filkontext för %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Kunde inte modifiera filkontext för %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Filkontext för %s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Kunde inte radera filkontext för %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Kunde inte lista filkontext"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Kunde inte lista lokalt filkontext"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Kräver värde"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Kunde inte kontrollera om flaggan %s är definierad"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Flaggan %s är inte definierad"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Kunde inte fråga filkontext %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Kunde inte modifiera flagga %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Flagga %s är definierad i policy, kan inte tas bort"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Kunde inte ta bort flagga %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Kunde inte lista flaggor"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Genererar upprätthållande-typ fil: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Kompilerar policy"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"********************* VIKTIGT ************************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"För att ladda detta nya policy-paket in i kärnan,\n"
+"måste du köra \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Flaggfel: %s "
diff --git a/policycoreutils/po/ta.po b/policycoreutils/po/ta.po
new file mode 100644
index 0000000..d8bc13b
--- /dev/null
+++ b/policycoreutils/po/ta.po
@@ -0,0 +1,1043 @@
+# translation of ta.po to Tamil
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Felix <ifelix@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ta\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-22 11:14+0530\n"
+"Last-Translator: Felix <ifelix@redhat.com>\n"
+"Language-Team: Tamil <ta@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"\n"
+"\n"
+"\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "பயன்பாடு: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: பாலிசியை ஏற்ற முடியவில்லை: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "PAM_TTYஐ அமைக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "கடவுச்சொல்:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "நிழல் கடவுச்சொல் கோப்பில் உங்கள் உள்ளீடை காண முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass /dev/ttyஐ திறக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "சரியான உள்ளீடை கடவுச்சொல் கோப்பில் பார்க்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "நினைவகம் போதவில்லை!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "பிழை! ஷெல் தவறாக உள்ளது.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "சூழலை துடைக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "capabilityகளை துவக்குவதில் பிழை, வெளியேறுகிறது.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "செயல்திறன்களை அமைப்பதில் பிழை, வெளியேறுகிறது.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS அமைப்பதில் பிழை, வெளியேறுகிறது\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "capabilityகளை விடுவதில் பிழை, வெளியேறுகிறது.\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "uid ஐ மாற்றுவதில் பிழை, வெளியேறுகிறது.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "KEEPCAPS மறுஅமைப்பதில் பிழை, வெளியேறுகிறது\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "SETUID திறனை விடுவதில் பிழை, வெளியேறுகிறது\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "capsஐ விடுவதில் பிழை\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "தணிக்கை அமைப்புடன் இணைப்பதில் பிழை.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "நினைவகம் ஒதுக்குவதில் பிழை.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "தணிக்கை செய்தியை அனுப்புவதில் பிழை.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "கட்டாயப்படுத்தும் முறையை குறிப்பிட முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "பிழை! %sஐ திறக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! %sக்கு நடப்பு சூழலை பெற முடியவில்லை, ttyஐ மறு பெயர் இட முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! %sக்கு புதிய சூழலை பெற முடியவில்லை, ttyஐ மறு பெயர் இட முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! %sக்கு புதிய சூழலை அமைக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s மாற்றப்பட்ட பெயர்கள்.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "எச்சரிக்கை! %sக்கு சூழலை மறு சேமிக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "பிழை: பல பாத்திரங்கள் குறிப்பிடப்பட்டுள்ளன\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "பிழை: பல வகைகள் குறிப்பிடப்பட்டுள்ளன\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "மன்னிக்கவும், -SELinux MLS துணையை பயன்படுத்தி இருக்கலாம்.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "பிழை: பல நிலைகள் குறிப்பிடப்பட்டுள்ளன\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "முன்னிருப்பு வகையை எடுக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "புதிய சூழலை எடுக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "புதிய பாத்திரத்தை அமைக்க முடியவில்லை %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "புதிய வகையை அமைக்க முடியவில்லை %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "%s நிலைகளுடன் புதிய வரையறையை உருவாக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "புதிய வரையறையை உருவாக்க முடியவில்லை %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "புதிய சூழலை சரமாக மாற்ற முடியவில்லை\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s சரியான சூழல் இல்லை\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "புதிய சூழலுக்கு நினைவகத்தை ஒதுக்க முடியவில்லை (_c)"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "வெற்று சமிக்ஞை அமைப்பதை பெற முடியவில்லை\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "SIGHUP கையாளியை அமைக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "SELinux கர்னலில் மட்டுமே புதிய பாத்திரம் பயன்படுத்தப்படும்.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "பழைய சூழலை எடுக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "பிழை! tty விவரத்தினை எடுக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "அங்கீகாரமளிக்கிறது %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "PAM ஐ துவக்க முடியவில்லை\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "புதிய பாத்திரம்: %sக்கு தவறான கடவுச்சொல்\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "புதிய பாத்திரம்: கிளைப்படுத்த முடியவில்லை: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "tty பெயரை மறு சேமிக்க முடியவில்லை...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "ttyஐ சரியாக மூட முடியவில்லை\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "விவரிப்பிகளை மூட முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "ஷெல்லுடைய argv0ஐ ஒதுக்குவதில் பிழை.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "%sக்கு exec சூழலை அமைக்க முடியவில்லை.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "சூழலை மறு சேமிக்க முடியவில்லை, வெளியேறுகிறது\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "ஷெல்லை செயல்படுத்த முடியவில்லை\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"பயன்பாடு: run_init <script> <args ...>\n"
+" எங்கு: <script> ஆரம்ப உரையின் பெயரை இயக்க வேண்டும்,\n"
+" <args ...> இவை அந்த உரையின் மதிப்புகள் ஆகும்."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "கணக்கு விவரங்களை எடுக்க முடியவில்லை.\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %sக்கு தவறான கடவுச்சொல்\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "%s கோப்பினை திறக்க முடியவில்லை\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "%s கோப்பில் சூழல் இல்லை\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "மன்னிக்கவும், run_init SELinux கர்னலில் மட்டுமே பயன்படுத்தப்படும்.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "அங்கீகரிக்கப்படவில்லை.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "ஒரு வகையாவது தேவைப்படுகிறது"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "%sல் '+' ஐ பயன்படுத்தும் அறிவார்ந்த நிலைகளை மாற்ற முடியாது"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s ஏற்கனவே %sல் இருக்கிறது"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s %sல் இல்லை"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/-வைகளை மற்ற வகையின் வகையுடன் இணைக்க முடியாது"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "பல அறிவார்ந்தவைகளை கொண்டிருக்கவில்லை"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "பயன்பாடு %s CATEGORY கோப்பு ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "பயன்பாடு %s -l CATEGORY பயனர் ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "பயன்பாடு %s [[+|-]CATEGORY],...]q கோப்பு ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "பயன்பாடு %s -l [[+|-]CATEGORY],...]q பயனர் ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "பயன்பாடு %s -d கோப்பு ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "பயன்பாடு %s -l -d பயனர் ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "பயன்பாடு %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "பயன்பாடு %s -L -l பயனர்"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Use -- விருப்ப பட்டியலை முடிக்க. எடுத்துக்காட்டாக"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "2 அல்லது அதற்கு மேல் மதிப்புருக்கள் தேவைப்படுகிறது"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s குறிப்பிடப்படவில்லை"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s என்பது %s பொருட்களுக்கு சரியானதல்ல\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "Non MLS கணினிகளில் வரையறைக்கு துணையில்லை"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "நீங்கள் ஒரு பங்கினை குறிப்பிட வேண்டும்"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "நாங்கள் ஒரு முன்னொட்டினை குறிப்பிட வேண்டும்"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "விருப்பங்கள் பிழை %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "தவறான மதிப்பு %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "non-MLS கணினிகளில் மொழிபெயர்க்க முடியாது"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"%sஐ திறக்க முடியவில்லை: MLS இல்லா கணினிகளில் மொழிபெயர்ப்பிற்கு துணை புரிவதில்லை"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "மொழிபெயர்ப்புகள் இடைவெளியை கொண்டிருக்கக்கூடாது '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "தவறான நிலை '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s ஏற்கனவே மொழிபெயர்ப்புகளில் குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s மொழிபெயர்ப்பில் குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux பாலிசி பராமரிக்கப்படாத அல்லது சேமிக்கப்படாததை அணுக முடியாது."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "பாலிசி ஸ்டோரை படிக்க முடியவில்லை."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "semanage இணைப்பினை ஏற்படுத்த முடியவில்லை"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "%sக்கு விசையை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "%sக்கு அனுமதி ஒப்பீடு குறிப்பிடப்பட்டால், சோதிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "அனுமதி ஒப்பீடு %sக்கு ஏற்கனவே குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "லினக்ஸ் பயனர் %s இல்லை"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "%s க்கு அனுமதி ஒப்பீடு உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "%sக்கு பெயர் அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "MLS வரையறையை %sக்கு அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "SELinux பயனரை %sக்கு அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "semanage பரிமாற்றத்தை ஆரம்பிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "%sக்கு அனுமதி ஒப்பீடு சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "seuser அல்லது serange தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%sக்கு அனுமதி ஒப்பீடு குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "seuser %sக்கு வினா எழுப்ப முடியவில்லை"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "%sக்கு அனுமதி ஒப்பீடுகளை மாற்ற முடியவில்லை"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "அனுமதி ஒப்பீடு %s பாலிசியில் குறிப்பிடப்பட்டுள்ளது, அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "%sக்கு அனுமதி ஒப்பீடுகளை அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "அனுமதி ஒப்பீடுகளை பட்டியலிட முடியவில்லை"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "SELinux பயனர் %s குறிப்பிடப்பட்டால், சோதிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux பயனர் %s ஏற்கனவே குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr " SELinux பயனரை %sக்கு உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "%s க்கு %s பாத்திரத்தை சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "%sக்கு MLS நிலையை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "தவறான முன்னொட்டு %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "%s க்கு %sல் முன்னொட்டினை சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "%sக்கு விசையை பிரிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "SELinux பயனர் %sஐ சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "முன்னொட்டு, பாத்திரங்கள், நிலை அல்லது வரையறை தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "முன்னொட்டு அல்லது பாத்திரம் தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux பயனர் %s குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "%sக்கு பயனரை வினா எழுப்ப முடியவில்லை"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "SELinux பயனர் %sஐ மாற்ற முடியவில்லை"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux பயனர் %s பாலிசியில் குறிப்பிடப்பட்டுள்ளது, அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "SELinux பயனர் %sஐ அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "SELinux பயனர்களை பட்டியலிட முடியவில்லை"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "பயனர் %sக்கு பாத்திரங்களை பட்டியலிட முடியவில்லை"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "நெறிமுறை udp அல்லது tcp தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "துறை தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "%s/%sக்கு விசையை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "வகை தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "துறை %s/%s குறிப்பிடப்பட்டால் சோதிக்கப்படுவதில்லை"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "துறை %s/%s ஏற்கனவே குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "%s/%s க்கு துறையை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "%s/%sக்கு சூழலை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "%s/%s க்கு துறை சூழலில் பயனரை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "%s/%s க்கு துறை சூழலில் பாத்திரங்களை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "%s/%s க்கு துறை சூழலில் வகையை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "%s/%s க்கு துறை சூழலில் mls புலங்களை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "%s/%s க்கு துறை சூழலை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "துறை %s/%sயை சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "setype அல்லது serange தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "setype தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "துறை %s/%s குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "துறை %s/%sஐ வினா எழுப்ப முடியாது"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "துறை %s/%sஐ மாற்ற முடியவில்லை"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "துறை %s/%s பாலிசியில் குறிப்பிடப்பட்டுள்ளது, அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "துறைகளை அழிக்க முடியவில்லை %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "துறைகளை பட்டியலிட முடியவில்லை"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux வகை தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "%sக்கு விசையை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "இடைமுகம் %s குறிப்பிடப்பட்டால் சோதிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "இடைமுகம் %s ஏற்கனவே குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "%sக்கு இடைமுகம் உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "%s க்கு சூழலை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "%s க்கு இடைமுக சூழலில் பயனரை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "%s க்கு இடைமுக சூழலில் பாத்திரத்தை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "%s க்கு இடைமுக சூழலில் வகையை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "%s க்கு இடைமுக சூழலில் mls புலங்களை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "%s க்கு இடைமுக சூழலை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "%s க்கு செய்தி சூழலை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "இடைமுகத்தை சேர்க்க முடியவில்லை %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "இடைமுகம் %s குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "இடைமுகம் %sஐ வினா எழுப்ப முடியவில்லை"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "இடைமுகம் %sஐ மாற்ற முடியவில்லை"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "இடைமுகம் %s பாலிசியில் குறிப்பிடப்பட்டுள்ளது, அழிக்க முடியாது"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "இடைமுகம் %s ஐ அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "இடைமுகங்களை பட்டியலிட முடியவில்லை"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "%s க்கு கோப்பு சூழல் குறிப்பிடப்பட்டால் சோதிக்கப்படுவதில்லை"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%sலின் கோப்பு சூழல் ஏற்கனவே குறிப்பிடப்பட்டுள்ளது"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "%s க்கு கோப்பு சூழலை உருவாக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "%s க்கு கோப்பு சூழலில் பயனரை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "%s க்கு கோப்பு சூழலில் பாத்திரத்தை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "%s க்கு கோப்பு சூழலில் வகையை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "%sக்கு கோப்பு சூழலில் mls புலங்களை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "%s க்கு கோப்பு சூழலை அமைக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "%sக்கு கோப்பு சூழலை சேர்க்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "setype, serange அல்லது seuser தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%sக்கு கோப்பு சூழல் குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "%sக்கு கோப்பு சூழலை வினா எழுப்ப முடியாது"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "%sக்கு கோப்பு சூழலை மாற்ற முடியாது"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "கோப்பு சூழல் %sக்கு பாலிசியில் குறிக்கப்பட்டுள்ளது, அழிக்க முடியாது"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "%sக்கு கோப்பு சூழலை அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "கோப்பு சூழல் பட்டியலிட முடியவில்லை."
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "உள்ளமை கோப்பு சூழல்களை பட்டியலிட முடியவில்லை."
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "மதிப்பு தேவைப்படுகிறது"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "பூலியன் %s குறிப்பிடப்பட்டால், சோதிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "பூலியன் %s குறிப்பிடப்படவில்லை"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "கோப்பு சூழல் %sஐ வினா எழுப்ப முடியாது"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "பூலியன் %sஐ மாற்ற முடியவில்லை"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "பூலியன் %s பாலிசியில் குறிப்பிடப்பட்டுள்ளது, அழிக்க முடியாது"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "பூலியன் %sஐ அழிக்க முடியவில்லை"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "பூலியன்களை பட்டியலிட முடியவில்லை"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "வகை enforcment கோப்பினை உருவாக்குகிறது: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "பாலிசியை மாற்றுகிறது"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** முக்கியமானது ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"கர்னலில் இந்த புதிதாக உருவாக்கப்பட்ட பாலிசி தொகுப்பினை ஏற்ற,\n"
+"நீங்கள் semodule -i %s.pp\n"
+"\n"
+"இயக்க வேண்டும்\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "விருப்பங்கள் பிழை: %s "
diff --git a/policycoreutils/po/te.po b/policycoreutils/po/te.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/te.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/th.po b/policycoreutils/po/th.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/th.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/tr.po b/policycoreutils/po/tr.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/tr.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/uk.po b/policycoreutils/po/uk.po
new file mode 100644
index 0000000..c88f511
--- /dev/null
+++ b/policycoreutils/po/uk.po
@@ -0,0 +1,1042 @@
+# Ukraqinian translation of policycoreutils.
+# Copyright (C) 2006 Free software Foundation
+# This file is distributed under the same license as the policycoreutils package.
+# Maxim Dziumanenko <dziumanenko@gmail.com>, 2006-2007.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: policycoreutils\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2007-01-23 17:22+0300\n"
+"Last-Translator: Maxim Dziumanenko <dziumanenko@gmail.com>\n"
+"Language-Team: Ukrainian <uk@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "використання: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: Не вдається завантажити політику: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "помилка встановлення PAM_TTY\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "Пароль:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "Не вдається знайти елемент у тіньовому файлі паролів.\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass не вдається відкрити /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "не вдається знайти правильний запис у файлі passwd.\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "Недостатньо пам'яті!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "Помилка! Неправильна оболонка.\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "Не вдається очистити оточення\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "Помилка ініціалізації можливостей.\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "Помилка ініціалізації можливостей, виконання переривається.\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "Помилка скидання KEEPCAPS, виконання переривається\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "Помилка скидання можливостей, виконання переривається\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "Помилка зміни uid, виконання перервано.\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "Помилка скидання KEEPCAPS, виконання перервано\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "Помилка відбирання можливості SETUID, виконання перервано\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "Помилка звільнення можливостей\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "Помилка з'єднання з системою аудиту.\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "Помилка при розподілі пам'яті.\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "Помилка надсилання повідомлення аудиту.\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "Не вдається визначити режим блокування (enforcing).\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "Помилка! Не вдається відкрити %s.\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Не вдається отримати контекст для %s, перепризначення позначок tty не "
+"відбулось.\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+"%s! Не вдається отримати новий контекст для %s, перепризначення позначок "
+"tty не відбулось.\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! Не вдається встановити новий контекст для %s\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "змінено %s позначок.\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "Попередження! Не вдається відновити контекст для %s\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "Помилка: вказано декілька ролей\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "Помилка: вказано декілька типів\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "Ключ -l може використовуватись з підтримкою SELinux MLS.\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "Помилка: вказано декілька рівнів\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "Не вдається отримати типовий тип.\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "не вдається отримати новий контекст.\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "помилка встановлення нової ролі %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "помилка встановлення нового типу %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "не вдається побудувати новий діапазон з рівнем %s\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "помилка встановлення нової діапазону %s\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "не вдається перетворити новий контекст у рядок\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s не є правильним контекстом\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "Не вдається виділити пам'ять для new_context"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "Не вдається отримати порожній сигнал від\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "Не вдається встановити обробник SIGHUP\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "newrole може використовуватись лише для ядра з підтримкою SELinux.\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "не вдається отримати old_context.\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "Помилка! Не вдається отримати інформацію про tty.\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "Автентифікація %s.\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "не вдалося ініціалізувати PAM\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole: неправильний пароль для %s\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole: помилка створення дочірнього процесу: %s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "Не вдається відновити позначку tty...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "Не вдається правильно закрити tty\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "Не вдається закрити дескриптор.\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "Помилка виділення argv0 у оболонці.\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "Не вдається виконати контекст у %s.\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "Не вдається відновити оточення, виконання перервано\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "не вдається виконати оболонку\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"ВИКОРИСТАННЯ: run_init <сценарій> <аргументи ...>\n"
+" де: <сценарій> - назва сценарію ініціалізації для запуску,\n"
+" <аргументи ...> - аргументи для цього сценарію."
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "не вдається отримати інформацію про обліковий рахунок\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: неправильний пароль для %s\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "Не вдається відкрити файл %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "У файлі відсутній контекст %s\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "run_init може використовуватись лише для ядра з підтримкою SELinux.\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "помилка аутентифікації.\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "Потрібна принаймні одна категорія"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "Не вдається змінити чутливість рівнів використовуючи '+' на %s"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s вже у %s"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s не у %s"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "Не можна комбінувати +/- з іншими типами категорій"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "Кілька sensitivities не підтримуються"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "Використання %s КАТЕГОРІЯ файл ..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "Використання %s -l КАТЕГОРІЯ користувач ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "Використання %s [[+|-]КАТЕГОРІЯ],...]q файл ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "Використання %s -l [[+|-]КАТЕГОРІЯ],...]q користувач ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "Використання %s -d Файл ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "Використання %s -l -d користувач ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "Використання %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "Використання %s -L -l користувач"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "Використовуйте -- для списку параметрів. Наприклад"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "Потрібно 2 або більше аргументів"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s не визначено"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s не є допустимим для %s об'єктів\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "range не підтримується на не-MLS комп'ютерах"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "Необхідно вказати роль"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "Необхідно вказати префікс"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "Помилка параметра %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "Неправильне значення %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "трансляції не підтримуються на не-MLS комп'ютерах"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+"Не вдається відкрити %s: трансляції не підтримуються на не-MLS комп'ютерах"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "Трансляції не можуть містити пробіли '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "Неправильний рівень '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s вже визначено у трансляції"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s не визначено у трансляції"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "Політика SELinux не є призначеною або немає доступу до сховища."
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "Не вдається прочитати сховище політики."
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "Не вдається встановити з'єднання з semanage"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "Не вдається створити ключ для %s"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "Не вдається перевірити чи визначено mapping входу для %s "
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "mapping входу для %s вже визначено"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Користувач %s не існує у Linux"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "Не вдається створити mapping входу для %s"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "Не вдається встановити назву %s"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "Не вдається встановити діапазон MLS для %s"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "Не вдається встановити користувача SELinux для %s"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "Не вдається запустити транзакцію semanage"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "Не вдається додати mapping входу для %s"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "Потрібно seuser або serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "mapping входу для %s не визначено"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "Не вдається запитати seuser для %s"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "Не вдається змінити mapping входу для %s"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "mapping входу для %s визначено у політиці, не вдається видалити"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "Не вдається видалити mapping входу для %s"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "Не вдається вивести mapping входу"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "Не вдається перевірити чи визначений користувач SELinux %s"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "Користувач SELinux %s вже визначений"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "Не вдається створити користувача SELinux для %s"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "Не вдається додати роль %s для %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "Не вдається встановити рівень MLS для %s"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "Неправильний префікс %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "Не вдається додати префікс %s для %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "Не вдається витягнути ключ для %s"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "Не вдається додати користувача SELinux %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "Треба вказати префікс, ролі, рівень або range"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "Потрібен префікс або роль"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "Користувач SELinux %s не визначений"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "Не вдається запитати користувача для %s"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "Не вдається змінити користувача SELinux %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "Користувач SELinux %s визначено у політиці, не може бути видалений"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "Не вдається видалити користувача SELinux %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "Не вдається отримати список користувачів SELinux"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "Не вдається отримати список ролей користувача %s"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "Потрібен протокол udp чи tcp"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "Необхідно вказати порт"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "Не вдається створити ключ для %s/%s"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "Необхідно вказати тип"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "Не вдається чи порт визначено %s/%s"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "Порт %s/%s вже визначено"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "Не вдається створити порт для %s/%s"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "Не вдається створити контекст для %s/%s"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "Не вдається вказати користувача у контексті порту для %s/%s"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "Не вдається встановити роль у контексті порту для %s/%s"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "Не вдається встановити тип у контексті порту для %s/%s"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "Не вдається встановити поле mls у контексті порту для %s/%s"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "Не вдається створити контекст порту для %s/%s"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "Не вдається додати додати порт %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "Потрібно вказати setype або serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "Потрібно вказати setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "Порт %s/%s не визначено"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "Не вдається запитати порт %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "Не вдається змінити порт %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "Порт %s/%s визначено у політиці, не можу бути видалений"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "Не вдається видалити порт %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "Не вдається отримати список портів"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "Потрібно вказати тип SELinux"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "Не вдається створити ключ для %s"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "Не вдається перевірити чи визначений інтерфейс %s"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "Інтерфейс %s вже визначено"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "Не вдається створити інтерфейс для %s"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "Не вдається створити контекст для %s"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "Не вдається встановити користувача у контексті інтерфейсу для %s"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "Не вдається встановити роль у контексті інтерфейсу для %s"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "Не вдається встановити тип у контексті інтерфейсу для %s"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "Не вдається встановити поле mls у контексті інтерфейсу для %s"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "Не вдається створити контекст інтерфейсу для %s"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "Не вдається створити контекст повідомлення інтерфейс для %s"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "Не вдається додати інтерфейс %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "Інтерфейс %s не визначено"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "Не вдається запитати інтерфейс %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "Не вдається змінити інтерфейс %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "Інтерфейс %s визначений у політиці, не може бути видалений"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "Не вдається видалити інтерфейс %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "Не вдається перелічити інтерфейси"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "Не вдається перевірити чи визначений контекст файлу %s"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "Контекст файлу для %s вже визначено"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "Не вдається створити контекст файлу для %s"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "Не вдається встановити користувача у контексті файлу для %s"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "Не вдається встановити роль у контексті файлу для %s"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "Не вдається встановити тип у контексті файлу для %s"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "Не вдається встановити поле mls у контексті файлу для %s"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "Не вдається встановити контекст файлу для %s"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "Не вдається додати контекст файлу для %s"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "Потрібно вказати setype, serange чи seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "Контекст файлу для %s не визначено"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "Не вдається запитати контекст файлу для %s"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "Не вдається змінити контекст файлу для %s"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "Контекст файлу для %s визначено у політиці, його не можна видалити"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "Не вдається видалити контекст файлу для %s"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "Не вдається отримати список контекстів файлів"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "Не вдається отримати список локальних контекстів файлів"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "Потрібно вказати значення"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "Не вдається перевірити чи визначено логічне значення %s"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "Логічне значення %s не визначене"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "Не вдається запитати контекст файлу %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "Не вдається змінити логічне значення %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "Логічне значення %s визначено у політиці, його не можна видалити"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "Не вдається видалити логічне значення %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "Не вдається отримати список логічних змінних"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "Створення типу файлу режиму блокування: %s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "Компіляція політики"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** ВАЖЛИВО ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"При завантаженні цього нового пакету політики у ядро,\n"
+"треба виконати\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "Помилка у аргументах: %s "
diff --git a/policycoreutils/po/ur.po b/policycoreutils/po/ur.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/ur.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/vi.po b/policycoreutils/po/vi.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/vi.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/po/zh_CN.po b/policycoreutils/po/zh_CN.po
new file mode 100644
index 0000000..9858ea2
--- /dev/null
+++ b/policycoreutils/po/zh_CN.po
@@ -0,0 +1,1045 @@
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# translation of zh_CN.po to
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER, 2006.
+# Tony Fu <tfu@redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: zh_CN\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-12-06 15:41+1000\n"
+"Last-Translator: Tony Fu <tfu@redhat.com>\n"
+"Language-Team: <zh@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "usage: %s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s: 无法加载策略: %s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "设置 PAM_TTY 失败\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "口令:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "无法在 shadow passwd 文件中找到您的项。\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass 不能打开 /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "无法在 passwd 文件中找到有效的项。\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "无可用的内存!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "错误!Shell 无效。\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "无法清除系统环境\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "初始化能力(capability)错误,中止。\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "初始化能力(capability)错误,中止。\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "设置 KEEPCAPS 错误,中止\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "删除能力(drop capability)错误,中止\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "改变 uid 错误,中止。\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "重新设置 KEEPCAPS 错误,中止\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "删除 SETUID 能力错误,中止\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "freeing caps 错误\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "连接到审核系统错误。\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "分配内存时出错。\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "发送审计信息时出错。\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "不能决定强制模式。\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "错误!无法打开 %s。\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s! 无法为 %s 获得当前的 context,没有重新标签(relabel)tty。\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s! 无法为 %s 获得新 context,不能重新标签 tty。\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s! 无法为 %s 设置新 context\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s 改变的标识。\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "警告!无法为 %s 恢复上下文\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "错误:指定了多个角色\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "错误:指定了多个类型\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "-l 可以被有 MLS 支持的 SELinux 使用。\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "错误:多个级别被指定\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "无法获得默认的类型。\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "获得新 context 失败。\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "设置新角色 %s 失败\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "设置新类型 %s 失败\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "创建有级别 %s 的新范围失败\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "设定新范围 %s 失败\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "把新 context 转换为字符串失败\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s 不是一个有效的 context\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "无法为 new_context 分配内存"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "无法获得空信号\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "无法设置 SIGHUP handler\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "newrole 只可以在一个 SELinux 内核中使用。\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "获得 old_context 失败。\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "错误!不能获取 tty 信息。\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "验证 %s。\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "初始化 PAM 失败\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole:%s 的密码不正确\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole:fork 失败:%s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "无法恢复 tty label...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "关闭 tty 失败\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "无法关闭 descriptors。\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "分配 shell 的 argv0 时出错。\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "无法为 %s 设定 exec context。\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "无法恢复系统环境,中止\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "执行 shell 失败\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"使用方法:run_init <script> <args ...>\n"
+" 这里:<script> 是要运行的初始脚本名,\n"
+" <args ...> 是这个脚本的参数。"
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "获取帐号信息失败\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init: %s 的密码不正确\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "无法打开文件 %s\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "在文件 %s 中无 context\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "run_init 只能在一个 SELinux 内核中运行。\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "验证失败。\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "需要至少一个分类"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "无法使用 '+' 在 %s 上修改敏感级别"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s 已在 %s 中"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s 不在 %s中"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "无法把 +/- 和其它类型的类别相连"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "不能有多个 sensitivity"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "用法 %s CATEGORY 文件……"
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "使用方法 %s -l CATEGORY 用户 ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "用法 %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "用法 %s -l [[+|-]CATEGORY],...]q 用户 ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "用法 %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "用法 %s -l -d 用户..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "使用 %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "用法 %s -L -l 用户..."
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "使用 -- 来结束选项列表。例如"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "需要最少2个参数"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s 未定义"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s 无效(对于 %s 项)\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "非 MLS 机器不支持的范围"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "你必须指定一个角色"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "您必须指定一个前缀"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "选项错误 %s "
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "无效的值 %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "在非 MLS 机器上不支持的翻译"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "无法打开 %s:在非 MLS 机器上不支持的翻译"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "翻译不能包括空格 '%s' "
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "无效级别 '%s' "
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s 已经在翻译中定义"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s 没有在翻译中定义"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux 策略没有被管理或存储无法被访问。"
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "不能读策略存储。"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "无法创建 semanage 连接"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "无法为 %s 创建一个密钥"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "无法检查 %s 的登录映射已被定义"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s 的登录映射已被定义"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux用户 %s 不存在"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "无法为 %s 创建登录映射"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "无法为 %s 设置名称"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "无法为 %s 设置 MLS 的范围"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "无法为 %s 设置 SELinux 用户"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "无法开始 semanage 交易"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "无法为 %s 添加登录映射"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "需要 seuser 或 serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s 的登录映射没有被定义"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "无法为 %s 查询 seuser"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "无法为 %s 修改登录映射"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s 的登录映射在策略中被定义,不能被删除"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "无法为 %s 删除登录映射"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "无法列出登录映射"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "如果 SELinux 用户 %s 被定义将无法检查"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux用户 %s 已经存在"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "无法为 %s 创建 SELinux 用户"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "无法添加角色 %s(为 %s)"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "无法为 %s 设置 MLS 级别"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "无效的前缀 %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "无法添加前缀 %s(为 %s)"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "无法为 %s 提取密钥"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "无法添加 SELinux 用户 %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "需要前缀、角色、级别或范围"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "需要前锥或角色"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux 用户 %s 没有被定义"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "无法为 %s 查询用户"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "无法修改 SELinux 用户 %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux 用户 %s 在策略中被定义,无法删除"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "无法删除 SELinux 用户 %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "无法列出 SELinux 用户"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "无法为用户 %s 列出角色"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "需要 udp 或 tcp 协议"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "端口是必须的"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "无法为 %s/%s 创建一个密钥"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "类型是必须的"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "无法检查端口 %s/%s 已被定义"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "端口 %s/%s 已经存在"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "无法为 %s/%s 创建端口"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "无法为 %s/%s 设置 context"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "无法在端口 context 中为 %s/%s 设置用户"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "无法在端口 context 中为 %s/%s 设置角色"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "无法在端口 context 中为 %s/%s 设置类型"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "无法在端口 context 中为 %s/%s 设置 mls 项"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "无法为 %s/%s 设置端口 context"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "无法添加端口 %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "需要 setype 或 serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "需要 settype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "端口 %s/%s 没有被定义"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "无法查询端口 %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "无法修改端口 %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "端口 %s/%s 在策略中被定义,无法删除"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "无法删除端口 %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "无法列出端口"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "SELinux 类型是必选的"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "无法为 %s 创建密钥"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "无法检查接口 %s 是否已定义"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "接口 %s 已经被定义"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "无法为 %s 创建接口"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "无法为 %s 创建 context"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "无法在接口 context 中为 %s 设置用户"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "无法在接口 context 中为 %s 设置角色"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "无法在接口 context 中为 %s 设置类型"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "无法在接口 context 中为 %s 设置 mls 项"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "无法为 %s 设置接口 context"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "无法为 %s 设置信息 context"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "无法添加接口 %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "接口 %s 没有被定义"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "无法查询接口 %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "无法修改接口 %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "接口 %s 在策略中被定义,无法删除"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "无法删除接口 %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "无法列出接口"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "如果 %s 的文件 context 被设定,无法检查"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s 的文件 context 已经被定义"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "无法为 %s 创建文件 context"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "无法在文件 context 中为 %s 设置用户"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "无法在文件 context 中为 %s 设置角色"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "无法在文件 context 中为 %s 设置类型"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "无法在文件 context 中为 %s 设置 mls 项"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "无法为 %s 设置文件 context"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "无法为 %s 添加文件 context"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "需要 setype、serange 或 seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s 的文件 context 没有被定义"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "无法为 %s 查询文件 context"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "无法为 %s 修改文件 context"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s 的文件 context 已经在策略中被定义,无法删除"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "无法为 %s 删除文件 context"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "无法列出文件 context"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "无法列出本地文件上下文"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "需要值"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "无法检查布尔值 %s 是否已被定义"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "布尔值 %s 未被定义"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "无法查询文件 context %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "无法修改布尔值 %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "布尔值 %s 在策略中被定义,无法删除"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "不能删除布尔值 %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "无法列出布尔值"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "产生类型强制文件:%s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "正在编译策略"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"********************重要 ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"为了在内核中加载这个新创建的策略软件包,\n"
+"您需要执行 \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "选项错误: %s "
diff --git a/policycoreutils/po/zh_TW.po b/policycoreutils/po/zh_TW.po
new file mode 100644
index 0000000..f081c15
--- /dev/null
+++ b/policycoreutils/po/zh_TW.po
@@ -0,0 +1,1040 @@
+# translation of zh_TW.po to Chinese, Traditional
+# translation of zh_TW.po to
+# This file is distributed under the same license as the PACKAGE package.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
+# Chester Cheng <ccheng@redhat.com>, 2006.
+# Chester Cheng <ccheng@brisbane.redhat.com>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: zh_TW\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: 2006-11-29 15:00+1000\n"
+"Last-Translator: Chester Cheng <ccheng@redhat.com>\n"
+"Language-Team: Chinese, Traditional <zh_TW@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.9.1\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr "用法:%s [-bq]\n"
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr "%s:無法載入政策:%s\n"
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr "設定 PAM_TTY 失敗\n"
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr "密碼:"
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr "在 shadow passwd 檔案中,找不到您的紀錄。\n"
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr "getpass 無法開啟 /dev/tty\n"
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr "在 passwd 檔案中找不到有效的紀錄。\n"
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr "記憶體不足!\n"
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr "錯誤!Shell 無效。\n"
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr "無法清除環境\n"
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr "起始功能時發生錯誤,放棄。\n"
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr "設定功能時發生錯誤,放棄\n"
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr "設定 KEEPCAPS 錯誤,放棄\n"
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr "丟棄功能時發生錯誤,放棄。\n"
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr "變更 uid 錯誤,放棄。\n"
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr "重設 KEEPCAPS 錯誤,放棄\n"
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr "丟棄 SETUID 功能錯誤,放棄\n"
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr "釋放功能時發生錯誤\n"
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr "連接稽核系統錯誤。\n"
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr "分配記憶體錯誤。\n"
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr "發送稽核訊息時錯誤。\n"
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr "無法決定 enforcing 模式。\n"
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr "錯誤!無法開啟 %s。\n"
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr "%s!無法取得 %s 目前的內文,無法為 tty 重新標記。\n"
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr "%s!無法取得 %s 新的內文,無法為 tty 重新標記。\n"
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr "%s!無法為 %s 設定新的內文\n"
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr "%s 改變了標籤。\n"
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr "無法為 %s 回復內文\n"
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr "錯誤:指定了多個角色\n"
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr "錯誤:指定了多個類型\n"
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr "對不起,-l 也許能與 SELinux MLS 的支援合用。\n"
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr "錯誤:指令的多個等級\n"
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr "無法取得預設類型。\n"
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr "無法取得新的內文。\n"
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr "無法設定新的角色 %s\n"
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr "無法設定新的類型 %s\n"
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr "無法以 %s 等級建立新的範圍\n"
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr "設定新範圍 %s 失敗\n"
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr "無法將新的內文轉為字串\n"
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr "%s 不是有效的內文\n"
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr "無法為新的內文(new_context)分配記憶體"
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr "無法獲得空的訊號組\n"
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr "無法設定 SIGHUP 處理器\n"
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr "很抱歉,newrole 只能在 SELinux 核心中使用。\n"
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr "無法取得舊的內文(old_context)。\n"
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr "錯誤!無法擷取 tty 資訊。\n"
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr "認證 %s。\n"
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr "初始化 PAM 失敗\n"
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr "newrole:%s 的密碼錯誤\n"
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr "newrole:無法分支(fork):%s"
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr "無法回復 tty 標籤...\n"
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr "無法正確地關閉 tty\n"
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr "無法關閉描述者。\n"
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr "無法分配 shell 的 argv0。\n"
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr "無法將 exec 內文設定至 %s。\n"
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr "無法復原環境;放棄\n"
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr "無法 exec shell\n"
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+"USAGE: run_init <script> <args ...>\n"
+" 其中:<script> 是要執行的 init 程序檔,\n"
+" <args ...> 是程序檔的參數。"
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr "取得帳號資訊時失敗\n"
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr "run_init:給 %s 的密碼不正確\n"
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr "無法開啟 %s 檔案\n"
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr "檔案 %s 中沒有內文\n"
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr "對不起,run_init 可能只能用在 SELinux 的核心上。\n"
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr "認證失敗。\n"
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr "需要至少一個分類"
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr "無法在 %s 上使用「+」來修改敏感等級。"
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr "%s 已經在 %s 中執行"
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr "%s 不在 %s 中"
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr "+/- 不能與其他類別結合"
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr "不能擁有多種敏感度"
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr "使用 %s CATEGORY 檔案..."
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr "用法 %s -l CATEGORY user ..."
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr "用法 %s [[+|-]CATEGORY],...]q File ..."
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr "用法 %s -l [[+|-]CATEGORY],...]q user ..."
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr "用法 %s -d File ..."
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr "用法 %s -l -d user ..."
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr "用法 %s -L"
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr "用法 %s -L -l user"
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr "用法 -- 表示選項清單的結尾。例如"
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr "chcat -- -CompanyConfidential /docs/businessplan.odt"
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr "chcat -l +CompanyConfidential juser"
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr "需要兩個以上的參數"
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr "%s 未定義"
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr "%s 對 %s 物件來說是無效的\n"
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr "非 MLS 機器上並不支援範圍"
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr "您必須指定角色"
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr "您必須指定前綴"
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr "選項錯誤 %s"
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr "無效的數值 %s"
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr "非 MLS 機器上並不支援翻譯"
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr "無法開啟 %s:非 MLS 機器上並不支援翻譯"
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr "翻譯不能包括「%s」"
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr "無效的等級「%s」"
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr "%s 已經在翻譯中定義"
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr "%s 在翻譯中未定義"
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr "SELinux 政策並不受管理,或無法存取 store。"
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr "無法讀取政策 store。"
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr "無法建立 semanage 連線"
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr "無法為 %s 建立金鑰"
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr "無法檢查 %s 的登入對應是否已經定義"
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr "%s 的登入對應已經定義"
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr "Linux 使用者 %s 不存在"
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr "無法為 %s 建立登入對應"
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr "無法為 %s 設定名稱"
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr "無法為 %s 設定 MLS 範圍"
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr "無法為 %s 設定 SELinux 使用者"
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr "無法開始 semanage 交易"
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr "無法為 %s 新增登入對應"
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr "需要 seuser 或 serange"
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr "%s 的登入對應並未定義"
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr "無法為 %s 查詢 seuser"
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr "無法為 %s 修改登入對應"
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr "%s 的登入對應定義在政策中,無法刪除"
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr "無法為 %s 刪除登入對應"
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr "無法列出登入對應"
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr "無法檢查 SELinux 使用者 %s 是否已經定義"
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr "SELinux 使用者 %s 已經定義"
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr "無法為 %s 建立 SELinux 使用者"
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr "無法新增 %s 角色給 %s"
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr "無法為 %s 設定 MLS 等級"
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr "無效的前綴 %s"
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr "無法新增前綴 %s 到 %s"
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr "無法為 %s 擷取金鑰"
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr "無法新增 SELinux 使用者 %s"
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr "需要前綴、角色、等級或範圍"
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr "需要前綴或角色"
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr "SELinux 使用者 %s 未定義"
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr "無法為 %s 查詢使用者"
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr "無法修改 SELinux 使用者 %s"
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr "SELinux 使用者 %s 定義在政策中,無法刪除"
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr "無法刪除 SELinux 使用者 %s"
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr "無法列出 SELinux 使用者"
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr "無法列出使用者 %s 的角色"
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr "需要 udp 或 tcp 通訊協定"
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr "需要連接埠"
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr "無法為 %s/%s 建立金鑰"
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr "需要類型"
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr "無法檢查連接埠 %s/%s 是否已經定義"
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr "連接埠 %s/%s 已經定義"
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr "無法為 %s/%s 建立連接埠"
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr "無法為 %s/%s 建立內文"
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr "無法為 %s/%s 的連接埠內文中,設定使用者"
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr "無法為 %s/%s 的連接埠內文中,設定角色"
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr "無法為 %s/%s 的連接埠內文中,設定類型"
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr "無法為 %s/%s 的連接埠內文中,設定 mls 欄位"
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr "無法為 %s/%s 設定連接埠內文"
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr "無法新增連接埠 %s/%s"
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr "需要 setype 或 serange"
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr "需要 setype"
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr "連接埠 %s/%s 未定義"
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr "無法查詢連接埠 %s/%s"
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr "無法修改連接埠 %s/%s"
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr "連接埠 %s/%s 已經在政策中定義,無法刪除"
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr "無法刪除連接埠 %s/%s"
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr "無法列出連接埠"
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr "需要 SELinux 類型"
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr "無法為 %s 建立金鑰"
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr "無法檢查介面 %s 是否已經定義"
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr "介面 %s 已經定義"
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr "無法為 %s 建立介面"
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr "無法為 %s 建立內文"
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr "無法為 %s 設定介面內文中的使用者"
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr "無法為 %s 設定介面內文中的角色"
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr "無法為 %s 設定介面內文中的類型"
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr "無法為 %s 設定介面內文中的 mls 欄位"
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr "無法為 %s 設定介面內文"
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr "無法為 %s 設定訊息內文"
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr "無法新增介面 %s"
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr "介面 %s 未定義"
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr "無法查詢介面 %s"
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr "無法修改介面 %s"
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr "介面 %s 定義在政策中,無法刪除"
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr "無法刪除介面 %s"
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr "無法列出介面"
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr "無法檢查 %s 的檔案內文是否已經定義"
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr "%s 的檔案內文已經定義"
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr "無法為 %s 建立檔案內文"
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr "無法為 %s 的檔案內文設定使用者"
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr "無法為 %s 的檔案內文設定角色"
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr "無法為 %s 的檔案內文設定類型"
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr "無法為 %s 的檔案內文設定 mls 欄位"
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr "無法為 %s 設定檔案內文"
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr "無法為 %s 新增檔案內文"
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr "需要 setype、serange 或 seuser"
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr "%s 的檔案內文未定義"
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr "無法為 %s 查詢檔案內文"
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr "無法為 %s 修改檔案內文"
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr "%s 的檔案內文已經定義在政策中,無法刪除"
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr "無法為 %s 刪除檔案內文"
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr "無法列出檔案內文"
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr "無法列出本地的檔案內文"
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr "需要數值"
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr "無法檢查布林值 %s 是否已經定義"
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr "布林值 %s 未定義"
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr "無法查詢檔案內文 %s"
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr "無法修改布林值 %s"
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr "布林值 %s 已經定義在政策中,無法刪除"
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr "無法刪除布林值 %s"
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr "無法列出布林值"
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr "產生政策強制檔:%s.te"
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr "編譯政策"
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+"\n"
+"******************** 重要 ***********************\n"
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+"為了要讓這個新建立的政策套件加入核心中,\n"
+"您需要執行\n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr "選項錯誤:%s"
diff --git a/policycoreutils/po/zu.po b/policycoreutils/po/zu.po
new file mode 100644
index 0000000..e4f933e
--- /dev/null
+++ b/policycoreutils/po/zu.po
@@ -0,0 +1,1028 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2006-11-21 14:21-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../load_policy/load_policy.c:22
+#, c-format
+msgid "usage: %s [-bq]\n"
+msgstr ""
+
+#: ../load_policy/load_policy.c:66
+#, c-format
+msgid "%s: Can't load policy: %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:188
+#, c-format
+msgid "failed to set PAM_TTY\n"
+msgstr ""
+
+#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
+msgid "Password:"
+msgstr ""
+
+#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
+#, c-format
+msgid "Cannot find your entry in the shadow passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
+#, c-format
+msgid "getpass cannot open /dev/tty\n"
+msgstr ""
+
+#: ../newrole/newrole.c:316
+#, c-format
+msgid "cannot find valid entry in the passwd file.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:327
+#, c-format
+msgid "Out of memory!\n"
+msgstr ""
+
+#: ../newrole/newrole.c:332
+#, c-format
+msgid "Error! Shell is not valid.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:389
+#, c-format
+msgid "Unable to clear environment\n"
+msgstr ""
+
+#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
+#, c-format
+msgid "Error initing capabilities, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
+#, c-format
+msgid "Error setting capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:450
+#, c-format
+msgid "Error setting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
+#, c-format
+msgid "Error dropping capabilities, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
+#, c-format
+msgid "Error changing uid, aborting.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
+#, c-format
+msgid "Error resetting KEEPCAPS, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:477
+#, c-format
+msgid "Error dropping SETUID capability, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
+#, c-format
+msgid "Error freeing caps\n"
+msgstr ""
+
+#: ../newrole/newrole.c:580
+#, c-format
+msgid "Error connecting to audit system.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:586
+#, c-format
+msgid "Error allocating memory.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:593
+#, c-format
+msgid "Error sending audit message.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
+#, c-format
+msgid "Could not determine enforcing mode.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:641
+#, c-format
+msgid "Error! Could not open %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:646
+#, c-format
+msgid "%s! Could not get current context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:656
+#, c-format
+msgid "%s! Could not get new context for %s, not relabeling tty.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:666
+#, c-format
+msgid "%s! Could not set new context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
+#, c-format
+msgid "%s changed labels.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:716
+#, c-format
+msgid "Warning! Could not restore context for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:772
+#, c-format
+msgid "Error: multiple roles specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:780
+#, c-format
+msgid "Error: multiple types specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:787
+#, c-format
+msgid "Sorry, -l may be used with SELinux MLS support.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:792
+#, c-format
+msgid "Error: multiple levels specified\n"
+msgstr ""
+
+#: ../newrole/newrole.c:814
+#, c-format
+msgid "Couldn't get default type.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:824
+#, c-format
+msgid "failed to get new context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:831
+#, c-format
+msgid "failed to set new role %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:838
+#, c-format
+msgid "failed to set new type %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:847
+#, c-format
+msgid "failed to build new range with level %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:852
+#, c-format
+msgid "failed to set new range %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:860
+#, c-format
+msgid "failed to convert new context to string\n"
+msgstr ""
+
+#: ../newrole/newrole.c:865
+#, c-format
+msgid "%s is not a valid context\n"
+msgstr ""
+
+#: ../newrole/newrole.c:872
+#, c-format
+msgid "Unable to allocate memory for new_context"
+msgstr ""
+
+#: ../newrole/newrole.c:898
+#, c-format
+msgid "Unable to obtain empty signal set\n"
+msgstr ""
+
+#: ../newrole/newrole.c:906
+#, c-format
+msgid "Unable to set SIGHUP handler\n"
+msgstr ""
+
+#: ../newrole/newrole.c:972
+#, c-format
+msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:989
+#, c-format
+msgid "failed to get old_context.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:996
+#, c-format
+msgid "Error! Could not retrieve tty information.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1015
+#, c-format
+msgid "Authenticating %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1020 ../run_init/run_init.c:126
+#, c-format
+msgid "failed to initialize PAM\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1029
+#, c-format
+msgid "newrole: incorrect password for %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1056
+#, c-format
+msgid "newrole: failure forking: %s"
+msgstr ""
+
+#: ../newrole/newrole.c:1059 ../newrole/newrole.c:1082
+#, c-format
+msgid "Unable to restore tty label...\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1061 ../newrole/newrole.c:1088
+#, c-format
+msgid "Failed to close tty properly\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1117
+#, c-format
+msgid "Could not close descriptors.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1140
+#, c-format
+msgid "Error allocating shell's argv0.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1147 ../run_init/run_init.c:405
+#, c-format
+msgid "Could not set exec context to %s.\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1173
+#, c-format
+msgid "Unable to restore the environment, aborting\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1184
+msgid "failed to exec shell\n"
+msgstr ""
+
+#: ../run_init/run_init.c:67
+msgid ""
+"USAGE: run_init <script> <args ...>\n"
+" where: <script> is the name of the init script to run,\n"
+" <args ...> are the arguments to that script."
+msgstr ""
+
+#: ../run_init/run_init.c:139
+#, c-format
+msgid "failed to get account information\n"
+msgstr ""
+
+#: ../run_init/run_init.c:275
+#, c-format
+msgid "run_init: incorrect password for %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:309
+#, c-format
+msgid "Could not open file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:336
+#, c-format
+msgid "No context in file %s\n"
+msgstr ""
+
+#: ../run_init/run_init.c:361
+#, c-format
+msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
+msgstr ""
+
+#: ../run_init/run_init.c:380
+#, c-format
+msgid "authentication failed.\n"
+msgstr ""
+
+#: ../scripts/chcat:75 ../scripts/chcat:145
+msgid "Requires at least one category"
+msgstr ""
+
+#: ../scripts/chcat:89 ../scripts/chcat:159
+#, c-format
+msgid "Can not modify sensitivity levels using '+' on %s"
+msgstr ""
+
+#: ../scripts/chcat:93
+#, c-format
+msgid "%s is already in %s"
+msgstr ""
+
+#: ../scripts/chcat:164 ../scripts/chcat:174
+#, c-format
+msgid "%s is not in %s"
+msgstr ""
+
+#: ../scripts/chcat:237 ../scripts/chcat:242
+msgid "Can not combine +/- with other types of categories"
+msgstr ""
+
+#: ../scripts/chcat:287
+msgid "Can not have multiple sensitivities"
+msgstr ""
+
+#: ../scripts/chcat:293
+#, c-format
+msgid "Usage %s CATEGORY File ..."
+msgstr ""
+
+#: ../scripts/chcat:294
+#, c-format
+msgid "Usage %s -l CATEGORY user ..."
+msgstr ""
+
+#: ../scripts/chcat:295
+#, c-format
+msgid "Usage %s [[+|-]CATEGORY],...]q File ..."
+msgstr ""
+
+#: ../scripts/chcat:296
+#, c-format
+msgid "Usage %s -l [[+|-]CATEGORY],...]q user ..."
+msgstr ""
+
+#: ../scripts/chcat:297
+#, c-format
+msgid "Usage %s -d File ..."
+msgstr ""
+
+#: ../scripts/chcat:298
+#, c-format
+msgid "Usage %s -l -d user ..."
+msgstr ""
+
+#: ../scripts/chcat:299
+#, c-format
+msgid "Usage %s -L"
+msgstr ""
+
+#: ../scripts/chcat:300
+#, c-format
+msgid "Usage %s -L -l user"
+msgstr ""
+
+#: ../scripts/chcat:301
+msgid "Use -- to end option list. For example"
+msgstr ""
+
+#: ../scripts/chcat:302
+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
+msgstr ""
+
+#: ../scripts/chcat:303
+msgid "chcat -l +CompanyConfidential juser"
+msgstr ""
+
+#: ../semanage/semanage:127
+msgid "Requires 2 or more arguments"
+msgstr ""
+
+#: ../semanage/semanage:132
+#, c-format
+msgid "%s not defined"
+msgstr ""
+
+#: ../semanage/semanage:156
+#, c-format
+msgid "%s not valid for %s objects\n"
+msgstr ""
+
+#: ../semanage/semanage:183 ../semanage/semanage:191
+msgid "range not supported on Non MLS machines"
+msgstr ""
+
+#: ../semanage/semanage:249
+msgid "You must specify a role"
+msgstr ""
+
+#: ../semanage/semanage:251
+msgid "You must specify a prefix"
+msgstr ""
+
+#: ../semanage/semanage:300
+#, c-format
+msgid "Options Error %s "
+msgstr ""
+
+#: ../semanage/semanage:304
+#, c-format
+msgid "Invalid value %s"
+msgstr ""
+
+#: ../semanage/seobject.py:132
+msgid "translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:139
+#, python-format
+msgid "Unable to open %s: translations not supported on non-MLS machines"
+msgstr ""
+
+#: ../semanage/seobject.py:179 ../semanage/seobject.py:193
+#, python-format
+msgid "Translations can not contain spaces '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:182
+#, python-format
+msgid "Invalid Level '%s' "
+msgstr ""
+
+#: ../semanage/seobject.py:185
+#, python-format
+msgid "%s already defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:197
+#, python-format
+msgid "%s not defined in translations"
+msgstr ""
+
+#: ../semanage/seobject.py:218
+msgid "SELinux policy is not managed or store cannot be accessed."
+msgstr ""
+
+#: ../semanage/seobject.py:223
+msgid "Cannot read policy store."
+msgstr ""
+
+#: ../semanage/seobject.py:228
+msgid "Could not establish semanage connection"
+msgstr ""
+
+#: ../semanage/seobject.py:247 ../semanage/seobject.py:305
+#: ../semanage/seobject.py:352 ../semanage/seobject.py:433
+#: ../semanage/seobject.py:504 ../semanage/seobject.py:562
+#: ../semanage/seobject.py:1093 ../semanage/seobject.py:1132
+#: ../semanage/seobject.py:1207 ../semanage/seobject.py:1241
+#, python-format
+msgid "Could not create a key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:251 ../semanage/seobject.py:309
+#: ../semanage/seobject.py:356 ../semanage/seobject.py:362
+#, python-format
+msgid "Could not check if login mapping for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:253
+#, python-format
+msgid "Login mapping for %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:257
+#, python-format
+msgid "Linux User %s does not exist"
+msgstr ""
+
+#: ../semanage/seobject.py:261
+#, python-format
+msgid "Could not create login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:265 ../semanage/seobject.py:447
+#, python-format
+msgid "Could not set name for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:270 ../semanage/seobject.py:457
+#, python-format
+msgid "Could not set MLS range for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:274
+#, python-format
+msgid "Could not set SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:278 ../semanage/seobject.py:330
+#: ../semanage/seobject.py:368 ../semanage/seobject.py:473
+#: ../semanage/seobject.py:539 ../semanage/seobject.py:578
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:747
+#: ../semanage/seobject.py:776 ../semanage/seobject.py:903
+#: ../semanage/seobject.py:944 ../semanage/seobject.py:976
+#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1116
+#: ../semanage/seobject.py:1148 ../semanage/seobject.py:1225
+#: ../semanage/seobject.py:1257
+msgid "Could not start semanage transaction"
+msgstr ""
+
+#: ../semanage/seobject.py:282 ../semanage/seobject.py:286
+#, python-format
+msgid "Could not add login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:301
+msgid "Requires seuser or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:311 ../semanage/seobject.py:358
+#, python-format
+msgid "Login mapping for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:315
+#, python-format
+msgid "Could not query seuser for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:334 ../semanage/seobject.py:338
+#, python-format
+msgid "Could not modify login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:364
+#, python-format
+msgid "Login mapping for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:373 ../semanage/seobject.py:377
+#, python-format
+msgid "Could not delete login mapping for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:391
+msgid "Could not list login mappings"
+msgstr ""
+
+#: ../semanage/seobject.py:437 ../semanage/seobject.py:508
+#: ../semanage/seobject.py:566 ../semanage/seobject.py:572
+#, python-format
+msgid "Could not check if SELinux user %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:439
+#, python-format
+msgid "SELinux user %s is already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:443
+#, python-format
+msgid "Could not create SELinux user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:452
+#, python-format
+msgid "Could not add role %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:461
+#, python-format
+msgid "Could not set MLS level for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:463 ../semanage/seobject.py:530
+#, python-format
+msgid "Invalid prefix %s"
+msgstr ""
+
+#: ../semanage/seobject.py:466
+#, python-format
+msgid "Could not add prefix %s for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:469
+#, python-format
+msgid "Could not extract key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:477 ../semanage/seobject.py:481
+#, python-format
+msgid "Could not add SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:498
+msgid "Requires prefix, roles, level or range"
+msgstr ""
+
+#: ../semanage/seobject.py:500
+msgid "Requires prefix or roles"
+msgstr ""
+
+#: ../semanage/seobject.py:510 ../semanage/seobject.py:568
+#, python-format
+msgid "SELinux user %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:514
+#, python-format
+msgid "Could not query user for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:543 ../semanage/seobject.py:547
+#, python-format
+msgid "Could not modify SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:574
+#, python-format
+msgid "SELinux user %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:582 ../semanage/seobject.py:586
+#, python-format
+msgid "Could not delete SELinux user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:598
+msgid "Could not list SELinux users"
+msgstr ""
+
+#: ../semanage/seobject.py:604
+#, python-format
+msgid "Could not list roles for user %s"
+msgstr ""
+
+#: ../semanage/seobject.py:638
+msgid "Protocol udp or tcp is required"
+msgstr ""
+
+#: ../semanage/seobject.py:640
+msgid "Port is required"
+msgstr ""
+
+#: ../semanage/seobject.py:651
+#, python-format
+msgid "Could not create a key for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:662
+msgid "Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:668 ../semanage/seobject.py:730
+#: ../semanage/seobject.py:764 ../semanage/seobject.py:770
+#, python-format
+msgid "Could not check if port %s/%s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:670
+#, python-format
+msgid "Port %s/%s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:674
+#, python-format
+msgid "Could not create port for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:680
+#, python-format
+msgid "Could not create context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:684
+#, python-format
+msgid "Could not set user in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:688
+#, python-format
+msgid "Could not set role in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:692
+#, python-format
+msgid "Could not set type in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:697
+#, python-format
+msgid "Could not set mls fields in port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:701
+#, python-format
+msgid "Could not set port context for %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:709 ../semanage/seobject.py:713
+#, python-format
+msgid "Could not add port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:722 ../semanage/seobject.py:919
+msgid "Requires setype or serange"
+msgstr ""
+
+#: ../semanage/seobject.py:724
+msgid "Requires setype"
+msgstr ""
+
+#: ../semanage/seobject.py:732 ../semanage/seobject.py:766
+#, python-format
+msgid "Port %s/%s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:736
+#, python-format
+msgid "Could not query port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:751 ../semanage/seobject.py:755
+#, python-format
+msgid "Could not modify port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:772
+#, python-format
+msgid "Port %s/%s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:780 ../semanage/seobject.py:784
+#, python-format
+msgid "Could not delete port %s/%s"
+msgstr ""
+
+#: ../semanage/seobject.py:792 ../semanage/seobject.py:811
+msgid "Could not list ports"
+msgstr ""
+
+#: ../semanage/seobject.py:855 ../semanage/seobject.py:1027
+msgid "SELinux Type is required"
+msgstr ""
+
+#: ../semanage/seobject.py:859 ../semanage/seobject.py:923
+#: ../semanage/seobject.py:960 ../semanage/seobject.py:1031
+#, python-format
+msgid "Could not create key for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:863 ../semanage/seobject.py:927
+#: ../semanage/seobject.py:964 ../semanage/seobject.py:970
+#, python-format
+msgid "Could not check if interface %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:865
+#, python-format
+msgid "Interface %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:869
+#, python-format
+msgid "Could not create interface for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:874 ../semanage/seobject.py:1046
+#, python-format
+msgid "Could not create context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:878
+#, python-format
+msgid "Could not set user in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:882
+#, python-format
+msgid "Could not set role in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:886
+#, python-format
+msgid "Could not set type in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:891
+#, python-format
+msgid "Could not set mls fields in interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:895
+#, python-format
+msgid "Could not set interface context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:899
+#, python-format
+msgid "Could not set message context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:907 ../semanage/seobject.py:911
+#, python-format
+msgid "Could not add interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:929 ../semanage/seobject.py:966
+#, python-format
+msgid "Interface %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:933
+#, python-format
+msgid "Could not query interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:948 ../semanage/seobject.py:952
+#, python-format
+msgid "Could not modify interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:972
+#, python-format
+msgid "Interface %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:980 ../semanage/seobject.py:984
+#, python-format
+msgid "Could not delete interface %s"
+msgstr ""
+
+#: ../semanage/seobject.py:992
+msgid "Could not list interfaces"
+msgstr ""
+
+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1097
+#: ../semanage/seobject.py:1136 ../semanage/seobject.py:1140
+#, python-format
+msgid "Could not check if file context for %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1037
+#, python-format
+msgid "File context for %s already defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1041
+#, python-format
+msgid "Could not create file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1050
+#, python-format
+msgid "Could not set user in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1054
+#, python-format
+msgid "Could not set role in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1058
+#, python-format
+msgid "Could not set type in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1063
+#, python-format
+msgid "Could not set mls fields in file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1069
+#, python-format
+msgid "Could not set file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1081
+#, python-format
+msgid "Could not add file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1089
+msgid "Requires setype, serange or seuser"
+msgstr ""
+
+#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
+#, python-format
+msgid "File context for %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1103
+#, python-format
+msgid "Could not query file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
+#, python-format
+msgid "Could not modify file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1142
+#, python-format
+msgid "File context for %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
+#, python-format
+msgid "Could not delete file context for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1164
+msgid "Could not list file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1168
+msgid "Could not list local file contexts"
+msgstr ""
+
+#: ../semanage/seobject.py:1203
+msgid "Requires value"
+msgstr ""
+
+#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
+#: ../semanage/seobject.py:1251
+#, python-format
+msgid "Could not check if boolean %s is defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
+#, python-format
+msgid "Boolean %s is not defined"
+msgstr ""
+
+#: ../semanage/seobject.py:1217
+#, python-format
+msgid "Could not query file context %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
+#, python-format
+msgid "Could not modify boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1253
+#, python-format
+msgid "Boolean %s is defined in policy, cannot be deleted"
+msgstr ""
+
+#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
+#, python-format
+msgid "Could not delete boolean %s"
+msgstr ""
+
+#: ../semanage/seobject.py:1273
+msgid "Could not list booleans"
+msgstr ""
+
+#: ../audit2allow/audit2allow:183
+#, c-format
+msgid "Generating type enforcment file: %s.te"
+msgstr ""
+
+#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
+msgid "Compiling policy"
+msgstr ""
+
+#: ../audit2allow/audit2allow:205
+msgid ""
+"\n"
+"******************** IMPORTANT ***********************\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:206
+#, c-format
+msgid ""
+"In order to load this newly created policy package into the kernel,\n"
+"you are required to execute \n"
+"\n"
+"semodule -i %s.pp\n"
+"\n"
+msgstr ""
+
+#: ../audit2allow/audit2allow:211
+#, c-format
+msgid "Options Error: %s "
+msgstr ""
diff --git a/policycoreutils/restorecond/Makefile b/policycoreutils/restorecond/Makefile
new file mode 100644
index 0000000..cfe27fb
--- /dev/null
+++ b/policycoreutils/restorecond/Makefile
@@ -0,0 +1,35 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR = $(PREFIX)/share/man
+INITDIR = $(DESTDIR)/etc/rc.d/init.d
+SELINUXDIR = $(DESTDIR)/etc/selinux
+
+CFLAGS ?= -g -Werror -Wall -W
+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDLIBS += -lselinux -L$(PREFIX)/lib
+
+all: restorecond
+
+restorecond: restorecond.o utmpwatcher.o stringslist.o
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+install: all
+ [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
+ -mkdir -p $(SBINDIR)
+ install -m 755 restorecond $(SBINDIR)
+ install -m 644 restorecond.8 $(MANDIR)/man8
+ -mkdir -p $(INITDIR)
+ install -m 644 restorecond.init $(INITDIR)/restorecond
+ -mkdir -p $(SELINUXDIR)
+ install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
+
+relabel: install
+ /sbin/restorecon $(SBINDIR)/restorecond
+
+clean:
+ -rm -f restorecond *.o *~
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/restorecond/restorecond.8 b/policycoreutils/restorecond/restorecond.8
new file mode 100644
index 0000000..b149dcb
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond.8
@@ -0,0 +1,31 @@
+.TH "restorecond" "8" "2002031409" "" ""
+.SH "NAME"
+restorecond \- daemon that watches for file creation and then sets the default SELinux file context
+
+.SH "SYNOPSIS"
+.B restorecond [\-d]
+.P
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR restorecond
+program.
+.P
+This daemon uses inotify to watch files listed in the /etc/selinux/restorecond.conf, when they are created, this daemon will make sure they have
+the correct file context associated with the policy.
+
+.SH "OPTIONS"
+.TP
+.B \-d
+Turns on debugging mode. Application will stay in the foreground and lots of
+debugs messages start printing.
+
+.SH "AUTHOR"
+This man page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "FILES"
+/etc/selinux/restorecond.conf
+
+.SH "SEE ALSO"
+.BR restorecon (8),
diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
new file mode 100644
index 0000000..873b242
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond.c
@@ -0,0 +1,492 @@
+/*
+ * restorecond
+ *
+ * Copyright (C) 2006 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+.*
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ * 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+*/
+
+/*
+ * PURPOSE:
+ * This daemon program watches for the creation of files listed in a config file
+ * and makes sure that there security context matches the systems defaults
+ *
+ * USAGE:
+ * restorecond [-d] [-v]
+ *
+ * -d Run in debug mode
+ * -v Run in verbose mode (Report missing files)
+ *
+ * EXAMPLE USAGE:
+ * restorecond
+ *
+ */
+
+#define _GNU_SOURCE
+#include <sys/inotify.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <syslog.h>
+#include <limits.h>
+#include <fcntl.h>
+
+#include "restorecond.h"
+#include "stringslist.h"
+#include "utmpwatcher.h"
+
+extern char *dirname(char *path);
+static int master_fd = -1;
+static int master_wd = -1;
+static int terminate = 0;
+
+#include <selinux/selinux.h>
+#include <utmp.h>
+
+/* size of the event structure, not counting name */
+#define EVENT_SIZE (sizeof (struct inotify_event))
+/* reasonable guess as to size of 1024 events */
+#define BUF_LEN (1024 * (EVENT_SIZE + 16))
+
+static int debug_mode = 0;
+static int verbose_mode = 0;
+
+static void restore(const char *filename);
+
+struct watchList {
+ struct watchList *next;
+ int wd;
+ char *dir;
+ struct stringsList *files;
+};
+struct watchList *firstDir = NULL;
+
+/* Compare two contexts to see if their differences are "significant",
+ * or whether the only difference is in the user. */
+static int only_changed_user(const char *a, const char *b)
+{
+ char *rest_a, *rest_b; /* Rest of the context after the user */
+ if (!a || !b)
+ return 0;
+ rest_a = strchr(a, ':');
+ rest_b = strchr(b, ':');
+ if (!rest_a || !rest_b)
+ return 0;
+ return (strcmp(rest_a, rest_b) == 0);
+}
+
+/*
+ A file was in a direcroty has been created. This function checks to
+ see if it is one that we are watching.
+*/
+
+static int watch_list_find(int wd, const char *file)
+{
+ struct watchList *ptr = NULL;
+ ptr = firstDir;
+
+ if (debug_mode)
+ printf("%d: File=%s\n", wd, file);
+ while (ptr != NULL) {
+ if (ptr->wd == wd) {
+ if (strings_list_find(ptr->files, file) == 0) {
+ char *path = NULL;
+ if (asprintf(&path, "%s/%s", ptr->dir, file) <
+ 0)
+ exitApp("Error allocating memory.");
+ restore(path);
+ free(path);
+ return 0;
+ }
+ if (debug_mode)
+ strings_list_print(ptr->files);
+
+ /* Not found in this directory */
+ return -1;
+ }
+ ptr = ptr->next;
+ }
+ /* Did not find a directory */
+ return -1;
+}
+
+static void watch_list_free(int fd)
+{
+ struct watchList *ptr = NULL;
+ struct watchList *prev = NULL;
+ ptr = firstDir;
+
+ while (ptr != NULL) {
+ inotify_rm_watch(fd, ptr->wd);
+ strings_list_free(ptr->files);
+ free(ptr->dir);
+ prev = ptr;
+ ptr = ptr->next;
+ free(prev);
+ }
+ firstDir = NULL;
+}
+
+/*
+ Set the file context to the default file context for this system.
+ Same as restorecon.
+*/
+static void restore(const char *filename)
+{
+ int retcontext = 0;
+ security_context_t scontext = NULL;
+ security_context_t prev_context = NULL;
+ struct stat st;
+ int fd = -1;
+ if (debug_mode)
+ printf("restore %s\n", filename);
+
+ fd = open(filename, O_NOFOLLOW | O_RDONLY);
+ if (fd < 0) {
+ if (verbose_mode)
+ syslog(LOG_ERR, "Unable to open file (%s) %s\n",
+ filename, strerror(errno));
+ return;
+ }
+
+ if (fstat(fd, &st) != 0) {
+ syslog(LOG_ERR, "Unable to stat file (%s) %s\n", filename,
+ strerror(errno));
+ close(fd);
+ return;
+ }
+
+ if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
+ syslog(LOG_ERR,
+ "Will not restore a file with more than one hard link (%s) %s\n",
+ filename, strerror(errno));
+ close(fd);
+ return;
+ }
+
+ if (matchpathcon(filename, st.st_mode, &scontext) < 0) {
+ if (errno == ENOENT)
+ return;
+ syslog(LOG_ERR, "matchpathcon(%s) failed %s\n", filename,
+ strerror(errno));
+ return;
+ }
+ retcontext = fgetfilecon_raw(fd, &prev_context);
+
+ if (retcontext >= 0 || errno == ENODATA) {
+ if (retcontext < 0)
+ prev_context = NULL;
+ if (retcontext < 0 || (strcmp(prev_context, scontext) != 0)) {
+
+ if (only_changed_user(scontext, prev_context) != 0) {
+ free(scontext);
+ free(prev_context);
+ close(fd);
+ return;
+ }
+
+ if (fsetfilecon(fd, scontext) < 0) {
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s failed:'%s'\n",
+ filename, scontext, strerror(errno));
+ if (retcontext >= 0)
+ free(prev_context);
+ free(scontext);
+ close(fd);
+ return;
+ }
+ syslog(LOG_WARNING, "Reset file context %s: %s->%s\n",
+ filename, prev_context, scontext);
+ }
+ if (retcontext >= 0)
+ free(prev_context);
+ } else {
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
+ }
+ free(scontext);
+ close(fd);
+}
+
+static void process_config(int fd, FILE * cfg)
+{
+ char *line_buf = NULL;
+ size_t len = 0;
+
+ while (getline(&line_buf, &len, cfg) > 0) {
+ char *buffer = line_buf;
+ while (isspace(*buffer))
+ buffer++;
+ if (buffer[0] == '#')
+ continue;
+ int l = strlen(buffer) - 1;
+ if (l <= 0)
+ continue;
+ buffer[l] = 0;
+ if (buffer[0] == '~')
+ utmpwatcher_add(fd, &buffer[1]);
+ else {
+ watch_list_add(fd, buffer);
+ }
+ }
+ free(line_buf);
+}
+
+/*
+ Read config file ignoring Comment lines
+ Files specified one per line. Files with "~" will be expanded to the logged in users
+ homedirs.
+*/
+
+static void read_config(int fd)
+{
+ char *watch_file_path = "/etc/selinux/restorecond.conf";
+
+ FILE *cfg = NULL;
+ if (debug_mode)
+ printf("Read Config\n");
+
+ watch_list_free(fd);
+
+ cfg = fopen(watch_file_path, "r");
+ if (!cfg)
+ exitApp("Error reading config file.");
+ process_config(fd, cfg);
+ fclose(cfg);
+
+ inotify_rm_watch(fd, master_wd);
+ master_wd =
+ inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+}
+
+/*
+ Inotify watch loop
+*/
+static int watch(int fd)
+{
+ char buf[BUF_LEN];
+ int len, i = 0;
+ len = read(fd, buf, BUF_LEN);
+ if (len < 0) {
+ if (terminate == 0) {
+ syslog(LOG_ERR, "Read error (%s)", strerror(errno));
+ return 0;
+ }
+ syslog(LOG_ERR, "terminated");
+ return -1;
+ } else if (!len)
+ /* BUF_LEN too small? */
+ return -1;
+ while (i < len) {
+ struct inotify_event *event;
+ event = (struct inotify_event *)&buf[i];
+ if (debug_mode)
+ printf("wd=%d mask=%u cookie=%u len=%u\n",
+ event->wd, event->mask,
+ event->cookie, event->len);
+ if (event->wd == master_wd)
+ read_config(fd);
+ else {
+ switch (utmpwatcher_handle(fd, event->wd)) {
+ case -1: /* Message was not for utmpwatcher */
+ if (event->len)
+ watch_list_find(event->wd, event->name);
+ break;
+
+ case 1: /* utmp has changed need to reload */
+ read_config(fd);
+ break;
+
+ default: /* No users logged in or out */
+ break;
+ }
+ }
+
+ i += EVENT_SIZE + event->len;
+ }
+ return 0;
+}
+
+static const char *pidfile = "/var/run/restorecond.pid";
+
+static int write_pid_file(void)
+{
+ int pidfd, len;
+ char val[16];
+
+ len = snprintf(val, sizeof(val), "%u\n", getpid());
+ if (len < 0) {
+ syslog(LOG_ERR, "Pid error (%s)", strerror(errno));
+ pidfile = 0;
+ return 1;
+ }
+ pidfd = open(pidfile, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
+ if (pidfd < 0) {
+ syslog(LOG_ERR, "Unable to set pidfile (%s)", strerror(errno));
+ pidfile = 0;
+ return 1;
+ }
+ (void)write(pidfd, val, (unsigned int)len);
+ close(pidfd);
+ return 0;
+}
+
+/*
+ * SIGTERM handler
+ */
+static void term_handler()
+{
+ terminate = 1;
+ /* trigger a failure in the watch */
+ close(master_fd);
+}
+
+static void usage(char *program)
+{
+ printf("%s [-d] [-v] \n", program);
+ exit(0);
+}
+
+void exitApp(const char *msg)
+{
+ perror(msg);
+ exit(-1);
+}
+
+/*
+ Add a file to the watch list. We are watching for file creation, so we actually
+ put the watch on the directory and then examine all files created in that directory
+ to see if it is one that we are watching.
+*/
+
+void watch_list_add(int fd, const char *path)
+{
+ struct watchList *ptr = NULL;
+ struct watchList *prev = NULL;
+ char *x = strdup(path);
+ if (!x)
+ exitApp("Out of Memory");
+ char *dir = dirname(x);
+ char *file = basename(path);
+ ptr = firstDir;
+
+ restore(path);
+
+ while (ptr != NULL) {
+ if (strcmp(dir, ptr->dir) == 0) {
+ strings_list_add(&ptr->files, file);
+ free(x);
+ return;
+ }
+ prev = ptr;
+ ptr = ptr->next;
+ }
+ ptr = calloc(1, sizeof(struct watchList));
+
+ if (!ptr)
+ exitApp("Out of Memory");
+ ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+
+ ptr->dir = strdup(dir);
+ if (!ptr->dir)
+ exitApp("Out of Memory");
+
+ strings_list_add(&ptr->files, file);
+ if (prev)
+ prev->next = ptr;
+ else
+ firstDir = ptr;
+
+ if (debug_mode)
+ printf("%d: Dir=%s, File=%s\n", ptr->wd, ptr->dir, file);
+
+ free(x);
+}
+
+int main(int argc, char **argv)
+{
+ int opt;
+ struct sigaction sa;
+
+#ifndef DEBUG
+ /* Make sure we are root */
+ if (getuid() != 0) {
+ fprintf(stderr, "You must be root to run this program.\n");
+ return 1;
+ }
+#endif
+ /* Make sure we are root */
+ if (is_selinux_enabled() != 1) {
+ fprintf(stderr, "Daemon requires SELinux be enabled to run.\n");
+ return 1;
+ }
+
+ /* Register sighandlers */
+ sa.sa_flags = 0;
+ sa.sa_handler = term_handler;
+ sigemptyset(&sa.sa_mask);
+ sigaction(SIGTERM, &sa, NULL);
+
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+
+ master_fd = inotify_init();
+ if (master_fd < 0)
+ exitApp("inotify_init");
+
+ while ((opt = getopt(argc, argv, "dv")) > 0) {
+ switch (opt) {
+ case 'd':
+ debug_mode = 1;
+ break;
+ case 'v':
+ verbose_mode = 1;
+ break;
+ case '?':
+ usage(argv[0]);
+ }
+ }
+ read_config(master_fd);
+
+ if (!debug_mode)
+ daemon(0, 0);
+
+ write_pid_file();
+
+ while (watch(master_fd) == 0) {
+ };
+
+ watch_list_free(master_fd);
+ close(master_fd);
+ matchpathcon_fini();
+ utmpwatcher_free();
+ if (pidfile)
+ unlink(pidfile);
+
+ return 0;
+}
diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
new file mode 100644
index 0000000..373d8a8
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond.conf
@@ -0,0 +1,7 @@
+/etc/resolv.conf
+/etc/samba/secrets.tdb
+/etc/mtab
+/var/run/utmp
+/var/log/wtmp
+~/public_html
+~/.mozilla/plugins/libflashplayer.so
diff --git a/policycoreutils/restorecond/restorecond.h b/policycoreutils/restorecond/restorecond.h
new file mode 100644
index 0000000..e1666bf
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond.h
@@ -0,0 +1,30 @@
+/* restorecond.h --
+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+ */
+
+#ifndef RESTORED_CONFIG_H
+#define RESTORED_CONFIG_H
+
+void exitApp(const char *msg);
+void watch_list_add(int inotify_fd, const char *path);
+
+#endif
diff --git a/policycoreutils/restorecond/restorecond.init b/policycoreutils/restorecond/restorecond.init
new file mode 100644
index 0000000..b966db6
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond.init
@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# restorecond: Daemon used to maintain path file context
+#
+# chkconfig: - 12 87
+# description: restorecond uses inotify to look for creation of new files \
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
+# correct security context.
+#
+# processname: /usr/sbin/restorecond
+# config: /etc/selinux/restorecond.conf
+# pidfile: /var/run/restorecond.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0 || exit 4
+
+test -x /usr/sbin/restorecond || exit 5
+test -f /etc/selinux/restorecond.conf || exit 6
+
+RETVAL=0
+
+start()
+{
+ echo -n $"Starting restorecond: "
+ unset HOME MAIL USER USERNAME
+ daemon /usr/sbin/restorecond
+ RETVAL=$?
+ touch /var/lock/subsys/restorecond
+ echo
+ return $RETVAL
+}
+
+stop()
+{
+ echo -n $"Shutting down restorecond: "
+ killproc restorecond
+ RETVAL=$?
+ rm -f /var/lock/subsys/restorecond
+ echo
+ return $RETVAL
+}
+
+restart()
+{
+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status restorecond
+ RETVAL=$?
+ ;;
+ restart|reload)
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/restorecond ] && restart || :
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart}"
+ RETVAL=3
+esac
+
+exit $RETVAL
+
diff --git a/policycoreutils/restorecond/stringslist.c b/policycoreutils/restorecond/stringslist.c
new file mode 100644
index 0000000..6afb3e4
--- /dev/null
+++ b/policycoreutils/restorecond/stringslist.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2006 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+.*
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ * 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+*/
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "stringslist.h"
+#include "restorecond.h"
+
+/* Sorted lists */
+void strings_list_add(struct stringsList **list, const char *string)
+{
+ struct stringsList *ptr = *list;
+ struct stringsList *prev = NULL;
+ struct stringsList *newptr = NULL;
+ while (ptr) {
+ int cmp = strcmp(string, ptr->string);
+ if (cmp < 0)
+ break; /* Not on list break out to add */
+ if (cmp == 0)
+ return; /* Already on list */
+ prev = ptr;
+ ptr = ptr->next;
+ }
+ newptr = calloc(1, sizeof(struct stringsList));
+ if (!newptr)
+ exitApp("Out of Memory");
+ newptr->string = strdup(string);
+ newptr->next = ptr;
+ if (prev)
+ prev->next = newptr;
+ else
+ *list = newptr;
+}
+
+int strings_list_find(struct stringsList *ptr, const char *string)
+{
+ while (ptr) {
+ int cmp = strcmp(string, ptr->string);
+ if (cmp < 0)
+ return -1; /* Not on list break out to add */
+ if (cmp == 0)
+ return 0; /* Already on list */
+ ptr = ptr->next;
+ }
+ return -1;
+}
+
+void strings_list_free(struct stringsList *ptr)
+{
+ struct stringsList *prev = NULL;
+ while (ptr) {
+ free(ptr->string);
+ prev = ptr;
+ ptr = ptr->next;
+ free(prev);
+ }
+}
+
+int strings_list_diff(struct stringsList *from, struct stringsList *to)
+{
+ while (from != NULL && to != NULL) {
+ if (strcmp(from->string, to->string) != 0)
+ return 1;
+ from = from->next;
+ to = to->next;
+ }
+ if (from != NULL || to != NULL)
+ return 1;
+ return 0;
+}
+
+void strings_list_print(struct stringsList *ptr)
+{
+ while (ptr) {
+ printf("%s\n", ptr->string);
+ ptr = ptr->next;
+ }
+}
+
+#ifdef TEST
+void exitApp(const char *msg)
+{
+ perror(msg);
+ exit(-1);
+}
+
+int main(int argc, char **argv)
+{
+ struct stringsList *list = NULL;
+ struct stringsList *list1 = NULL;
+ strings_list_add(&list, "/etc/resolv.conf");
+ strings_list_add(&list, "/etc/walsh");
+ strings_list_add(&list, "/etc/mtab");
+ strings_list_add(&list, "/etc/walsh");
+ if (strings_list_diff(list, list) != 0)
+ printf("strings_list_diff test1 bug\n");
+ strings_list_add(&list1, "/etc/walsh");
+ if (strings_list_diff(list, list1) == 0)
+ printf("strings_list_diff test2 bug\n");
+ strings_list_add(&list1, "/etc/walsh");
+ strings_list_add(&list1, "/etc/resolv.conf");
+ strings_list_add(&list1, "/etc/mtab1");
+ if (strings_list_diff(list, list1) == 0)
+ printf("strings_list_diff test3 bug\n");
+ printf("strings list\n");
+ strings_list_print(list);
+ printf("strings list1\n");
+ strings_list_print(list1);
+ strings_list_free(list);
+ strings_list_free(list1);
+}
+#endif
diff --git a/policycoreutils/restorecond/stringslist.h b/policycoreutils/restorecond/stringslist.h
new file mode 100644
index 0000000..9299520
--- /dev/null
+++ b/policycoreutils/restorecond/stringslist.h
@@ -0,0 +1,37 @@
+/* stringslist.h --
+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+ */
+#ifndef STRINGSLIST_H
+#define STRINGSLIST_H
+
+struct stringsList {
+ struct stringsList *next;
+ char *string;
+};
+
+void strings_list_free(struct stringsList *list);
+void strings_list_add(struct stringsList **list, const char *string);
+void strings_list_print(struct stringsList *list);
+int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_diff(struct stringsList *from, struct stringsList *to);
+
+#endif
diff --git a/policycoreutils/restorecond/utmpwatcher.c b/policycoreutils/restorecond/utmpwatcher.c
new file mode 100644
index 0000000..f818bbf
--- /dev/null
+++ b/policycoreutils/restorecond/utmpwatcher.c
@@ -0,0 +1,116 @@
+/*
+ * utmpwatcher.c
+ *
+ * Copyright (C) 2006 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+.*
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ * 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+ *
+*/
+
+#define _GNU_SOURCE
+#include <sys/inotify.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <syslog.h>
+
+#include <limits.h>
+#include <utmp.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include "restorecond.h"
+#include "utmpwatcher.h"
+#include "stringslist.h"
+
+static struct stringsList *utmp_ptr = NULL;
+static int utmp_wd = -1;
+
+unsigned int utmpwatcher_handle(int inotify_fd, int wd)
+{
+ int changed = 0;
+ struct utmp u;
+ char *utmp_path = "/var/run/utmp";
+ struct stringsList *prev_utmp_ptr = utmp_ptr;
+ if (wd != utmp_wd)
+ return -1;
+
+ utmp_ptr = NULL;
+ FILE *cfg = fopen(utmp_path, "r");
+ if (!cfg)
+ exitApp("Error reading config file.");
+
+ while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
+ if (u.ut_type == USER_PROCESS)
+ strings_list_add(&utmp_ptr, u.ut_user);
+ }
+ fclose(cfg);
+ if (utmp_wd >= 0)
+ inotify_rm_watch(inotify_fd, utmp_wd);
+
+ utmp_wd =
+ inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+ if (prev_utmp_ptr) {
+ changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
+ strings_list_free(prev_utmp_ptr);
+ }
+ return changed;
+}
+
+static void watch_file(int inotify_fd, const char *file)
+{
+ struct stringsList *ptr = utmp_ptr;
+
+ while (ptr) {
+ struct passwd *pwd = getpwnam(ptr->string);
+ if (pwd) {
+ char *path = NULL;
+ if (asprintf(&path, "%s%s", pwd->pw_dir, file) < 0)
+ exitApp("Error allocating memory.");
+ watch_list_add(inotify_fd, path);
+ free(path);
+ }
+ ptr = ptr->next;
+ }
+}
+
+void utmpwatcher_add(int inotify_fd, const char *path)
+{
+ if (utmp_ptr == NULL) {
+ utmpwatcher_handle(inotify_fd, utmp_wd);
+ }
+ watch_file(inotify_fd, path);
+}
+
+void utmpwatcher_free(void)
+{
+ if (utmp_ptr)
+ strings_list_free(utmp_ptr);
+}
+
+#ifdef TEST
+int main(int argc, char **argv)
+{
+ read_utmp();
+ return 0;
+}
+#endif
diff --git a/policycoreutils/restorecond/utmpwatcher.h b/policycoreutils/restorecond/utmpwatcher.h
new file mode 100644
index 0000000..1988010
--- /dev/null
+++ b/policycoreutils/restorecond/utmpwatcher.h
@@ -0,0 +1,30 @@
+/* utmpwatcher.h --
+ * Copyright 2006 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Dan Walsh <dwalsh@redhat.com>
+ *
+ */
+#ifndef UTMPWATCHER_H
+#define UTMPWATCHER_H
+
+unsigned int utmpwatcher_handle(int inotify_fd, int wd);
+void utmpwatcher_add(int inotify_fd, const char *path);
+void utmpwatcher_free(void);
+
+#endif
diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
new file mode 100644
index 0000000..a83cbd9
--- /dev/null
+++ b/policycoreutils/run_init/Makefile
@@ -0,0 +1,52 @@
+
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR ?= $(PREFIX)/share/man
+ETCDIR ?= $(DESTDIR)/etc
+LOCALEDIR ?= /usr/share/locale
+PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+LDLIBS += -lselinux -L$(PREFIX)/lib
+ifeq (${PAMH}, /usr/include/security/pam_appl.h)
+ override CFLAGS += -DUSE_PAM
+ LDLIBS += -lpam -lpam_misc
+else
+ override CFLAGS += -D_XOPEN_SOURCE=500
+ LDLIBS += -lcrypt
+endif
+ifeq (${AUDITH}, /usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+endif
+
+TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+
+all: $(TARGETS)
+
+open_init_pty: open_init_pty.c
+ $(LINK.c) $^ -ldl -lutil -o $@
+
+
+install: all
+ test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
+ test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ install -m 755 run_init $(SBINDIR)
+ install -m 755 open_init_pty $(SBINDIR)
+ install -m 644 run_init.8 $(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ifeq (${PAMH}, /usr/include/security/pam_appl.h)
+ install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+endif
+
+clean:
+ -rm -f $(TARGETS) *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel: install
+ /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
diff --git a/policycoreutils/run_init/open_init_pty.8 b/policycoreutils/run_init/open_init_pty.8
new file mode 100644
index 0000000..540860a
--- /dev/null
+++ b/policycoreutils/run_init/open_init_pty.8
@@ -0,0 +1,48 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2005 Manoj Srivastava <srivasta@debian.org>
+.\"
+.\" This is free documentation; you can redistribute it and/or
+.\" modify it under the terms of the GNU General Public License as
+.\" published by the Free Software Foundation; either version 2 of
+.\" the License, or (at your option) any later version.
+.\"
+.\" The GNU General Public License's references to "object code"
+.\" and "executables" are to be interpreted as the output of any
+.\" document formatting or typesetting system, including
+.\" intermediate and printed output.
+.\"
+.\" This manual is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public
+.\" License along with this manual; if not, write to the Free
+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+.\" USA.
+.\"
+.\"
+.TH OPEN_INIT_PTY "8" "January 2005" "Security Enhanced Linux" NSA
+.SH NAME
+open_init_pty \- run an program under a psuedo terminal
+.SH SYNOPSIS
+.B open_init_pty
+\fISCRIPT\fR [[\fIARGS\fR]...]
+.br
+.SH DESCRIPTION
+.PP
+Run a program under a psuedo terminal. This is used by
+.B run_init
+to run actually run the program after setting up the proper
+context. This program acquires a new Psuedo terminal, forks a child
+process that binds to the psueado terminal, and then sits around and
+connects the physical terminal it was invoked upon with the pseudo
+terminal, passing keyboard input into to the child process, and passing the
+output of the child process to the physical terminal.
+.PP
+It sets up the pseudo terminal properly based on the physical terminal
+attributes, and then sets the user's terminal to RAW mode, taking care
+to reset it on exit.
+.SH AUTHOR
+This manual page was written by Manoj Srivastava <srivasta@debian.org>,
+for the Debian GNU/Linux system.
diff --git a/policycoreutils/run_init/open_init_pty.c b/policycoreutils/run_init/open_init_pty.c
new file mode 100644
index 0000000..b06f601
--- /dev/null
+++ b/policycoreutils/run_init/open_init_pty.c
@@ -0,0 +1,399 @@
+/* -*- Mode: C -*-
+ * open_init_pty.c ---
+ * Author : Manoj Srivastava ( srivasta@glaurung.internal.golden-gryphon.com )
+ * Created On : Fri Jan 14 10:48:28 2005
+ * Created On Node : glaurung.internal.golden-gryphon.com
+ * Last Modified By : Manoj Srivastava
+ * Last Modified On : Thu Sep 15 00:57:00 2005
+ * Last Machine Used: glaurung.internal.golden-gryphon.com
+ * Update Count : 92
+ * Status : Unknown, Use with caution!
+ * HISTORY :
+ * Description :
+ *
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * open_init_pty
+ *
+ * SYNOPSIS:
+ *
+ * This program allows a systems administrator to execute daemons
+ * which need to work in the initrc domain, and which need to have
+ * pty's as system_u:system_r:initrc_t
+ *
+ * USAGE:
+ *
+ * * arch-tag: a5583d39-72b9-4cdf-ba1b-5678ea4cbe20
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <errno.h>
+
+#include <sysexits.h>
+
+#include <pty.h> /* for openpty and forkpty */
+#include <utmp.h> /* for login_tty */
+#include <termios.h>
+#include <fcntl.h>
+
+#include <sys/select.h>
+
+static struct termios saved_termios;
+static int saved_fd = -1;
+static enum { RESET, RAW, CBREAK } tty_state = RESET;
+
+static int tty_semi_raw(int fd)
+{
+ struct termios buf;
+
+ if (tty_state == RESET) {
+ if (tcgetattr(fd, &saved_termios) < 0) {
+ return -1;
+ }
+ }
+
+ buf = saved_termios;
+ /*
+ * echo off, canonical mode off, extended input processing off,
+ * signal chars off
+ */
+ buf.c_lflag &= ~(ECHO | ICANON | IEXTEN | ISIG);
+ /*
+ * no SIGINT on break, CR-to-NL off, input parity check off, do not
+ * strip 8th bit on input,output flow control off
+ */
+ buf.c_iflag &= ~(BRKINT | ICRNL | INPCK | ISTRIP | IXON);
+ /* Clear size bits, parity checking off */
+ buf.c_cflag &= ~(CSIZE | PARENB);
+ /* set 8 bits/char */
+ buf.c_cflag |= CS8;
+ /* Output processing off
+ buf.c_oflag &= ~(OPOST); */
+
+ buf.c_cc[VMIN] = 1; /* one byte at a time, no timer */
+ buf.c_cc[VTIME] = 0;
+ if (tcsetattr(fd, TCSANOW, &buf) < 0) {
+ return -1;
+ } /* end of if(tcsetattr(fileno(stdin), TCSANOW, &buf) < 0) */
+ tty_state = RAW;
+ saved_fd = fd;
+ return 0;
+}
+
+void tty_atexit(void)
+{
+ if (tty_state != CBREAK && tty_state != RAW) {
+ return;
+ }
+
+ if (tcsetattr(saved_fd, TCSANOW, &saved_termios) < 0) {
+ return;
+ } /* end of if(tcsetattr(fileno(stdin), TCSANOW, &buf) < 0) */
+ tty_state = RESET;
+ return;
+}
+
+int main(int argc, char *argv[])
+{
+ pid_t child_pid;
+ struct termios tty_attr;
+ struct winsize window_size;
+ int pty_master;
+ int retval = 0;
+
+ /* for select */
+ fd_set readfds;
+ fd_set writefds;
+ fd_set exceptfds;
+
+ int err_count = 0;
+
+ /* for sigtimedwait() */
+ struct timespec timeout;
+ char buf[16384];
+
+ if (argc == 1) {
+ printf("usage: %s PROGRAM [ARGS]...\n", argv[0]);
+ exit(1);
+ }
+
+ sigset_t signal_set;
+ siginfo_t signalinfo;
+
+ /* set up SIGCHLD */
+ sigemptyset(&signal_set); /* no signals */
+ sigaddset(&signal_set, SIGCHLD); /* Add sig child */
+ sigprocmask(SIG_BLOCK, &signal_set, NULL); /* Block the signal */
+
+ /* Set both to 0, so sigtimed wait just does a poll */
+ timeout.tv_sec = 0;
+ timeout.tv_nsec = 0;
+
+ if (isatty(fileno(stdin))) {
+ /* get terminal parameters associated with stdout */
+ if (tcgetattr(fileno(stdout), &tty_attr) < 0) {
+ perror("tcgetattr:");
+ exit(EX_OSERR);
+ }
+
+ /* end of if(tcsetattr(&tty_attr)) */
+ /* get window size */
+ if (ioctl(fileno(stdout), TIOCGWINSZ, &window_size) < 0) {
+ perror("ioctl stdout:");
+ exit(1);
+ }
+
+ child_pid = forkpty(&pty_master, NULL, &tty_attr, &window_size);
+ } /* end of if(isatty(fileno(stdin))) */
+ else { /* not interactive */
+ child_pid = forkpty(&pty_master, NULL, NULL, NULL);
+ }
+
+ if (child_pid < 0) {
+ perror("Fork:");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EX_OSERR);
+ } /* end of if(child_pid < 0) */
+ if (child_pid == 0) {
+ /* in the child */
+ struct termios s_tty_attr;
+ if (tcgetattr(fileno(stdin), &s_tty_attr)) {
+ perror("Child:");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EXIT_FAILURE);
+ }
+ /* Turn off echo */
+ s_tty_attr.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ /* Also turn of NL to CR?LF on output */
+ s_tty_attr.c_oflag &= ~(ONLCR);
+ if (tcsetattr(fileno(stdin), TCSANOW, &s_tty_attr)) {
+ perror("Child:");
+ exit(EXIT_FAILURE);
+ }
+ { /* There is no reason to block sigchild for the process we
+ shall exec here */
+ sigset_t chld_signal_set;
+ /* release SIGCHLD */
+ sigemptyset(&chld_signal_set); /* no signals */
+ sigaddset(&chld_signal_set, SIGCHLD); /* Add sig child */
+ sigprocmask(SIG_UNBLOCK, &chld_signal_set, NULL); /* Unblock the signal */
+ }
+
+ if (execvp(argv[1], argv + 1)) {
+ perror("Exec:");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /* end of if(child_pid == 0) */
+ /*
+ * OK. Prepare to handle IO from the child. We need to transfer
+ * everything from the child's stdout to ours.
+ */
+ FD_ZERO(&readfds);
+ FD_ZERO(&writefds);
+ FD_ZERO(&exceptfds);
+
+ /*
+ * Read current file descriptor flags, preparing to do non blocking reads
+ */
+ retval = fcntl(pty_master, F_GETFL);
+ if (retval < 0) {
+ perror("fcntl_get");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EX_IOERR);
+ }
+
+ /* Set the connection to be non-blocking */
+ if (fcntl(pty_master, F_SETFL, retval | O_NONBLOCK) < 0) {
+ perror("fcnt_setFlag_nonblock:");
+ fflush(stdout);
+ fflush(stderr);
+ exit(1);
+ }
+
+ FD_SET(pty_master, &readfds);
+ FD_SET(pty_master, &writefds);
+ FD_SET(fileno(stdin), &readfds);
+ if (isatty(fileno(stdin))) {
+ if (tty_semi_raw(fileno(stdin)) < 0) {
+ perror("Error: settingraw mode:");
+ fflush(stdout);
+ fflush(stderr);
+ } /* end of if(tty_raw(fileno(stdin)) < 0) */
+ if (atexit(tty_atexit) < 0) {
+ perror("Atexit setup:");
+ fflush(stdout);
+ fflush(stderr);
+ } /* end of if(atexit(tty_atexit) < 0) */
+ }
+
+ /* ignore return from nice, but lower our priority */
+ int ignore __attribute__ ((unused)) = nice(19);
+
+ /* while no signal, we loop around */
+ int done = 0;
+ while (!done) {
+ struct timeval interval;
+ fd_set t_readfds;
+ fd_set t_writefds;
+ fd_set t_exceptfds;
+ /*
+ * We still use a blocked signal, and check for SIGCHLD every
+ * loop, since waiting infinitely did not really help the load
+ * when running, say, top.
+ */
+ interval.tv_sec = 0;
+ interval.tv_usec = 200000; /* so, check for signals every 200 milli
+ seconds */
+
+ t_readfds = readfds;
+ t_writefds = writefds;
+ t_exceptfds = exceptfds;
+
+ /* check for the signal */
+ retval = sigtimedwait(&signal_set, &signalinfo, &timeout);
+
+ if (retval == SIGCHLD) {
+ /* child terminated */
+ done = 1; /* in case they do not close off their
+ file descriptors */
+ } else {
+ if (retval < 0) {
+ if (errno != EAGAIN) {
+ perror("sigtimedwait");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EX_IOERR);
+ } else {
+ /* No signal in set was delivered within the timeout period specified */
+ }
+ }
+ } /* end of else */
+
+ if (select
+ (pty_master + 1, &t_readfds, &t_writefds, &t_exceptfds,
+ &interval) < 0) {
+ perror("Select:");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EX_IOERR);
+ }
+
+ if (FD_ISSET(pty_master, &t_readfds)) {
+ retval = read(pty_master, buf, (unsigned int)16384);
+ if (retval < 0) {
+ if (errno != EINTR && errno != EAGAIN) { /* Nothing left to read? */
+ fflush(stdout);
+ fflush(stderr);
+ /* fprintf(stderr, "DEBUG: %d: Nothing left to read?\n", __LINE__); */
+ exit(EXIT_SUCCESS);
+ } /* end of else */
+ } /* end of if(retval < 0) */
+ else {
+ if (retval == 0) {
+ if (++err_count > 5) { /* child closed connection */
+ fflush(stdout);
+ fflush(stderr);
+ /*fprintf(stderr, "DEBUG: %d: child closed connection?\n", __LINE__); */
+ exit(EXIT_SUCCESS);
+ }
+ } /* end of if(retval == 0) */
+ else {
+ ssize_t nleft = retval;
+ ssize_t nwritten = 0;
+ char *ptr = buf;
+ while (nleft > 0) {
+ if ((nwritten =
+ write(fileno(stdout), ptr,
+ (unsigned int)nleft))
+ <= 0) {
+ if (errno == EINTR) {
+ nwritten = 0;
+ } /* end of if(errno == EINTR) */
+ else {
+ perror("write");
+ fflush(stdout);
+ fflush(stderr);
+ exit(EXIT_SUCCESS);
+ } /* end of else */
+ } /* end of if((nwritten = write(sockfd, ptr, nleft)) <= 0) */
+ nleft -= nwritten;
+ ptr += nwritten;
+ } /* end of while(nleft > 0) */
+
+ /* fprintf(stderr, "DEBUG: %d: wrote %d\n", __LINE__, retval); */
+ fflush(stdout);
+ } /* end of else */
+ } /* end of else */
+ }
+ if (FD_ISSET(fileno(stdin), &t_readfds)) {
+ if (FD_ISSET(pty_master, &t_writefds)) {
+ retval =
+ read(fileno(stdin), buf,
+ (unsigned int)16384);
+ if (retval < 0) {
+ if (errno != EINTR && errno != EAGAIN) { /* Nothing left to read? */
+ fflush(stdout);
+ fflush(stderr);
+ exit(EXIT_SUCCESS);
+ } /* end of else */
+ } /* end of if(retval < 0) */
+ else {
+ if (retval == 0) {
+ if (++err_count > 5) { /* lost controlling tty */
+ fflush(stdout);
+ fflush(stderr);
+ exit(EXIT_SUCCESS);
+ }
+ } /* end of if(retval == 0) */
+ else {
+ ssize_t nleft = retval;
+ ssize_t nwritten = 0;
+ char *ptr = buf;
+ while (nleft > 0) {
+ if ((nwritten =
+ write(pty_master,
+ ptr,
+ (unsigned
+ int)nleft))
+ <= 0) {
+ if (errno ==
+ EINTR) {
+ nwritten
+ = 0;
+ } /* end of if(errno == EINTR) */
+ else {
+ perror
+ ("write");
+ fflush
+ (stdout);
+ fflush
+ (stderr);
+ exit(EXIT_SUCCESS);
+ } /* end of else */
+ } /* end of if((nwritten = write(sockfd, ptr, nleft)) <= 0) */
+ nleft -= nwritten;
+ ptr += nwritten;
+ } /* end of while(nleft > 0) */
+
+ fflush(stdout);
+ } /* end of else */
+ } /* end of else */
+ } /* end of if(FD_ISSET(pty_master, &writefds)) */
+ } /* something to read on stdin */
+ } /* Loop */
+
+ fflush(stdout);
+ fflush(stderr);
+
+ exit(EXIT_SUCCESS);
+} /* end of main() */
diff --git a/policycoreutils/run_init/run_init.8 b/policycoreutils/run_init/run_init.8
new file mode 100644
index 0000000..f1c418f
--- /dev/null
+++ b/policycoreutils/run_init/run_init.8
@@ -0,0 +1,26 @@
+.TH RUN_INIT "8" "May 2003" "Security Enhanced Linux" NSA
+.SH NAME
+run_init \- run an init script in the proper SELinux context
+.SH SYNOPSIS
+.B run_init
+\fISCRIPT\fR [[\fIARGS\fR]...]
+.br
+.SH DESCRIPTION
+.PP
+Run a init script under the proper context, which is specified in
+/etc/selinux/POLICYTYPE/contexts/initrc_context.
+.SH FILES
+/etc/passwd - user account information
+.br
+/etc/shadow - encrypted passwords and age information
+.br
+/etc/selinux/POLICYTYPE/contexts/initrc_context - contains the context to run init scripts under
+.SH SEE ALSO
+.B newrole
+(1),
+.B runcon
+(1)
+.SH AUTHORS
+.nf
+Wayne Salamon (wsalamon@tislabs.com)
+Dan Walsh (dwalsh@redhat.com)
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
new file mode 100644
index 0000000..9db766c
--- /dev/null
+++ b/policycoreutils/run_init/run_init.c
@@ -0,0 +1,423 @@
+/************************************************************************
+ *
+ * run_init
+ *
+ * SYNOPSIS:
+ *
+ * This program allows a user to run an /etc/init.d script in the proper context.
+ *
+ * USAGE:
+ *
+ * run_init <script> <args>
+ *
+ * BUILD OPTIONS:
+ *
+ * option USE_PAM:
+ *
+ * Set the USE_PAM constant if you want to authenticate users via PAM.
+ * If USE_PAM is not set, users will be authenticated via direct
+ * access to the shadow password file.
+ *
+ * If you decide to use PAM must be told how to handle run_init. A
+ * good rule-of-thumb might be to tell PAM to handle run_init in the
+ * same way it handles su, except that you should remove the pam_rootok.so
+ * entry so that even root must re-authenticate to run the init scripts
+ * in the proper context.
+ *
+ * If you choose not to use PAM, make sure you have a shadow passwd file
+ * in /etc/shadow. You can use a simlink if your shadow passwd file
+ * lives in another directory. Example:
+ * su
+ * cd /etc
+ * ln -s /etc/auth/shadow shadow
+ *
+ * If you decide not to use PAM, you will also have to make run_init
+ * setuid root, so that it can read the shadow passwd file.
+ *
+ *
+ *************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h> /* for malloc(), realloc(), free() */
+#include <pwd.h> /* for getpwuid() */
+#include <sys/types.h> /* to make getuid() and getpwuid() happy */
+#include <sys/wait.h> /* for wait() */
+#include <sys/stat.h> /* for struct stat and friends */
+#include <getopt.h> /* for getopt_long() form of getopt() */
+#include <selinux/selinux.h>
+#include <selinux/get_default_type.h>
+#include <selinux/context.h> /* for context-mangling functions */
+#include <fcntl.h>
+#include <ctype.h>
+#include <limits.h>
+#ifdef USE_AUDIT
+#include <libaudit.h>
+#endif
+#ifdef USE_NLS
+#include <libintl.h>
+#include <locale.h>
+#define _(msgid) gettext (msgid)
+#else
+#define _(msgid) (msgid)
+#endif
+#ifndef PACKAGE
+#define PACKAGE "policycoreutils" /* the name of this package lang translation */
+#endif
+/* USAGE_STRING describes the command-line args of this program. */
+#define USAGE_STRING _("USAGE: run_init <script> <args ...>\n\
+ where: <script> is the name of the init script to run,\n\
+ <args ...> are the arguments to that script.")
+
+#define CONTEXT_FILE "initrc_context"
+#ifdef USE_PAM
+
+/************************************************************************
+ *
+ * All PAM code goes in this section.
+ *
+ ************************************************************************/
+
+#include <unistd.h> /* for getuid(), exit(), getopt() */
+
+#include <security/pam_appl.h> /* for PAM functions */
+#include <security/pam_misc.h> /* for misc_conv PAM utility function */
+
+#define SERVICE_NAME "run_init" /* the name of this program for PAM */
+ /* The file containing the context to run
+ * the scripts under. */
+
+int authenticate_via_pam(const struct passwd *);
+
+/* authenticate_via_pam()
+ *
+ * in: p_passwd_line - struct containing data from our user's line in
+ * the passwd file.
+ * out: nothing
+ * return: value condition
+ * ----- ---------
+ * 1 PAM thinks that the user authenticated themselves properly
+ * 0 otherwise
+ *
+ * This function uses PAM to authenticate the user running this
+ * program. This is the only function in this program that makes PAM
+ * calls.
+ *
+ */
+
+int authenticate_via_pam(const struct passwd *p_passwd_line)
+{
+
+ int result = 0; /* our result, set to 0 (not authenticated) by default */
+ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */
+
+ /* This is a jump table of functions for PAM to use when it wants to *
+ * communicate with the user. We'll be using misc_conv(), which is *
+ * provided for us via pam_misc.h. */
+ struct pam_conv pam_conversation = {
+ misc_conv,
+ NULL
+ };
+
+ /* Make `p_pam_handle' a valid PAM handle so we can use it when *
+ * calling PAM functions. */
+ if (PAM_SUCCESS != pam_start(SERVICE_NAME,
+ p_passwd_line->pw_name,
+ &pam_conversation, &pam_handle)) {
+ fprintf(stderr, _("failed to initialize PAM\n"));
+ exit(-1);
+ }
+
+ /* Ask PAM to authenticate the user running this program */
+ if (PAM_SUCCESS == pam_authenticate(pam_handle, 0)) {
+ result = 1; /* user authenticated OK! */
+ }
+
+ /* If we were successful, call pam_acct_mgmt() to reset the
+ * pam_tally failcount.
+ */
+ if (result && (PAM_SUCCESS != pam_acct_mgmt(pam_handle, 0)) ) {
+ fprintf(stderr, _("failed to get account information\n"));
+ exit(-1);
+ }
+
+ /* We're done with PAM. Free `pam_handle'. */
+ pam_end(pam_handle, PAM_SUCCESS);
+
+ return (result);
+
+} /* authenticate_via_pam() */
+
+#else /* else !USE_PAM */
+
+/************************************************************************
+ *
+ * All shadow passwd code goes in this section.
+ *
+ ************************************************************************/
+
+#include <unistd.h> /* for getuid(), exit(), crypt() */
+#include <shadow.h> /* for shadow passwd functions */
+#include <string.h> /* for strlen(), memset() */
+
+#define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */
+
+int authenticate_via_shadow_passwd(const struct passwd *);
+
+/* authenticate_via_shadow_passwd()
+ *
+ * in: p_passwd_line - struct containing data from our user's line in
+ * the passwd file.
+ * out: nothing
+ * return: value condition
+ * ----- ---------
+ * 1 user authenticated themselves properly according to the
+ * shadow passwd file.
+ * 0 otherwise
+ *
+ * This function uses the shadow passwd file to authenticate the user running
+ * this program.
+ *
+ */
+
+int authenticate_via_shadow_passwd(const struct passwd *p_passwd_line)
+{
+
+ struct spwd *p_shadow_line; /* struct derived from shadow passwd file line */
+ char *unencrypted_password_s; /* unencrypted password input by user */
+ char *encrypted_password_s; /* user's password input after being crypt()ed */
+
+ /* Make `p_shadow_line' point to the data from the current user's *
+ * line in the shadow passwd file. */
+ setspent(); /* Begin access to the shadow passwd file. */
+ p_shadow_line = getspnam(p_passwd_line->pw_name);
+ endspent(); /* End access to the shadow passwd file. */
+ if (!(p_shadow_line)) {
+ fprintf(stderr,
+ _
+ ("Cannot find your entry in the shadow passwd file.\n"));
+ exit(-1);
+ }
+
+ /* Ask user to input unencrypted password */
+ if (!(unencrypted_password_s = getpass(PASSWORD_PROMPT))) {
+ fprintf(stderr, _("getpass cannot open /dev/tty\n"));
+ exit(-1);
+ }
+
+ /* Use crypt() to encrypt user's input password. Clear the *
+ * unencrypted password as soon as we're done, so it is not *
+ * visible to memory snoopers. */
+ encrypted_password_s = crypt(unencrypted_password_s,
+ p_shadow_line->sp_pwdp);
+ memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
+
+ /* Return 1 (authenticated) iff the encrypted version of the user's *
+ * input password matches the encrypted password stored in the *
+ * shadow password file. */
+ return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
+
+} /* authenticate_via_shadow_passwd() */
+
+#endif /* if/else USE_PAM */
+
+/*
+ * authenticate_user()
+ *
+ * Authenticate the user.
+ *
+ * in: nothing
+ * out: nothing
+ * return: 0 When success
+ * -1 When failure
+ */
+int authenticate_user()
+{
+
+#define INITLEN 255
+ struct passwd *p_passwd_line; /* struct derived from passwd file line */
+ uid_t uid;
+
+ /*
+ * Determine the Linux user identity to re-authenticate.
+ * If supported and set, use the login uid, as this should be more stable.
+ * Otherwise, use the real uid.
+ * The SELinux user identity is no longer used, as Linux users are now
+ * mapped to SELinux users via seusers and the SELinux user identity space
+ * is separate.
+ */
+#ifdef USE_AUDIT
+ uid = audit_getloginuid();
+ if (uid == (uid_t) - 1)
+ uid = getuid();
+#else
+ uid = getuid();
+#endif
+
+ p_passwd_line = getpwuid(uid);
+ if (!p_passwd_line) {
+ fprintf(stderr, "cannot find your entry in the passwd file.\n");
+ return (-1);
+ }
+
+ printf("Authenticating %s.\n", p_passwd_line->pw_name);
+
+ /*
+ * Re-authenticate the user running this program.
+ * This is just to help confirm user intent (vs. invocation by
+ * malicious software), not to authorize the operation (which is covered
+ * by policy). Trusted path mechanism would be preferred.
+ */
+#ifdef USE_PAM
+ if (!authenticate_via_pam(p_passwd_line)) {
+#else /* !USE_PAM */
+ if (!authenticate_via_shadow_passwd(p_passwd_line)) {
+#endif /* if/else USE_PAM */
+ fprintf(stderr, _("run_init: incorrect password for %s\n"),
+ p_passwd_line->pw_name);
+ return (-1);
+ }
+
+ /* If we reach here, then we have authenticated the user. */
+#ifdef CANTSPELLGDB
+ printf("You are authenticated!\n");
+#endif
+
+ return 0;
+
+} /* authenticate_user() */
+
+/*
+ * get_init_context()
+ *
+ * Get the CONTEXT associated with the context for the init scripts. *
+ *
+ * in: nothing
+ * out: The CONTEXT associated with the context.
+ * return: 0 on success, -1 on failure.
+ */
+int get_init_context(security_context_t * context)
+{
+
+ FILE *fp;
+ char buf[255], *bufp;
+ int buf_len;
+ char context_file[PATH_MAX];
+ snprintf(context_file, sizeof(context_file) - 1, "%s/%s",
+ selinux_contexts_path(), CONTEXT_FILE);
+ fp = fopen(context_file, "r");
+ if (!fp) {
+ fprintf(stderr, _("Could not open file %s\n"), context_file);
+ return -1;
+ }
+
+ while (1) { /* loop until we find a non-empty line */
+
+ if (!fgets(buf, sizeof buf, fp))
+ break;
+
+ buf_len = strlen(buf);
+ if (buf[buf_len - 1] == '\n')
+ buf[buf_len - 1] = 0;
+
+ bufp = buf;
+ while (*bufp && isspace(*bufp))
+ bufp++;
+
+ if (*bufp) {
+ *context = strdup(bufp);
+ if (!(*context))
+ goto out;
+ fclose(fp);
+ return 0;
+ }
+ }
+ out:
+ fclose(fp);
+ fprintf(stderr, _("No context in file %s\n"), context_file);
+ return -1;
+
+} /* get_init_context() */
+
+/*****************************************************************************
+ * main() *
+ *****************************************************************************/
+int main(int argc, char *argv[])
+{
+
+ extern char *optarg; /* used by getopt() for arg strings */
+ extern int opterr; /* controls getopt() error messages */
+ security_context_t new_context; /* context for the init script context */
+
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+#endif
+
+ /* Verify that we are running on a flask-enabled kernel. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ _
+ ("Sorry, run_init may be used only on a SELinux kernel.\n"));
+ exit(-1);
+ }
+
+ /*
+ * Step 1: Handle command-line arguments. The first argument is the
+ * name of the script to run. All other arguments are for the script
+ * itself, and will be passed directly to the script.
+ */
+
+ if (argc < 2) {
+ fprintf(stderr, "%s\n", USAGE_STRING);
+ exit(-1);
+ }
+
+ /*
+ * Step 2: Authenticate the user.
+ */
+ if (authenticate_user() != 0) {
+ fprintf(stderr, _("authentication failed.\n"));
+ exit(-1);
+ }
+
+ /*
+ * Step 3: Get the context for the script to be run in.
+ */
+ if (get_init_context(&new_context) == 0) {
+#ifdef CANTSPELLGDB
+ printf("context is %s\n", new_context);
+#endif
+ } else {
+ exit(-1);
+ }
+
+ /*
+ * Step 4: Run the command in the correct context.
+ */
+
+ if (chdir("/")) {
+ perror("chdir");
+ exit(-1);
+ }
+
+ if (setexeccon(new_context) < 0) {
+ fprintf(stderr, _("Could not set exec context to %s.\n"),
+ new_context);
+ exit(-1);
+ }
+ /*
+ * Do not execvp the command directly from run_init; since it would run
+ * under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
+ * which transitions us into initrc_t, which then spawns a new
+ * process, that gets a pty with context initrc_devpts_t. Just
+ * execvp or using a exec(1) recycles pty's, and does not open a new
+ * one.
+ */
+ if (execvp("/usr/sbin/open_init_pty", argv)) {
+ perror("execvp");
+ exit(-1);
+ }
+ return 0;
+
+} /* main() */
diff --git a/policycoreutils/run_init/run_init.pamd b/policycoreutils/run_init/run_init.pamd
new file mode 100644
index 0000000..d1b435c
--- /dev/null
+++ b/policycoreutils/run_init/run_init.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session optional pam_xauth.so
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
new file mode 100644
index 0000000..d6d9069
--- /dev/null
+++ b/policycoreutils/scripts/Makefile
@@ -0,0 +1,23 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR ?= $(PREFIX)/share/man
+LOCALEDIR ?= /usr/share/locale
+
+all: fixfiles genhomedircon
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 chcat $(BINDIR)
+ install -m 755 fixfiles $(DESTDIR)/sbin
+ install -m 755 genhomedircon $(SBINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 fixfiles.8 $(MANDIR)/man8/
+ install -m 644 chcat.8 $(MANDIR)/man8/
+
+clean:
+
+indent:
+
+relabel:
diff --git a/policycoreutils/scripts/chcat b/policycoreutils/scripts/chcat
new file mode 100755
index 0000000..64864bc
--- /dev/null
+++ b/policycoreutils/scripts/chcat
@@ -0,0 +1,440 @@
+#! /usr/bin/python -E
+# Copyright (C) 2005 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# chcat is a script that allows you modify the Security label on a file
+#
+#` Author: Daniel Walsh <dwalsh@redhat.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+import commands, sys, os, pwd, string, getopt, selinux
+import seobject
+import gettext
+
+try:
+ gettext.install('policycoreutils')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
+def verify_users(users):
+ for u in users:
+ try:
+ pwd.getpwnam(u)
+ except KeyError:
+ error( "User %s does not exist" % u)
+
+def chcat_user_add(newcat, users):
+ errors = 0
+ logins = seobject.loginRecords()
+ seusers = logins.get_all()
+ add_ind = 0
+ verify_users(users)
+ for u in users:
+ if u in seusers.keys():
+ user = seusers[u]
+ else:
+ add_ind = 1
+ user = seusers["__default__"]
+ serange = user[1].split("-")
+ cats = []
+ top = ["s0"]
+ if len(serange) > 1:
+ top = serange[1].split(":")
+ if len(top) > 1:
+ cats.append(top[1])
+ cats = expandCats(cats)
+
+ for i in newcat[1:]:
+ if i not in cats:
+ cats.append(i)
+
+
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else:
+ new_serange = "%s-%s" % (serange[0], top[0])
+
+ if add_ind:
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ else:
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
+ return errors
+
+def chcat_add(orig, newcat, objects,login_ind):
+ if len(newcat) == 1:
+ raise ValueError(_("Requires at least one category"))
+
+ if login_ind == 1:
+ return chcat_user_add(newcat, objects)
+
+ errors = 0
+ sensitivity = newcat[0]
+ cat = newcat[1]
+ cmd = 'chcon -l %s' % sensitivity
+ for f in objects:
+ (rc, c) = selinux.getfilecon(f)
+ con = c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
+ print(_("Can not modify sensitivity levels using '+' on %s") % f)
+
+ if len(clist) > 1:
+ if cat in clist[1:]:
+ print _("%s is already in %s") % (f, orig)
+ continue
+ clist.append(cat)
+ cats = clist[1:]
+ cats.sort()
+ cat_string = cats[0]
+ for c in cats[1:]:
+ cat_string = "%s,%s" % (cat_string, c)
+ else:
+ cat_string = cat
+ cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+ return errors
+
+def chcat_user_remove(newcat, users):
+ errors = 0
+ logins = seobject.loginRecords()
+ seusers = logins.get_all()
+ add_ind = 0
+ verify_users(users)
+ for u in users:
+ if u in seusers.keys():
+ user = seusers[u]
+ else:
+ add_ind = 1
+ user = seusers["__default__"]
+ serange = user[1].split("-")
+ cats = []
+ top = ["s0"]
+ if len(serange) > 1:
+ top = serange[1].split(":")
+ if len(top) > 1:
+ cats.append(top[1])
+ cats = expandCats(cats)
+
+ for i in newcat[1:]:
+ if i in cats:
+ cats.remove(i)
+
+ if len(cats) > 0:
+ new_serange = "%s-%s:%s" % (serange[0], top[0], ",".join(cats))
+ else:
+ new_serange = "%s-%s" % (serange[0], top[0])
+
+ if add_ind:
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ else:
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+ return errors
+
+def chcat_remove(orig, newcat, objects, login_ind):
+ if len(newcat) == 1:
+ raise ValueError(_("Requires at least one category"))
+
+ if login_ind == 1:
+ return chcat_user_remove(newcat, objects)
+
+ errors = 0
+ sensitivity = newcat[0]
+ cat = newcat[1]
+
+ for f in objects:
+ (rc, c) = selinux.getfilecon(f)
+ con = c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
+ print(_("Can not modify sensitivity levels using '+' on %s") % f)
+ continue
+
+ if len(clist) > 1:
+ if cat not in clist[1:]:
+ print _("%s is not in %s") % (f, orig)
+ continue
+ clist.remove(cat)
+ if len(clist) > 1:
+ cat = clist[1]
+ for c in clist[2:]:
+ cat = "%s,%s" % (cat, c)
+ else:
+ cat = ""
+ else:
+ print _("%s is not in %s") % (f, orig)
+ continue
+
+ if len(cat) == 0:
+ cmd = 'chcon -l %s %s' % (sensitivity, f)
+ else:
+ cmd = 'chcon -l %s:%s %s' % (sensitivity,cat, f)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+ return errors
+
+def chcat_user_replace(newcat, users):
+ errors = 0
+ logins = seobject.loginRecords()
+ seusers = logins.get_all()
+ add_ind = 0
+ verify_users(users)
+ for u in users:
+ if u in seusers.keys():
+ user = seusers[u]
+ else:
+ add_ind = 1
+ user = seusers["__default__"]
+ serange = user[1].split("-")
+ new_serange = "%s-%s:%s" % (serange[0],newcat[0], string.join(newcat[1:], ","))
+ if new_serange[-1:] == ":":
+ new_serange = new_serange[:-1]
+
+ if add_ind:
+ cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ else:
+ cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+ return errors
+
+def chcat_replace(newcat, objects, login_ind):
+ if login_ind == 1:
+ return chcat_user_replace(newcat, objects)
+ errors = 0
+ if len(newcat) == 1:
+ sensitivity = newcat[0]
+ cmd = 'chcon -l %s ' % newcat[0]
+ else:
+ sensitivity = newcat[0]
+ cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1])
+ for cat in newcat[2:]:
+ cmd = '%s,%s' % (cmd, cat)
+
+ for f in objects:
+ cmd = "%s %s" % (cmd, f)
+
+ rc = commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
+ return errors
+
+def check_replace(cats):
+ plus_ind = 0
+ replace_ind = 0
+ for c in cats:
+ if len(c) > 0 and ( c[0] == "+" or c[0] == "-" ):
+ if replace_ind:
+ raise ValueError(_("Can not combine +/- with other types of categories"))
+ plus_ind = 1
+ else:
+ replace_ind = 1
+ if plus_ind:
+ raise ValueError(_("Can not combine +/- with other types of categories"))
+ return replace_ind
+
+def isSensitivity(sensitivity):
+ if sensitivity[0] == "s" and sensitivity[1:].isdigit() and int(sensitivity[1:]) in range(0,16):
+ return 1
+ else:
+ return 0
+
+def expandCats(cats):
+ newcats = []
+ for c in cats:
+ if c.find(".") != -1:
+ c = c.split(".")
+ for i in range(int(c[0][1:]), int(c[1][1:]) + 1):
+ x = ("c%d" % i)
+ if x not in newcats:
+ newcats.append("c%d" % i)
+ else:
+ for i in c.split(","):
+ if i not in newcats:
+ newcats.append(i)
+ return newcats
+
+def translate(cats):
+ newcat = []
+ if len(cats) == 0:
+ newcat.append("s0")
+ return newcat
+ for c in cats:
+ (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
+ rlist = raw.split(":")[3:]
+ tlist = []
+ if isSensitivity(rlist[0]) == 0:
+ tlist.append("s0")
+ for i in expandCats(rlist):
+ tlist.append(i)
+ else:
+ tlist.append(rlist[0])
+ for i in expandCats(rlist[1:]):
+ tlist.append(i)
+ if len(newcat) == 0:
+ newcat.append(tlist[0])
+ else:
+ if newcat[0] != tlist[0]:
+ raise ValueError(_("Can not have multiple sensitivities"))
+ for i in tlist[1:]:
+ newcat.append(i)
+ return newcat
+
+def usage():
+ print _("Usage %s CATEGORY File ...") % sys.argv[0]
+ print _("Usage %s -l CATEGORY user ...") % sys.argv[0]
+ print _("Usage %s [[+|-]CATEGORY],...]q File ...") % sys.argv[0]
+ print _("Usage %s -l [[+|-]CATEGORY],...]q user ...") % sys.argv[0]
+ print _("Usage %s -d File ...") % sys.argv[0]
+ print _("Usage %s -l -d user ...") % sys.argv[0]
+ print _("Usage %s -L") % sys.argv[0]
+ print _("Usage %s -L -l user") % sys.argv[0]
+ print _("Use -- to end option list. For example")
+ print _("chcat -- -CompanyConfidential /docs/businessplan.odt")
+ print _("chcat -l +CompanyConfidential juser")
+ sys.exit(1)
+
+def listcats():
+ fd = open(selinux.selinux_translations_path())
+ for l in fd.read().split("\n"):
+ if l.startswith("#"):
+ continue
+ if l.find("=") != -1:
+ rec = l.split("=")
+ print "%-30s %s" % tuple(rec)
+ fd.close()
+ return 0
+
+
+def listusercats(users):
+ if len(users) == 0:
+ users.append(os.getlogin())
+
+ verify_users(users)
+ for u in users:
+ cats = seobject.translate(selinux.getseuserbyname(u)[2])
+ cats = cats.split("-")
+ if len(cats) > 1 and cats[1] != "s0":
+ print "%s: %s" % (u, cats[1])
+ else:
+ print "%s: %s" % (u, cats[0])
+
+def error(msg):
+ print "%s: %s" % (sys.argv[0], msg)
+ sys.exit(1)
+
+if __name__ == '__main__':
+ if selinux.is_selinux_mls_enabled() != 1:
+ error("Requires a mls enabled system")
+
+ if selinux.is_selinux_enabled() != 1:
+ error("Requires an SELinux enabled system")
+
+ delete_ind = 0
+ list_ind = 0
+ login_ind = 0
+ try:
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ 'dhlL',
+ ['list',
+ 'login',
+ 'help',
+ 'delete'])
+
+ for o,a in gopts:
+ if o == "-h" or o == "--help":
+ usage()
+ if o == "-d" or o == "--delete":
+ delete_ind = 1
+ if o == "-L" or o == "--list":
+ list_ind = 1
+ if o == "-l" or o == "--login":
+ login_ind = 1
+
+ if list_ind == 0 and len(cmds) < 1:
+ usage()
+
+ except getopt.error, error:
+ errorExit(_("Options Error %s ") % error.msg)
+
+ except ValueError, e:
+ usage()
+
+ if delete_ind:
+ sys.exit(chcat_replace(["s0"], cmds, login_ind))
+
+ if list_ind:
+ if login_ind:
+ sys.exit(listusercats(cmds))
+ else:
+ if len(cmds) > 0:
+ usage()
+ sys.exit(listcats())
+
+ if len(cmds) < 2:
+ usage()
+
+ set_ind = 0
+ cats = cmds[0].split(",")
+ mod_ind = 0
+ errors = 0
+ objects = cmds[1:]
+ try:
+ if check_replace(cats):
+ errors = chcat_replace(translate(cats), objects, login_ind)
+ else:
+ for c in cats:
+ l = []
+ l.append(c[1:])
+ if len(c) > 0 and c[0] == "+":
+ errors += chcat_add(c[1:],translate(l), objects, login_ind)
+ continue
+ if len(c) > 0 and c[0] == "-":
+ errors += chcat_remove(c[1:],translate(l), objects, login_ind)
+ continue
+ except ValueError, e:
+ error(e)
+
+ sys.exit(errors)
+
+
+
diff --git a/policycoreutils/scripts/chcat.8 b/policycoreutils/scripts/chcat.8
new file mode 100644
index 0000000..3f9efba
--- /dev/null
+++ b/policycoreutils/scripts/chcat.8
@@ -0,0 +1,55 @@
+.TH CHCAT "8" "September 2005" "chcat" "User Commands"
+.SH NAME
+chcat \- change file SELinux security category
+.SH SYNOPSIS
+.B chcat
+\fIcategory file\fR...
+.br
+.B chcat -l
+\fIcategory user\fR...
+.br
+.B chcat
+\fI[[+|-]category...] file\fR...
+.br
+.B chcat -l
+\fI[[+|-]category...] user\fR...
+.br
+.B chcat
+[\fI-d\fR] \fIfile\fR...
+.br
+.B chcat -l
+[\fI-d\fR] \fIuser\fR...
+.br
+.B chcat
+\fI-L\fR [ -l ] [ user ... ]
+.br
+.SH DESCRIPTION
+.PP
+Change/Remove the security \fIcategory\fR for each \fIfile\fR or \fIuser\fR.
+.PP
+Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR.
+.PP
+.B
+Note:
+When removing a category you must specify '--' on the command line before using the -Category syntax. This tells the command that you have finished entering options and are now specifying a category name instead.
+
+.TP
+\fB\-d\fR
+delete the category from each FILE/USER.
+.TP
+\fB\-L\fR
+list available categories.
+.TP
+\fB\-l\fR
+Tells chcat to operate on users instead of files.
+.SH "SEE ALSO"
+.TP
+chcon(1), selinux(8), semanage(8)
+.PP
+.br
+When operating on files this script wraps the chcon command.
+.SH "FILES"
+/etc/selinux/{SELINUXTYPE}/setrans.conf
+.br
+/etc/selinux/{SELINUXTYPE}/seuser
+
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
new file mode 100755
index 0000000..faafdad
--- /dev/null
+++ b/policycoreutils/scripts/fixfiles
@@ -0,0 +1,266 @@
+#!/bin/bash
+# fixfiles
+#
+# Script to restore labels on a SELinux box
+#
+# Copyright (C) 2004 Red Hat, Inc.
+# Authors: Dan Walsh <dwalsh@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+#
+# Set global Variables
+#
+fullFlag=0
+FORCEFLAG=""
+DIRS=""
+RPMILES=""
+OUTFILES=""
+LOGFILE=`tty`
+if [ $? != 0 ]; then
+ LOGFILE="/dev/null"
+fi
+SYSLOGFLAG="-l"
+LOGGER=/usr/sbin/logger
+SETFILES=/sbin/setfiles
+RESTORECON=/sbin/restorecon
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
+SELINUXTYPE="targeted"
+if [ -e /etc/selinux/config ]; then
+ . /etc/selinux/config
+ FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
+else
+ FC=/etc/security/selinux/file_contexts
+fi
+
+#
+# Log to either syslog or a LOGFILE
+#
+logit () {
+if [ -n $LOGFILE ]; then
+ echo $1 >> $LOGFILE
+fi
+}
+#
+# Compare PREVious File Context to currently installed File Context and
+# run restorecon on all files affected by the differences.
+#
+diff_filecontext() {
+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+ TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
+ test -z "$TEMPFILE" && exit
+ PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX`
+ sed -r -e 's,:s0, ,g' $PREFC | sort -u > ${PREFCTEMPFILE}
+ sed -r -e 's,:s0, ,g' $FC | sort -u | \
+ /usr/bin/diff -b ${PREFCTEMPFILE} - | \
+ grep '^[<>]'|cut -c3-| grep ^/ | \
+ egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
+ sed -r -e 's,[[:blank:]].*,,g' \
+ -e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
+ -e 's|([/[:alnum:]])\?|{\1,}|g' \
+ -e 's|\?.*|*|g' \
+ -e 's|\(.*|*|g' \
+ -e 's|\[.*|*|g' \
+ -e 's|\.\*.*|*|g' \
+ -e 's|\.\+.*|*|g' | \
+ # These two sorts need to be separate commands \
+ sort -u | \
+ sort -d | \
+ while read pattern ; \
+ do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
+ echo "$pattern"; \
+ case "$pattern" in *"*") \
+ echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;
+ esac; \
+ fi; \
+ done | \
+ while read pattern ; do sh -c "find $pattern \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
+ done 2> /dev/null | \
+ ${RESTORECON} $* -0 -f -
+ rm -f ${TEMPFILE} ${PREFCTEMPFILE}
+fi
+}
+#
+# Log all Read Only file systems
+#
+LogReadOnly() {
+if [ ! -z "$FILESYSTEMSRO" ]; then
+ logit "Warning: Skipping the following R/O filesystems:"
+ logit "$FILESYSTEMSRO"
+fi
+}
+
+rpmlist() {
+rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
+[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr
+}
+
+#
+# restore
+# if called with -n will only check file context
+#
+restore () {
+if [ ! -z "$PREFC" ]; then
+ diff_filecontext $*
+ exit $?
+fi
+if [ ! -z "$RPMFILES" ]; then
+ for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
+ done
+ exit $?
+fi
+if [ ! -z "$FILEPATH" ]; then
+ if [ -x /usr/bin/find ]; then
+ /usr/bin/find "$FILEPATH" \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+ else
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+ fi
+ return
+fi
+LogReadOnly
+${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+exit $?
+}
+
+fullrelabel() {
+ logit "Cleaning out /tmp"
+ rm -rf /tmp/.??* /tmp/*
+ LogReadOnly
+ restore
+}
+
+relabel() {
+ if [ ! -z "$RPMFILES" ]; then
+ restore
+ fi
+
+ if [ $fullFlag == 1 ]; then
+ fullrelabel
+ fi
+
+ echo -n "
+ Files in the /tmp directory may be labeled incorrectly, this command
+ can remove all files in /tmp. If you choose to remove files from /tmp,
+ a reboot will be required after completion.
+
+ Do you wish to clean out the /tmp directory [N]? "
+ read answer
+ if [ "$answer" = y -o "$answer" = Y ]; then
+ fullrelabel
+ else
+ restore
+ fi
+}
+
+process() {
+#
+# Make sure they specified one of the three valid commands
+#
+case "$1" in
+ restore) restore -p ;;
+ check) restore -n -v;;
+ verify) restore -n -o -;;
+ relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
+ *)
+ usage
+ exit 1
+esac
+}
+usage() {
+ echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
+ echo or
+ echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
+}
+
+if [ $# = 0 ]; then
+ usage
+ exit 1
+fi
+
+# See how we were called.
+while getopts "C:Ffo:R:l:" i; do
+ case "$i" in
+ f)
+ fullFlag=1
+ ;;
+ R)
+ RPMFILES=$OPTARG
+ ;;
+ o)
+ OUTFILES=$OPTARG
+ ;;
+ l)
+ LOGFILE=$OPTARG
+ ;;
+ C)
+ PREFC=$OPTARG
+ ;;
+ F)
+ FORCEFLAG="-F"
+ ;;
+ *)
+ usage
+ exit 1
+esac
+done
+
+# Move out processed options from arguments
+shift $(( OPTIND - 1 ))
+
+# Check for the command
+command=$1
+if [ -z $command ]; then
+ usage
+fi
+
+# Move out command from arguments
+shift
+
+#
+# check if they specified both DIRS and RPMFILES
+#
+
+if [ ! -z "$RPMFILES" ]; then
+ process $command
+ if [ $# -gt 0 ]; then
+ usage
+ fi
+else
+ if [ -z "$1" ]; then
+ process $command
+ else
+ while [ -n "$1" ]; do
+ FILEPATH=$1
+ process $command
+ shift
+ done
+ fi
+fi
+exit $?
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
new file mode 100644
index 0000000..307ea4c
--- /dev/null
+++ b/policycoreutils/scripts/fixfiles.8
@@ -0,0 +1,76 @@
+.TH "fixfiles" "8" "2002031409" "" ""
+.SH "NAME"
+fixfiles \- fix file SELinux security contexts.
+
+.SH "SYNOPSIS"
+.B fixfiles [-F] [ -R rpmpackagename[,rpmpackagename...] ] [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] [-o outputfile ] { check | restore | [-F] relabel | verify }"
+
+.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+
+.B fixfiles onboot
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR fixfiles
+script.
+.P
+This script is primarily used to correct the security context
+database (extended attributes) on filesystems.
+.P
+It can also be run at any time to relabel when adding support for
+new policy, or just check whether the file contexts are all
+as you expect. By default it will relabel all mounted ext2, ext3, xfs and
+jfs file systems as long as they do not have a security context mount
+option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
+
+.SH "OPTIONS"
+.TP
+.B -l logfile
+Save the output to the specified logfile
+.TP
+.B -o outputfile
+Save all files that have file_context that differs from the default, in outputfile.
+
+.TP
+.B -F
+Force reset of context to match file_context for customizable files
+
+.TP
+.B -f
+Clear /tmp directory with out prompt for removal.
+
+.TP
+.B -R rpmpackagename[,rpmpackagename...]
+Use the rpm database to discover all files within the specified packages and restore the file contexts. (-a will get all files in the RPM database).
+.TP
+.B -C PREVIOUS_FILECONTEXT
+Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
+
+.SH "ARGUMENTS"
+One of:
+.TP
+.B check
+print any incorrect file context labels, showing old and new context, but do not change them.
+.TP
+.B restore
+change any incorrect file context labels.
+.TP
+.B relabel
+Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
+.TP
+.B verify
+List out files with incorrect file context labels, but do not change them.
+.TP
+.B [[dir/file] ... ]
+List of files or directories trees that you wish to check file context on.
+
+.SH "AUTHOR"
+This man page was written by Richard Hally <rhally@mindspring.com>.
+The script was written by Dan Walsh <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+.BR setfiles (8), restorecon(8)
+
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
new file mode 100644
index 0000000..ab696a7
--- /dev/null
+++ b/policycoreutils/scripts/genhomedircon
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/semodule -Bn
diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile
new file mode 100644
index 0000000..7684a43
--- /dev/null
+++ b/policycoreutils/secon/Makefile
@@ -0,0 +1,37 @@
+# secon tool - command-line context
+PREFIX ?= ${DESTDIR}/usr
+INCLUDEDIR ?= $(PREFIX)/include
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= ${PREFIX}/lib
+
+WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
+VERSION = $(shell cat ../VERSION)
+CFLAGS ?= $(WARNS) -O1
+override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR)
+LDLIBS = -lselinux -L$(LIBDIR)
+
+all: secon
+
+secon: secon.o
+
+install-nogui: install
+
+install: all
+ install -m 755 secon $(BINDIR);
+
+ test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ install -m 644 secon.1 $(MANDIR)/man1
+
+relabel:
+ /sbin/restorecon $(BINDIR)/secon
+
+clean:
+ rm -f *.o core* secon *~ *.bak
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+bare: clean
+
+.PHONY: clean bare
diff --git a/policycoreutils/secon/secon.1 b/policycoreutils/secon/secon.1
new file mode 100644
index 0000000..fcffbd8
--- /dev/null
+++ b/policycoreutils/secon/secon.1
@@ -0,0 +1,111 @@
+.TH SECON "1" "April 2006" "Security Enhanced Linux" NSA
+.SH NAME
+secon \- See an SELinux context, from a file, program or user input.
+.SH SYNOPSIS
+.B secon
+[\fB-hVurtscmPRfLp\fR]
+[\fICONTEXT\fR]
+.br
+[\fB--file\fR]
+\fIFILE\fR
+.br
+[\fB--link\fR]
+\fIFILE\fR
+.br
+[\fB--pid\fR]
+\fIPID\fR
+.SH DESCRIPTION
+.PP
+See a part of a context. The context is taken from a file, pid, user input or
+the context in which
+.B secon
+is originally executed.
+.TP
+\fB\-V\fR, \fB\-\-version\fR
+shows the current version of secon
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+shows the usage information for secon
+.TP
+\fB\-P\fR, \fB\-\-prompt\fR
+outputs data in a format suitable for a prompt
+.TP
+\fB\-u\fR, \fB\-\-user\fR
+show the user of the security context
+.TP
+\fB\-r\fR, \fB\-\-role\fR
+show the role of the security context
+.TP
+\fB\-t\fR, \fB\-\-type\fR
+show the type of the security context
+.TP
+\fB\-s\fR, \fB\-\-sensitivity\fR
+show the sensitivity level of the security context
+.TP
+\fB\-c\fR, \fB\-\-clearance\fR
+show the clearance level of the security context
+.TP
+\fB\-m\fR, \fB\-\-mls-range\fR
+show the sensitivity level and clearance, as a range, of the security context
+.TP
+\fB\-R\fR, \fB\-\-raw\fR
+outputs the sensitivity level and clearance in an untranslated format.
+.TP
+\fB\-f\fR, \fB\-\-file\fR
+gets the context from the specified file FILE
+.TP
+\fB\-L\fR, \fB\-\-link\fR
+gets the context from the specified file FILE (doesn't follow symlinks)
+.TP
+\fB\-p\fR, \fB\-\-pid\fR
+gets the context from the specified process PID
+.TP
+\fB\-\-pid\-exec\fR
+gets the exec context from the specified process PID
+.TP
+\fB\-\-pid\-fs\fR
+gets the fscreate context from the specified process PID
+.TP
+\fB\-\-current\fR, \fB\-\-self\fR
+gets the context from the current process
+.TP
+\fB\-\-current\-exec\fR, \fB\-\-self\-exec\fR
+gets the exec context from the current process
+.TP
+\fB\-\-current\-fs\fR, \fB\-\-self\-fs\fR
+gets the fscreate context from the current process
+.TP
+\fB\-\-parent\fR
+gets the context from the parent of the current process
+.TP
+\fB\-\-parent\-exec\fR
+gets the exec context from the parent of the current process
+.TP
+\fB\-\-parent\-fs\fR
+gets the fscreate context from the parent of the current process
+.PP
+Additional argument
+.I CONTEXT
+may be provided and will be used if no options have been specified to make
+.B secon
+get it's context from another source.
+If that argument is
+.I -
+then the context will be read from stdin.
+.br
+If there is no arugment,
+.B secon
+will try reading a context from stdin, if that is not a tty, otherwise
+.B secon
+will act as though \fB\-\-self\fR had been passed.
+.PP
+If none of \fB\-\-user\fR, \fB\-\-role\fR, \fB\-\-type\fR, \fB\-\-level\fR or
+\fB\-\-mls\-range\fR is passed.
+Then all of them will be output.
+.PP
+.SH SEE ALSO
+.B chcon
+(1)
+.SH AUTHORS
+.nf
+James Antill (james.antill@redhat.com)
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
new file mode 100644
index 0000000..6ba47e9
--- /dev/null
+++ b/policycoreutils/secon/secon.c
@@ -0,0 +1,641 @@
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include <string.h>
+
+#define xstreq(x, y) !strcmp(x, y)
+
+#include <err.h>
+
+#include <getopt.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+
+#define TRUE 1
+#define FALSE 0
+
+#define SECON_CONF_PROG_NAME "secon" /* default program name */
+#define SECON_OPTS_SM "hVurtscmPRfLp" /* small options available, print */
+#define SECON_OPTS_GO "hVurtlscmPRf:L:p:" /* small options available, getopt */
+
+#define OPTS_FROM_ARG 0
+#define OPTS_FROM_FILE 1
+#define OPTS_FROM_LINK 2
+#define OPTS_FROM_STDIN 3
+#define OPTS_FROM_CUR 4
+#define OPTS_FROM_CUREXE 5
+#define OPTS_FROM_CURFS 6
+#define OPTS_FROM_CURKEY 7
+#define OPTS_FROM_PROC 8
+#define OPTS_FROM_PROCEXE 9
+#define OPTS_FROM_PROCFS 10
+#define OPTS_FROM_PROCKEY 11
+
+struct {
+ unsigned int disp_user:1;
+ unsigned int disp_role:1;
+ unsigned int disp_type:1;
+ unsigned int disp_sen:1;
+ unsigned int disp_clr:1;
+ unsigned int disp_mlsr:1;
+
+ unsigned int disp_raw:1;
+
+ unsigned int disp_prompt:1; /* no return, use : to sep */
+
+ unsigned int from_type:8; /* 16 bits, uses 4 bits */
+
+ union {
+ pid_t pid;
+ const char *file;
+ const char *link;
+ const char *arg;
+ } f;
+} opts[1] = { {
+ FALSE, FALSE, FALSE, FALSE, FALSE, FALSE,
+ FALSE, FALSE, OPTS_FROM_ARG, {
+0}}};
+
+static void usage(const char *name, int exit_code)
+{
+ fprintf(exit_code ? stderr : stdout,
+ " Usage: %s [-%s] [ context | - ]\n"
+ " --help -h Show this message.\n"
+ " --version -V Show the version.\n"
+ " --prompt -P Output in a format good for a prompt.\n"
+ " --user -u Show the user of the context.\n"
+ " --role -r Show the role of the context.\n"
+ " --type -t Show the type of the context.\n"
+ " --sensitivity -s Show the sensitivity level of the context.\n"
+ " --clearance -c Show the clearance level of the context.\n"
+ " --mls-range -m Show the sensitivity to clearance range of \n"
+ " the context.\n"
+ " --raw -R Show the context in \"raw\" format.\n"
+ " --current Get the context for the current process.\n"
+ " --self Get the context for the current process.\n"
+ " --self-exec Get the exec context for the current process.\n"
+ " --self-fs Get the fs context for the current process.\n"
+ " --self-key Get the key context for the current process.\n"
+ " --parent Get the context for the parent process.\n"
+ " --parent-exec Get the exec context for the parent process.\n"
+ " --parent-fs Get the fs context for the parent process.\n"
+ " --parent-key Get the key context for the parent process.\n"
+ " --pid -p <arg> Use the context from the specified pid.\n"
+ " --pid-exec <arg> Use the exec context from the specified pid.\n"
+ " --pid-fs <arg> Use the fs context from the specified pid.\n"
+ " --pid-key <arg> Use the key context from the specified pid.\n"
+ " --file -f <arg> Use the context from the specified file.\n"
+ " --link -L <arg> Use the context from the specified link.\n",
+ name, SECON_OPTS_SM);
+
+ exit(exit_code);
+}
+
+static const char *opt_program_name(const char *argv0, const char *def)
+{
+ if (argv0) {
+ if ((def = strrchr(argv0, '/')))
+ ++def;
+ else
+ def = argv0;
+
+ /* hack for libtool */
+ if ((strlen(def) > strlen("lt-"))
+ && !memcmp("lt-", def, strlen("lt-")))
+ def += 3;
+ }
+
+ return (def);
+}
+
+static int disp_num(void)
+{
+ int num = 0;
+
+ num += opts->disp_user;
+ num += opts->disp_role;
+ num += opts->disp_type;
+ num += opts->disp_sen;
+ num += opts->disp_clr;
+ num += opts->disp_mlsr;
+
+ return (num);
+}
+
+static int disp_none(void)
+{
+ return (!disp_num());
+}
+
+static int disp_multi(void)
+{
+ return (disp_num() > 1);
+}
+
+static void cmd_line(int argc, char *argv[])
+{
+ int optchar = 0;
+ const char *program_name = NULL;
+ struct option long_options[] = {
+ {"help", no_argument, NULL, 'h'},
+ {"version", no_argument, NULL, 'V'},
+
+ {"prompt", no_argument, NULL, 'P'},
+
+ {"user", no_argument, NULL, 'u'},
+ {"role", no_argument, NULL, 'r'},
+ {"type", no_argument, NULL, 't'},
+ {"level", no_argument, NULL, 'l'}, /* compat. */
+ {"sensitivity", no_argument, NULL, 's'},
+ {"range", no_argument, NULL, 'm'},
+ {"clearance", no_argument, NULL, 'c'},
+ {"mls-range", no_argument, NULL, 'm'},
+
+ {"raw", no_argument, NULL, 'R'},
+
+ {"current", no_argument, NULL, 1},
+ {"self", no_argument, NULL, 1},
+ {"current-exec", no_argument, NULL, 2},
+ {"self-exec", no_argument, NULL, 2},
+ {"current-fs", no_argument, NULL, 3},
+ {"self-fs", no_argument, NULL, 3},
+ {"current-key", no_argument, NULL, 4},
+ {"self-key", no_argument, NULL, 4},
+
+ {"parent", no_argument, NULL, 5},
+ {"parent-exec", no_argument, NULL, 6},
+ {"parent-fs", no_argument, NULL, 7},
+ {"parent-key", no_argument, NULL, 8},
+
+ {"file", required_argument, NULL, 'f'},
+ {"link", required_argument, NULL, 'L'},
+ {"pid", required_argument, NULL, 'p'},
+ {"pid-exec", required_argument, NULL, 9},
+ {"pid-fs", required_argument, NULL, 10},
+ {"pid-key", required_argument, NULL, 11},
+
+ {NULL, 0, NULL, 0}
+ };
+ int done = FALSE;
+
+ program_name = opt_program_name(argv[0], SECON_CONF_PROG_NAME);
+
+ while ((optchar = getopt_long(argc, argv, SECON_OPTS_GO,
+ long_options, NULL)) != -1) {
+ switch (optchar) {
+ case '?':
+ usage(program_name, EXIT_FAILURE);
+ case 'h':
+ usage(program_name, EXIT_SUCCESS);
+ case 'V':
+ fprintf(stdout,
+ " %s version %s.\n", program_name, VERSION);
+ exit(EXIT_SUCCESS);
+
+ case 'u':
+ done = TRUE;
+ opts->disp_user = !opts->disp_user;
+ break;
+ case 'r':
+ done = TRUE;
+ opts->disp_role = !opts->disp_role;
+ break;
+ case 't':
+ done = TRUE;
+ opts->disp_type = !opts->disp_type;
+ break;
+ case 'l':
+ done = TRUE;
+ opts->disp_sen = !opts->disp_sen;
+ break;
+ case 's':
+ done = TRUE;
+ opts->disp_sen = !opts->disp_sen;
+ break;
+ case 'c':
+ done = TRUE;
+ opts->disp_clr = !opts->disp_clr;
+ break;
+ case 'm':
+ done = TRUE;
+ opts->disp_mlsr = !opts->disp_mlsr;
+ break;
+
+ case 'P':
+ opts->disp_prompt = !opts->disp_prompt;
+ break;
+
+ case 'R':
+ opts->disp_raw = !opts->disp_raw;
+ break;
+ case 1:
+ opts->from_type = OPTS_FROM_CUR;
+ break;
+ case 2:
+ opts->from_type = OPTS_FROM_CUREXE;
+ break;
+ case 3:
+ opts->from_type = OPTS_FROM_CURFS;
+ break;
+ case 4:
+ opts->from_type = OPTS_FROM_CURKEY;
+ break;
+
+ case 5:
+ opts->from_type = OPTS_FROM_PROC;
+ opts->f.pid = getppid();
+ break;
+ case 6:
+ opts->from_type = OPTS_FROM_PROCEXE;
+ opts->f.pid = getppid();
+ break;
+ case 7:
+ opts->from_type = OPTS_FROM_PROCFS;
+ opts->f.pid = getppid();
+ break;
+ case 8:
+ opts->from_type = OPTS_FROM_PROCKEY;
+ opts->f.pid = getppid();
+ break;
+
+ case 'f':
+ opts->from_type = OPTS_FROM_FILE;
+ opts->f.file = optarg;
+ break;
+ case 'L':
+ opts->from_type = OPTS_FROM_LINK;
+ opts->f.link = optarg;
+ break;
+ case 'p':
+ opts->from_type = OPTS_FROM_PROC;
+ opts->f.pid = atoi(optarg);
+ break;
+ case 9:
+ opts->from_type = OPTS_FROM_PROCEXE;
+ opts->f.pid = atoi(optarg);
+ break;
+ case 10:
+ opts->from_type = OPTS_FROM_PROCFS;
+ opts->f.pid = atoi(optarg);
+ break;
+ case 11:
+ opts->from_type = OPTS_FROM_PROCKEY;
+ opts->f.pid = atoi(optarg);
+ break;
+
+ default:
+ assert(FALSE);
+ }
+ }
+
+ if (!done) { /* defualt, if nothing specified */
+ opts->disp_user = TRUE;
+ opts->disp_role = TRUE;
+ opts->disp_type = TRUE;
+ if (!opts->disp_prompt) { /* when displaying prompt, just output "normal" by default */
+ opts->disp_sen = TRUE;
+ opts->disp_clr = TRUE;
+ }
+ opts->disp_mlsr = TRUE;
+ }
+
+ if (disp_none())
+ err(EXIT_FAILURE, " Nothing to display");
+
+ argc -= optind;
+ argv += optind;
+
+ if (!argc && (opts->from_type == OPTS_FROM_ARG)
+ && !isatty(STDIN_FILENO))
+ opts->from_type = OPTS_FROM_STDIN;
+ if (!argc && (opts->from_type == OPTS_FROM_ARG))
+ opts->from_type = OPTS_FROM_CUR;
+
+ if (opts->from_type == OPTS_FROM_ARG) {
+ opts->f.arg = argv[0];
+
+ if (xstreq(argv[0], "-"))
+ opts->from_type = OPTS_FROM_STDIN;
+ } else if (!is_selinux_enabled())
+ errx(EXIT_FAILURE, "SELinux is not enabled");
+}
+
+static int my_getXcon_raw(pid_t pid, security_context_t * con, const char *val)
+{
+ char buf[4096];
+ FILE *fp = NULL;
+ const char *ptr = NULL;
+
+ snprintf(buf, sizeof(buf), "%s/%ld/attr/%s", "/proc", (long int)pid,
+ val);
+
+ if (!(fp = fopen(buf, "rb")))
+ return (-1);
+
+ ptr = fgets(buf, sizeof(buf), fp);
+
+ fclose(fp);
+
+ *con = NULL;
+ if (ptr) { /* return *con = NULL, when proc file is empty */
+ char *tmp = strchr(ptr, '\n');
+
+ if (tmp)
+ *tmp = 0;
+
+ if (*ptr && !(*con = strdup(ptr)))
+ return (-1);
+ }
+
+ return (0);
+}
+
+static int my_getpidexeccon_raw(pid_t pid, security_context_t * con)
+{
+ return (my_getXcon_raw(pid, con, "exec"));
+}
+static int my_getpidfscreatecon_raw(pid_t pid, security_context_t * con)
+{
+ return (my_getXcon_raw(pid, con, "fscreate"));
+}
+static int my_getpidkeycreatecon_raw(pid_t pid, security_context_t * con)
+{
+ return (my_getXcon_raw(pid, con, "keycreate"));
+}
+
+static security_context_t get_scon(void)
+{
+ static char dummy_NIL[1] = "";
+ security_context_t con = NULL;
+ int ret = -1;
+ int raw = TRUE;
+
+ switch (opts->from_type) {
+ case OPTS_FROM_ARG:
+ if (!(con = strdup(opts->f.arg)))
+ err(EXIT_FAILURE,
+ " Couldn't allocate security context");
+ raw = !opts->disp_raw; /* always do conversion */
+ break;
+
+ case OPTS_FROM_STDIN:
+ {
+ char buf[4096] = "";
+ char *ptr = buf;
+
+ while (!*ptr) {
+ if (!(ptr = fgets(buf, sizeof(buf), stdin)))
+ err(EXIT_FAILURE,
+ " Couldn't read security context");
+
+ ptr += strspn(ptr, " \n\t");
+ ptr[strcspn(ptr, " \n\t")] = 0;
+ }
+
+ if (!(con = strdup(ptr)))
+ err(EXIT_FAILURE,
+ " Couldn't allocate security context");
+
+ raw = !opts->disp_raw; /* always do conversion */
+ break;
+ }
+
+ case OPTS_FROM_CUR:
+ ret = getcon_raw(&con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get current security context");
+ break;
+ case OPTS_FROM_CUREXE:
+ ret = getexeccon_raw(&con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get current exec security context");
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ break;
+ case OPTS_FROM_CURFS:
+ ret = getfscreatecon_raw(&con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get current fs security context");
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ break;
+ case OPTS_FROM_CURKEY:
+ ret = getkeycreatecon_raw(&con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get current key security context");
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ break;
+
+ case OPTS_FROM_PROC:
+ ret = getpidcon_raw(opts->f.pid, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for pid %lu",
+ (unsigned long)opts->f.pid);
+ break;
+ case OPTS_FROM_PROCEXE:
+ ret = my_getpidexeccon_raw(opts->f.pid, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for pid %lu",
+ (unsigned long)opts->f.pid);
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ break;
+ case OPTS_FROM_PROCFS:
+ ret = my_getpidfscreatecon_raw(opts->f.pid, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for pid %lu",
+ (unsigned long)opts->f.pid);
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ /* disabled -- override with normal context ...
+ {
+ opts->from_type = OPTS_FROM_PROC;
+ return (get_scon());
+ } */
+ break;
+ case OPTS_FROM_PROCKEY:
+ ret = my_getpidkeycreatecon_raw(opts->f.pid, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for pid %lu",
+ (unsigned long)opts->f.pid);
+
+ if (!con)
+ con = strdup(dummy_NIL);
+ break;
+
+ case OPTS_FROM_FILE:
+ ret = getfilecon_raw(opts->f.file, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for file %s",
+ opts->f.file);
+ break;
+
+ case OPTS_FROM_LINK:
+ ret = lgetfilecon_raw(opts->f.link, &con);
+
+ if (ret == -1)
+ err(EXIT_FAILURE,
+ " Couldn't get security context for symlink %s",
+ opts->f.link);
+ break;
+
+ default:
+ assert(FALSE);
+ }
+
+ if (opts->disp_raw != raw) {
+ security_context_t ncon = NULL;
+
+ if (opts->disp_raw)
+ selinux_trans_to_raw_context(con, &ncon);
+ else
+ selinux_raw_to_trans_context(con, &ncon);
+
+ freecon(con);
+ con = ncon;
+ }
+
+ return (con);
+}
+
+static void disp__con_val(const char *name, const char *val)
+{
+ static int done = FALSE;
+
+ assert(name);
+
+ if (!val)
+ val = ""; /* targeted has no "level" etc.,
+ any errors should happen at context_new() time */
+
+ if (opts->disp_prompt) {
+ if (xstreq("mls-range", name) && !*val)
+ return; /* skip, mls-range if it's empty */
+
+ fprintf(stdout, "%s%s", done ? ":" : "", val);
+ } else if (disp_multi())
+ fprintf(stdout, "%s: %s\n", name, val);
+ else
+ fprintf(stdout, "%s\n", val);
+
+ done = TRUE;
+}
+
+static void disp_con(security_context_t scon)
+{
+ context_t con = NULL;
+
+ if (!*scon) { /* --self-exec and --self-fs etc. */
+ if (opts->disp_user)
+ disp__con_val("user", NULL);
+ if (opts->disp_role)
+ disp__con_val("role", NULL);
+ if (opts->disp_type)
+ disp__con_val("type", NULL);
+ if (opts->disp_sen)
+ disp__con_val("sensitivity", NULL);
+ if (opts->disp_clr)
+ disp__con_val("clearance", NULL);
+ if (opts->disp_mlsr)
+ disp__con_val("mls-range", NULL);
+ return;
+ }
+
+ if (!(con = context_new(scon)))
+ errx(EXIT_FAILURE, "Couldn't create context from: %s", scon);
+
+ if (opts->disp_user)
+ disp__con_val("user", context_user_get(con));
+ if (opts->disp_role)
+ disp__con_val("role", context_role_get(con));
+ if (opts->disp_type)
+ disp__con_val("type", context_type_get(con));
+ if (opts->disp_sen) {
+ const char *val = NULL;
+ char *tmp = NULL;
+
+ val = context_range_get(con);
+ if (!val)
+ val = ""; /* targeted has no "level" etc.,
+ any errors should happen at context_new() time */
+
+ tmp = strdup(val);
+ if (!tmp)
+ errx(EXIT_FAILURE, "Couldn't create context from: %s",
+ scon);
+ if (strchr(tmp, '-'))
+ *strchr(tmp, '-') = 0;
+
+ disp__con_val("sensitivity", tmp);
+
+ free(tmp);
+ }
+ if (opts->disp_clr) {
+ const char *val = NULL;
+ char *tmp = NULL;
+
+ val = context_range_get(con);
+ if (!val)
+ val = ""; /* targeted has no "level" etc.,
+ any errors should happen at context_new() time */
+
+ tmp = strdup(val);
+ if (!tmp)
+ errx(EXIT_FAILURE, "Couldn't create context from: %s",
+ scon);
+ if (strchr(tmp, '-'))
+ disp__con_val("clearance", strchr(tmp, '-') + 1);
+ else
+ disp__con_val("clearance", tmp);
+
+ free(tmp);
+ }
+
+ if (opts->disp_mlsr)
+ disp__con_val("mls-range", context_range_get(con));
+
+ context_free(con);
+}
+
+int main(int argc, char *argv[])
+{
+ security_context_t scon = NULL;
+
+ cmd_line(argc, argv);
+
+ scon = get_scon();
+
+ disp_con(scon);
+
+ freecon(scon);
+
+ exit(EXIT_SUCCESS);
+}
diff --git a/policycoreutils/semanage/Makefile b/policycoreutils/semanage/Makefile
new file mode 100644
index 0000000..a8ecdd0
--- /dev/null
+++ b/policycoreutils/semanage/Makefile
@@ -0,0 +1,25 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+LIBDIR ?= $(PREFIX)/lib
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR = $(PREFIX)/share/man
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+
+TARGETS=semanage
+
+all: $(TARGETS)
+
+install: all
+ [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
+ -mkdir -p $(SBINDIR)
+ install -m 755 semanage $(SBINDIR)
+ install -m 644 semanage.8 $(MANDIR)/man8
+ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
+
+clean:
+
+indent:
+
+relabel:
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
new file mode 100644
index 0000000..8fd90b8
--- /dev/null
+++ b/policycoreutils/semanage/semanage
@@ -0,0 +1,373 @@
+#! /usr/bin/python -E
+# Copyright (C) 2005, 2006, 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# semanage is a tool for managing SELinux configuration files
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+import os, sys, getopt
+import seobject
+import selinux
+PROGNAME="policycoreutils"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+is_mls_enabled=selinux.is_selinux_mls_enabled()
+
+if __name__ == '__main__':
+
+ def usage(message = ""):
+ print _("""
+semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
+semanage login -{a|d|m} [-sr] login_name | %groupname
+semanage user -{a|d|m} [-LrRP] selinux_name
+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
+semanage interface -{a|d|m} [-tr] interface_spec
+semanage fcontext -{a|d|m} [-frst] file_spec
+semanage translation -{a|d|m} [-T] level
+semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
+semanage permissive -{d|a} type
+
+Primary Options:
+
+ -a, --add Add a OBJECT record NAME
+ -d, --delete Delete a OBJECT record NAME
+ -m, --modify Modify a OBJECT record NAME
+ -l, --list List the OBJECTS
+ -C, --locallist List OBJECTS local customizations
+ -D, --deleteall Remove all OBJECTS local customizations
+
+ -h, --help Display this message
+ -n, --noheading Do not print heading when listing OBJECTS
+ -S, --store Select and alternate SELinux store to manage
+
+Object-specific Options (see above):
+
+ -f, --ftype File Type of OBJECT
+ "" (all files)
+ -- (regular file)
+ -d (directory)
+ -c (character device)
+ -b (block device)
+ -s (socket)
+ -l (symbolic link)
+ -p (named pipe)
+
+ -F, --file Treat target as an input file for command, change multiple settings
+ -p, --proto Port protocol (tcp or udp)
+ -P, --prefix Prefix for home directory labeling
+ -L, --level Default SELinux Level (MLS/MCS Systems only)
+ -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
+ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
+
+ -s, --seuser SELinux User Name
+ -t, --type SELinux Type for the object
+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
+""")
+ print message
+ sys.exit(1)
+
+ def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
+ def get_options():
+ valid_option={}
+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
+ valid_option["login"] = []
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+ valid_option["user"] = []
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
+ valid_option["port"] = []
+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
+ valid_option["interface"] = []
+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] = []
+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["translation"] = []
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
+ valid_option["boolean"] = []
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
+ valid_option["permissive"] = []
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ return valid_option
+
+ #
+ #
+ #
+ try:
+ input = sys.stdin
+ output = sys.stdout
+ serange = ""
+ port = ""
+ proto = ""
+ selevel = ""
+ setype = ""
+ ftype = ""
+ setrans = ""
+ roles = ""
+ seuser = ""
+ prefix = "user"
+ heading = True
+ value = None
+ add = False
+ modify = False
+ delete = False
+ deleteall = False
+ list = False
+ locallist = False
+ use_file = False
+ store = ""
+ if len(sys.argv) < 3:
+ usage(_("Requires 2 or more arguments"))
+
+ object = sys.argv[1]
+ option_dict=get_options()
+ if object not in option_dict.keys():
+ usage(_("%s not defined") % object)
+
+ args = sys.argv[2:]
+
+ gopts, cmds = getopt.getopt(args,
+ '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+ 'ftype=',
+ 'file',
+ 'help',
+ 'list',
+ 'modify',
+ 'noheading',
+ 'localist',
+ 'off',
+ 'on',
+ 'proto=',
+ 'seuser=',
+ 'store=',
+ 'range=',
+ 'level=',
+ 'roles=',
+ 'type=',
+ 'trans=',
+ 'prefix='
+ ])
+ for o, a in gopts:
+ if o not in option_dict[object]:
+ sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) );
+
+ for o,a in gopts:
+ if o == "-a" or o == "--add":
+ if modify or delete:
+ usage()
+ add = True
+
+ if o == "-d" or o == "--delete":
+ if modify or add:
+ usage()
+ delete = True
+ if o == "-D" or o == "--deleteall":
+ if modify:
+ usage()
+ deleteall = True
+ if o == "-f" or o == "--ftype":
+ ftype=a
+
+ if o == "-F" or o == "--file":
+ use_file = True
+
+ if o == "-h" or o == "--help":
+ usage()
+
+ if o == "-n" or o == "--noheading":
+ heading = False
+
+ if o == "-C" or o == "--locallist":
+ locallist = True
+
+ if o == "-m"or o == "--modify":
+ if delete or add:
+ usage()
+ modify = True
+
+ if o == "-S" or o == '--store':
+ store = a
+
+ if o == "-r" or o == '--range':
+ if is_mls_enabled == 0:
+ errorExit(_("range not supported on Non MLS machines"))
+ serange = a
+
+ if o == "-l" or o == "--list":
+ list = True
+
+ if o == "-L" or o == '--level':
+ if is_mls_enabled == 0:
+ errorExit(_("range not supported on Non MLS machines"))
+ selevel = a
+
+ if o == "-p" or o == '--proto':
+ proto = a
+
+ if o == "-P" or o == '--prefix':
+ prefix = a
+
+ if o == "-R" or o == '--roles':
+ roles = roles + " " + a
+
+ if o == "-s" or o == "--seuser":
+ seuser = a
+
+ if o == "-t" or o == "--type":
+ setype = a
+
+ if o == "-T" or o == "--trans":
+ setrans = a
+
+ if o == "--on" or o == "-1":
+ value = "on"
+ if o == "--off" or o == "-0":
+ value = "off"
+
+ if object == "login":
+ OBJECT = seobject.loginRecords(store)
+
+ if object == "user":
+ OBJECT = seobject.seluserRecords(store)
+
+ if object == "port":
+ OBJECT = seobject.portRecords(store)
+
+ if object == "interface":
+ OBJECT = seobject.interfaceRecords(store)
+
+ if object == "fcontext":
+ OBJECT = seobject.fcontextRecords(store)
+
+ if object == "boolean":
+ OBJECT = seobject.booleanRecords(store)
+
+ if object == "translation":
+ OBJECT = seobject.setransRecords()
+
+ if object == "permissive":
+ OBJECT = seobject.permissiveRecords(store)
+
+ if list:
+ if object == "boolean":
+ OBJECT.list(heading, locallist, use_file)
+ else:
+ OBJECT.list(heading, locallist)
+ sys.exit(0);
+
+ if deleteall:
+ OBJECT.deleteall()
+ sys.exit(0);
+
+ if len(cmds) != 1:
+ usage()
+
+ target = cmds[0]
+
+ if add:
+ if object == "login":
+ OBJECT.add(target, seuser, serange)
+
+ if object == "translation":
+ OBJECT.add(target, setrans)
+
+ if object == "user":
+ rlist = []
+ if not use_file:
+ rlist = roles.split()
+ OBJECT.add(target, rlist, selevel, serange, prefix)
+
+ if object == "port":
+ OBJECT.add(target, proto, serange, setype)
+
+ if object == "interface":
+ OBJECT.add(target, serange, setype)
+
+ if object == "fcontext":
+ OBJECT.add(target, setype, ftype, serange, seuser)
+ if object == "permissive":
+ OBJECT.add(target)
+
+ sys.exit(0);
+
+ if modify:
+ if object == "boolean":
+ OBJECT.modify(target, value, use_file)
+
+ if object == "login":
+ OBJECT.modify(target, seuser, serange)
+
+ if object == "translation":
+ OBJECT.modify(target, setrans)
+
+ if object == "user":
+ rlist = roles.split()
+ OBJECT.modify(target, rlist, selevel, serange, prefix)
+
+ if object == "port":
+ OBJECT.modify(target, proto, serange, setype)
+
+ if object == "interface":
+ OBJECT.modify(target, serange, setype)
+
+ if object == "fcontext":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+
+ sys.exit(0);
+
+ if delete:
+ if object == "port":
+ OBJECT.delete(target, proto)
+
+ elif object == "fcontext":
+ OBJECT.delete(target, ftype)
+
+ else:
+ OBJECT.delete(target)
+
+ sys.exit(0);
+ usage()
+
+ except getopt.error, error:
+ errorExit(_("Options Error %s ") % error.msg)
+ except ValueError, error:
+ errorExit(error.args[0])
+ except KeyError, error:
+ errorExit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
+ errorExit(error.args[1])
+ except KeyboardInterrupt, error:
+ sys.exit(0)
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
new file mode 100644
index 0000000..e57a26c
--- /dev/null
+++ b/policycoreutils/semanage/semanage.8
@@ -0,0 +1,123 @@
+.TH "semanage" "8" "2005111103" "" ""
+.SH "NAME"
+semanage \- SELinux Policy Management tool
+
+.SH "SYNOPSIS"
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
+.br
+.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
+.br
+.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
+.br
+.B semanage user \-{a|d|m} [\-LrRP] selinux_name
+.br
+.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+.br
+.B semanage interface \-{a|d|m} [\-tr] interface_spec
+.br
+.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+.br
+.B semanage permissive \-{a|d} type
+.br
+.B semanage translation \-{a|d|m} [\-T] level
+.P
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
+SELinux policy without requiring modification to or recompilation
+from policy sources. This includes the mapping from Linux usernames
+to SELinux user identities (which controls the initial security context
+assigned to Linux users when they login and bounds their authorized role set)
+as well as security context mappings for various kinds of objects, such
+as network ports, interfaces, and nodes (hosts) as well as the file
+context mapping. See the EXAMPLES section below for some examples
+of common usage. Note that the semanage login command deals with the
+mapping from Linux usernames (logins) to SELinux user identities,
+while the semanage user command deals with the mapping from SELinux
+user identities to authorized role sets. In most cases, only the
+former mapping needs to be adjusted by the administrator; the latter
+is principally defined by the base policy and usually does not require
+modification.
+
+.SH "OPTIONS"
+.TP
+.I \-a, \-\-add
+Add a OBJECT record NAME
+.TP
+.I \-d, \-\-delete
+Delete a OBJECT record NAME
+.TP
+.I \-D, \-\-deleteall
+Remove all OBJECTS local customizations
+.TP
+.I \-f, \-\-ftype
+File Type. This is used with fcontext.
+Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
+.TP
+.I \-F, \-\-file
+Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
+
+Currently booleans only.
+.TP
+.I \-h, \-\-help
+display this message
+.TP
+.I \-l, \-\-list
+List the OBJECTS
+.TP
+.I \-C, \-\-locallist
+List only locally defined settings, not base policy settings.
+.TP
+.I \-L, \-\-level
+Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
+.TP
+.I \-m, \-\-modify
+Modify a OBJECT record NAME
+.TP
+.I \-n, \-\-noheading
+Do not print heading when listing OBJECTS.
+.TP
+.I \-p, \-\-proto
+Protocol for the specified port (tcp|udp).
+.TP
+.I \-r, \-\-range
+MLS/MCS Security Range (MLS/MCS Systems only)
+.TP
+.I \-R, \-\-role
+SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times.
+.TP
+.I \-P, \-\-prefix
+SELinux Prefix. Prefix added to home_dir_t and home_t for labeling users home directories.
+.TP
+.I \-s, \-\-seuser
+SELinux user name
+.TP
+.I \-S, \-\-store
+Select and alternate SELinux store to manage
+.TP
+.I \-t, \-\-type
+SELinux Type for the object
+.TP
+.I \-T, \-\-trans
+SELinux Translation
+
+.SH EXAMPLE
+.nf
+# View SELinux user mappings
+$ semanage user -l
+# Allow joe to login as staff_u
+$ semanage login -a -s staff_u joe
+# Allow the group clerks to login as user_u
+$ semanage login -a -s user_u %clerks
+# Add file-context for everything under /web (used by restorecon)
+$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
+# Allow Apache to listen on port 81
+$ semanage port -a -t http_port_t -p tcp 81
+# Change apache to a permissive domain
+$ semanage permissive -a httpd_t
+.fi
+
+.SH "AUTHOR"
+This man page was written by Daniel Walsh <dwalsh@redhat.com> and
+Russell Coker <rcoker@redhat.com>.
+Examples by Thomas Bleher <ThomasBleher@gmx.de>.
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
new file mode 100644
index 0000000..d924d8c
--- /dev/null
+++ b/policycoreutils/semanage/seobject.py
@@ -0,0 +1,1609 @@
+#! /usr/bin/python -E
+# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# semanage is a tool for managing SELinux configuration files
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+
+import pwd, grp, string, selinux, tempfile, os, re, sys
+from semanage import *;
+PROGNAME="policycoreutils"
+import sepolgen.module as module
+
+import commands
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+is_mls_enabled = selinux.is_selinux_mls_enabled()
+
+import syslog
+
+file_types = {}
+file_types[""] = SEMANAGE_FCONTEXT_ALL;
+file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
+file_types["--"] = SEMANAGE_FCONTEXT_REG;
+file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
+file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
+file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
+file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
+file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
+file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
+file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
+file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
+file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
+file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
+file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
+file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
+file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
+
+try:
+ import audit
+ class logger:
+ def __init__(self):
+ self.audit_fd = audit.audit_open()
+
+ def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
+except:
+ class logger:
+ def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
+ if success == 1:
+ message = "Successful: "
+ else:
+ message = "Failed: "
+ message += " %s name=%s" % (msg,name)
+ if sename != "":
+ message += " sename=" + sename
+ if old_sename != "":
+ message += " old_sename=" + old_sename
+ if serole != "":
+ message += " role=" + serole
+ if old_serole != "":
+ message += " old_role=" + old_serole
+ if serange != "" and serange != None:
+ message += " MLSRange=" + serange
+ if old_serange != "" and old_serange != None:
+ message += " old_MLSRange=" + old_serange
+ syslog.syslog(message);
+
+mylog = logger()
+
+import sys, os
+import re
+import xml.etree.ElementTree
+
+booleans_dict={}
+try:
+ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ for l in tree.findall("layer"):
+ for m in l.findall("module"):
+ for b in m.findall("tunable"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for b in m.findall("bool"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for i in tree.findall("bool"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+ for i in tree.findall("tunable"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+except IOError, e:
+ #print _("Failed to translate booleans.\n%s") % e
+ pass
+
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
+def validate_level(raw):
+ sensitivity = "s[0-9]*"
+ category = "c[0-9]*"
+ cat_range = category + "(\." + category +")?"
+ categories = cat_range + "(\," + cat_range + ")*"
+ reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
+ return re.search("^" + reg +"$",raw)
+
+def translate(raw, prepend = 1):
+ filler="a:b:c:"
+ if prepend == 1:
+ context = "%s%s" % (filler,raw)
+ else:
+ context = raw
+ (rc, trans) = selinux.selinux_raw_to_trans_context(context)
+ if rc != 0:
+ return raw
+ if prepend:
+ trans = trans[len(filler):]
+ if trans == "":
+ return raw
+ else:
+ return trans
+
+def untranslate(trans, prepend = 1):
+ filler="a:b:c:"
+ if prepend == 1:
+ context = "%s%s" % (filler,trans)
+ else:
+ context = trans
+
+ (rc, raw) = selinux.selinux_trans_to_raw_context(context)
+ if rc != 0:
+ return trans
+ if prepend:
+ raw = raw[len(filler):]
+ if raw == "":
+ return trans
+ else:
+ return raw
+
+class setransRecords:
+ def __init__(self):
+ if not is_mls_enabled:
+ raise ValueError(_("translations not supported on non-MLS machines"))
+ self.filename = selinux.selinux_translations_path()
+ try:
+ fd = open(self.filename, "r")
+ translations = fd.readlines()
+ fd.close()
+ except IOError, e:
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
+
+ self.ddict = {}
+ self.comments = []
+ for r in translations:
+ if len(r) == 0:
+ continue
+ i = r.strip()
+ if i == "" or i[0] == "#":
+ self.comments.append(r)
+ continue
+ i = i.split("=")
+ if len(i) != 2:
+ self.comments.append(r)
+ continue
+ if self.ddict.has_key(i[0]) == 0:
+ self.ddict[i[0]] = i[1]
+
+ def get_all(self):
+ return self.ddict
+
+ def out(self):
+ rec = ""
+ for c in self.comments:
+ rec += c
+ keys = self.ddict.keys()
+ keys.sort()
+ for k in keys:
+ rec += "%s=%s\n" % (k, self.ddict[k])
+ return rec
+
+ def list(self,heading = 1, locallist = 0):
+ if heading:
+ print "\n%-25s %s\n" % (_("Level"), _("Translation"))
+ keys = self.ddict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-25s %s" % (k, self.ddict[k])
+
+ def add(self, raw, trans):
+ if trans.find(" ") >= 0:
+ raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
+
+ if validate_level(raw) == None:
+ raise ValueError(_("Invalid Level '%s' ") % raw)
+
+ if self.ddict.has_key(raw):
+ raise ValueError(_("%s already defined in translations") % raw)
+ else:
+ self.ddict[raw] = trans
+ self.save()
+
+ def modify(self, raw, trans):
+ if trans.find(" ") >= 0:
+
+ raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
+ if self.ddict.has_key(raw):
+ self.ddict[raw] = trans
+ else:
+ raise ValueError(_("%s not defined in translations") % raw)
+ self.save()
+
+ def delete(self, raw):
+ self.ddict.pop(raw)
+ self.save()
+
+ def save(self):
+ (fd, newfilename) = tempfile.mkstemp('', self.filename)
+ os.write(fd, self.out())
+ os.close(fd)
+ os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
+
+class permissiveRecords:
+ def __init__(self, store):
+ self.store = store
+ self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
+
+ self.semanaged = semanage_is_managed(self.sh)
+
+ if not self.semanaged:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
+
+ rc = semanage_access_check(self.sh)
+ if rc < SEMANAGE_CAN_READ:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Cannot read policy store."))
+
+ rc = semanage_connect(self.sh)
+ if rc < 0:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Could not establish semanage connection"))
+
+ def get_all(self):
+ l = []
+ (rc, mlist, number) = semanage_module_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux modules"))
+
+ for i in range(number):
+ mod = semanage_module_list_nth(mlist, i)
+ name = semanage_module_get_name(mod)
+ if name and name.startswith("permissive_"):
+ l.append(name.split("permissive_")[1])
+ return l
+
+ def list(self,heading = 1, locallist = 0):
+ if heading:
+ print "\n%-25s\n" % (_("Permissive Types"))
+ for t in self.get_all():
+ print t
+
+
+ def add(self, type):
+ name = "permissive_%s" % type
+ dirname = "/var/lib/selinux"
+ os.chdir(dirname)
+ filename = "%s.te" % name
+ modtxt = """
+module %s 1.0;
+
+require {
+ type %s;
+}
+
+permissive %s;
+""" % (name, type, type)
+ fd = open(filename,'w')
+ fd.write(modtxt)
+ fd.close()
+ mc = module.ModuleCompiler()
+ mc.create_module_package(filename, 1)
+ fd = open("permissive_%s.pp" % type)
+ data = fd.read()
+ fd.close()
+
+ rc = semanage_module_install(self.sh, data, len(data));
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (commit failed)") % name)
+ for root, dirs, files in os.walk("tmp", topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+ for name in dirs:
+ os.rmdir(os.path.join(root, name))
+
+ def delete(self, name):
+ for n in name.split():
+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
+
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " ".join(l)
+ self.delete(all)
+
+class semanageRecords:
+ def __init__(self, store):
+ self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
+
+ self.semanaged = semanage_is_managed(self.sh)
+
+ if not self.semanaged:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
+
+ rc = semanage_access_check(self.sh)
+ if rc < SEMANAGE_CAN_READ:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Cannot read policy store."))
+
+ rc = semanage_connect(self.sh)
+ if rc < 0:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Could not establish semanage connection"))
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
+
+
+class loginRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def add(self, name, sename, serange):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ serange = untranslate(serange)
+
+ if sename == "":
+ sename = "user_u"
+
+ try:
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if exists:
+ raise ValueError(_("Login mapping for %s is already defined") % name)
+ if name[0] == '%':
+ try:
+ grp.getgrnam(name[1:])
+ except:
+ raise ValueError(_("Linux Group %s does not exist") % name[1:])
+ else:
+ try:
+ pwd.getpwnam(name)
+ except:
+ raise ValueError(_("Linux User %s does not exist") % name)
+
+ (rc,u) = semanage_seuser_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create login mapping for %s") % name)
+
+ rc = semanage_seuser_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
+
+ if serange != "":
+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS range for %s") % name)
+
+ rc = semanage_seuser_set_sename(self.sh, u, sename)
+ if rc < 0:
+ raise ValueError(_("Could not set SELinux user for %s") % name)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_seuser_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not add login mapping for %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add login mapping for %s") % name)
+
+ except ValueError, error:
+ mylog.log(0, _("add SELinux user mapping"), name, sename, "", serange);
+ raise error
+
+ mylog.log(1, _("add SELinux user mapping"), name, sename, "", serange);
+ semanage_seuser_key_free(k)
+ semanage_seuser_free(u)
+
+ def modify(self, name, sename = "", serange = ""):
+ oldsename = ""
+ oldserange = ""
+ try:
+ if sename == "" and serange == "":
+ raise ValueError(_("Requires seuser or serange"))
+
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Login mapping for %s is not defined") % name)
+
+ (rc,u) = semanage_seuser_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query seuser for %s") % name)
+
+ oldserange = semanage_seuser_get_mlsrange(u)
+ oldsename = semanage_seuser_get_sename(u)
+ if serange != "":
+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
+ else:
+ serange = oldserange
+ if sename != "":
+ semanage_seuser_set_sename(self.sh, u, sename)
+ else:
+ sename = oldsename
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_seuser_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify login mapping for %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify login mapping for %s") % name)
+
+ except ValueError, error:
+ mylog.log(0,"modify selinux user mapping", name, sename,"", serange, oldsename, "", oldserange);
+ raise error
+
+ mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
+ semanage_seuser_key_free(k)
+ semanage_seuser_free(u)
+
+ def delete(self, name):
+ try:
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Login mapping for %s is not defined") % name)
+
+ (rc,exists) = semanage_seuser_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Login mapping for %s is defined in policy, cannot be deleted") % name)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_seuser_del_local(self.sh, k)
+
+ if rc < 0:
+ raise ValueError(_("Could not delete login mapping for %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete login mapping for %s") % name)
+
+ except ValueError, error:
+ mylog.log(0,"delete SELinux user mapping", name);
+ raise error
+
+ mylog.log(1,"delete SELinux user mapping", name);
+ semanage_seuser_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.ulist) = semanage_seuser_list_local(self.sh)
+ else:
+ (rc, self.ulist) = semanage_seuser_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list login mappings"))
+
+ for u in self.ulist:
+ name = semanage_seuser_get_name(u)
+ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+ return ddict
+
+ def list(self,heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled == 1:
+ if heading:
+ print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"))
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
+ else:
+ if heading:
+ print "\n%-25s %-25s\n" % (_("Login Name"), _("SELinux User"))
+ for k in keys:
+ print "%-25s %-25s" % (k, ddict[k][0])
+
+class seluserRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def add(self, name, roles, selevel, serange, prefix):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ serange = untranslate(serange)
+
+ if selevel == "":
+ selevel = "s0"
+ else:
+ selevel = untranslate(selevel)
+
+ seroles = " ".join(roles)
+ try:
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if exists:
+ raise ValueError(_("SELinux user %s is already defined") % name)
+
+ (rc,u) = semanage_user_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create SELinux user for %s") % name)
+
+ rc = semanage_user_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
+
+ for r in roles:
+ rc = semanage_user_add_role(self.sh, u, r)
+ if rc < 0:
+ raise ValueError(_("Could not add role %s for %s") % (r, name))
+
+ if is_mls_enabled == 1:
+ rc = semanage_user_set_mlsrange(self.sh, u, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS range for %s") % name)
+
+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS level for %s") % name)
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
+ if rc < 0:
+ raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+ (rc,key) = semanage_user_key_extract(self.sh,u)
+ if rc < 0:
+ raise ValueError(_("Could not extract key for %s") % name)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not add SELinux user %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add SELinux user %s") % name)
+
+ except ValueError, error:
+ mylog.log(0,"add SELinux user record", name, name, seroles, serange)
+ raise error
+
+ mylog.log(1,"add SELinux user record", name, name, seroles, serange)
+ semanage_user_key_free(k)
+ semanage_user_free(u)
+
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ oldroles = ""
+ oldserange = ""
+ newroles = string.join(roles, ' ');
+ try:
+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
+ if is_mls_enabled == 1:
+ raise ValueError(_("Requires prefix, roles, level or range"))
+ else:
+ raise ValueError(_("Requires prefix or roles"))
+
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is not defined") % name)
+
+ (rc,u) = semanage_user_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query user for %s") % name)
+
+ oldserange = semanage_user_get_mlsrange(u)
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
+ if rc >= 0:
+ oldroles = string.join(rlist, ' ');
+ newroles = newroles + ' ' + oldroles;
+
+
+ if serange != "":
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
+ if selevel != "":
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+
+ if prefix != "":
+ semanage_user_set_prefix(self.sh, u, prefix)
+
+ if len(roles) != 0:
+ for r in rlist:
+ if r not in roles:
+ semanage_user_del_role(u, r)
+ for r in roles:
+ if r not in rlist:
+ semanage_user_add_role(self.sh, u, r)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify SELinux user %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify SELinux user %s") % name)
+
+ except ValueError, error:
+ mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+ raise error
+
+ mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+
+ semanage_user_key_free(k)
+ semanage_user_free(u)
+
+ def delete(self, name):
+ try:
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is not defined") % name)
+
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is defined in policy, cannot be deleted") % name)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_user_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete SELinux user %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete SELinux user %s") % name)
+ except ValueError, error:
+ mylog.log(0,"delete SELinux user record", name)
+ raise error
+
+ mylog.log(1,"delete SELinux user record", name)
+ semanage_user_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.ulist) = semanage_user_list_local(self.sh)
+ else:
+ (rc, self.ulist) = semanage_user_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux users"))
+
+ for u in self.ulist:
+ name = semanage_user_get_name(u)
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
+ if rc < 0:
+ raise ValueError(_("Could not list roles for user %s") % name)
+
+ roles = string.join(rlist, ' ');
+ ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+
+ return ddict
+
+ def list(self, heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled == 1:
+ if heading:
+ print "\n%-15s %-10s %-10s %-30s" % ("", _("Labeling"), _("MLS/"), _("MLS/"))
+ print "%-15s %-10s %-10s %-30s %s\n" % (_("SELinux User"), _("Prefix"), _("MCS Level"), _("MCS Range"), _("SELinux Roles"))
+ for k in keys:
+ print "%-15s %-10s %-10s %-30s %s" % (k, ddict[k][0], translate(ddict[k][1]), translate(ddict[k][2]), ddict[k][3])
+ else:
+ if heading:
+ print "%-15s %s\n" % (_("SELinux User"), _("SELinux Roles"))
+ for k in keys:
+ print "%-15s %s" % (k, ddict[k][3])
+
+class portRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def __genkey(self, port, proto):
+ if proto == "tcp":
+ proto_d = SEMANAGE_PROTO_TCP
+ else:
+ if proto == "udp":
+ proto_d = SEMANAGE_PROTO_UDP
+ else:
+ raise ValueError(_("Protocol udp or tcp is required"))
+ if port == "":
+ raise ValueError(_("Port is required"))
+
+ ports = port.split("-")
+ if len(ports) == 1:
+ high = low = int(ports[0])
+ else:
+ low = int(ports[0])
+ high = int(ports[1])
+
+ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
+ return ( k, proto_d, low, high )
+
+ def add(self, port, proto, serange, type):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ serange = untranslate(serange)
+
+ if type == "":
+ raise ValueError(_("Type is required"))
+
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
+ if exists:
+ raise ValueError(_("Port %s/%s already defined") % (proto, port))
+
+ (rc,p) = semanage_port_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create port for %s/%s") % (proto, port))
+
+ semanage_port_set_proto(p, proto_d)
+ semanage_port_set_range(p, low, high)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create context for %s/%s") % (proto, port))
+
+ rc = semanage_context_set_user(self.sh, con, "system_u")
+ if rc < 0:
+ raise ValueError(_("Could not set user in port context for %s/%s") % (proto, port))
+
+ rc = semanage_context_set_role(self.sh, con, "object_r")
+ if rc < 0:
+ raise ValueError(_("Could not set role in port context for %s/%s") % (proto, port))
+
+ rc = semanage_context_set_type(self.sh, con, type)
+ if rc < 0:
+ raise ValueError(_("Could not set type in port context for %s/%s") % (proto, port))
+
+ if serange != "":
+ rc = semanage_context_set_mls(self.sh, con, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in port context for %s/%s") % (proto, port))
+
+ rc = semanage_port_set_con(self.sh, p, con)
+ if rc < 0:
+ raise ValueError(_("Could not set port context for %s/%s") % (proto, port))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_port_modify_local(self.sh, k, p)
+ if rc < 0:
+ raise ValueError(_("Could not add port %s/%s") % (proto, port))
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add port %s/%s") % (proto, port))
+
+ semanage_context_free(con)
+ semanage_port_key_free(k)
+ semanage_port_free(p)
+
+ def modify(self, port, proto, serange, setype):
+ if serange == "" and setype == "":
+ if is_mls_enabled == 1:
+ raise ValueError(_("Requires setype or serange"))
+ else:
+ raise ValueError(_("Requires setype"))
+
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
+ if not exists:
+ raise ValueError(_("Port %s/%s is not defined") % (proto,port))
+
+ (rc,p) = semanage_port_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query port %s/%s") % (proto, port))
+
+ con = semanage_port_get_con(p)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_port_modify_local(self.sh, k, p)
+ if rc < 0:
+ raise ValueError(_("Could not modify port %s/%s") % (proto, port))
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify port %s/%s") % (proto, port))
+
+ semanage_port_key_free(k)
+ semanage_port_free(p)
+
+ def deleteall(self):
+ (rc, plist) = semanage_port_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the ports"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for port in plist:
+ proto = semanage_port_get_proto(port)
+ proto_str = semanage_port_get_proto_str(proto)
+ low = semanage_port_get_low(port)
+ high = semanage_port_get_high(port)
+ port_str = "%s-%s" % (low, high)
+ ( k, proto_d, low, high ) = self.__genkey(port_str , proto_str)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % port_str)
+
+ rc = semanage_port_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the port %s") % port_str)
+ semanage_port_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the %s") % port_str)
+
+ def delete(self, port, proto):
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
+ if not exists:
+ raise ValueError(_("Port %s/%s is not defined") % (proto, port))
+
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
+ if not exists:
+ raise ValueError(_("Port %s/%s is defined in policy, cannot be deleted") % (proto, port))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_port_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete port %s/%s") % (proto, port))
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete port %s/%s") % (proto, port))
+
+ semanage_port_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+ else:
+ (rc, self.plist) = semanage_port_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list ports"))
+
+ for port in self.plist:
+ con = semanage_port_get_con(port)
+ ctype = semanage_context_get_type(con)
+ if ctype == "reserved_port_t":
+ continue
+ level = semanage_context_get_mls(con)
+ proto = semanage_port_get_proto(port)
+ proto_str = semanage_port_get_proto_str(proto)
+ low = semanage_port_get_low(port)
+ high = semanage_port_get_high(port)
+ ddict[(low, high)] = (ctype, proto_str, level)
+ return ddict
+
+ def get_all_by_type(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+ else:
+ (rc, self.plist) = semanage_port_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list ports"))
+
+ for port in self.plist:
+ con = semanage_port_get_con(port)
+ ctype = semanage_context_get_type(con)
+ if ctype == "reserved_port_t":
+ continue
+ proto = semanage_port_get_proto(port)
+ proto_str = semanage_port_get_proto_str(proto)
+ low = semanage_port_get_low(port)
+ high = semanage_port_get_high(port)
+ if (ctype, proto_str) not in ddict.keys():
+ ddict[(ctype,proto_str)] = []
+ if low == high:
+ ddict[(ctype,proto_str)].append("%d" % low)
+ else:
+ ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
+ return ddict
+
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
+ ddict = self.get_all_by_type(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ for i in keys:
+ rec = "%-30s %-8s " % i
+ rec += "%s" % ddict[i][0]
+ for p in ddict[i][1:]:
+ rec += ", %s" % p
+ print rec
+
+class interfaceRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def add(self, interface, serange, ctype):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ serange = untranslate(serange)
+
+ if ctype == "":
+ raise ValueError(_("SELinux Type is required"))
+
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") % interface)
+
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if interface %s is defined") % interface)
+ if exists:
+ raise ValueError(_("Interface %s already defined") % interface)
+
+ (rc,iface) = semanage_iface_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create interface for %s") % interface)
+
+ rc = semanage_iface_set_name(self.sh, iface, interface)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create context for %s") % interface)
+
+ rc = semanage_context_set_user(self.sh, con, "system_u")
+ if rc < 0:
+ raise ValueError(_("Could not set user in interface context for %s") % interface)
+
+ rc = semanage_context_set_role(self.sh, con, "object_r")
+ if rc < 0:
+ raise ValueError(_("Could not set role in interface context for %s") % interface)
+
+ rc = semanage_context_set_type(self.sh, con, ctype)
+ if rc < 0:
+ raise ValueError(_("Could not set type in interface context for %s") % interface)
+
+ if serange != "":
+ rc = semanage_context_set_mls(self.sh, con, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in interface context for %s") % interface)
+
+ rc = semanage_iface_set_ifcon(self.sh, iface, con)
+ if rc < 0:
+ raise ValueError(_("Could not set interface context for %s") % interface)
+
+ rc = semanage_iface_set_msgcon(self.sh, iface, con)
+ if rc < 0:
+ raise ValueError(_("Could not set message context for %s") % interface)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_iface_modify_local(self.sh, k, iface)
+ if rc < 0:
+ raise ValueError(_("Could not add interface %s") % interface)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add interface %s") % interface)
+
+ semanage_context_free(con)
+ semanage_iface_key_free(k)
+ semanage_iface_free(iface)
+
+ def modify(self, interface, serange, setype):
+ if serange == "" and setype == "":
+ raise ValueError(_("Requires setype or serange"))
+
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") % interface)
+
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if interface %s is defined") % interface)
+ if not exists:
+ raise ValueError(_("Interface %s is not defined") % interface)
+
+ (rc,iface) = semanage_iface_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query interface %s") % interface)
+
+ con = semanage_iface_get_ifcon(iface)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_iface_modify_local(self.sh, k, iface)
+ if rc < 0:
+ raise ValueError(_("Could not modify interface %s") % interface)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify interface %s") % interface)
+
+ semanage_iface_key_free(k)
+ semanage_iface_free(iface)
+
+ def delete(self, interface):
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") % interface)
+
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if interface %s is defined") % interface)
+ if not exists:
+ raise ValueError(_("Interface %s is not defined") % interface)
+
+ (rc,exists) = semanage_iface_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if interface %s is defined") % interface)
+ if not exists:
+ raise ValueError(_("Interface %s is defined in policy, cannot be deleted") % interface)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_iface_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete interface %s") % interface)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete interface %s") % interface)
+
+ semanage_iface_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.ilist) = semanage_iface_list_local(self.sh)
+ else:
+ (rc, self.ilist) = semanage_iface_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list interfaces"))
+
+ for interface in self.ilist:
+ con = semanage_iface_get_ifcon(interface)
+ ddict[semanage_iface_get_name(interface)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+
+ return ddict
+
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled:
+ for k in keys:
+ print "%-30s %s:%s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3], False))
+ else:
+ for k in keys:
+ print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
+
+class fcontextRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+ def createcon(self, target, seuser = "system_u"):
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create context for %s") % target)
+ if seuser == "":
+ seuser = "system_u"
+
+ rc = semanage_context_set_user(self.sh, con, seuser)
+ if rc < 0:
+ raise ValueError(_("Could not set user in file context for %s") % target)
+
+ rc = semanage_context_set_role(self.sh, con, "object_r")
+ if rc < 0:
+ raise ValueError(_("Could not set role in file context for %s") % target)
+
+ if is_mls_enabled == 1:
+ rc = semanage_context_set_mls(self.sh, con, "s0")
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in file context for %s") % target)
+
+ return con
+
+ def validate(self, target):
+ if target == "" or target.find("\n") >= 0:
+ raise ValueError(_("Invalid file specification"))
+
+ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ self.validate(target)
+
+ if is_mls_enabled == 1:
+ serange = untranslate(serange)
+
+ if type == "":
+ raise ValueError(_("SELinux Type is required"))
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") % target)
+
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if exists:
+ raise ValueError(_("File context for %s already defined") % target)
+
+ (rc,fcontext) = semanage_fcontext_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create file context for %s") % target)
+
+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+ if type != "<<none>>":
+ con = self.createcon(target, seuser)
+
+ rc = semanage_context_set_type(self.sh, con, type)
+ if rc < 0:
+ raise ValueError(_("Could not set type in file context for %s") % target)
+
+ if serange != "":
+ rc = semanage_context_set_mls(self.sh, con, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in file context for %s") % target)
+ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+
+ semanage_fcontext_set_type(fcontext, file_types[ftype])
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
+ if rc < 0:
+ raise ValueError(_("Could not add file context for %s") % target)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add file context for %s") % target)
+
+ if type != "<<none>>":
+ semanage_context_free(con)
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
+ def modify(self, target, setype, ftype, serange, seuser):
+ if serange == "" and setype == "" and seuser == "":
+ raise ValueError(_("Requires setype, serange or seuser"))
+ self.validate(target)
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if not exists:
+ raise ValueError(_("File context for %s is not defined") % target)
+
+ (rc,fcontext) = semanage_fcontext_query_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query file context for %s") % target)
+
+ if setype != "<<none>>":
+ con = semanage_fcontext_get_con(fcontext)
+
+ if con == None:
+ con = self.createcon(target)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if seuser != "":
+ semanage_context_set_user(self.sh, con, seuser)
+
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+ else:
+ rc = semanage_fcontext_set_con(self.sh, fcontext, None)
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
+ if rc < 0:
+ raise ValueError(_("Could not modify file context for %s") % target)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify file context for %s") % target)
+
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
+ def deleteall(self):
+ (rc, flist) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the file contexts"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for fcontext in flist:
+ target = semanage_fcontext_get_expr(fcontext)
+ ftype = semanage_fcontext_get_type(fcontext)
+ ftype_str = semanage_fcontext_get_type_str(ftype)
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+
+ rc = semanage_fcontext_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+ semanage_fcontext_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+
+ def delete(self, target, ftype):
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if not exists:
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if exists:
+ raise ValueError(_("File context for %s is defined in policy, cannot be deleted") % target)
+ else:
+ raise ValueError(_("File context for %s is not defined") % target)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_fcontext_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete file context for %s") % target)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete file context for %s") % target)
+
+ semanage_fcontext_key_free(k)
+
+ def get_all(self, locallist = 0):
+ l = []
+ if locallist:
+ (rc, self.flist) = semanage_fcontext_list_local(self.sh)
+ else:
+ (rc, self.flist) = semanage_fcontext_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list file contexts"))
+
+ (rc, fclocal) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list local file contexts"))
+
+ self.flist += fclocal
+
+ for fcontext in self.flist:
+ expr = semanage_fcontext_get_expr(fcontext)
+ ftype = semanage_fcontext_get_type(fcontext)
+ ftype_str = semanage_fcontext_get_type_str(ftype)
+ con = semanage_fcontext_get_con(fcontext)
+ if con:
+ l.append((expr, ftype_str, semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)))
+ else:
+ l.append((expr, ftype_str, con))
+
+ return l
+
+ def list(self, heading = 1, locallist = 0 ):
+ if heading:
+ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
+ fcon_list = self.get_all(locallist)
+ for fcon in fcon_list:
+ if len(fcon) > 3:
+ if is_mls_enabled:
+ print "%-50s %-18s %s:%s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3], fcon[4], translate(fcon[5],False))
+ else:
+ print "%-50s %-18s %s:%s:%s " % (fcon[0], fcon[1], fcon[2], fcon[3],fcon[4])
+ else:
+ print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
+
+class booleanRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+ self.dict={}
+ self.dict["TRUE"] = 1
+ self.dict["FALSE"] = 0
+ self.dict["ON"] = 1
+ self.dict["OFF"] = 0
+ self.dict["1"] = 1
+ self.dict["0"] = 0
+
+ def __mod(self, name, value):
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+ (rc,exists) = semanage_bool_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Boolean %s is not defined") % name)
+
+ (rc,b) = semanage_bool_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query file context %s") % name)
+
+ if value.upper() in self.dict:
+ semanage_bool_set_value(b, self.dict[value.upper()])
+ else:
+ raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
+
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") % name)
+ rc = semanage_bool_modify_local(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not modify boolean %s") % name)
+ semanage_bool_key_free(k)
+ semanage_bool_free(b)
+
+ def modify(self, name, value=None, use_file=False):
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+ if use_file:
+ fd = open(name)
+ for b in fd.read().split("\n"):
+ b = b.strip()
+ if len(b) == 0:
+ continue
+
+ try:
+ boolname, val = b.split("=")
+ except ValueError, e:
+ raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
+ self.__mod(boolname.strip(), val.strip())
+ fd.close()
+ else:
+ self.__mod(name, value)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify boolean %s") % name)
+
+ def delete(self, name):
+
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+ (rc,exists) = semanage_bool_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Boolean %s is not defined") % name)
+
+ (rc,exists) = semanage_bool_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Boolean %s is defined in policy, cannot be deleted") % name)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ rc = semanage_bool_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+ semanage_bool_key_free(k)
+
+ def deleteall(self):
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list booleans"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for boolean in self.blist:
+ name = semanage_bool_get_name(boolean)
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ rc = semanage_bool_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+ semanage_bool_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+ else:
+ (rc, self.blist) = semanage_bool_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list booleans"))
+
+ for boolean in self.blist:
+ value = []
+ name = semanage_bool_get_name(boolean)
+ value.append(semanage_bool_get_value(boolean))
+ value.append(selinux.security_get_boolean_pending(name))
+ value.append(selinux.security_get_boolean_active(name))
+ ddict[name] = value
+
+ return ddict
+
+ def get_desc(self, boolean):
+ return boolean_desc(boolean)
+
+ def get_category(self, boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][0])
+ else:
+ return _("unknown")
+
+ def list(self, heading = True, locallist = False, use_file = False):
+ on_off = (_("off"),_("on"))
+ if use_file:
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ for k in keys:
+ if ddict[k]:
+ print "%s=%s" % (k, ddict[k][2])
+ return
+ if heading:
+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ for k in keys:
+ if ddict[k]:
+ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
+
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
new file mode 100644
index 0000000..c96a286
--- /dev/null
+++ b/policycoreutils/semodule/Makefile
@@ -0,0 +1,30 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCLUDEDIR ?= $(PREFIX)/include
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR = $(PREFIX)/share/man
+LIBDIR ?= ${PREFIX}/lib
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+SEMODULE_OBJS = semodule.o
+
+all: semodule
+
+semodule: $(SEMODULE_OBJS)
+
+install: all
+ -mkdir -p $(SBINDIR)
+ install -m 755 semodule $(SBINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f semodule *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
new file mode 100644
index 0000000..4d3d288
--- /dev/null
+++ b/policycoreutils/semodule/semodule.8
@@ -0,0 +1,79 @@
+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule \- Manage SELinux policy modules.
+
+.SH SYNOPSIS
+.B semodule [options]... MODE [MODES]...
+.br
+.SH DESCRIPTION
+.PP
+semodule is the tool used to manage SELinux policy modules,
+including installing, upgrading, listing and removing modules.
+semodule may also be used to force a rebuild of policy from the
+module store and/or to force a reload of policy without performing
+any other transaction. semodule acts on module packages created
+by semodule_package. Conventionally, these files have a .pp suffix
+(policy package), although this is not mandated in any way.
+
+.SH "OPTIONS"
+.TP
+.B \-R, \-\-reload
+force a reload of policy
+.TP
+.B \-B, \-\-build
+force a rebuild of policy (also reloads unless -n is used)
+.TP
+.B \-D, \-\-disable_dontaudit
+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
+.TP
+.B \-i,\-\-install=MODULE_PKG
+install/replace a module package
+.TP
+.B \-u,\-\-upgrade=MODULE_PKG
+upgrade an existing module package
+.TP
+.B \-b,\-\-base=MODULE_PKG
+install/replace base module package
+.TP
+.B \-r,\-\-remove=MODULE_NAME
+remove existing module
+.TP
+.B \-l,\-\-list-modules
+display list of installed modules (other than base)
+.TP
+.B \-s,\-\-store
+name of the store to operate on
+.TP
+.B \-n,\-\-noreload
+do not reload policy after commit
+.TP
+.B \-h,\-\-help
+prints help message and quit
+.TP
+.B \-v,\-\-verbose
+be verbose
+
+.SH EXAMPLE
+.nf
+# Install or replace a base policy package.
+$ semodule -b base.pp
+# Install or replace a non-base policy package.
+$ semodule -i httpd.pp
+# List non-base modules.
+$ semodule -l
+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
+$ semodule -DB
+# Turn "dontaudit" rules back on.
+$ semodule -B
+# Install or replace all non-base modules in the current directory.
+$ semodule -i *.pp
+# Install or replace all modules in the current directory.
+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
+.fi
+
+.SH SEE ALSO
+.B checkmodule(8), semodule_package(8)
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
new file mode 100644
index 0000000..a880108
--- /dev/null
+++ b/policycoreutils/semodule/semodule.c
@@ -0,0 +1,480 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ * Jason Tang <jtang@tresys.com>
+ *
+ * Copyright (C) 2004-2005 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2.
+ */
+
+#include <fcntl.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <semanage/modules.h>
+
+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
+ LIST_M, RELOAD
+};
+/* list of modes in which one ought to commit afterwards */
+static const int do_commit[] = {
+ 0, 1, 1, 1, 1,
+ 0, 0
+};
+
+struct command {
+ enum client_modes mode;
+ char *arg;
+};
+static struct command *commands = NULL;
+static int num_commands = 0;
+
+/* options given on command line */
+static int verbose;
+static int reload;
+static int no_reload;
+static int create_store;
+static int build;
+static int disable_dontaudit;
+
+static semanage_handle_t *sh = NULL;
+static char *store;
+
+extern char *optarg;
+extern int optind;
+
+static void cleanup(void)
+{
+ while (--num_commands >= 0) {
+ free(commands[num_commands].arg);
+ }
+ free(commands);
+}
+
+/* mmap() a file to '*data', returning the total number of bytes in
+ * the file. Returns 0 if file could not be opened or mapped. */
+static size_t map_file(char *filename, char **data)
+{
+ int fd;
+ struct stat sb;
+ if ((fd = open(filename, O_RDONLY)) == -1) {
+ return 0;
+ }
+ if (fstat(fd, &sb) == -1 ||
+ (*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) ==
+ MAP_FAILED) {
+ sb.st_size = 0;
+ }
+ close(fd);
+ return sb.st_size;
+}
+
+/* Signal handlers. */
+static void handle_signal(int sig_num)
+{
+ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
+ /* catch these signals, and then drop them */
+ }
+}
+
+static void set_store(char *storename)
+{
+ /* For now this only supports a store name, later on this
+ * should support an address for a remote connection */
+
+ if ((store = strdup(storename)) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ goto bad;
+ }
+
+ return;
+
+ bad:
+ cleanup();
+ exit(1);
+}
+
+/* Establish signal handlers for the process. */
+static void create_signal_handlers(void)
+{
+ if (signal(SIGINT, handle_signal) == SIG_ERR ||
+ signal(SIGQUIT, handle_signal) == SIG_ERR ||
+ signal(SIGTERM, handle_signal) == SIG_ERR) {
+ fprintf(stderr, "Could not set up signal handler.\n");
+ exit(255);
+ }
+}
+
+static void usage(char *progname)
+{
+ printf("usage: %s [options]... MODE [MODES]...\n", progname);
+ printf("Manage SELinux policy modules.\n");
+ printf("MODES:\n");
+ printf(" -R, --reload reload policy\n");
+ printf(" -B, --build build and reload policy\n");
+ printf(" -i,--install=MODULE_PKG install a new module\n");
+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
+ printf(" -b,--base=MODULE_PKG install new base module\n");
+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
+ printf
+ (" -l,--list-modules display list of installed modules\n");
+ printf("Other options:\n");
+ printf(" -s,--store name of the store to operate on\n");
+ printf(" -n,--noreload do not reload policy after commit\n");
+ printf(" -h,--help print this message and quit\n");
+ printf(" -v,--verbose be verbose\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
+}
+
+/* Sets the global mode variable to new_mode, but only if no other
+ * mode has been given. */
+static void set_mode(enum client_modes new_mode, char *arg)
+{
+ struct command *c;
+ char *s;
+ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ cleanup();
+ exit(1);
+ }
+ commands = c;
+ commands[num_commands].mode = new_mode;
+ commands[num_commands].arg = NULL;
+ num_commands++;
+ if (arg != NULL) {
+ if ((s = strdup(arg)) == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ cleanup();
+ exit(1);
+ }
+ commands[num_commands - 1].arg = s;
+ }
+}
+
+/* Parse command line and set global options. */
+static void parse_command_line(int argc, char **argv)
+{
+ static struct option opts[] = {
+ {"store", required_argument, NULL, 's'},
+ {"base", required_argument, NULL, 'b'},
+ {"help", 0, NULL, 'h'},
+ {"install", required_argument, NULL, 'i'},
+ {"list-modules", 0, NULL, 'l'},
+ {"verbose", 0, NULL, 'v'},
+ {"remove", required_argument, NULL, 'r'},
+ {"upgrade", required_argument, NULL, 'u'},
+ {"reload", 0, NULL, 'R'},
+ {"noreload", 0, NULL, 'n'},
+ {"build", 0, NULL, 'B'},
+ {"disable_dontaudit", 0, NULL, 'D'},
+ {NULL, 0, NULL, 0}
+ };
+ int i;
+ verbose = 0;
+ reload = 0;
+ no_reload = 0;
+ create_store = 0;
+ while ((i =
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
+ NULL)) != -1) {
+ switch (i) {
+ case 'b':
+ set_mode(BASE_M, optarg);
+ create_store = 1;
+ break;
+ case 'h':
+ usage(argv[0]);
+ exit(0);
+ case 'i':
+ set_mode(INSTALL_M, optarg);
+ break;
+ case 'l':
+ set_mode(LIST_M, NULL);
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ case 'r':
+ set_mode(REMOVE_M, optarg);
+ break;
+ case 'u':
+ set_mode(UPGRADE_M, optarg);
+ break;
+ case 's':
+ set_store(optarg);
+ break;
+ case 'R':
+ reload = 1;
+ break;
+ case 'n':
+ no_reload = 1;
+ break;
+ case 'B':
+ build = 1;
+ break;
+ case 'D':
+ disable_dontaudit = 1;
+ break;
+ case '?':
+ default:{
+ usage(argv[0]);
+ exit(1);
+ }
+ }
+ }
+ if ((build || reload) && num_commands) {
+ fprintf(stderr,
+ "build or reload should not be used with other commands\n");
+ usage(argv[0]);
+ exit(1);
+ }
+ if (num_commands == 0 && reload == 0 && build == 0) {
+ fprintf(stderr, "At least one mode must be specified.\n");
+ usage(argv[0]);
+ exit(1);
+ }
+
+ if (optind < argc) {
+ int mode;
+ /* if -i/u/r was the last command treat any remaining
+ * arguments as args. Will allow 'semodule -i *.pp' to
+ * work as expected.
+ */
+
+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
+ mode = INSTALL_M;
+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
+ mode = UPGRADE_M;
+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
+ mode = REMOVE_M;
+ } else {
+ fprintf(stderr, "unknown additional arguments:\n");
+ while (optind < argc)
+ fprintf(stderr, " %s", argv[optind++]);
+ fprintf(stderr, "\n\n");
+ usage(argv[0]);
+ exit(1);
+ }
+ while (optind < argc)
+ set_mode(mode, argv[optind++]);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ int i, commit = 0;
+ int result;
+ int status = EXIT_FAILURE;
+
+ create_signal_handlers();
+ parse_command_line(argc, argv);
+
+ if (build)
+ commit = 1;
+
+ sh = semanage_handle_create();
+ if (!sh) {
+ fprintf(stderr, "%s: Could not create semanage handle\n",
+ argv[0]);
+ goto cleanup_nohandle;
+ }
+
+ if (store) {
+ /* Set the store we want to connect to, before connecting.
+ * this will always set a direct connection now, an additional
+ * option will need to be used later to specify a policy server
+ * location */
+ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
+ }
+
+ /* if installing base module create store if necessary, for bootstrapping */
+ semanage_set_create_store(sh, create_store);
+
+ if (!create_store) {
+ if (!semanage_is_managed(sh)) {
+ fprintf(stderr,
+ "%s: SELinux policy is not managed or store cannot be accessed.\n",
+ argv[0]);
+ goto cleanup;
+ }
+
+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
+ fprintf(stderr, "%s: Cannot read policy store.\n",
+ argv[0]);
+ goto cleanup;
+ }
+ }
+
+ if ((result = semanage_connect(sh)) < 0) {
+ fprintf(stderr, "%s: Could not connect to policy handler\n",
+ argv[0]);
+ goto cleanup;
+ }
+
+ if (reload) {
+ if ((result = semanage_reload_policy(sh)) < 0) {
+ fprintf(stderr, "%s: Could not reload policy\n",
+ argv[0]);
+ goto cleanup;
+ }
+ }
+
+ if (build) {
+ if ((result = semanage_begin_transaction(sh)) < 0) {
+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
+ argv[0], errno ? strerror(errno) : "");
+ goto cleanup;
+ }
+ }
+
+ for (i = 0; i < num_commands; i++) {
+ enum client_modes mode = commands[i].mode;
+ char *mode_arg = commands[i].arg;
+ char *data = NULL;
+ size_t data_len = 0;
+ if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
+ if ((data_len = map_file(mode_arg, &data)) == 0) {
+ fprintf(stderr,
+ "%s: Could not read file '%s': %s\n",
+ argv[0], mode_arg, errno ? strerror(errno) : "");
+ goto cleanup;
+ }
+ }
+ switch (mode) {
+ case INSTALL_M:{
+ if (verbose) {
+ printf
+ ("Attempting to install module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_install(sh, data, data_len);
+ break;
+ }
+ case UPGRADE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to upgrade module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_upgrade(sh, data, data_len);
+ break;
+ }
+ case BASE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to install base module '%s':\n",
+ mode_arg);
+ }
+ result =
+ semanage_module_install_base(sh, data,
+ data_len);
+ break;
+ }
+ case REMOVE_M:{
+ if (verbose) {
+ printf
+ ("Attempting to remove module '%s':\n",
+ mode_arg);
+ }
+ result = semanage_module_remove(sh, mode_arg);
+ break;
+ }
+ case LIST_M:{
+ semanage_module_info_t *modinfo;
+ int num_modules;
+ if (verbose) {
+ printf
+ ("Attempting to list active modules:\n");
+ }
+ if ((result =
+ semanage_module_list(sh, &modinfo,
+ &num_modules)) >= 0) {
+ int j;
+ if (num_modules == 0) {
+ printf("No modules.\n");
+ }
+ for (j = 0; j < num_modules; j++) {
+ semanage_module_info_t *m =
+ semanage_module_list_nth
+ (modinfo, j);
+ printf("%s\t%s\n",
+ semanage_module_get_name
+ (m),
+ semanage_module_get_version
+ (m));
+ semanage_module_info_datum_destroy
+ (m);
+ }
+ free(modinfo);
+ }
+ break;
+ }
+ default:{
+ fprintf(stderr,
+ "%s: Unknown mode specified.\n",
+ argv[0]);
+ usage(argv[0]);
+ goto cleanup;
+ }
+ }
+ commit += do_commit[mode];
+ if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
+ munmap(data, data_len);
+ }
+ if (result < 0) {
+ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
+ mode_arg ? : "list");
+ goto cleanup;
+ } else if (verbose) {
+ printf("Ok: return value of %d.\n", result);
+ }
+ }
+
+ if (commit) {
+ if (verbose)
+ printf("Committing changes:\n");
+ if (no_reload)
+ semanage_set_reload(sh, 0);
+ if (build)
+ semanage_set_rebuild(sh, 1);
+ if (disable_dontaudit)
+ semanage_set_disable_dontaudit(sh, 1);
+ result = semanage_commit(sh);
+ }
+
+ if (result < 0) {
+ fprintf(stderr, "%s: Failed!\n", argv[0]);
+ goto cleanup;
+ } else if (commit && verbose) {
+ printf("Ok: transaction number %d.\n", result);
+ }
+
+ if (semanage_disconnect(sh) < 0) {
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
+ goto cleanup;
+ }
+ status = EXIT_SUCCESS;
+
+ cleanup:
+ if (semanage_is_connected(sh)) {
+ if (semanage_disconnect(sh) < 0) {
+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
+ }
+ }
+ semanage_handle_destroy(sh);
+
+ cleanup_nohandle:
+ cleanup();
+ exit(status);
+}
diff --git a/policycoreutils/semodule_deps/Makefile b/policycoreutils/semodule_deps/Makefile
new file mode 100644
index 0000000..5211c3f
--- /dev/null
+++ b/policycoreutils/semodule_deps/Makefile
@@ -0,0 +1,29 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INCLUDEDIR ?= $(PREFIX)/include
+BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = $(LIBDIR)/libsepol.a
+
+all: semodule_deps
+
+semodule_deps: semodule_deps.o
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 semodule_deps $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f semodule_deps *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/semodule_deps/semodule_deps.8 b/policycoreutils/semodule_deps/semodule_deps.8
new file mode 100644
index 0000000..86b7b3c
--- /dev/null
+++ b/policycoreutils/semodule_deps/semodule_deps.8
@@ -0,0 +1,46 @@
+.TH SEMODULE_DEPS "8" "June 2006" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_deps \- show the dependencies between SELinux policy packages.
+
+.SH SYNOPSIS
+.B semodule_deps [-v -g -b] basemodpkg modpkg1 [modpkg2 ... ]
+.br
+.SH DESCRIPTION
+.PP
+semodule_deps is a developer tool for showing the dependencies
+between policy packages. For each module it prints a list of
+modules that must be present for a module's requirements to
+be satisfied. It only deals with requirements, not optional
+dependencies.
+
+In order for semodule_deps to give useful information the list
+of packages passed in cannot have unsatisfied dependencies. In
+general this means that the list of modules will usually be
+quite long.
+
+By default options to the base module are excluded as almost every
+module has this dependency. The -b option will include these
+dependencies.
+
+In addition to human readable output, semodule_deps can output the
+dependencies in the Graphviz dot format (http://www.graphviz.org/)
+using the -g option. This is useful for producing a picture of the
+dependencies.
+
+.SH "OPTIONS"
+.TP
+.B \-v
+verbose mode
+.TP
+.B \-g
+output dependency information in Graphviz dot format
+.TP
+.B \-b
+include dependencies to the base module - by default these are excluded
+
+.SH SEE ALSO
+.B checkmodule(8), semodule_package(8), semodule(8), semodule_link(8)
+.SH AUTHORS
+.nf
+This manual page was written by Karl MacMillan <kmacmillan@mentalrootkit.com>.
+The program was written by Karl MacMillan <kmacmillan@mentalrootkit.com>.
diff --git a/policycoreutils/semodule_deps/semodule_deps.c b/policycoreutils/semodule_deps/semodule_deps.c
new file mode 100644
index 0000000..ab3d1cb
--- /dev/null
+++ b/policycoreutils/semodule_deps/semodule_deps.c
@@ -0,0 +1,405 @@
+/* Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ *
+ * Copyright (C) 2006 Tresys Technology, LLC
+ * Copyright (C) 2006-2007 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ *
+ */
+
+/* Because we _must_ muck around in the internal representation of
+ * the policydb (and include the internal header below) this program
+ * must be statically linked to libsepol like checkpolicy. It is
+ * not clear if it is worthwhile to fix this, as exposing the details
+ * of avrule_blocks - even in an ABI safe way - seems undesirable.
+ */
+#include <sepol/module.h>
+#include <sepol/errcodes.h>
+#include <sepol/policydb/policydb.h>
+
+#include <getopt.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <assert.h>
+
+/* for getopt */
+extern char *optarg;
+extern int optind;
+
+/* This is really a horrible hack, but the base module
+ * is referred to with the following name. The same
+ * thing is done in the linker for displaying error
+ * messages.
+ */
+#define BASE_NAME "BASE"
+
+static void usage(char *program_name)
+{
+ printf("usage: %s [-v -g -b] basemodpkg modpkg1 [modpkg2 ... ]\n",
+ program_name);
+ exit(1);
+}
+
+/* Basic string hash and compare for the hashtables used in
+ * generate_requires. Copied from symtab.c.
+ */
+static unsigned int reqsymhash(hashtab_t h, hashtab_key_t key)
+{
+ char *p, *keyp;
+ size_t size;
+ unsigned int val;
+
+ val = 0;
+ keyp = (char *)key;
+ size = strlen(keyp);
+ for (p = keyp; ((size_t) (p - keyp)) < size; p++)
+ val =
+ (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
+ return val & (h->size - 1);
+}
+
+static int reqsymcmp(hashtab_t h
+ __attribute__ ((unused)), hashtab_key_t key1,
+ hashtab_key_t key2)
+{
+ char *keyp1, *keyp2;
+
+ keyp1 = (char *)key1;
+ keyp2 = (char *)key2;
+ return strcmp(keyp1, keyp2);
+}
+
+/* Load a policy package from the given filename. Progname is used for
+ * error reporting.
+ */
+static sepol_module_package_t *load_module(char *filename, char *progname)
+{
+ int ret;
+ FILE *fp = NULL;
+ struct sepol_policy_file *pf = NULL;
+ sepol_module_package_t *p = NULL;
+
+ if (sepol_module_package_create(&p)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
+ goto bad;
+ }
+ if (sepol_policy_file_create(&pf)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
+ goto bad;
+ }
+ fp = fopen(filename, "r");
+ if (!fp) {
+ fprintf(stderr, "%s: Could not open package %s: %s", progname,
+ filename, strerror(errno));
+ goto bad;
+ }
+ sepol_policy_file_set_fp(pf, fp);
+
+ ret = sepol_module_package_read(p, pf, 0);
+ if (ret) {
+ fprintf(stderr, "%s: Error while reading package from %s\n",
+ progname, filename);
+ goto bad;
+ }
+ fclose(fp);
+ sepol_policy_file_free(pf);
+ return p;
+ bad:
+ sepol_module_package_free(p);
+ sepol_policy_file_free(pf);
+ if (fp)
+ fclose(fp);
+ return NULL;
+}
+
+/* This function generates the requirements graph and stores it in
+ * a set of nested hashtables. The top level hash table stores modules
+ * keyed by name. The value of that module is a hashtable storing all
+ * of the requirements keyed by name. There is no value for the requirements
+ * hashtable.
+ *
+ * This only tracks symbols that are _required_ - optional symbols
+ * are completely ignored. A future version might look at this.
+ *
+ * This requirement generation only looks at booleans and types because:
+ * - object classes: (for now) only present in bases
+ * - roles: since they are multiply declared it is not clear how
+ * to present these requirements as they will be satisfied
+ * by multiple modules.
+ * - users: same problem as roles plus they are usually defined outside
+ * of the policy.
+ * - levels / cats: can't be required or used in modules.
+ */
+static hashtab_t generate_requires(policydb_t * p)
+{
+ avrule_block_t *block;
+ avrule_decl_t *decl;
+ char *mod_name, *req_name, *id;
+ ebitmap_t *b;
+ ebitmap_node_t *node;
+ uint32_t i, j;
+ int ret;
+ scope_datum_t *scope;
+ hashtab_t mods;
+ hashtab_t reqs;
+
+ mods = hashtab_create(reqsymhash, reqsymcmp, 64);
+ if (mods == NULL)
+ return NULL;
+
+ for (block = p->global; block != NULL; block = block->next) {
+ if (block->flags & AVRULE_OPTIONAL)
+ continue;
+ for (decl = block->branch_list; decl != NULL; decl = decl->next) {
+ mod_name =
+ decl->module_name ? decl->module_name : BASE_NAME;
+ for (i = 0; i < SYM_NUM; i++) {
+ if (!(i == SYM_TYPES || i == SYM_BOOLS))
+ continue;
+ b = &decl->required.scope[i];
+ ebitmap_for_each_bit(b, node, j) {
+ if (!ebitmap_node_get_bit(node, j))
+ continue;
+ id = p->sym_val_to_name[i][j];
+ scope =
+ (scope_datum_t *) hashtab_search(p->
+ scope
+ [i].
+ table,
+ id);
+ /* since this is only called after a successful link,
+ * this should never happen */
+ assert(scope->scope == SCOPE_DECL);
+ req_name =
+ p->decl_val_to_struct[scope->
+ decl_ids[0]]->
+ module_name ? p->
+ decl_val_to_struct[scope->
+ decl_ids[0]]->
+ module_name : BASE_NAME;
+
+ reqs =
+ (hashtab_t) hashtab_search(mods,
+ mod_name);
+ if (!reqs) {
+ reqs =
+ hashtab_create(reqsymhash,
+ reqsymcmp,
+ 64);
+ if (reqs == NULL) {
+ return NULL;
+ }
+ ret =
+ hashtab_insert(mods,
+ mod_name,
+ reqs);
+ if (ret != SEPOL_OK)
+ return NULL;
+ }
+ ret =
+ hashtab_insert(reqs, req_name,
+ NULL);
+ if (!
+ (ret == SEPOL_EEXIST
+ || ret == SEPOL_OK))
+ return NULL;
+ }
+ }
+
+ }
+ }
+
+ return mods;
+}
+
+static void free_requires(hashtab_t req)
+{
+ unsigned int i;
+ hashtab_ptr_t cur;
+
+ /* We steal memory for everything stored in the hash tables
+ * from the policydb, so this only looks like it leaks.
+ */
+ for (i = 0; i < req->size; i++) {
+ cur = req->htable[i];
+ while (cur != NULL) {
+ hashtab_destroy((hashtab_t) cur->datum);
+ cur = cur->next;
+ }
+ }
+ hashtab_destroy(req);
+}
+
+static void output_graphviz(hashtab_t mods, int exclude_base, FILE * f)
+{
+ unsigned int i, j;
+ hashtab_ptr_t cur, cur2;
+ hashtab_t reqs;
+
+ fprintf(f, "digraph mod_deps {\n");
+ fprintf(f, "\toverlap=false\n");
+
+ for (i = 0; i < mods->size; i++) {
+ cur = mods->htable[i];
+ while (cur != NULL) {
+ reqs = (hashtab_t) cur->datum;
+ assert(reqs);
+ for (j = 0; j < reqs->size; j++) {
+ cur2 = reqs->htable[j];
+ while (cur2 != NULL) {
+ if (exclude_base
+ && strcmp(cur2->key,
+ BASE_NAME) == 0) {
+ cur2 = cur2->next;
+ continue;
+ }
+ fprintf(f, "\t%s -> %s\n", cur->key,
+ cur2->key);
+ cur2 = cur2->next;
+ }
+ }
+ cur = cur->next;
+ }
+ }
+ fprintf(f, "}\n");
+}
+
+static void output_requirements(hashtab_t mods, int exclude_base, FILE * f)
+{
+ unsigned int i, j;
+ hashtab_ptr_t cur, cur2;
+ hashtab_t reqs;
+ int found_req;
+
+ for (i = 0; i < mods->size; i++) {
+ cur = mods->htable[i];
+ while (cur != NULL) {
+ reqs = (hashtab_t) cur->datum;
+ assert(reqs);
+ fprintf(f, "module: %s\n", cur->key);
+ found_req = 0;
+ for (j = 0; j < reqs->size; j++) {
+ cur2 = reqs->htable[j];
+ while (cur2 != NULL) {
+ if (exclude_base
+ && strcmp(cur2->key,
+ BASE_NAME) == 0) {
+ cur2 = cur2->next;
+ continue;
+ }
+ found_req = 1;
+ fprintf(f, "\t%s\n", cur2->key);
+ cur2 = cur2->next;
+ }
+ }
+ if (!found_req)
+ fprintf(f, "\t[no dependencies]\n");
+ cur = cur->next;
+ }
+ }
+ fprintf(f, "}\n");
+}
+
+/* Possible commands - see the command variable in
+ * main below and the man page for more info.
+ */
+#define SHOW_DEPS 1
+#define GEN_GRAPHVIZ 2
+
+int main(int argc, char **argv)
+{
+ int ch, i, num_mods;
+ int verbose = 0, exclude_base = 1, command = SHOW_DEPS;
+ char *basename;
+ sepol_module_package_t *base, **mods;
+ policydb_t *p;
+ hashtab_t req;
+
+ while ((ch = getopt(argc, argv, "vgb")) != EOF) {
+ switch (ch) {
+ case 'v':
+ verbose = 1;
+ break;
+ case 'g':
+ command = GEN_GRAPHVIZ;
+ break;
+ case 'b':
+ exclude_base = 0;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ /* check args */
+ if (argc < 3 || !(optind != (argc - 1))) {
+ fprintf(stderr,
+ "%s: You must provide the base module package and at least one other module package\n",
+ argv[0]);
+ usage(argv[0]);
+ }
+
+ basename = argv[optind++];
+ base = load_module(basename, argv[0]);
+ if (!base) {
+ fprintf(stderr,
+ "%s: Could not load base module from file %s\n",
+ argv[0], basename);
+ exit(1);
+ }
+
+ num_mods = argc - optind;
+ mods =
+ (sepol_module_package_t **) malloc(sizeof(sepol_module_package_t *)
+ * num_mods);
+ if (!mods) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+ memset(mods, 0, sizeof(sepol_module_package_t *) * num_mods);
+
+ for (i = 0; optind < argc; optind++, i++) {
+ mods[i] = load_module(argv[optind], argv[0]);
+ if (!mods[i]) {
+ fprintf(stderr,
+ "%s: Could not load module from file %s\n",
+ argv[0], argv[optind]);
+ exit(1);
+ }
+ }
+
+ if (sepol_link_packages(NULL, base, mods, num_mods, verbose)) {
+ fprintf(stderr, "%s: Error while linking packages\n", argv[0]);
+ exit(1);
+ }
+
+ p = (policydb_t *) sepol_module_package_get_policy(base);
+ if (p == NULL)
+ exit(1);
+
+ req = generate_requires(p);
+ if (req == NULL)
+ exit(1);
+
+ if (command == SHOW_DEPS)
+ output_requirements(req, exclude_base, stdout);
+ else
+ output_graphviz(req, exclude_base, stdout);
+
+ sepol_module_package_free(base);
+ for (i = 0; i < num_mods; i++)
+ sepol_module_package_free(mods[i]);
+
+ free_requires(req);
+
+ exit(0);
+}
diff --git a/policycoreutils/semodule_expand/Makefile b/policycoreutils/semodule_expand/Makefile
new file mode 100644
index 0000000..178222f
--- /dev/null
+++ b/policycoreutils/semodule_expand/Makefile
@@ -0,0 +1,29 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INCLUDEDIR ?= $(PREFIX)/include
+BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+
+all: semodule_expand
+
+semodule_expand: semodule_expand.o
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 semodule_expand $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f semodule_expand *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/semodule_expand/semodule_expand.8 b/policycoreutils/semodule_expand/semodule_expand.8
new file mode 100644
index 0000000..22ad3be
--- /dev/null
+++ b/policycoreutils/semodule_expand/semodule_expand.8
@@ -0,0 +1,32 @@
+.TH SEMODULE_EXPAND "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_expand \- Expand a SELinux policy module package.
+
+.SH SYNOPSIS
+.B semodule_expand [-V -c [version]] basemodpkg outputfile
+.br
+.SH DESCRIPTION
+.PP
+semodule_expand is a developer tool for manually expanding
+a base policy module package into a kernel binary policy file.
+This tool is not necessary for normal operation of SELinux. In normal
+operation, such expanding is performed internally by libsemanage in
+response to semodule commands. Base policy module packages can be
+created directly by semodule_package or by semodule_link (when linking
+together a set of packages into a single package).
+
+.SH "OPTIONS"
+.TP
+.B \-V
+show version
+.TP
+.B \-c [version]
+policy version to create
+
+.SH SEE ALSO
+.B checkmodule(8), semodule_package(8), semodule(8), semodule_link(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>
diff --git a/policycoreutils/semodule_expand/semodule_expand.c b/policycoreutils/semodule_expand/semodule_expand.c
new file mode 100644
index 0000000..aeb41b2
--- /dev/null
+++ b/policycoreutils/semodule_expand/semodule_expand.c
@@ -0,0 +1,189 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ * Joshua Brindle <jbrindle@tresys.com>
+ *
+ * Copyright (C) 2004 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <sepol/policydb.h>
+#include <sepol/module.h>
+
+#include <getopt.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+extern char *optarg;
+extern int optind;
+
+int policyvers = 0;
+
+#define EXPANDPOLICY_VERSION "1.0"
+
+static void usage(char *program_name)
+{
+ printf("usage: %s [-V -a -c [version]] basemodpkg outputfile\n",
+ program_name);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ char *basename, *outname;
+ int ch, ret, show_version = 0, verbose = 0;
+ struct sepol_policy_file *pf;
+ sepol_module_package_t *base;
+ sepol_policydb_t *out, *p;
+ FILE *fp, *outfile;
+ int check_assertions = 1;
+ sepol_handle_t *handle;
+
+ while ((ch = getopt(argc, argv, "c:Vva")) != EOF) {
+ switch (ch) {
+ case 'V':
+ show_version = 1;
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ case 'c':{
+ long int n = strtol(optarg, NULL, 10);
+ if (errno) {
+ fprintf(stderr,
+ "%s: Invalid policyvers specified: %s\n",
+ argv[0], optarg);
+ usage(argv[0]);
+ exit(1);
+ }
+ if (n < sepol_policy_kern_vers_min()
+ || n > sepol_policy_kern_vers_max()) {
+ fprintf(stderr,
+ "%s: policyvers value %ld not in range %d-%d\n",
+ argv[0], n,
+ sepol_policy_kern_vers_min(),
+ sepol_policy_kern_vers_max());
+ usage(argv[0]);
+ exit(1);
+ }
+ policyvers = n;
+ break;
+ }
+ case 'a':{
+ check_assertions = 0;
+ break;
+ }
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (verbose) {
+ if (policyvers)
+ printf("Building version %d policy\n", policyvers);
+ }
+
+ if (show_version) {
+ printf("%s\n", EXPANDPOLICY_VERSION);
+ exit(0);
+ }
+
+ /* check args */
+ if (argc < 3 || !(optind != (argc - 1))) {
+ fprintf(stderr,
+ "%s: You must provide the base module package and output filename\n",
+ argv[0]);
+ usage(argv[0]);
+ }
+
+ basename = argv[optind++];
+ outname = argv[optind];
+
+ handle = sepol_handle_create();
+ if (!handle)
+ exit(1);
+
+ if (sepol_policy_file_create(&pf)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+
+ /* read the base module */
+ if (sepol_module_package_create(&base)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+ fp = fopen(basename, "r");
+ if (!fp) {
+ fprintf(stderr, "%s: Can't open '%s': %s\n",
+ argv[0], basename, strerror(errno));
+ exit(1);
+ }
+ sepol_policy_file_set_fp(pf, fp);
+ ret = sepol_module_package_read(base, pf, 0);
+ if (ret) {
+ fprintf(stderr, "%s: Error in reading package from %s\n",
+ argv[0], basename);
+ exit(1);
+ }
+ fclose(fp);
+
+ /* linking the base takes care of enabling optional avrules */
+ p = sepol_module_package_get_policy(base);
+ if (sepol_link_modules(handle, p, NULL, 0, 0)) {
+ fprintf(stderr, "%s: Error while enabling avrules\n", argv[0]);
+ exit(1);
+ }
+
+ /* create the output policy */
+
+ if (sepol_policydb_create(&out)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+
+ sepol_set_expand_consume_base(handle, 1);
+
+ if (sepol_expand_module(handle, p, out, verbose, check_assertions)) {
+ fprintf(stderr, "%s: Error while expanding policy\n", argv[0]);
+ exit(1);
+ }
+
+ if (policyvers) {
+ if (sepol_policydb_set_vers(out, policyvers)) {
+ fprintf(stderr, "%s: Invalid version %d\n", argv[0],
+ policyvers);
+ exit(1);
+ }
+ }
+
+ sepol_module_package_free(base);
+
+ outfile = fopen(outname, "w");
+ if (!outfile) {
+ perror(outname);
+ exit(1);
+ }
+
+ sepol_policy_file_set_fp(pf, outfile);
+ ret = sepol_policydb_write(out, pf);
+ if (ret) {
+ fprintf(stderr,
+ "%s: Error while writing expanded policy to %s\n",
+ argv[0], outname);
+ exit(1);
+ }
+ fclose(outfile);
+ sepol_handle_destroy(handle);
+ sepol_policydb_free(out);
+ sepol_policy_file_free(pf);
+
+ return 0;
+}
diff --git a/policycoreutils/semodule_link/Makefile b/policycoreutils/semodule_link/Makefile
new file mode 100644
index 0000000..463d2b3
--- /dev/null
+++ b/policycoreutils/semodule_link/Makefile
@@ -0,0 +1,29 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INCLUDEDIR ?= $(PREFIX)/include
+BINDIR ?= $(PREFIX)/bin
+MANDIR ?= $(PREFIX)/share/man
+LIBDIR ?= ${PREFIX}/lib
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+
+all: semodule_link
+
+semodule_link: semodule_link.o
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 semodule_link $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_link.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f semodule_link *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/semodule_link/semodule_link.8 b/policycoreutils/semodule_link/semodule_link.8
new file mode 100644
index 0000000..a2bda3f
--- /dev/null
+++ b/policycoreutils/semodule_link/semodule_link.8
@@ -0,0 +1,35 @@
+.TH SEMODULE_LINK "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_link \- Link SELinux policy module packages together
+
+.SH SYNOPSIS
+.B semodule_link [-Vv] [-o outfile] basemodpkg modpkg1 [modpkg2]...
+.br
+.SH DESCRIPTION
+.PP
+semodule_link is a developer tool for manually linking together
+a set of SELinux policy module packages into a single policy module package.
+This tool is not necessary for normal operation of SELinux. In normal
+operation, such linking is performed internally by libsemanage in
+response to semodule commands. Module packages are created by
+semodule_package.
+
+.SH "OPTIONS"
+.TP
+.B \-V
+show version
+.TP
+.B \-v
+verbose mode
+.TP
+.B \-o <output file>
+Linked policy module package generated by this tool.
+
+
+.SH SEE ALSO
+.B checkmodule(8), semodule_package(8), semodule(8), semodule_expand(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
diff --git a/policycoreutils/semodule_link/semodule_link.c b/policycoreutils/semodule_link/semodule_link.c
new file mode 100644
index 0000000..1234735
--- /dev/null
+++ b/policycoreutils/semodule_link/semodule_link.c
@@ -0,0 +1,176 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2004 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <sepol/module.h>
+
+#include <getopt.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+#define LINKPOLICY_VERSION "1.0"
+
+char *progname;
+extern char *optarg;
+extern int optind;
+
+static void usage(char *program_name)
+{
+ printf("usage: %s [-Vv] [-o outfile] basemodpkg modpkg1 [modpkg2]...\n",
+ program_name);
+ exit(1);
+}
+
+static sepol_module_package_t *load_module(char *filename)
+{
+ int ret;
+ FILE *fp = NULL;
+ struct sepol_policy_file *pf = NULL;
+ sepol_module_package_t *p = NULL;
+
+ if (sepol_module_package_create(&p)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
+ goto bad;
+ }
+ if (sepol_policy_file_create(&pf)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
+ goto bad;
+ }
+ fp = fopen(filename, "r");
+ if (!fp) {
+ fprintf(stderr, "%s: Could not open package %s: %s", progname,
+ filename, strerror(errno));
+ goto bad;
+ }
+ sepol_policy_file_set_fp(pf, fp);
+
+ printf("%s: loading package from file %s\n", progname, filename);
+
+ ret = sepol_module_package_read(p, pf, 0);
+ if (ret) {
+ fprintf(stderr, "%s: Error while reading package from %s\n",
+ progname, filename);
+ goto bad;
+ }
+ fclose(fp);
+ sepol_policy_file_free(pf);
+ return p;
+ bad:
+ sepol_module_package_free(p);
+ sepol_policy_file_free(pf);
+ if (fp)
+ fclose(fp);
+ return NULL;
+}
+
+int main(int argc, char **argv)
+{
+ int ch, i, show_version = 0, verbose = 0, num_mods;
+ char *basename, *outname = NULL;
+ sepol_module_package_t *base, **mods;
+ FILE *outfile;
+ struct sepol_policy_file *pf;
+
+ progname = argv[0];
+
+ while ((ch = getopt(argc, argv, "o:Vv")) != EOF) {
+ switch (ch) {
+ case 'V':
+ show_version = 1;
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ case 'o':
+ outname = optarg;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (show_version) {
+ printf("%s\n", LINKPOLICY_VERSION);
+ exit(0);
+ }
+
+ /* check args */
+ if (argc < 3 || !(optind != (argc - 1))) {
+ fprintf(stderr,
+ "%s: You must provide the base module package and at least one other module package\n",
+ argv[0]);
+ usage(argv[0]);
+ }
+
+ basename = argv[optind++];
+ base = load_module(basename);
+ if (!base) {
+ fprintf(stderr,
+ "%s: Could not load base module from file %s\n",
+ argv[0], basename);
+ exit(1);
+ }
+
+ num_mods = argc - optind;
+ mods =
+ (sepol_module_package_t **) malloc(sizeof(sepol_module_package_t *)
+ * num_mods);
+ if (!mods) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+ memset(mods, 0, sizeof(sepol_module_package_t *) * num_mods);
+
+ for (i = 0; optind < argc; optind++, i++) {
+ mods[i] = load_module(argv[optind]);
+ if (!mods[i]) {
+ fprintf(stderr,
+ "%s: Could not load module from file %s\n",
+ argv[0], argv[optind]);
+ exit(1);
+ }
+ }
+
+ if (sepol_link_packages(NULL, base, mods, num_mods, verbose)) {
+ fprintf(stderr, "%s: Error while linking packages\n", argv[0]);
+ exit(1);
+ }
+
+ if (outname) {
+ outfile = fopen(outname, "w");
+ if (!outfile) {
+ perror(outname);
+ exit(1);
+ }
+
+ if (sepol_policy_file_create(&pf)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+ sepol_policy_file_set_fp(pf, outfile);
+ if (sepol_module_package_write(base, pf)) {
+ fprintf(stderr, "%s: Error writing linked package.\n",
+ argv[0]);
+ exit(1);
+ }
+ sepol_policy_file_free(pf);
+ fclose(outfile);
+ }
+
+ sepol_module_package_free(base);
+ for (i = 0; i < num_mods; i++)
+ sepol_module_package_free(mods[i]);
+ free(mods);
+ exit(0);
+}
diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
new file mode 100644
index 0000000..0a4a3a6
--- /dev/null
+++ b/policycoreutils/semodule_package/Makefile
@@ -0,0 +1,29 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INCLUDEDIR ?= $(PREFIX)/include
+BINDIR ?= $(PREFIX)/bin
+LIBDIR ?= ${PREFIX}/lib
+MANDIR ?= $(PREFIX)/share/man
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = -lsepol -lselinux -L$(LIBDIR)
+
+all: semodule_package
+
+semodule_package: semodule_package.o
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 semodule_package $(BINDIR)
+ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
+ install -m 644 semodule_package.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f semodule_package *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/semodule_package/semodule_package.8 b/policycoreutils/semodule_package/semodule_package.8
new file mode 100644
index 0000000..fb41480
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_package.8
@@ -0,0 +1,52 @@
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
+.SH NAME
+semodule_package \- Create a SELinux policy module package.
+
+.SH SYNOPSIS
+.B semodule_package -o <output file> -m <module> [-f <file contexts>]
+.br
+.SH DESCRIPTION
+.PP
+semodule_package is the tool used to create a SELinux policy module
+package from a binary policy module and optionally other data such as file
+contexts. semodule_package packages binary policy modules created by
+checkmodule. The policy package created by semodule_package can then
+be installed via semodule.
+
+.SH EXAMPLE
+.nf
+# Build a policy package for a base module.
+$ semodule_package -o base.pp -m base.mod -f file_contexts
+# Build a policy package for a httpd module.
+$ semodule_package -o httpd.pp -m httpd.mod -f httpd.fc
+# Build a policy package for local TE rules and no file contexts.
+$ semodule_package -o local.pp -m local.mod
+.fi
+
+.SH "OPTIONS"
+.TP
+.B \-o \-\-outfile <output file>
+Policy module package file generated by this tool.
+.TP
+.B \-s \-\-seuser <seuser file>
+seuser file to be included in the package.
+.TP
+.B \-u \-\-user_extra <user extra file>
+user_extra file to be included in the package.
+.TP
+.B \-m \-\-module <Module file>
+Policy module file to be included in the package.
+.TP
+.B \-f \-\-fc <File context file>
+File contexts file for the module (optional).
+.TP
+.B \-n \-\-nc <netfilter context file>
+netfilter context file to be included in the package.
+
+.SH SEE ALSO
+.B checkmodule(8), semodule(8)
+(8),
+.SH AUTHORS
+.nf
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Karl MacMillan <kmacmillan@tresys.com>
diff --git a/policycoreutils/semodule_package/semodule_package.c b/policycoreutils/semodule_package/semodule_package.c
new file mode 100644
index 0000000..28ae557
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_package.c
@@ -0,0 +1,257 @@
+/* Authors: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2004 Tresys Technology, LLC
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2.
+ */
+
+#include <sepol/module.h>
+#include <getopt.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <errno.h>
+
+char *progname = NULL;
+extern char *optarg;
+
+static void usage(char *prog)
+{
+ printf("usage: %s -o <output file> -m <module> [-f <file contexts>]\n",
+ prog);
+ printf("Options:\n");
+ printf(" -o --outfile Output file (required)\n");
+ printf(" -m --module Module file (required)\n");
+ printf(" -f --fc File contexts file\n");
+ printf(" -s --seuser Seusers file (only valid in base)\n");
+ printf
+ (" -u --user_extra user_extra file (only valid in base)\n");
+ printf(" -n --nc Netfilter contexts file\n");
+ exit(1);
+}
+
+static int file_to_policy_file(char *filename, struct sepol_policy_file **pf,
+ char *mode)
+{
+ FILE *f;
+
+ if (sepol_policy_file_create(pf)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
+ return -1;
+ }
+
+ f = fopen(filename, mode);
+ if (!f) {
+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname,
+ strerror(errno), filename);
+ return -1;
+ }
+ sepol_policy_file_set_fp(*pf, f);
+ return 0;
+}
+
+static int file_to_data(const char *path, char **data, size_t * len)
+{
+ int fd;
+ struct stat sb;
+ fd = open(path, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "%s: Failed to open %s: %s\n", progname, path,
+ strerror(errno));
+ return -1;
+ }
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, "%s: Failed to fstat %s: %s\n", progname,
+ path, strerror(errno));
+ goto err;
+ }
+
+ *data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+ if (*data == MAP_FAILED) {
+ fprintf(stderr, "%s: Failed to mmap %s: %s\n", progname, path,
+ strerror(errno));
+ goto err;
+ }
+ *len = sb.st_size;
+ close(fd);
+ return 0;
+ err:
+ close(fd);
+ return -1;
+}
+
+int main(int argc, char **argv)
+{
+ struct sepol_module_package *pkg;
+ struct sepol_policy_file *mod, *out;
+ char *module = NULL, *file_contexts = NULL, *seusers =
+ NULL, *user_extra = NULL;
+ char *fcdata = NULL, *outfile = NULL, *seusersdata =
+ NULL, *user_extradata = NULL;
+ char *netfilter_contexts = NULL, *ncdata = NULL;
+ size_t fclen = 0, seuserslen = 0, user_extralen = 0, nclen = 0;
+ int i;
+
+ static struct option opts[] = {
+ {"module", required_argument, NULL, 'm'},
+ {"fc", required_argument, NULL, 'f'},
+ {"seuser", required_argument, NULL, 's'},
+ {"user_extra", required_argument, NULL, 'u'},
+ {"nc", required_argument, NULL, 'n'},
+ {"outfile", required_argument, NULL, 'o'},
+ {"help", 0, NULL, 'h'},
+ {NULL, 0, NULL, 0}
+ };
+
+ while ((i = getopt_long(argc, argv, "m:f:s:u:o:n:h", opts, NULL)) != -1) {
+ switch (i) {
+ case 'h':
+ usage(argv[0]);
+ exit(0);
+ case 'm':
+ if (module) {
+ fprintf(stderr,
+ "May not specify more than one module\n");
+ exit(1);
+ }
+ module = strdup(optarg);
+ if (!module)
+ exit(1);
+ break;
+ case 'f':
+ if (file_contexts) {
+ fprintf(stderr,
+ "May not specify more than one file context file\n");
+ exit(1);
+ }
+ file_contexts = strdup(optarg);
+ if (!file_contexts)
+ exit(1);
+ break;
+ case 'o':
+ if (outfile) {
+ fprintf(stderr,
+ "May not specify more than one output file\n");
+ exit(1);
+ }
+ outfile = strdup(optarg);
+ if (!outfile)
+ exit(1);
+ break;
+ case 's':
+ if (seusers) {
+ fprintf(stderr,
+ "May not specify more than one seuser file\n");
+ exit(1);
+ }
+ seusers = strdup(optarg);
+ if (!seusers)
+ exit(1);
+ break;
+ case 'u':
+ if (user_extra) {
+ fprintf(stderr,
+ "May not specify more than one user_extra file\n");
+ exit(1);
+ }
+ user_extra = strdup(optarg);
+ if (!user_extra)
+ exit(1);
+ break;
+ case 'n':
+ if (netfilter_contexts) {
+ fprintf(stderr,
+ "May not specify more than one netfilter contexts file\n");
+ exit(1);
+ }
+ netfilter_contexts = strdup(optarg);
+ if (!netfilter_contexts)
+ exit(1);
+ break;
+ }
+ }
+
+ progname = argv[0];
+
+ if (!module || !outfile) {
+ usage(argv[0]);
+ exit(0);
+ }
+
+ if (file_contexts) {
+ if (file_to_data(file_contexts, &fcdata, &fclen))
+ exit(1);
+ }
+
+ if (seusers) {
+ if (file_to_data(seusers, &seusersdata, &seuserslen))
+ exit(1);
+ }
+
+ if (user_extra) {
+ if (file_to_data(user_extra, &user_extradata, &user_extralen))
+ exit(1);
+ }
+
+ if (netfilter_contexts) {
+ if (file_to_data(netfilter_contexts, &ncdata, &nclen))
+ exit(1);
+ }
+
+ if (file_to_policy_file(module, &mod, "r"))
+ exit(1);
+
+ if (sepol_module_package_create(&pkg)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+ }
+
+ if (sepol_policydb_read(sepol_module_package_get_policy(pkg), mod)) {
+ fprintf(stderr,
+ "%s: Error while reading policy module from %s\n",
+ argv[0], module);
+ exit(1);
+ }
+
+ if (fclen)
+ sepol_module_package_set_file_contexts(pkg, fcdata, fclen);
+
+ if (seuserslen)
+ sepol_module_package_set_seusers(pkg, seusersdata, seuserslen);
+
+ if (user_extra)
+ sepol_module_package_set_user_extra(pkg, user_extradata,
+ user_extralen);
+
+ if (nclen)
+ sepol_module_package_set_netfilter_contexts(pkg, ncdata, nclen);
+
+ if (file_to_policy_file(outfile, &out, "w"))
+ exit(1);
+
+ if (sepol_module_package_write(pkg, out)) {
+ fprintf(stderr,
+ "%s: Error while writing module package to %s\n",
+ argv[0], argv[1]);
+ exit(1);
+ }
+
+ if (fclen)
+ munmap(fcdata, fclen);
+ if (nclen)
+ munmap(ncdata, nclen);
+ sepol_policy_file_free(mod);
+ sepol_policy_file_free(out);
+ sepol_module_package_free(pkg);
+ free(file_contexts);
+ free(outfile);
+ free(module);
+ exit(0);
+}
diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
new file mode 100644
index 0000000..32638c2
--- /dev/null
+++ b/policycoreutils/sestatus/Makefile
@@ -0,0 +1,30 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR = $(PREFIX)/share/man
+ETCDIR ?= $(DESTDIR)/etc
+LIBDIR ?= ${PREFIX}/lib
+
+CFLAGS = -Werror -Wall -W
+override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+LDLIBS = -lselinux -L$(LIBDIR)
+
+all: sestatus
+
+sestatus: sestatus.o
+
+install: all
+ [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
+ -mkdir -p $(SBINDIR)
+ install -m 755 sestatus $(SBINDIR)
+ install -m 644 sestatus.8 $(MANDIR)/man8
+ -mkdir -p $(ETCDIR)
+ install -m 644 sestatus.conf $(ETCDIR)
+
+clean:
+ rm -f sestatus *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
diff --git a/policycoreutils/sestatus/sestatus.8 b/policycoreutils/sestatus/sestatus.8
new file mode 100644
index 0000000..049892d
--- /dev/null
+++ b/policycoreutils/sestatus/sestatus.8
@@ -0,0 +1,49 @@
+.TH "sestatus" "8" "2005111103" "" ""
+.SH "NAME"
+sestatus \- SELinux status tool
+
+.SH "SYNOPSIS"
+.B sestatus
+.I [\-v] [\-b]
+.P
+This tool is used to get the status of a system running SELinux.
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR sestatus
+program.
+.br
+This tool is used to get the status of a system running SELinux. It displays data about whether SELinux is enabled, disabled, the loaded policy and whether it is in enforcing or permissive mode. It can also be used to display the security context of files and processes listed in the /etc/sestatus.conf file.
+
+> sestatus
+.br
+SELinux status: enabled
+.br
+SELinuxfs mount: /selinux
+.br
+Current Mode: permissive
+.br
+Policy version: 16
+
+.SH "OPTIONS"
+.TP
+
+.B \-v
+.P
+ Checks the contexts of a files , and a processes listed in the /etc/sestatus.conf file. It also checks the context of the target, in cases of
+symlinks.
+
+.B \-b
+.P
+Display the current state of booleans.
+
+
+.SH "FILES"
+/etc/sestatus.conf
+
+.SH "AUTHOR"
+This man page was written by Daniel Walsh <dwalsh@redhat.com>.
+.br
+The program was written by Chris PeBenito <pebenito@gentoo.org>
+
+
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
new file mode 100644
index 0000000..5617319
--- /dev/null
+++ b/policycoreutils/sestatus/sestatus.c
@@ -0,0 +1,417 @@
+/*
+ * Copyright 1999-2004 Gentoo Technologies, Inc.
+ * Distributed under the terms of the GNU General Public License v2
+ * $Header: /home/cvsroot/gentoo-projects/hardened/policycoreutils-extra/src/sestatus.c,v 1.10 2004/03/26 19:25:52 pebenito Exp $
+ * Patch provided by Steve Grubb
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include <selinux/get_default_type.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <ctype.h>
+
+#define PROC_BASE "/proc"
+#define MAX_CHECK 50
+#define CONF "/etc/sestatus.conf"
+
+/* conf file sections */
+#define PROCS "[process]"
+#define FILES "[files]"
+
+/* buffer size for cmp_cmdline */
+#define BUFSIZE 255
+
+/* column to put the output (must be a multiple of 8) */
+static unsigned int COL = 32;
+
+extern char *selinux_mnt;
+
+int cmp_cmdline(const char *command, int pid)
+{
+
+ char buf[BUFSIZE];
+ char filename[BUFSIZE];
+
+ memset(buf, '\0', BUFSIZE);
+
+ /* first read the proc entry */
+ sprintf(filename, "%s/%d/exe", PROC_BASE, pid);
+
+ if (readlink(filename, buf, BUFSIZE) < 0)
+ return 0;
+
+ if (buf[BUFSIZE - 1] != '\0')
+ buf[BUFSIZE - 1] = '\0';
+
+ /* check if this is the command we're looking for. */
+ if (strcmp(command, buf) == 0)
+ return 1;
+ else
+ return 0;
+}
+
+int pidof(const char *command)
+{
+/* inspired by killall5.c from psmisc */
+ DIR *dir;
+ struct dirent *de;
+ int pid, ret = -1, self = getpid();
+
+ if (!(dir = opendir(PROC_BASE))) {
+ perror(PROC_BASE);
+ return -1;
+ }
+
+ while ((de = readdir(dir)) != NULL) {
+ errno = 0;
+ pid = (int)strtol(de->d_name, (char **)NULL, 10);
+ if (errno || pid == 0 || pid == self)
+ continue;
+ if (cmp_cmdline(command, pid)) {
+ ret = pid;
+ break;
+ }
+ }
+
+ closedir(dir);
+ return ret;
+}
+
+void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+{
+
+ FILE *fp = fopen(CONF, "r");
+ char buf[255], *bufp;
+ int buf_len, section = -1;
+ int proclen = strlen(PROCS);
+ int filelen = strlen(FILES);
+
+ if (fp == NULL) {
+ printf("\nUnable to open %s.\n", CONF);
+ return;
+ }
+
+ while (!feof(fp)) {
+ if (!fgets(buf, sizeof buf, fp))
+ break;
+
+ buf_len = strlen(buf);
+ if (buf[buf_len - 1] == '\n')
+ buf[buf_len - 1] = 0;
+
+ bufp = buf;
+ while (*bufp && isspace(*bufp)) {
+ bufp++;
+ buf_len--;
+ }
+
+ if (*bufp == '#')
+ /* skip comments */
+ continue;
+
+ if (*bufp) {
+ if (!(*bufp))
+ goto out;
+
+ if (strncmp(bufp, PROCS, proclen) == 0)
+ section = 0;
+ else if (strncmp(bufp, FILES, filelen) == 0)
+ section = 1;
+ else {
+ switch (section) {
+ case 0:
+ if (*npc >= MAX_CHECK)
+ break;
+ pc[*npc] =
+ (char *)malloc((buf_len) *
+ sizeof(char));
+ memcpy(pc[*npc], bufp, buf_len);
+ (*npc)++;
+ bufp = NULL;
+ break;
+ case 1:
+ if (*nfc >= MAX_CHECK)
+ break;
+ fc[*nfc] =
+ (char *)malloc((buf_len) *
+ sizeof(char));
+ memcpy(fc[*nfc], bufp, buf_len);
+ (*nfc)++;
+ bufp = NULL;
+ break;
+ default:
+ /* ignore lines before a section */
+ printf("Line not in a section: %s.\n",
+ buf);
+ break;
+ }
+ }
+ }
+ }
+ out:
+ fclose(fp);
+ return;
+}
+
+void printf_tab(const char *outp)
+{
+ char buf[20];
+ snprintf(buf, sizeof(buf), "%%-%us", COL);
+ printf(buf, outp);
+
+}
+
+int main(int argc, char **argv)
+{
+ /* these vars are reused several times */
+ int rc, opt, i, c;
+ char *context;
+
+ /* files that need context checks */
+ char *fc[MAX_CHECK];
+ char *cterm = ttyname(0);
+ int nfc = 0;
+ struct stat m;
+
+ /* processes that need context checks */
+ char *pc[MAX_CHECK];
+ int npc = 0;
+
+ /* booleans */
+ char **bools;
+ int nbool;
+
+ int verbose = 0;
+ int show_bools = 0;
+
+ /* policy */
+ const char *pol_name;
+ char *pol_path;
+
+ while (1) {
+ opt = getopt(argc, argv, "vb");
+ if (opt == -1)
+ break;
+ switch (opt) {
+ case 'v':
+ verbose = 1;
+ break;
+ case 'b':
+ show_bools = 1;
+ break;
+ default:
+ /* invalid option */
+ printf("\nUsage: %s [OPTION]\n\n", basename(argv[0]));
+ printf
+ (" -v Verbose check of process and file contexts.\n");
+ printf("\nWithout options, show SELinux status.\n");
+ return -1;
+ }
+ }
+ printf_tab("SELinux status:");
+ rc = is_selinux_enabled();
+
+ switch (rc) {
+ case 1:
+ printf("enabled\n");
+ break;
+ case 0:
+ printf("disabled\n");
+ return 0;
+ break;
+ default:
+ printf("unknown (%s)\n", strerror(errno));
+ return 0;
+ break;
+ }
+
+ printf_tab("SELinuxfs mount:");
+ if (selinux_mnt != NULL) {
+ printf("%s\n", selinux_mnt);
+ } else {
+ printf("not mounted\n\n");
+ printf("Please mount selinuxfs for proper results.\n");
+ return -1;
+ }
+
+ printf_tab("Current mode:");
+ rc = security_getenforce();
+ switch (rc) {
+ case 1:
+ printf("enforcing\n");
+ break;
+ case 0:
+ printf("permissive\n");
+ break;
+ default:
+ printf("unknown (%s)\n", strerror(errno));
+ break;
+ }
+
+ printf_tab("Mode from config file:");
+ if (selinux_getenforcemode(&rc) == 0) {
+ switch (rc) {
+ case 1:
+ printf("enforcing\n");
+ break;
+ case 0:
+ printf("permissive\n");
+ break;
+ case -1:
+ printf("disabled\n");
+ break;
+ }
+ } else {
+ printf("error (%s)\n", strerror(errno));
+ }
+
+ rc = security_policyvers();
+ printf_tab("Policy version:");
+ if (rc < 0)
+ printf("unknown (%s)\n", strerror(errno));
+ else
+ printf("%d\n", rc);
+
+ /* Dump all the path information */
+ printf_tab("Policy from config file:");
+ pol_path = strdup(selinux_policy_root());
+ if (pol_path) {
+ pol_name = basename(pol_path);
+ puts(pol_name);
+ free(pol_path);
+ } else {
+ printf("error (%s)\n", strerror(errno));
+ }
+
+ if (show_bools) {
+ /* show booleans */
+ if (security_get_boolean_names(&bools, &nbool) >= 0) {
+ printf("\nPolicy booleans:\n");
+
+ for (i = 0; i < nbool; i++) {
+ if (strlen(bools[i]) + 1 > COL)
+ COL = strlen(bools[i]) + 1;
+ }
+ for (i = 0; i < nbool; i++) {
+ printf_tab(bools[i]);
+
+ rc = security_get_boolean_active(bools[i]);
+ switch (rc) {
+ case 1:
+ printf("on");
+ break;
+ case 0:
+ printf("off");
+ break;
+ default:
+ printf("unknown (%s)", strerror(errno));
+ break;
+ }
+ c = security_get_boolean_pending(bools[i]);
+ if (c != rc)
+ switch (c) {
+ case 1:
+ printf(" (activate pending)");
+ break;
+ case 0:
+ printf(" (inactivate pending)");
+ break;
+ default:
+ printf(" (pending error: %s)",
+ strerror(errno));
+ break;
+ }
+ printf("\n");
+
+ /* free up the booleans */
+ free(bools[i]);
+ }
+ free(bools);
+ }
+ }
+ /* only show contexts if -v is given */
+ if (!verbose)
+ return 0;
+
+ load_checks(pc, &npc, fc, &nfc);
+
+ printf("\nProcess contexts:\n");
+
+ printf_tab("Current context:");
+ if (getcon(&context) >= 0) {
+ printf("%s\n", context);
+ freecon(context);
+ } else
+ printf("unknown (%s)\n", strerror(errno));
+
+ printf_tab("Init context:");
+ if (getpidcon(1, &context) >= 0) {
+ printf("%s\n", context);
+ freecon(context);
+ } else
+ printf("unknown (%s)\n", strerror(errno));
+
+ for (i = 0; i < npc; i++) {
+ rc = pidof(pc[i]);
+ if (rc > 0) {
+ if (getpidcon(rc, &context) < 0)
+ continue;
+
+ printf_tab(pc[i]);
+ printf("%s\n", context);
+ freecon(context);
+ }
+ }
+
+ printf("\nFile contexts:\n");
+
+ /* controlling term */
+ printf_tab("Controlling term:");
+ if (lgetfilecon(cterm, &context) >= 0) {
+ printf("%s\n", context);
+ freecon(context);
+ } else {
+ printf("unknown (%s)\n", strerror(errno));
+ }
+
+ for (i = 0; i < nfc; i++) {
+ if (lgetfilecon(fc[i], &context) >= 0) {
+ printf_tab(fc[i]);
+
+ /* check if this is a symlink */
+ if (lstat(fc[i], &m)) {
+ printf
+ ("%s (could not check link status (%s)!)\n",
+ context, strerror(errno));
+ freecon(context);
+ continue;
+ }
+ if (S_ISLNK(m.st_mode)) {
+ /* print link target context */
+ printf("%s -> ", context);
+ freecon(context);
+
+ if (getfilecon(fc[i], &context) >= 0) {
+ printf("%s\n", context);
+ freecon(context);
+ } else {
+ printf("unknown (%s)\n",
+ strerror(errno));
+ }
+ } else {
+ printf("%s\n", context);
+ freecon(context);
+ }
+ }
+ }
+
+ return 0;
+}
diff --git a/policycoreutils/sestatus/sestatus.conf b/policycoreutils/sestatus/sestatus.conf
new file mode 100644
index 0000000..7ebca9c
--- /dev/null
+++ b/policycoreutils/sestatus/sestatus.conf
@@ -0,0 +1,18 @@
+[files]
+/etc/passwd
+/etc/shadow
+/bin/bash
+/bin/login
+/bin/sh
+/sbin/agetty
+/sbin/init
+/sbin/mingetty
+/usr/sbin/sshd
+/lib/libc.so.6
+/lib/ld-linux.so.2
+/lib/ld.so.1
+
+[process]
+/sbin/mingetty
+/sbin/agetty
+/usr/sbin/sshd
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
new file mode 100644
index 0000000..5b30114
--- /dev/null
+++ b/policycoreutils/setfiles/Makefile
@@ -0,0 +1,39 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SBINDIR ?= $(DESTDIR)/sbin
+MANDIR = $(PREFIX)/share/man
+LIBDIR ?= $(PREFIX)/lib
+
+AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+
+CFLAGS = -Werror -Wall -W
+override CFLAGS += -D_FILE_OFFSET_BITS=64 -I$(PREFIX)/include
+LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+
+ifeq (${AUDITH}, /usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+endif
+
+all: setfiles restorecon
+
+setfiles: setfiles.o
+
+restorecon: setfiles
+ ln -sf setfiles restorecon
+
+install: all
+ [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
+ -mkdir -p $(SBINDIR)
+ install -m 755 setfiles $(SBINDIR)
+ (cd $(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 644 setfiles.8 restorecon.8 $(MANDIR)/man8
+
+clean:
+ rm -f setfiles restorecon *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel: install
+ /sbin/restorecon $(SBINDIR)/setfiles
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
new file mode 100644
index 0000000..1eb6a43
--- /dev/null
+++ b/policycoreutils/setfiles/restorecon.8
@@ -0,0 +1,68 @@
+.TH "restorecon" "8" "2002031409" "" ""
+.SH "NAME"
+restorecon \- restore file(s) default SELinux security contexts.
+
+.SH "SYNOPSIS"
+.B restorecon
+.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname...
+.P
+.B restorecon
+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F]
+
+.SH "DESCRIPTION"
+This manual page describes the
+.BR restorecon
+program.
+.P
+This program is primarily used to set the security context
+(extended attributes) on one or more files.
+.P
+It can be run at any time to correct errors, to add support for
+new policy, or with the \-n option it can just check whether the file
+contexts are all as you expect.
+
+.SH "OPTIONS"
+.TP
+.B \-i
+ignore files that do not exist
+.TP
+.B \-f infilename
+infilename contains a list of files to be processed by application. Use \- for stdin.
+.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
+.B \-R \-r
+change files and directories file labels recursively
+.TP
+.B \-n
+don't change any file labels.
+.TP
+.B \-o outfilename
+save list of files with incorrect context in outfilename.
+.TP
+.B \-v
+show changes in file labels.
+.TP
+.B \-vv
+show changes in file labels, if type, role, or user are changing.
+.TP
+.B \-F
+Force reset of context to match file_context for customizable files, or the user section, if it has changed.
+.TP
+.SH "ARGUMENTS"
+.B pathname...
+The pathname for the file(s) to be relabeled.
+.SH NOTE
+restorecon does not follow symbolic links.
+
+.SH "AUTHOR"
+This man page was written by Dan Walsh <dwalsh@redhat.com>.
+Some of the content of this man page was taken from the setfiles
+man page written by Russell Coker <russell@coker.com.au>.
+The program was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+.BR load_policy (8),
+.BR checkpolicy (8)
+.BR setfiles (8)
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
new file mode 100644
index 0000000..ac68b94
--- /dev/null
+++ b/policycoreutils/setfiles/setfiles.8
@@ -0,0 +1,98 @@
+.TH "setfiles" "8" "2002031409" "" ""
+.SH "NAME"
+setfiles \- set file SELinux security contexts.
+
+.SH "SYNOPSIS"
+.B setfiles
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
+.SH "DESCRIPTION"
+This manual page describes the
+.BR setfiles
+program.
+.P
+This program is primarily used to initialise the security context
+database (extended attributes) on one or more filesystems. This
+program is initially run as part of the SE Linux installation process.
+.P
+It can also be run at any time to correct errors, to add support for
+new policy, or with the \-n option it can just check whether the file
+contexts are all as you expect.
+
+.SH "OPTIONS"
+.TP
+.B \-c
+check the validity of the contexts against the specified binary policy.
+.TP
+.B \-d
+show what specification matched each file.
+.TP
+.B \-l
+log changes in file labels to syslog.
+.TP
+.B \-n
+don't change any file labels.
+.TP
+.B \-q
+suppress non-error output.
+.TP
+.B \-r rootpath
+use an alternate root path
+.TP
+.B \-e directory
+directory to exclude (repeat option for more than one directory.)
+.TP
+.B \-F
+Force reset of context to match file_context for customizable files
+.TP
+.B \-o filename
+save list of files with incorrect context in filename.
+.TP
+.B \-s
+take a list of files from standard input instead of using a pathname on the
+command line.
+.TP
+.B \-v
+show changes in file labels, if type or role are changing.
+.TP
+.B \-vv
+show changes in file labels, if type, role, or user are changing.
+.TP
+.B \-W
+display warnings about entries that had no matching files.
+.TP
+.B \-0
+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
+
+.SH "ARGUMENTS"
+.B spec_file
+The specification file which contains lines of the following form
+.br
+.B regexp [ \-type ] ( context | <<none>> )
+.br
+The regular expression is anchored at both ends. The optional type field
+specifies the file type as shown in the mode field by the
+.B ls(1)
+program, e.g. \-\- to match only regular files or \-d to match only
+directories. The context can be an ordinary security context or the
+string <<none>> to specify that the file is not to have its context
+changed.
+.br
+The last matching specification is used. If there are multiple hard
+links to a file that match different specifications and those
+specifications indicate different security contexts, then a warning is
+displayed but the file is still labeled based on the last matching
+specification other than <<none>>.
+.TP
+.B pathname...
+The pathname for the root directory of each file system to be relabeled.
+Not used if the
+.B \-s
+option is used.
+
+.SH "AUTHOR"
+This man page was written by Russell Coker <russell@coker.com.au>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>
+
+.SH "SEE ALSO"
+.BR load_policy (8),
+.BR checkpolicy (8)
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
new file mode 100644
index 0000000..99b9a46
--- /dev/null
+++ b/policycoreutils/setfiles/setfiles.c
@@ -0,0 +1,1023 @@
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <regex.h>
+#include <sys/vfs.h>
+#define __USE_XOPEN_EXTENDED 1 /* nftw */
+#include <ftw.h>
+#include <limits.h>
+#include <sepol/sepol.h>
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#include <syslog.h>
+#include <libgen.h>
+#ifdef USE_AUDIT
+#include <libaudit.h>
+
+#ifndef AUDIT_FS_RELABEL
+#define AUDIT_FS_RELABEL 2309
+#endif
+#endif
+static int mass_relabel;
+static int mass_relabel_errs;
+
+static FILE *outfile = NULL;
+static int force = 0;
+#define STAT_BLOCK_SIZE 1
+static int pipe_fds[2] = { -1, -1 };
+static int progress = 0;
+static unsigned long long count = 0;
+
+#define MAX_EXCLUDES 100
+static int excludeCtr = 0;
+struct edir {
+ char *directory;
+ size_t size;
+};
+static struct edir excludeArray[MAX_EXCLUDES];
+
+/*
+ * Command-line options.
+ */
+static char *policyfile = NULL;
+static int debug = 0;
+static int change = 1;
+static int quiet = 0;
+static int ignore_enoent;
+static int verbose = 0;
+static int logging = 0;
+static int warn_no_match = 0;
+static int null_terminated = 0;
+static char *rootpath = NULL;
+static int rootpathlen = 0;
+static int recurse; /* Recursive descent. */
+static int errors;
+
+static char *progname;
+
+#define SETFILES "setfiles"
+#define RESTORECON "restorecon"
+static int iamrestorecon;
+
+/* Behavior flags determined based on setfiles vs. restorecon */
+static int expand_realpath; /* Expand paths via realpath. */
+static int abort_on_error; /* Abort the file tree walk upon an error. */
+static int add_assoc; /* Track inode associations for conflict detection. */
+static int nftw_flags; /* Flags to nftw, e.g. follow links, follow mounts */
+static int ctx_validate; /* Validate contexts */
+static const char *altpath; /* Alternate path to file_contexts */
+
+/* Label interface handle */
+static struct selabel_handle *hnd;
+
+/*
+ * An association between an inode and a context.
+ */
+typedef struct file_spec {
+ ino_t ino; /* inode number */
+ char *con; /* matched context */
+ char *file; /* full pathname */
+ struct file_spec *next; /* next association in hash bucket chain */
+} file_spec_t;
+
+/*
+ * The hash table of associations, hashed by inode number.
+ * Chaining is used for collisions, with elements ordered
+ * by inode number in each bucket. Each hash bucket has a dummy
+ * header.
+ */
+#define HASH_BITS 16
+#define HASH_BUCKETS (1 << HASH_BITS)
+#define HASH_MASK (HASH_BUCKETS-1)
+static file_spec_t *fl_head;
+
+/*
+ * Try to add an association between an inode and a context.
+ * If there is a different context that matched the inode,
+ * then use the first context that matched.
+ */
+int filespec_add(ino_t ino, const security_context_t con, const char *file)
+{
+ file_spec_t *prevfl, *fl;
+ int h, ret;
+ struct stat sb;
+
+ if (!fl_head) {
+ fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
+ if (!fl_head)
+ goto oom;
+ memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS);
+ }
+
+ h = (ino + (ino >> HASH_BITS)) & HASH_MASK;
+ for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ prevfl = fl, fl = fl->next) {
+ if (ino == fl->ino) {
+ ret = lstat(fl->file, &sb);
+ if (ret < 0 || sb.st_ino != ino) {
+ freecon(fl->con);
+ free(fl->file);
+ fl->file = strdup(file);
+ if (!fl->file)
+ goto oom;
+ fl->con = strdup(con);
+ if (!fl->con)
+ goto oom;
+ return 1;
+ }
+
+ if (strcmp(fl->con, con) == 0)
+ return 1;
+
+ fprintf(stderr,
+ "%s: conflicting specifications for %s and %s, using %s.\n",
+ __FUNCTION__, file, fl->file, fl->con);
+ free(fl->file);
+ fl->file = strdup(file);
+ if (!fl->file)
+ goto oom;
+ return 1;
+ }
+
+ if (ino > fl->ino)
+ break;
+ }
+
+ fl = malloc(sizeof(file_spec_t));
+ if (!fl)
+ goto oom;
+ fl->ino = ino;
+ fl->con = strdup(con);
+ if (!fl->con)
+ goto oom_freefl;
+ fl->file = strdup(file);
+ if (!fl->file)
+ goto oom_freefl;
+ fl->next = prevfl->next;
+ prevfl->next = fl;
+ return 0;
+ oom_freefl:
+ free(fl);
+ oom:
+ fprintf(stderr,
+ "%s: insufficient memory for file label entry for %s\n",
+ __FUNCTION__, file);
+ return -1;
+}
+
+/*
+ * Evaluate the association hash table distribution.
+ */
+void filespec_eval(void)
+{
+ file_spec_t *fl;
+ int h, used, nel, len, longest;
+
+ if (!fl_head)
+ return;
+
+ used = 0;
+ longest = 0;
+ nel = 0;
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ len = 0;
+ for (fl = fl_head[h].next; fl; fl = fl->next) {
+ len++;
+ }
+ if (len)
+ used++;
+ if (len > longest)
+ longest = len;
+ nel += len;
+ }
+
+ printf
+ ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n",
+ __FUNCTION__, nel, used, HASH_BUCKETS, longest);
+}
+
+/*
+ * Destroy the association hash table.
+ */
+void filespec_destroy(void)
+{
+ file_spec_t *fl, *tmp;
+ int h;
+
+ if (!fl_head)
+ return;
+
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ fl = fl_head[h].next;
+ while (fl) {
+ tmp = fl;
+ fl = fl->next;
+ freecon(tmp->con);
+ free(tmp->file);
+ free(tmp);
+ }
+ fl_head[h].next = NULL;
+ }
+ free(fl_head);
+ fl_head = NULL;
+}
+
+static int add_exclude(const char *directory)
+{
+ struct stat sb;
+ size_t len = 0;
+ if (directory == NULL || directory[0] != '/') {
+ fprintf(stderr, "Full path required for exclude: %s.\n",
+ directory);
+ return 1;
+ }
+ if (lstat(directory, &sb)) {
+ fprintf(stderr, "Directory \"%s\" not found, ignoring.\n",
+ directory);
+ return 0;
+ }
+ if ((sb.st_mode & S_IFDIR) == 0) {
+ fprintf(stderr,
+ "\"%s\" is not a Directory: mode %o, ignoring\n",
+ directory, sb.st_mode);
+ return 0;
+ }
+
+ if (excludeCtr == MAX_EXCLUDES) {
+ fprintf(stderr, "Maximum excludes %d exceeded.\n",
+ MAX_EXCLUDES);
+ return 1;
+ }
+
+ len = strlen(directory);
+ while (len > 1 && directory[len - 1] == '/') {
+ len--;
+ }
+ excludeArray[excludeCtr].directory = strndup(directory, len);
+
+ if (excludeArray[excludeCtr].directory == NULL) {
+ fprintf(stderr, "Out of memory.\n");
+ return 1;
+ }
+ excludeArray[excludeCtr++].size = len;
+
+ return 0;
+}
+
+static int exclude(const char *file)
+{
+ int i = 0;
+ for (i = 0; i < excludeCtr; i++) {
+ if (strncmp
+ (file, excludeArray[i].directory,
+ excludeArray[i].size) == 0) {
+ if (file[excludeArray[i].size] == 0
+ || file[excludeArray[i].size] == '/') {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+int match(const char *name, struct stat *sb, char **con)
+{
+ int ret;
+ char path[PATH_MAX + 1];
+
+ if (excludeCtr > 0) {
+ if (exclude(name)) {
+ return -1;
+ }
+ }
+ ret = lstat(name, sb);
+ if (ret) {
+ if (ignore_enoent && errno == ENOENT)
+ return 0;
+ fprintf(stderr, "%s: unable to stat file %s: %s\n", progname,
+ name, strerror(errno));
+ return -1;
+ }
+
+ if (expand_realpath) {
+ if (S_ISLNK(sb->st_mode)) {
+ if (verbose > 1)
+ fprintf(stderr,
+ "Warning! %s refers to a symbolic link, not following last component.\n",
+ name);
+ char *p = NULL, *file_sep;
+ char *tmp_path = strdupa(name);
+ size_t len = 0;
+ if (!tmp_path) {
+ fprintf(stderr, "strdupa on %s failed: %s\n", name,
+ strerror(errno));
+ return -1;
+ }
+ file_sep = strrchr(tmp_path, '/');
+ if (file_sep == tmp_path) {
+ file_sep++;
+ p = strcpy(path, "");
+ } else if (file_sep) {
+ *file_sep = 0;
+ file_sep++;
+ p = realpath(tmp_path, path);
+ } else {
+ file_sep = tmp_path;
+ p = realpath("./", path);
+ }
+ if (p)
+ len = strlen(p);
+ if (!p || len + strlen(file_sep) + 2 > PATH_MAX) {
+ fprintf(stderr, "realpath(%s) failed %s\n", name,
+ strerror(errno));
+ return -1;
+ }
+ p += len;
+ /* ensure trailing slash of directory name */
+ if (len == 0 || *(p - 1) != '/') {
+ *p = '/';
+ p++;
+ }
+ strcpy(p, file_sep);
+ name = path;
+ if (excludeCtr > 0 && exclude(name))
+ return -1;
+ } else {
+ char *p;
+ p = realpath(name, path);
+ if (!p) {
+ fprintf(stderr, "realpath(%s) failed %s\n", name,
+ strerror(errno));
+ return -1;
+ }
+ name = p;
+ if (excludeCtr > 0 && exclude(name))
+ return -1;
+ }
+ }
+
+ if (NULL != rootpath) {
+ if (0 != strncmp(rootpath, name, rootpathlen)) {
+ fprintf(stderr, "%s: %s is not located in %s\n",
+ progname, name, rootpath);
+ return -1;
+ }
+ name += rootpathlen;
+ }
+
+ if (rootpath != NULL && name[0] == '\0')
+ /* this is actually the root dir of the alt root */
+ return selabel_lookup_raw(hnd, con, "/", sb->st_mode);
+ else
+ return selabel_lookup_raw(hnd, con, name, sb->st_mode);
+}
+
+void usage(const char *const name)
+{
+ if (iamrestorecon) {
+ fprintf(stderr,
+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ name);
+ } else {
+ fprintf(stderr,
+ "usage: %s [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...\n"
+ "usage: %s -c policyfile spec_file\n"
+ "usage: %s -s [-dnqvW] [-o filename ] spec_file\n", name, name,
+ name);
+ }
+ exit(1);
+}
+
+static int nerr = 0;
+
+void inc_err()
+{
+ nerr++;
+ if (nerr > 9 && !debug) {
+ fprintf(stderr, "Exiting after 10 errors.\n");
+ exit(1);
+ }
+}
+
+/* Compare two contexts to see if their differences are "significant",
+ * or whether the only difference is in the user. */
+static int only_changed_user(const char *a, const char *b)
+{
+ char *rest_a, *rest_b; /* Rest of the context after the user */
+ if (force)
+ return 0;
+ if (!a || !b)
+ return 0;
+ rest_a = strchr(a, ':');
+ rest_b = strchr(b, ':');
+ if (!rest_a || !rest_b)
+ return 0;
+ return (strcmp(rest_a, rest_b) == 0);
+}
+
+static int restore(const char *file)
+{
+ char *my_file = strdupa(file);
+ struct stat my_sb;
+ int ret;
+ char *context, *newcon;
+ int user_only_changed = 0;
+ size_t len = strlen(my_file);
+
+ /* Skip the extra slashes at the beginning and end, if present. */
+ if (file[0] == '/' && file[1] == '/')
+ my_file++;
+ if (len > 1 && my_file[len - 1] == '/')
+ my_file[len - 1] = 0;
+
+ if (match(my_file, &my_sb, &newcon) < 0)
+ /* Check for no matching specification. */
+ return (errno == ENOENT) ? 0 : -1;
+
+ if (progress) {
+ count++;
+ if (count % 80000 == 0) {
+ fprintf(stdout, "\n");
+ fflush(stdout);
+ }
+ if (count % 1000 == 0) {
+ fprintf(stdout, "*");
+ fflush(stdout);
+ }
+ }
+
+ /*
+ * Try to add an association between this inode and
+ * this specification. If there is already an association
+ * for this inode and it conflicts with this specification,
+ * then use the last matching specification.
+ */
+ if (add_assoc) {
+ ret = filespec_add(my_sb.st_ino, newcon, my_file);
+ if (ret < 0)
+ goto err;
+
+ if (ret > 0)
+ /* There was already an association and it took precedence. */
+ goto out;
+ }
+
+ if (debug) {
+ printf("%s: %s matched by %s\n", progname, my_file, newcon);
+ }
+
+ /* Get the current context of the file. */
+ ret = lgetfilecon_raw(my_file, &context);
+ if (ret < 0) {
+ if (errno == ENODATA) {
+ context = NULL;
+ } else {
+ fprintf(stderr, "%s get context on %s failed: '%s'\n",
+ progname, my_file, strerror(errno));
+ goto err;
+ }
+ user_only_changed = 0;
+ } else
+ user_only_changed = only_changed_user(context, newcon);
+
+ /*
+ * Do not relabel the file if the matching specification is
+ * <<none>> or the file is already labeled according to the
+ * specification.
+ */
+ if ((strcmp(newcon, "<<none>>") == 0) ||
+ (context && (strcmp(context, newcon) == 0))) {
+ freecon(context);
+ goto out;
+ }
+
+ if (!force && context && (is_context_customizable(context) > 0)) {
+ if (verbose > 1) {
+ fprintf(stderr,
+ "%s: %s not reset customized by admin to %s\n",
+ progname, my_file, context);
+ }
+ freecon(context);
+ goto out;
+ }
+
+ if (verbose) {
+ /* If we're just doing "-v", trim out any relabels where
+ * the user has changed but the role and type are the
+ * same. For "-vv", emit everything. */
+ if (verbose > 1 || !user_only_changed) {
+ printf("%s reset %s context %s->%s\n",
+ progname, my_file, context ?: "", newcon);
+ }
+ }
+
+ if (logging && !user_only_changed) {
+ if (context)
+ syslog(LOG_INFO, "relabeling %s from %s to %s\n",
+ my_file, context, newcon);
+ else
+ syslog(LOG_INFO, "labeling %s to %s\n",
+ my_file, newcon);
+ }
+
+ if (outfile && !user_only_changed)
+ fprintf(outfile, "%s\n", my_file);
+
+ if (context)
+ freecon(context);
+
+ /*
+ * Do not relabel the file if -n was used.
+ */
+ if (!change || user_only_changed)
+ goto out;
+
+ /*
+ * Relabel the file to the specified context.
+ */
+ ret = lsetfilecon(my_file, newcon);
+ if (ret) {
+ fprintf(stderr, "%s set context %s->%s failed:'%s'\n",
+ progname, my_file, newcon, strerror(errno));
+ goto out;
+ }
+ out:
+ freecon(newcon);
+ return 0;
+ err:
+ freecon(newcon);
+ return -1;
+}
+
+/*
+ * Apply the last matching specification to a file.
+ * This function is called by nftw on each file during
+ * the directory traversal.
+ */
+static int apply_spec(const char *file,
+ const struct stat *sb_unused __attribute__ ((unused)),
+ int flag, struct FTW *s_unused __attribute__ ((unused)))
+{
+ char buf[STAT_BLOCK_SIZE];
+ if (pipe_fds[0] != -1
+ && read(pipe_fds[0], buf, STAT_BLOCK_SIZE) != STAT_BLOCK_SIZE) {
+ fprintf(stderr, "Read error on pipe.\n");
+ pipe_fds[0] = -1;
+ }
+
+ if (flag == FTW_DNR) {
+ fprintf(stderr, "%s: unable to read directory %s\n",
+ progname, file);
+ return 0;
+ }
+
+ errors |= restore(file);
+ if (abort_on_error && errors)
+ return -1;
+ return 0;
+}
+
+void set_rootpath(const char *arg)
+{
+ int len;
+
+ rootpath = strdup(arg);
+ if (NULL == rootpath) {
+ fprintf(stderr, "%s: insufficient memory for rootpath\n",
+ progname);
+ exit(1);
+ }
+
+ /* trim trailing /, if present */
+ len = strlen(rootpath);
+ while (len && ('/' == rootpath[len - 1]))
+ rootpath[--len] = 0;
+ rootpathlen = len;
+}
+
+int canoncon(char **contextp)
+{
+ char *context = *contextp, *tmpcon;
+ int rc = 0;
+
+ if (policyfile) {
+ if (sepol_check_context(context) < 0) {
+ fprintf(stderr, "invalid context %s\n", context);
+ exit(1);
+ }
+ } else if (security_canonicalize_context_raw(context, &tmpcon) == 0) {
+ free(context);
+ *contextp = tmpcon;
+ } else if (errno != ENOENT) {
+ rc = -1;
+ inc_err();
+ }
+
+ return rc;
+}
+
+static int pre_stat(const char *file_unused __attribute__ ((unused)),
+ const struct stat *sb_unused __attribute__ ((unused)),
+ int flag_unused __attribute__ ((unused)),
+ struct FTW *s_unused __attribute__ ((unused)))
+{
+ char buf[STAT_BLOCK_SIZE];
+ if (write(pipe_fds[1], buf, STAT_BLOCK_SIZE) != STAT_BLOCK_SIZE) {
+ fprintf(stderr, "Error writing to stat pipe, child exiting.\n");
+ exit(1);
+ }
+ return 0;
+}
+
+static int process_one(char *name)
+{
+ struct stat sb;
+ int rc;
+
+ if (!strcmp(name, "/"))
+ mass_relabel = 1;
+
+ rc = lstat(name, &sb);
+ if (rc < 0) {
+ if (ignore_enoent && errno == ENOENT)
+ return 0;
+ fprintf(stderr, "%s: stat error on %s: %s\n",
+ progname, name, strerror(errno));
+ goto err;
+ }
+
+ if (S_ISDIR(sb.st_mode) && recurse) {
+ if (pipe(pipe_fds) < 0) {
+ fprintf(stderr, "%s: pipe error on %s: %s\n",
+ progname, name, strerror(errno));
+ goto err;
+ }
+ rc = fork();
+ if (rc < 0) {
+ fprintf(stderr, "%s: fork error on %s: %s\n",
+ progname, name, strerror(errno));
+ goto err;
+ }
+ if (rc == 0) {
+ /* Child: pre-stat the files. */
+ close(pipe_fds[0]);
+ nftw(name, pre_stat, 1024, nftw_flags);
+ exit(0);
+ }
+ /* Parent: Check and label the files. */
+ rc = 0;
+ close(pipe_fds[1]);
+ if (nftw(name, apply_spec, 1024, nftw_flags)) {
+ fprintf(stderr,
+ "%s: error while labeling %s: %s\n",
+ progname, name, strerror(errno));
+ goto err;
+ }
+ } else {
+ rc = restore(name);
+ if (rc)
+ goto err;
+ }
+
+ if (!strcmp(name, "/"))
+ mass_relabel_errs = 0;
+
+out:
+ if (add_assoc) {
+ if (!quiet)
+ filespec_eval();
+ filespec_destroy();
+ }
+
+ return rc;
+
+err:
+ if (!strcmp(name, "/"))
+ mass_relabel_errs = 1;
+ rc = -1;
+ goto out;
+}
+
+#ifndef USE_AUDIT
+static void maybe_audit_mass_relabel(void)
+{
+#else
+static void maybe_audit_mass_relabel(void)
+{
+ int audit_fd = -1;
+ int rc = 0;
+
+ if (!mass_relabel) /* only audit a forced full relabel */
+ return;
+
+ audit_fd = audit_open();
+
+ if (audit_fd < 0) {
+ fprintf(stderr, "Error connecting to audit system.\n");
+ exit(-1);
+ }
+
+ rc = audit_log_user_message(audit_fd, AUDIT_FS_RELABEL,
+ "op=mass relabel", NULL, NULL, NULL, !mass_relabel_errs);
+ if (rc <= 0) {
+ fprintf(stderr, "Error sending audit message: %s.\n",
+ strerror(errno));
+ /* exit(-1); -- don't exit atm. as fix for eff_cap isn't in most kernels */
+ }
+ audit_close(audit_fd);
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ struct stat sb;
+ int opt, i = 0;
+ char *input_filename = NULL;
+ int use_input_file = 0;
+ char *buf = NULL;
+ size_t buf_len;
+ char *base;
+ struct selinux_opt opts[] = {
+ { SELABEL_OPT_VALIDATE, NULL },
+ { SELABEL_OPT_PATH, NULL }
+ };
+
+ memset(excludeArray, 0, sizeof(excludeArray));
+ altpath = NULL;
+
+ progname = strdup(argv[0]);
+ if (!progname) {
+ fprintf(stderr, "%s: Out of memory!\n", argv[0]);
+ exit(1);
+ }
+ base = basename(progname);
+
+ if (!strcmp(base, SETFILES)) {
+ /*
+ * setfiles:
+ * Recursive descent,
+ * Does not expand paths via realpath,
+ * Aborts on errors during the file tree walk,
+ * Try to track inode associations for conflict detection,
+ * Does not follow mounts,
+ * Validates all file contexts at init time.
+ */
+ iamrestorecon = 0;
+ recurse = 1;
+ expand_realpath = 0;
+ abort_on_error = 1;
+ add_assoc = 1;
+ nftw_flags = FTW_PHYS | FTW_MOUNT;
+ ctx_validate = 1;
+ } else {
+ /*
+ * restorecon:
+ * No recursive descent unless -r/-R,
+ * Expands paths via realpath,
+ * Do not abort on errors during the file tree walk,
+ * Do not try to track inode associations for conflict detection,
+ * Follows mounts,
+ * Does lazy validation of contexts upon use.
+ */
+ if (strcmp(base, RESTORECON) && !quiet)
+ printf("Executed with an unrecognized name (%s), defaulting to %s behavior.\n", base, RESTORECON);
+ iamrestorecon = 1;
+ recurse = 0;
+ expand_realpath = 1;
+ abort_on_error = 0;
+ add_assoc = 0;
+ nftw_flags = FTW_PHYS;
+ ctx_validate = 0;
+
+ /* restorecon only: silent exit if no SELinux.
+ Allows unconditional execution by scripts. */
+ if (is_selinux_enabled() <= 0)
+ exit(0);
+ }
+
+ /* Process any options. */
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
+ switch (opt) {
+ case 'c':
+ {
+ FILE *policystream;
+
+ if (iamrestorecon)
+ usage(argv[0]);
+
+ policyfile = optarg;
+
+ policystream = fopen(policyfile, "r");
+ if (!policystream) {
+ fprintf(stderr,
+ "Error opening %s: %s\n",
+ policyfile, strerror(errno));
+ exit(1);
+ }
+ __fsetlocking(policystream,
+ FSETLOCKING_BYCALLER);
+
+ if (sepol_set_policydb_from_file(policystream) <
+ 0) {
+ fprintf(stderr,
+ "Error reading policy %s: %s\n",
+ policyfile, strerror(errno));
+ exit(1);
+ }
+ fclose(policystream);
+
+ ctx_validate = 1;
+
+ break;
+ }
+ case 'e':
+ if (add_exclude(optarg))
+ exit(1);
+ break;
+ case 'f':
+ use_input_file = 1;
+ input_filename = optarg;
+ break;
+ case 'd':
+ debug = 1;
+ break;
+ case 'i':
+ ignore_enoent = 1;
+ break;
+ case 'l':
+ logging = 1;
+ break;
+ case 'F':
+ force = 1;
+ break;
+ case 'n':
+ change = 0;
+ break;
+ case 'o':
+ if (strcmp(optarg, "-") == 0) {
+ outfile = stdout;
+ break;
+ }
+
+ outfile = fopen(optarg, "w");
+ if (!outfile) {
+ fprintf(stderr, "Error opening %s: %s\n",
+ optarg, strerror(errno));
+
+ usage(argv[0]);
+ }
+ __fsetlocking(outfile, FSETLOCKING_BYCALLER);
+ break;
+ case 'q':
+ quiet = 1;
+ break;
+ case 'R':
+ case 'r':
+ if (iamrestorecon) {
+ recurse = 1;
+ break;
+ }
+ if (optind + 1 >= argc) {
+ fprintf(stderr, "usage: %s -r rootpath\n",
+ argv[0]);
+ exit(1);
+ }
+ if (NULL != rootpath) {
+ fprintf(stderr,
+ "%s: only one -r can be specified\n",
+ argv[0]);
+ exit(1);
+ }
+ set_rootpath(argv[optind++]);
+ break;
+ case 's':
+ use_input_file = 1;
+ input_filename = "-";
+ add_assoc = 0;
+ break;
+ case 'v':
+ if (progress) {
+ fprintf(stderr,
+ "Progress and Verbose mutually exclusive\n");
+ exit(1);
+ }
+ verbose++;
+ break;
+ case 'p':
+ if (verbose) {
+ fprintf(stderr,
+ "Progress and Verbose mutually exclusive\n");
+ usage(argv[0]);
+ }
+ progress = 1;
+ break;
+ case 'W':
+ warn_no_match = 1;
+ break;
+ case '0':
+ null_terminated = 1;
+ break;
+ case '?':
+ usage(argv[0]);
+ }
+ }
+
+ if (!iamrestorecon) {
+ if (policyfile) {
+ if (optind != (argc - 1))
+ usage(argv[0]);
+ } else if (use_input_file) {
+ if (optind != (argc - 1)) {
+ /* Cannot mix with pathname arguments. */
+ usage(argv[0]);
+ }
+ } else {
+ if (optind > (argc - 2))
+ usage(argv[0]);
+ }
+
+ /* Use our own invalid context checking function so that
+ we can support either checking against the active policy or
+ checking against a binary policy file. */
+ selinux_set_callback(SELINUX_CB_VALIDATE,
+ (union selinux_callback)&canoncon);
+
+ if (stat(argv[optind], &sb) < 0) {
+ perror(argv[optind]);
+ exit(1);
+ }
+ if (!S_ISREG(sb.st_mode)) {
+ fprintf(stderr, "%s: spec file %s is not a regular file.\n",
+ argv[0], argv[optind]);
+ exit(1);
+ }
+
+ altpath = argv[optind];
+ optind++;
+ }
+
+ /* Load the file contexts configuration and check it. */
+ opts[0].value = (ctx_validate ? (char*)1 : NULL);
+ opts[1].value = altpath;
+
+ hnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
+ if (!hnd) {
+ perror(altpath);
+ exit(1);
+ }
+
+ if (nerr)
+ exit(1);
+
+ if (use_input_file) {
+ FILE *f = stdin;
+ ssize_t len;
+ int delim;
+ if (strcmp(input_filename, "-") != 0)
+ f = fopen(input_filename, "r");
+ if (f == NULL) {
+ fprintf(stderr, "Unable to open %s: %s\n", input_filename,
+ strerror(errno));
+ usage(argv[0]);
+ }
+ __fsetlocking(f, FSETLOCKING_BYCALLER);
+
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
+ buf[len - 1] = 0;
+ errors |= process_one(buf);
+ }
+ if (strcmp(input_filename, "-") != 0)
+ fclose(f);
+ } else {
+ for (i = optind; i < argc; i++) {
+ errors |= process_one(argv[i]);
+ }
+ }
+
+ maybe_audit_mass_relabel();
+
+ if (warn_no_match)
+ selabel_stats(hnd);
+
+ selabel_close(hnd);
+
+ if (outfile)
+ fclose(outfile);
+
+ for (i = 0; i < excludeCtr; i++) {
+ free(excludeArray[i].directory);
+ }
+
+ if (progress)
+ printf("\n");
+ exit(errors);
+}
diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
new file mode 100644
index 0000000..556b780
--- /dev/null
+++ b/policycoreutils/setsebool/Makefile
@@ -0,0 +1,30 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCLUDEDIR ?= $(PREFIX)/include
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR = $(PREFIX)/share/man
+LIBDIR ?= ${PREFIX}/lib
+
+CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I$(INCLUDEDIR)
+LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR)
+SETSEBOOL_OBJS = setsebool.o
+
+all: setsebool
+
+setsebool: $(SETSEBOOL_OBJS)
+
+install: all
+ -mkdir -p $(SBINDIR)
+ install -m 755 setsebool $(SBINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 setsebool.8 $(MANDIR)/man8/
+
+relabel:
+
+clean:
+ -rm -f setsebool *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
diff --git a/policycoreutils/setsebool/setsebool.8 b/policycoreutils/setsebool/setsebool.8
new file mode 100644
index 0000000..4b13387
--- /dev/null
+++ b/policycoreutils/setsebool/setsebool.8
@@ -0,0 +1,26 @@
+.TH "setsebool" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+setsebool \- set SELinux boolean value
+
+.SH "SYNOPSIS"
+.B setsebool
+.I "[ -P ] boolean value | bool1=val1 bool2=val2 ..."
+
+.SH "DESCRIPTION"
+.B setsebool
+sets the current state of a particular SELinux boolean or a list of booleans
+to a given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to disable it.
+
+Without the -P option, only the current boolean value is
+affected; the boot-time default settings
+are not changed.
+
+If the -P option is given, all pending values are written to
+the policy file on disk. So they will be persistant across reboots.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Tresys Technology.
+
+.SH "SEE ALSO"
+getsebool(8), booleans(8), togglesebool(8)
diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c
new file mode 100644
index 0000000..dc037dd
--- /dev/null
+++ b/policycoreutils/setsebool/setsebool.c
@@ -0,0 +1,266 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <selinux/selinux.h>
+#include <semanage/handle.h>
+#include <semanage/booleans_local.h>
+#include <semanage/booleans_active.h>
+#include <semanage/boolean_record.h>
+#include <errno.h>
+
+int permanent = 0;
+
+int setbool(char **list, size_t start, size_t end);
+
+void usage(void)
+{
+ fputs
+ ("\nUsage: setsebool [ -P ] boolean value | bool1=val1 bool2=val2...\n\n",
+ stderr);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ size_t rc, start;
+
+ if (argc < 2)
+ usage();
+
+ if (is_selinux_enabled() <= 0) {
+ fputs("setsebool: SELinux is disabled.\n", stderr);
+ return 1;
+ }
+
+ if (strcmp(argv[1], "-P") == 0) {
+ permanent = 1;
+ if (argc < 3)
+ usage();
+ start = 2;
+ } else
+ start = 1;
+
+ /* Check to see which way we are being called. If a '=' is passed,
+ we'll enforce the list syntax. If not we'll enforce the original
+ syntax for backward compatibility. */
+ if (strchr(argv[start], '=') == 0) {
+ int len;
+ char *bool_list[1];
+
+ if ((argc - start) != 2)
+ usage();
+
+ /* Add 1 for the '=' */
+ len = strlen(argv[start]) + strlen(argv[start + 1]) + 2;
+ bool_list[0] = (char *)malloc(len);
+ if (bool_list[0] == 0) {
+ fputs("Out of memory - aborting\n", stderr);
+ return 1;
+ }
+ snprintf(bool_list[0], len, "%s=%s", argv[start],
+ argv[start + 1]);
+ rc = setbool(bool_list, 0, 1);
+ free(bool_list[0]);
+ } else
+ rc = setbool(argv, start, argc);
+
+ return rc;
+}
+
+/* Apply temporal boolean changes to policy via libselinux */
+static int selinux_set_boolean_list(size_t boolcnt,
+ SELboolean * boollist)
+{
+
+ if (security_set_boolean_list(boolcnt, boollist, 0)) {
+ if (errno == ENOENT)
+ fprintf(stderr, "Could not change active booleans: "
+ "Invalid boolean\n");
+ else if (errno)
+ perror("Could not change active booleans");
+
+ return -1;
+ }
+
+ return 0;
+}
+
+/* Apply permanent boolean changes to policy via libsemanage */
+static int semanage_set_boolean_list(size_t boolcnt,
+ SELboolean * boollist)
+{
+
+ size_t j;
+ semanage_handle_t *handle = NULL;
+ semanage_bool_t *boolean = NULL;
+ semanage_bool_key_t *bool_key = NULL;
+ int managed;
+
+ handle = semanage_handle_create();
+ if (handle == NULL) {
+ fprintf(stderr, "Could not create semanage library handle\n");
+ goto err;
+ }
+
+ managed = semanage_is_managed(handle);
+ if (managed < 0) {
+ fprintf(stderr,
+ "Error when checking whether policy is managed\n");
+ goto err;
+
+ } else if (managed == 0) {
+ fprintf(stderr,
+ "Cannot set persistent booleans without managed policy.\n");
+ goto err;
+ }
+
+ if (semanage_connect(handle) < 0)
+ goto err;
+
+ if (semanage_begin_transaction(handle) < 0)
+ goto err;
+
+ for (j = 0; j < boolcnt; j++) {
+
+ if (semanage_bool_create(handle, &boolean) < 0)
+ goto err;
+
+ if (semanage_bool_set_name(handle, boolean, boollist[j].name) <
+ 0)
+ goto err;
+
+ semanage_bool_set_value(boolean, boollist[j].value);
+
+ if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
+ goto err;
+
+ if (semanage_bool_modify_local(handle, bool_key,
+ boolean) < 0)
+ goto err;
+
+ if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
+ fprintf(stderr, "Could not change boolean %s\n",
+ boollist[j].name);
+ goto err;
+ }
+ semanage_bool_key_free(bool_key);
+ semanage_bool_free(boolean);
+ bool_key = NULL;
+ boolean = NULL;
+ }
+
+ semanage_set_reload(handle, 0);
+ if (semanage_commit(handle) < 0)
+ goto err;
+
+ semanage_disconnect(handle);
+ semanage_handle_destroy(handle);
+ return 0;
+
+ err:
+ semanage_bool_key_free(bool_key);
+ semanage_bool_free(boolean);
+ semanage_handle_destroy(handle);
+ fprintf(stderr, "Could not change policy booleans\n");
+ return -1;
+}
+
+/* Given an array of strings in the form "boolname=value", a start index,
+ and a finish index...walk the list and set the bool. */
+int setbool(char **list, size_t start, size_t end)
+{
+ char *name, *value_ptr;
+ int j = 0, value;
+ size_t i = start;
+ size_t boolcnt = end - start;
+ struct passwd *pwd;
+ SELboolean *vallist = calloc(boolcnt, sizeof(SELboolean));
+ if (!vallist)
+ goto omem;
+
+ while (i < end) {
+ name = list[i];
+ value_ptr = strchr(list[i], '=');
+ if (value_ptr == 0) {
+ fprintf(stderr,
+ "setsebool: '=' not found in boolean expression %s\n",
+ list[i]);
+ goto err;
+ }
+ *value_ptr = 0;
+ value_ptr++;
+ if (strcmp(value_ptr, "1") == 0 ||
+ strcasecmp(value_ptr, "true") == 0 ||
+ strcasecmp(value_ptr, "on") == 0)
+ value = 1;
+ else if (strcmp(value_ptr, "0") == 0 ||
+ strcasecmp(value_ptr, "false") == 0 ||
+ strcasecmp(value_ptr, "off") == 0)
+ value = 0;
+ else {
+ fprintf(stderr, "setsebool: illegal value "
+ "%s for boolean %s\n", value_ptr, name);
+ goto err;
+ }
+
+ vallist[j].value = value;
+ vallist[j].name = strdup(name);
+ if (!vallist[j].name)
+ goto omem;
+ i++;
+ j++;
+
+ /* Now put it back */
+ value_ptr--;
+ *value_ptr = '=';
+ }
+
+ if (permanent) {
+ if (semanage_set_boolean_list(boolcnt, vallist) < 0)
+ goto err;
+ } else {
+ if (selinux_set_boolean_list(boolcnt, vallist) < 0)
+ goto err;
+ }
+
+ /* Now log what was done */
+ pwd = getpwuid(getuid());
+ i = start;
+ while (i < end) {
+ name = list[i];
+ value_ptr = strchr(name, '=');
+ *value_ptr = 0;
+ value_ptr++;
+ if (pwd && pwd->pw_name)
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was changed to %s by %s",
+ name, value_ptr, pwd->pw_name);
+ else
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was changed to %s by uid:%d",
+ name, value_ptr, getuid());
+ i++;
+ }
+
+ for (i = 0; i < boolcnt; i++)
+ free(vallist[i].name);
+ free(vallist);
+ return 0;
+
+ omem:
+ fprintf(stderr, "setsebool: out of memory");
+
+ err:
+ if (vallist) {
+ for (i = 0; i < boolcnt; i++)
+ free(vallist[i].name);
+ free(vallist);
+ }
+ return -1;
+}
diff --git a/scripts/Lindent b/scripts/Lindent
new file mode 100755
index 0000000..1bc7037
--- /dev/null
+++ b/scripts/Lindent
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+perl -e 'undef $/;' -pi \
+ -e 's|#ifdef __cplusplus\n(.*?)\n#endif|//__CPP \1|g' "$@"
+
+indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs "$@"
+
+perl -pi -e 's|^//__CPP (.*)$|#ifdef __cplusplus\n\1\n#endif|' "$@"
diff --git a/scripts/selinux-maint b/scripts/selinux-maint
new file mode 100755
index 0000000..06fec4e
--- /dev/null
+++ b/scripts/selinux-maint
@@ -0,0 +1,232 @@
+#! /usr/bin/python
+
+# Basic instructions
+#
+# 1. Save patch email to file [patch.email]
+#
+# 2. Go to the svn directory to which you want to apply the patch.
+#
+# 3. Run "selinux-maint split patch.email". This will run vi on the
+# logmsg (pulled out of the email) to allow you to add anything (ack
+# messages). When you quit vi the current directory will have files
+# called "patch" and "logmsg".
+#
+# 4. Run "selinux-maint apply" (optionally with a strip level as
+# the last argument). This will do a dry run of applying the patch
+# showing the results and ask if you want to apply the patch. If you
+# say yes it will apply the patch and attempt to detect file adds (by
+# comparing svn status and the output of patch). If it finds adds it
+# will ask if you want to add each file.
+#
+# 5. Run "selinux-maint commit" to commit that patch with the log
+# message.
+#
+# 6. Repeat 4 and 5 as often as necessary for a set of patch emails.
+#
+# 7. Run "selinux-maint rev packagename" where packagename is
+# something like "libsepol". This will prompt for the new version
+# number (showing the current), update VERSION, add a Changelog entry
+# with the version and date, and vi the changelog for you to add
+# entries.
+#
+# 8. Run "selinux-maint commit" again to commit the revision change
+# (rev adds a simple log message - I just fixed this as my last
+# checkin had the wrong log message).
+
+import sys
+import subprocess
+import shutil
+import os
+import os.path
+import datetime
+
+dir = "/tmp/selinux-maint/"
+
+def usage():
+ print "selinux-maint [command] [options]"
+ print ""
+ print "commands:"
+ print "\tsplit patch-email: split patch-email into a patch and log message"
+ print "\tapply [patch-level]: apply the patch and logmsg with optional level"
+ print "\tcommit username: commit the changes"
+ print "\trev package: update the version number and changelog of package"
+ print "\tmerge reva:revb source-branch: merge changes to the current branch"
+
+def create_tmpdir():
+ try:
+ os.mkdir(dir)
+ except OSError:
+ if not os.path.isdir(dir):
+ print "path %s exists and is not a directory" % dir
+ sys.exit(1)
+
+def split_email(args):
+ # Get an absolute path for the patch email since we are going to
+ # change the working directory
+ patch_path = os.path.abspath(args[0])
+
+ create_tmpdir()
+ prevdir = os.getcwd()
+ os.chdir(dir)
+
+ infd = open(patch_path)
+ outfd = open("info", "w")
+ retcode = subprocess.call(["git-mailinfo", "msg", "patch"], stdin=infd,
+ stdout=outfd)
+ if retcode != 0:
+ sys.exit(1)
+
+ msgfd = open("logmsg", "w")
+ retcode = subprocess.call(["cat", "info", "msg"], stdout=msgfd)
+
+ msgfd.close()
+
+ retcode = subprocess.call(["vi", "logmsg"])
+
+ shutil.copyfile("logmsg", prevdir + "/logmsg")
+ shutil.copyfile("patch", prevdir + "/patch")
+
+def apply(args):
+ if len(args) >= 1:
+ patch_level = "-p%d" % int(args[0])
+ else:
+ patch_level = "-p1"
+
+ if len(args) == 2:
+ patch_name = "../patch"
+ patch_dir = args[1]
+ else:
+ patch_name = "patch"
+ patch_dir = None
+
+ print "Test applying patch:"
+ if patch_dir:
+ os.chdir(patch_dir)
+
+ patchfd = open(patch_name)
+ retcode = subprocess.call(["patch", patch_level, "--dry-run", "-l"], stdin=patchfd)
+ resp = raw_input("apply [y/n]: ")
+ if resp != "y":
+ sys.exit(0)
+
+ patchfd = open(patch_name)
+ patch_output = subprocess.Popen(["patch", patch_level, "-l"], stdin=patchfd,
+ stdout=subprocess.PIPE).communicate()[0]
+
+ status_output = subprocess.Popen(["svn", "status"], stdout=subprocess.PIPE).communicate()[0]
+
+
+ # Detect adds
+ unknown_files = []
+ for status_line in status_output.split("\n"):
+ try:
+ status, fname = status_line.split()
+ except ValueError:
+ continue
+ if status == "?":
+ unknown_files.append(fname)
+
+ added_files = []
+ for patch_line in patch_output.split("\n"):
+ try:
+ patched_fname = patch_line.split(" ")[2]
+ except:
+ continue
+ if patched_fname in unknown_files:
+ added_files.append(patched_fname)
+
+ for fname in added_files:
+ input = raw_input("add file %s [y/n]: " % fname)
+ if input == "y":
+ subprocess.call(["svn", "add", fname])
+
+def commit(args):
+ if len(args) == 1:
+ retcode = subprocess.call(["svn", "commit", "--username", args[0], "-F", "logmsg"])
+ else:
+ retcode = subprocess.call(["svn", "commit", "-F", "logmsg"])
+
+
+def rev(args):
+ if len(args) != 1:
+ print "you must provide a package name"
+ usage()
+ sys.exit(1)
+ package = args[0]
+
+ ver_fd = open("%s/VERSION" % package, "r")
+ cur = ver_fd.read()
+ cur = cur.split("\n")[0]
+ ver_fd.close()
+ input = raw_input("new version [current is %s]: " % cur)
+ new_fd = open("%s/VERSION.new" % package, "w")
+ new_fd.write(input + "\n")
+ new_fd.close()
+ shutil.copyfile("%s/VERSION.new" % package, "%s/VERSION" % package)
+
+ old_changelog = "%s/ChangeLog" % package
+ new_changelog = "%s/ChangeLog.new" % package
+
+ n = open(new_changelog, "w")
+
+ entry = "%s %s\n" % (input, str(datetime.date.today()))
+ n.write(entry)
+ n.write("\t*\n\n")
+ o = open(old_changelog)
+ n.write(o.read())
+ n.close()
+ o.close()
+
+ subprocess.call(["vi", new_changelog])
+ shutil.copyfile(new_changelog, old_changelog)
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("updated %s to version %s\n" % (package, input))
+
+def merge(args):
+ if len(args) != 2:
+ print "you must provide a revision pair and source branch"
+ usage()
+ sys.exit(1)
+
+ rev = args[0]
+ branch = args[1]
+
+ if branch == "trunk":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/trunk"
+ elif branch == "stable":
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/stable/1_0"
+ else:
+ url = "https://selinux.svn.sourceforge.net/svnroot/selinux/branches/%s" % branch
+
+ subprocess.call(["svn", "diff", "-r%s" % rev, url])
+ input = raw_input("apply these changes [y/n]? ")
+ if input != "y":
+ sys.exit(0)
+
+ subprocess.call(["svn", "merge", "-r%s" % rev, url])
+
+ logmsg = open("logmsg", "w")
+ logmsg.write("applied r%s from %s\n" % (rev, branch))
+
+
+def main():
+ if len(sys.argv) < 2:
+ usage()
+ sys.exit(1)
+
+ command = sys.argv[1]
+ if command == "split":
+ split_email(sys.argv[2:])
+ elif command == "apply":
+ apply(sys.argv[2:])
+ elif command == "commit":
+ commit(sys.argv[2:])
+ elif command == "rev":
+ rev(sys.argv[2:])
+ elif command == "merge":
+ merge(sys.argv[2:])
+ else:
+ usage()
+
+main()
diff --git a/sepolgen/COPYING b/sepolgen/COPYING
new file mode 100644
index 0000000..5b6e7c6
--- /dev/null
+++ b/sepolgen/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+�
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+�
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+�
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+�
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+�
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/sepolgen/ChangeLog b/sepolgen/ChangeLog
new file mode 100644
index 0000000..6bea331
--- /dev/null
+++ b/sepolgen/ChangeLog
@@ -0,0 +1,52 @@
+1.0.13 2008-07-29
+ * Only append s0 suffix if MLS is enabled from Karl MacMillan.
+
+1.0.12 2008-06-30
+ * Fix generation of role-type and role allow rules from Karl MacMillan.
+
+1.0.11 2008-01-23
+ * Merged sepolgen fixes from Dan Walsh.
+
+1.0.10 2007-09-10
+ * Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
+ * Suppress generation of rules for non-denials from Karl MacMillan (take 3).
+
+1.0.9 2007-08-16
+ * Supress generation of rules for non-denials from Karl MacMillan.
+
+1.0.8 2007-04-10
+ * Merged updates to sepolgen parser and tools from Karl MacMillan.
+ This includes improved debugging support, handling of interface
+ calls with list parameters, support for role transition rules,
+ updated range transition rule support, and looser matching.
+
+1.0.7 2007-03-26
+ * Merged patch to discard self from types when generating requires from Karl MacMillan.
+
+1.0.6 2007-03-21
+ * Merged patch to move the sepolgen runtime data from /usr/share to /var/lib to facilitate a read-only /usr from Karl MacMillan.
+
+1.0.5 2007-03-21
+ * Merged patch to fix type_transition style and unit tests from Karl MacMillan.
+
+1.0.4 2007-03-01
+ * Merged better matching for refpolicy style from Karl MacMillan
+ * Merged support for extracting interface paramaters from interface calls from Karl MacMillan
+ * Merged support for parsing USER_AVC audit messages from Karl MacMillan.
+
+1.0.3 2007-02-27
+ * Merged support for enabling parser debugging from Karl MacMillan.
+
+1.0.2 2007-02-22
+ * Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
+ * Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
+ * Merged patch to update PLY from Karl MacMillan.
+ * Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
+
+1.0.1 2007-02-21
+ * Merged Makefile and refparser.py patch from Dan Walsh.
+ Fixes PYTHONLIBDIR definition and error handling on interface files.
+
+1.0.0 2007-02-05
+ * Initial merge from Karl MacMillan.
+
diff --git a/sepolgen/HACKING b/sepolgen/HACKING
new file mode 100644
index 0000000..5cdf6d5
--- /dev/null
+++ b/sepolgen/HACKING
@@ -0,0 +1,79 @@
+Code Overview
+=============
+
+The source for Sepolgen is divided into the python library (sepolgen)
+and tools (e.g., audit2allow).
+
+The library is structured to give flexibility to the application using
+it - it avoids assumptions and close coupling of components where
+possible. The audit2allow application demonstrates how to hook the
+components together.
+
+There is a test suite in the test subdirectory. The run-tests.py
+script will run all of the tests.
+
+The library is is divided into several functional areas:
+
+Reference Policy Representation (sepolgen.refpolicy)
+-------------------------------------------------------------
+
+Objects for representing policies and the reference policy
+interfaces. Includes basic components (security contexts, allow rules,
+etc.) and reference policy specific components (interfaces, modules,
+etc.).
+
+This representation can be used as output from the parser to represent
+the reference policy interfaces. It can also be used to generate
+policy by building up the relevent data structures and then outputting
+them. See sepolgen.policygen and sepolgen.output for information on how
+this can be done.
+
+Access (sepolgen.access, sepolgen.interfaces, sepolgen.matching)
+-------------------------------------------------------------
+
+Objects and algorithms for representing access and sets of access in
+an abstract way and searching that access. The basic concept is that
+of an access vector (source type, target type, object class, and
+permissions). These can be grouped into sets without overlapping
+access. Access vectors and access vector sets can be matched against
+other access vectors - this forms the backbone of how we turn audit
+messages into interface calls.
+
+The highest-level form of access represented in interfaces - which
+includes algorithms to turn the raw output of the parser into access
+vector sets representing the access allowed by each interface.
+
+Parsing (sepolgen.refparser)
+-------------------------------------------------------------
+
+Parser for reference policy "headers" - i.e.,
+/usr/share/selinux/devel/include. This uses the LGPL parsing library
+[PLY](http://www.dabeaz.com/ply/) which is included in the source
+distribution in the files lex.py and yacc.py. It may be necessary to
+switch to a more powerful parsing library in the future, but for now
+this is fast and easy.
+
+Audit Messages (sepolgen.audit)
+-------------------------------------------------------------
+
+Infrastructure for parsing SELinux related messages as produced by the
+audit system. This is not a general purpose audit parsing library - it
+is only meant to capture SELinux messages - primarily access vector
+cache (AVC) messages and policy load messages.
+
+Policy Generation (sepolgen.policygen and sepolgen.output)
+-------------------------------------------------------------
+
+Infrastructure for generating policy based on required access. This
+deliberately only loosely coupled to the audit parsing to allow
+required accesses to be feed in from anywhere.
+
+Object Model (sepolgen.objectmodel)
+-------------------------------------------------------------
+
+Information about the SELinux object classes. This is semantic
+information about the object classes - including information flow. It
+is separated to keep the core from being concerned about the details
+of the object classes.
+
+[selist]: http://www.nsa.gov/selinux/info/list.cfm
\ No newline at end of file
diff --git a/sepolgen/Makefile b/sepolgen/Makefile
new file mode 100644
index 0000000..3aed330
--- /dev/null
+++ b/sepolgen/Makefile
@@ -0,0 +1,20 @@
+all: ;
+
+install:
+ $(MAKE) -C src $@
+
+relabel: ;
+
+clean:
+ $(MAKE) -C src $@
+ $(MAKE) -C tests $@
+ rm -f *~ *.pyc
+ rm -f parser.out parsetab.py
+
+indent: ;
+
+test:
+ $(MAKE) -C tests $@
+
+
+
diff --git a/sepolgen/VERSION b/sepolgen/VERSION
new file mode 100644
index 0000000..2ac9634
--- /dev/null
+++ b/sepolgen/VERSION
@@ -0,0 +1 @@
+1.0.13
diff --git a/sepolgen/src/Makefile b/sepolgen/src/Makefile
new file mode 100644
index 0000000..2815a13
--- /dev/null
+++ b/sepolgen/src/Makefile
@@ -0,0 +1,21 @@
+all: ;
+
+install:
+ $(MAKE) -C sepolgen $@
+ $(MAKE) -C share $@
+
+relabel: ;
+
+clean:
+ $(MAKE) -C sepolgen $@
+ $(MAKE) -C share $@
+ rm -f *~ *.pyc
+ rm -f parser.out parsetab.py
+
+indent: ;
+
+
+test: ;
+
+
+
diff --git a/sepolgen/src/sepolgen/Makefile b/sepolgen/src/sepolgen/Makefile
new file mode 100644
index 0000000..d658179
--- /dev/null
+++ b/sepolgen/src/sepolgen/Makefile
@@ -0,0 +1,12 @@
+PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib(1)")
+PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+
+install:
+ -mkdir -p $(PACKAGEDIR)
+ install -m 644 *.py $(PACKAGEDIR)
+
+clean:
+ rm -f parser.out parsetab.py
+ rm -f *~ *.pyc
+
+
diff --git a/sepolgen/src/sepolgen/__init__.py b/sepolgen/src/sepolgen/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/sepolgen/src/sepolgen/__init__.py
diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
new file mode 100644
index 0000000..0a35d47
--- /dev/null
+++ b/sepolgen/src/sepolgen/access.py
@@ -0,0 +1,326 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Classes representing basic access.
+
+SELinux - at the most basic level - represents access as
+the 4-tuple subject (type or context), target (type or context),
+object class, permission. The policy language elaborates this basic
+access to faciliate more concise rules (e.g., allow rules can have multiple
+source or target types - see refpolicy for more information).
+
+This module has objects for representing the most basic access (AccessVector)
+and sets of that access (AccessVectorSet). These objects are used in Madison
+in a variety of ways, but they are the fundamental representation of access.
+"""
+
+import refpolicy
+
+def is_idparam(id):
+ """Determine if an id is a paramater in the form $N, where N is
+ an integer.
+
+ Returns:
+ True if the id is a paramater
+ False if the id is not a paramater
+ """
+ if len(id) > 1 and id[0] == '$':
+ try:
+ int(id[1:])
+ except ValueError:
+ return False
+ return True
+ else:
+ return False
+
+class AccessVector:
+ """
+ An access vector is the basic unit of access in SELinux.
+
+ Access vectors are the most basic representation of access within
+ SELinux. It represents the access a source type has to a target
+ type in terms of an object class and a set of permissions.
+
+ Access vectors are distinct from AVRules in that they can only
+ store a single source type, target type, and object class. The
+ simplicity of AccessVectors makes them useful for storing access
+ in a form that is easy to search and compare.
+
+ The source, target, and object are stored as string. No checking
+ done to verify that the strings are valid SELinux identifiers.
+ Identifiers in the form $N (where N is an integer) are reserved as
+ interface parameters and are treated as wild cards in many
+ circumstances.
+
+ Properties:
+ .src_type - The source type allowed access. [String or None]
+ .tgt_type - The target type to which access is allowed. [String or None]
+ .obj_class - The object class to which access is allowed. [String or None]
+ .perms - The permissions allowed to the object class. [IdSet]
+ .audit_msgs - The audit messages that generated this access vector [List of strings]
+ """
+ def __init__(self, init_list=None):
+ if init_list:
+ self.from_list(init_list)
+ else:
+ self.src_type = None
+ self.tgt_type = None
+ self.obj_class = None
+ self.perms = refpolicy.IdSet()
+ self.audit_msgs = []
+
+ # The direction of the information flow represented by this
+ # access vector - used for matching
+ self.info_flow_dir = None
+
+ def from_list(self, list):
+ """Initialize an access vector from a list.
+
+ Initialize an access vector from a list treating the list as
+ positional arguments - i.e., 0 = src_type, 1 = tgt_type, etc.
+ All of the list elements 3 and greater are treated as perms.
+ For example, the list ['foo_t', 'bar_t', 'file', 'read', 'write']
+ would create an access vector list with the source type 'foo_t',
+ target type 'bar_t', object class 'file', and permissions 'read'
+ and 'write'.
+
+ This format is useful for very simple storage to strings or disc
+ (see to_list) and for initializing access vectors.
+ """
+ if len(list) < 4:
+ raise ValueError("List must contain at least four elements %s" % str(list))
+ self.src_type = list[0]
+ self.tgt_type = list[1]
+ self.obj_class = list[2]
+ self.perms = refpolicy.IdSet(list[3:])
+
+ def to_list(self):
+ """
+ Convert an access vector to a list.
+
+ Convert an access vector to a list treating the list as positional
+ values. See from_list for more information on how an access vector
+ is represented in a list.
+ """
+ l = [self.src_type, self.tgt_type, self.obj_class]
+ l.extend(self.perms)
+ return l
+
+ def __str__(self):
+ return self.to_string()
+
+ def to_string(self):
+ return "allow %s %s : %s %s;" % (self.src_type, self.tgt_type,
+ self.obj_class, self.perms.to_space_str())
+
+ def __cmp__(self, other):
+ if self.src_type != other.src_type:
+ return cmp(self.src_type, other.src_type)
+ if self.tgt_type != other.tgt_type:
+ return cmp(self.tgt_type, other.tgt_type)
+ if self.obj_class != self.obj_class:
+ return cmp(self.obj_class, other.obj_class)
+ if len(self.perms) != len(other.perms):
+ return cmp(len(self.perms), len(other.perms))
+ x = list(self.perms)
+ x.sort()
+ y = list(other.perms)
+ y.sort()
+ for pa, pb in zip(x, y):
+ if pa != pb:
+ return cmp(pa, pb)
+ return 0
+
+def avrule_to_access_vectors(avrule):
+ """Convert an avrule into a list of access vectors.
+
+ AccessVectors and AVRules are similary, but differ in that
+ an AVRule can more than one source type, target type, and
+ object class. This function expands a single avrule into a
+ list of one or more AccessVectors representing the access
+ defined in the AVRule.
+
+
+ """
+ if isinstance(avrule, AccessVector):
+ return [avrule]
+ a = []
+ for src_type in avrule.src_types:
+ for tgt_type in avrule.tgt_types:
+ for obj_class in avrule.obj_classes:
+ access = AccessVector()
+ access.src_type = src_type
+ access.tgt_type = tgt_type
+ access.obj_class = obj_class
+ access.perms = avrule.perms.copy()
+ a.append(access)
+ return a
+
+class AccessVectorSet:
+ """A non-overlapping set of access vectors.
+
+ An AccessVectorSet is designed to store one or more access vectors
+ that are non-overlapping. Access can be added to the set
+ incrementally and access vectors will be added or merged as
+ necessary. For example, adding the following access vectors using
+ add_av:
+ allow $1 etc_t : read;
+ allow $1 etc_t : write;
+ allow $1 var_log_t : read;
+ Would result in an access vector set with the access vectors:
+ allow $1 etc_t : { read write};
+ allow $1 var_log_t : read;
+ """
+ def __init__(self):
+ """Initialize an access vector set.
+ """
+ self.src = {}
+ # The information flow direction of this access vector
+ # set - see objectmodel.py for more information. This
+ # stored here to speed up searching - see matching.py.
+ self.info_dir = None
+
+ def __iter__(self):
+ """Iterate over all of the unique access vectors in the set."""
+ for tgts in self.src.values():
+ for objs in tgts.values():
+ for av in objs.values():
+ yield av
+
+ def __len__(self):
+ """Return the number of unique access vectors in the set.
+
+ Because of the inernal representation of the access vector set,
+ __len__ is not a constant time operation. Worst case is O(N)
+ where N is the number of unique access vectors, but the common
+ case is probably better.
+ """
+ l = 0
+ for tgts in self.src.values():
+ for objs in tgts.values():
+ l += len(objs)
+ return l
+
+ def to_list(self):
+ """Return the unique access vectors in the set as a list.
+
+ The format of the returned list is a set of nested lists,
+ each access vector represented by a list. This format is
+ designed to be simply serializable to a file.
+
+ For example, consider an access vector set with the following
+ access vectors:
+ allow $1 user_t : file read;
+ allow $1 etc_t : file { read write};
+ to_list would return the following:
+ [[$1, user_t, file, read]
+ [$1, etc_t, file, read, write]]
+
+ See AccessVector.to_list for more information.
+ """
+ l = []
+ for av in self:
+ l.append(av.to_list())
+
+ return l
+
+ def from_list(self, l):
+ """Add access vectors stored in a list.
+
+ See to list for more information on the list format that this
+ method accepts.
+
+ This will add all of the access from the list. Any existing
+ access vectors in the set will be retained.
+ """
+ for av in l:
+ self.add_av(AccessVector(av))
+
+ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
+ """Add an access vector to the set.
+ """
+ tgt = self.src.setdefault(src_type, { })
+ cls = tgt.setdefault(tgt_type, { })
+
+ if cls.has_key(obj_class):
+ access = cls[obj_class]
+ else:
+ access = AccessVector()
+ access.src_type = src_type
+ access.tgt_type = tgt_type
+ access.obj_class = obj_class
+ cls[obj_class] = access
+
+ access.perms.update(perms)
+ if audit_msg:
+ access.audit_msgs.append(audit_msg)
+
+ def add_av(self, av, audit_msg=None):
+ """Add an access vector to the set."""
+ self.add(av.src_type, av.tgt_type, av.obj_class, av.perms)
+
+
+def avs_extract_types(avs):
+ types = refpolicy.IdSet()
+ for av in avs:
+ types.add(av.src_type)
+ types.add(av.tgt_type)
+
+ return types
+
+def avs_extract_obj_perms(avs):
+ perms = { }
+ for av in avs:
+ if perms.has_key(av.obj_class):
+ s = perms[av.obj_class]
+ else:
+ s = refpolicy.IdSet()
+ perms[av.obj_class] = s
+ s.update(av.perms)
+ return perms
+
+class RoleTypeSet:
+ """A non-overlapping set of role type statements.
+
+ This clas allows the incremental addition of role type statements and
+ maintains a non-overlapping list of statements.
+ """
+ def __init__(self):
+ """Initialize an access vector set."""
+ self.role_types = {}
+
+ def __iter__(self):
+ """Iterate over all of the unique role allows statements in the set."""
+ for role_type in self.role_types.values():
+ yield role_type
+
+ def __len__(self):
+ """Return the unique number of role allow statements."""
+ return len(self.roles)
+
+ def add(self, role, type):
+ if self.role_types.has_key(role):
+ role_type = self.role_types[role]
+ else:
+ role_type = refpolicy.RoleType()
+ role_type.role = role
+ self.role_types[role] = role_type
+
+ role_type.types.add(type)
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
new file mode 100644
index 0000000..4717dae
--- /dev/null
+++ b/sepolgen/src/sepolgen/audit.py
@@ -0,0 +1,481 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import refpolicy
+import access
+import re
+
+# Convenience functions
+
+def get_audit_msgs():
+ """Obtain all of the avc and policy load messages from the audit
+ log. This function uses ausearch and requires that the current
+ process have sufficient rights to run ausearch.
+
+ Returns:
+ string contain all of the audit messages returned by ausearch.
+ """
+ import subprocess
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+ stdout=subprocess.PIPE).communicate()[0]
+ return output
+
+def get_dmesg_msgs():
+ """Obtain all of the avc and policy load messages from /bin/dmesg.
+
+ Returns:
+ string contain all of the audit messages returned by dmesg.
+ """
+ import subprocess
+ output = subprocess.Popen(["/bin/dmesg"],
+ stdout=subprocess.PIPE).communicate()[0]
+ return output
+
+# Classes representing audit messages
+
+class AuditMessage:
+ """Base class for all objects representing audit messages.
+
+ AuditMessage is a base class for all audit messages and only
+ provides storage for the raw message (as a string) and a
+ parsing function that does nothing.
+ """
+ def __init__(self, message):
+ self.message = message
+ self.header = ""
+
+ def from_split_string(self, recs):
+ """Parse a string that has been split into records by space into
+ an audit message.
+
+ This method should be overridden by subclasses. Error reporting
+ should be done by raise ValueError exceptions.
+ """
+ for msg in recs:
+ fields = msg.split("=")
+ if len(fields) != 2:
+ if msg[:6] == "audit(":
+ self.header = msg
+ return
+ else:
+ continue
+
+ if fields[0] == "msg":
+ self.header = fields[1]
+ return
+
+
+class InvalidMessage(AuditMessage):
+ """Class representing invalid audit messages. This is used to differentiate
+ between audit messages that aren't recognized (that should return None from
+ the audit message parser) and a message that is recognized but is malformed
+ in some way.
+ """
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+
+class PathMessage(AuditMessage):
+ """Class representing a path message"""
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+ self.path = ""
+
+ def from_split_string(self, recs):
+ AuditMessage.from_split_string(self, recs)
+
+ for msg in recs:
+ fields = msg.split("=")
+ if len(fields) != 2:
+ continue
+ if fields[0] == "path":
+ self.path = fields[1][1:-1]
+ return
+
+class AVCMessage(AuditMessage):
+ """AVC message representing an access denial or granted message.
+
+ This is a very basic class and does not represent all possible fields
+ in an avc message. Currently the fields are:
+ scontext - context for the source (process) that generated the message
+ tcontext - context for the target
+ tclass - object class for the target (only one)
+ comm - the process name
+ exe - the on-disc binary
+ path - the path of the target
+ access - list of accesses that were allowed or denied
+ denial - boolean indicating whether this was a denial (True) or granted
+ (False) message.
+
+ An example audit message generated from the audit daemon looks like (line breaks
+ added):
+ 'type=AVC msg=audit(1155568085.407:10877): avc: denied { search } for
+ pid=677 comm="python" name="modules" dev=dm-0 ino=13716388
+ scontext=user_u:system_r:setroubleshootd_t:s0
+ tcontext=system_u:object_r:modules_object_t:s0 tclass=dir'
+
+ An example audit message stored in syslog (not processed by the audit daemon - line
+ breaks added):
+ 'Sep 12 08:26:43 dhcp83-5 kernel: audit(1158064002.046:4): avc: denied { read }
+ for pid=2 496 comm="bluez-pin" name=".gdm1K3IFT" dev=dm-0 ino=3601333
+ scontext=user_u:system_r:bluetooth_helper_t:s0-s0:c0
+ tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+ """
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+ self.scontext = refpolicy.SecurityContext()
+ self.tcontext = refpolicy.SecurityContext()
+ self.tclass = ""
+ self.comm = ""
+ self.exe = ""
+ self.path = ""
+ self.accesses = []
+ self.denial = True
+
+ def __parse_access(self, recs, start):
+ # This is kind of sucky - the access that is in a space separated
+ # list like '{ read write }'. This doesn't fit particularly well with splitting
+ # the string on spaces. This function takes the list of recs and a starting
+ # position one beyond the open brace. It then adds the accesses until it finds
+ # the close brace or the end of the list (which is an error if reached without
+ # seeing a close brace).
+ found_close = False
+ i = start
+ if i == (len(recs) - 1):
+ raise ValueError("AVC message in invalid format [%s]\n" % self.message)
+ while i < len(recs):
+ if recs[i] == "}":
+ found_close = True
+ break
+ self.accesses.append(recs[i])
+ i = i + 1
+ if not found_close:
+ raise ValueError("AVC message in invalid format [%s]\n" % self.message)
+ return i + 1
+
+
+ def from_split_string(self, recs):
+ AuditMessage.from_split_string(self, recs)
+ # FUTURE - fully parse avc messages and store all possible fields
+ # Required fields
+ found_src = False
+ found_tgt = False
+ found_class = False
+ found_access = False
+
+ for i in range(len(recs)):
+ if recs[i] == "{":
+ i = self.__parse_access(recs, i + 1)
+ found_access = True
+ continue
+ elif recs[i] == "granted":
+ self.denial = False
+
+ fields = recs[i].split("=")
+ if len(fields) != 2:
+ continue
+ if fields[0] == "scontext":
+ self.scontext = refpolicy.SecurityContext(fields[1])
+ found_src = True
+ elif fields[0] == "tcontext":
+ self.tcontext = refpolicy.SecurityContext(fields[1])
+ found_tgt = True
+ elif fields[0] == "tclass":
+ self.tclass = fields[1]
+ found_class = True
+ elif fields[0] == "comm":
+ self.comm = fields[1][1:-1]
+ elif fields[0] == "exe":
+ self.exe = fields[1][1:-1]
+
+ if not found_src or not found_tgt or not found_class or not found_access:
+ raise ValueError("AVC message in invalid format [%s]\n" % self.message)
+
+class PolicyLoadMessage(AuditMessage):
+ """Audit message indicating that the policy was reloaded."""
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+
+class DaemonStartMessage(AuditMessage):
+ """Audit message indicating that a daemon was started."""
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+ self.auditd = False
+
+ def from_split_string(self, recs):
+ AuditMessage.from_split_string(self, recs)
+ if "auditd" in recs:
+ self.auditd = True
+
+
+class ComputeSidMessage(AuditMessage):
+ """Audit message indicating that a sid was not valid.
+
+ Compute sid messages are generated on attempting to create a security
+ context that is not valid. Security contexts are invalid if the role is
+ not authorized for the user or the type is not authorized for the role.
+
+ This class does not store all of the fields from the compute sid message -
+ just the type and role.
+ """
+ def __init__(self, message):
+ AuditMessage.__init__(self, message)
+ self.invalid_context = refpolicy.SecurityContext()
+ self.scontext = refpolicy.SecurityContext()
+ self.tcontext = refpolicy.SecurityContext()
+ self.tclass = ""
+
+ def from_split_string(self, recs):
+ AuditMessage.from_split_string(self, recs)
+ if len(recs) < 10:
+ raise ValueError("Split string does not represent a valid compute sid message")
+
+ try:
+ self.invalid_context = refpolicy.SecurityContext(recs[5])
+ self.scontext = refpolicy.SecurityContext(recs[7].split("=")[1])
+ self.tcontext = refpolicy.SecurityContext(recs[8].split("=")[1])
+ self.tclass = recs[9].split("=")[1]
+ except:
+ raise ValueError("Split string does not represent a valid compute sid message")
+ def output(self):
+ return "role %s types %s;\n" % (self.role, self.type)
+
+# Parser for audit messages
+
+class AuditParser:
+ """Parser for audit messages.
+
+ This class parses audit messages and stores them according to their message
+ type. This is not a general purpose audit message parser - it only extracts
+ selinux related messages.
+
+ Each audit messages are stored in one of four lists:
+ avc_msgs - avc denial or granted messages. Messages are stored in
+ AVCMessage objects.
+ comput_sid_messages - invalid sid messages. Messages are stored in
+ ComputSidMessage objects.
+ invalid_msgs - selinux related messages that are not valid. Messages
+ are stored in InvalidMessageObjects.
+ policy_load_messages - policy load messages. Messages are stored in
+ PolicyLoadMessage objects.
+
+ These lists will be reset when a policy load message is seen if
+ AuditParser.last_load_only is set to true. It is assumed that messages
+ are fed to the parser in chronological order - time stamps are not
+ parsed.
+ """
+ def __init__(self, last_load_only=False):
+ self.__initialize()
+ self.last_load_only = last_load_only
+
+ def __initialize(self):
+ self.avc_msgs = []
+ self.compute_sid_msgs = []
+ self.invalid_msgs = []
+ self.policy_load_msgs = []
+ self.path_msgs = []
+ self.by_header = { }
+
+ # Low-level parsing function - tries to determine if this audit
+ # message is an SELinux related message and then parses it into
+ # the appropriate AuditMessage subclass. This function deliberately
+ # does not impose policy (e.g., on policy load message) or store
+ # messages to make as simple and reusable as possible.
+ #
+ # Return values:
+ # None - no recognized audit message found in this line
+ #
+ # InvalidMessage - a recognized but invalid message was found.
+ #
+ # AuditMessage (or subclass) - object representing a parsed
+ # and valid audit message.
+ def __parse_line(self, line):
+ rec = line.split()
+ for i in rec:
+ found = False
+ if i == "avc:" or i == "message=avc:" or i == "msg='avc:":
+ msg = AVCMessage(line)
+ found = True
+ elif i == "security_compute_sid:":
+ msg = ComputeSidMessage(line)
+ found = True
+ elif i == "type=MAC_POLICY_LOAD":
+ msg = PolicyLoadMessage(line)
+ found = True
+ elif i == "type=AVC_PATH":
+ msg = PathMessage(line)
+ found = True
+ elif i == "type=DAEMON_START":
+ msg = DaemonStartMessage(list)
+ found = True
+
+ if found:
+ try:
+ msg.from_split_string(rec)
+ except ValueError:
+ msg = InvalidMessage(line)
+ return msg
+ return None
+
+ # Higher-level parse function - take a line, parse it into an
+ # AuditMessage object, and store it in the appropriate list.
+ # This function will optionally reset all of the lists when
+ # it sees a load policy message depending on the value of
+ # self.last_load_only.
+ def __parse(self, line):
+ msg = self.__parse_line(line)
+ if msg is None:
+ return
+
+ # Append to the correct list
+ if isinstance(msg, PolicyLoadMessage):
+ if self.last_load_only:
+ self.__initialize()
+ elif isinstance(msg, DaemonStartMessage):
+ # We initialize every time the auditd is started. This
+ # is less than ideal, but unfortunately it is the only
+ # way to catch reboots since the initial policy load
+ # by init is not stored in the audit log.
+ if msg.auditd and self.last_load_only:
+ self.__initialize()
+ self.policy_load_msgs.append(msg)
+ elif isinstance(msg, AVCMessage):
+ self.avc_msgs.append(msg)
+ elif isinstance(msg, ComputeSidMessage):
+ self.compute_sid_msgs.append(msg)
+ elif isinstance(msg, InvalidMessage):
+ self.invalid_msgs.append(msg)
+ elif isinstance(msg, PathMessage):
+ self.path_msgs.append(msg)
+
+ # Group by audit header
+ if msg.header != "":
+ if self.by_header.has_key(msg.header):
+ self.by_header[msg.header].append(msg)
+ else:
+ self.by_header[msg.header] = [msg]
+
+
+ # Post processing will add additional information from AVC messages
+ # from related messages - only works on messages generated by
+ # the audit system.
+ def __post_process(self):
+ for value in self.by_header.values():
+ avc = []
+ path = None
+ for msg in value:
+ if isinstance(msg, PathMessage):
+ path = msg
+ elif isinstance(msg, AVCMessage):
+ avc.append(msg)
+ if len(avc) > 0 and path:
+ for a in avc:
+ a.path = path.path
+
+ def parse_file(self, input):
+ """Parse the contents of a file object. This method can be called
+ multiple times (along with parse_string)."""
+ line = input.readline()
+ while line:
+ self.__parse(line)
+ line = input.readline()
+ self.__post_process()
+
+ def parse_string(self, input):
+ """Parse a string containing audit messages - messages should
+ be separated by new lines. This method can be called multiple
+ times (along with parse_file)."""
+ lines = input.split('\n')
+ for l in lines:
+ self.__parse(l)
+ self.__post_process()
+
+ def to_role(self, role_filter=None):
+ """Return RoleAllowSet statements matching the specified filter
+
+ Filter out types that match the filer, or all roles
+
+ Params:
+ role_filter - [optional] Filter object used to filter the
+ output.
+ Returns:
+ Access vector set representing the denied access in the
+ audit logs parsed by this object.
+ """
+ role_types = access.RoleTypeSet()
+ for cs in self.compute_sid_msgs:
+ if not role_filter or role_filter.filter(cs):
+ role_types.add(cs.invalid_context.role, cs.invalid_context.type)
+
+ return role_types
+
+ def to_access(self, avc_filter=None, only_denials=True):
+ """Convert the audit logs access into a an access vector set.
+
+ Convert the audit logs into an access vector set, optionally
+ filtering the restults with the passed in filter object.
+
+ Filter objects are object instances with a .filter method
+ that takes and access vector and returns True if the message
+ should be included in the final output and False otherwise.
+
+ Params:
+ avc_filter - [optional] Filter object used to filter the
+ output.
+ Returns:
+ Access vector set representing the denied access in the
+ audit logs parsed by this object.
+ """
+ av_set = access.AccessVectorSet()
+ for avc in self.avc_msgs:
+ if avc.denial != True and only_denials:
+ continue
+ if avc_filter:
+ if avc_filter.filter(avc):
+ av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+ avc.accesses, avc)
+ else:
+ av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+ avc.accesses, avc)
+ return av_set
+
+class AVCTypeFilter:
+ def __init__(self, regex):
+ self.regex = re.compile(regex)
+
+ def filter(self, avc):
+ if self.regex.match(avc.scontext.type):
+ return True
+ if self.regex.match(avc.tcontext.type):
+ return True
+ return False
+
+class ComputeSidTypeFilter:
+ def __init__(self, regex):
+ self.regex = re.compile(regex)
+
+ def filter(self, avc):
+ if self.regex.match(avc.invalid_context.type):
+ return True
+ if self.regex.match(avc.scontext.type):
+ return True
+ if self.regex.match(avc.tcontext.type):
+ return True
+ return False
+
+
diff --git a/sepolgen/src/sepolgen/classperms.py b/sepolgen/src/sepolgen/classperms.py
new file mode 100644
index 0000000..c925dee
--- /dev/null
+++ b/sepolgen/src/sepolgen/classperms.py
@@ -0,0 +1,116 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+import sys
+
+tokens = ('DEFINE',
+ 'NAME',
+ 'TICK',
+ 'SQUOTE',
+ 'OBRACE',
+ 'CBRACE',
+ 'SEMI',
+ 'OPAREN',
+ 'CPAREN',
+ 'COMMA')
+
+reserved = {
+ 'define' : 'DEFINE' }
+
+t_TICK = r'\`'
+t_SQUOTE = r'\''
+t_OBRACE = r'\{'
+t_CBRACE = r'\}'
+t_SEMI = r'\;'
+t_OPAREN = r'\('
+t_CPAREN = r'\)'
+t_COMMA = r'\,'
+
+t_ignore = " \t\n"
+
+def t_NAME(t):
+ r'[a-zA-Z_][a-zA-Z0-9_]*'
+ t.type = reserved.get(t.value,'NAME')
+ return t
+
+def t_error(t):
+ print "Illegal character '%s'" % t.value[0]
+ t.skip(1)
+
+import lex
+lex.lex()
+
+def p_statements(p):
+ '''statements : define_stmt
+ | define_stmt statements
+ '''
+ if len(p) == 2:
+ p[0] = [p[1]]
+ else:
+ p[0] = [p[1]] + [p[2]]
+
+def p_define_stmt(p):
+ # This sucks - corresponds to 'define(`foo',`{ read write }')
+ '''define_stmt : DEFINE OPAREN TICK NAME SQUOTE COMMA TICK list SQUOTE CPAREN
+ '''
+
+ p[0] = [p[4], p[8]]
+
+def p_list(p):
+ '''list : NAME
+ | OBRACE names CBRACE
+ '''
+ if p[1] == "{":
+ p[0] = p[2]
+ else:
+ p[0] = [p[1]]
+
+def p_names(p):
+ '''names : NAME
+ | NAME names
+ '''
+ if len(p) == 2:
+ p[0] = [p[1]]
+ else:
+ p[0] = [p[1]] + p[2]
+
+def p_error(p):
+ print "Syntax error on line %d %s [type=%s]" % (p.lineno, p.value, p.type)
+
+import yacc
+yacc.yacc()
+
+
+f = open("all_perms.spt")
+txt = f.read()
+f.close()
+
+#lex.input(txt)
+#while 1:
+# tok = lex.token()
+# if not tok:
+# break
+# print tok
+
+test = "define(`foo',`{ read write append }')"
+test2 = """define(`all_filesystem_perms',`{ mount remount unmount getattr relabelfrom relabelto transition associate quotamod quotaget }')
+define(`all_security_perms',`{ compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot }')
+"""
+result = yacc.parse(txt)
+print result
+
diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py
new file mode 100644
index 0000000..45ce61a
--- /dev/null
+++ b/sepolgen/src/sepolgen/defaults.py
@@ -0,0 +1,41 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Various default settings, including file and directory locations.
+"""
+
+def data_dir():
+ return "/var/lib/sepolgen"
+
+def perm_map():
+ return data_dir() + "/perm_map"
+
+def interface_info():
+ return data_dir() + "/interface_info"
+
+def refpolicy_devel():
+ return "/usr/share/selinux/devel"
+
+def refpolicy_makefile():
+ return refpolicy_devel() + "/Makefile"
+
+def headers():
+ return refpolicy_devel() + "/include"
+
diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py
new file mode 100644
index 0000000..d8b3e34
--- /dev/null
+++ b/sepolgen/src/sepolgen/interfaces.py
@@ -0,0 +1,452 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Classes for representing and manipulating interfaces.
+"""
+
+import access
+import refpolicy
+import itertools
+import objectmodel
+import matching
+
+from sepolgeni18n import _
+
+class Param:
+ """
+ Object representing a paramater for an interface.
+ """
+ def __init__(self):
+ self.__name = ""
+ self.type = refpolicy.SRC_TYPE
+ self.obj_classes = refpolicy.IdSet()
+ self.required = True
+
+ def set_name(self, name):
+ if not access.is_idparam(name):
+ raise ValueError("Name [%s] is not a param" % name)
+ self.__name = name
+
+ def get_name(self):
+ return self.__name
+
+ name = property(get_name, set_name)
+
+ num = property(fget=lambda self: int(self.name[1:]))
+
+ def __repr__(self):
+ return "<sepolgen.policygen.Param instance [%s, %s, %s]>" % \
+ (self.name, refpolicy.field_to_str[self.type], " ".join(self.obj_classes))
+
+
+# Helper for extract perms
+def __param_insert(name, type, av, params):
+ ret = 0
+ if name in params:
+ p = params[name]
+ # The entries are identical - we're done
+ if type == p.type:
+ return
+ # Hanldle implicitly typed objects (like process)
+ if (type == refpolicy.SRC_TYPE or type == refpolicy.TGT_TYPE) and \
+ (p.type == refpolicy.TGT_TYPE or p.type == refpolicy.SRC_TYPE):
+ #print name, refpolicy.field_to_str[p.type]
+ # If the object is not implicitly typed, tell the
+ # caller there is a likely conflict.
+ ret = 1
+ if av:
+ avobjs = [av.obj_class]
+ else:
+ avobjs = []
+ for obj in itertools.chain(p.obj_classes, avobjs):
+ if obj in objectmodel.implicitly_typed_objects:
+ ret = 0
+ break
+ # "Promote" to a SRC_TYPE as this is the likely usage.
+ # We do this even if the above test fails on purpose
+ # as there is really no sane way to resolve the conflict
+ # here. The caller can take other actions if needed.
+ p.type = refpolicy.SRC_TYPE
+ else:
+ # There is some conflict - no way to resolve it really
+ # so we just leave the first entry and tell the caller
+ # there was a conflict.
+ ret = 1
+ else:
+ p = Param()
+ p.name = name
+ p.type = type
+ params[p.name] = p
+
+ if av:
+ p.obj_classes.add(av.obj_class)
+ return ret
+
+
+
+def av_extract_params(av, params):
+ """Extract the paramaters from an access vector.
+
+ Extract the paramaters (in the form $N) from an access
+ vector, storing them as Param objects in a dictionary.
+ Some attempt is made at resolving conflicts with other
+ entries in the dict, but if an unresolvable conflict is
+ found it is reported to the caller.
+
+ The goal here is to figure out how interface paramaters are
+ actually used in the interface - e.g., that $1 is a domain used as
+ a SRC_TYPE. In general an interface will look like this:
+
+ interface(`foo', `
+ allow $1 foo : file read;
+ ')
+
+ This is simple to figure out - $1 is a SRC_TYPE. A few interfaces
+ are more complex, for example:
+
+ interface(`foo_trans',`
+ domain_auto_trans($1,fingerd_exec_t,fingerd_t)
+
+ allow $1 fingerd_t:fd use;
+ allow fingerd_t $1:fd use;
+ allow fingerd_t $1:fifo_file rw_file_perms;
+ allow fingerd_t $1:process sigchld;
+ ')
+
+ Here the usage seems ambigious, but it is not. $1 is still domain
+ and therefore should be returned as a SRC_TYPE.
+
+ Returns:
+ 0 - success
+ 1 - conflict found
+ """
+ ret = 0
+ found_src = False
+ if access.is_idparam(av.src_type):
+ if __param_insert(av.src_type, refpolicy.SRC_TYPE, av, params) == 1:
+ ret = 1
+
+ if access.is_idparam(av.tgt_type):
+ if __param_insert(av.tgt_type, refpolicy.TGT_TYPE, av, params) == 1:
+ ret = 1
+
+ if access.is_idparam(av.obj_class):
+ if __param_insert(av.obj_class, refpolicy.OBJ_CLASS, av, params) == 1:
+ ret = 1
+
+ for perm in av.perms:
+ if access.is_idparam(perm):
+ if __param_insert(perm, PERM) == 1:
+ ret = 1
+
+ return ret
+
+def role_extract_params(role, params):
+ if access.is_idparam(role.role):
+ return __param_insert(role.role, refpolicy.ROLE, None, params)
+
+def type_rule_extract_params(rule, params):
+ def extract_from_set(set, type):
+ ret = 0
+ for x in set:
+ if access.is_idparam(x):
+ if __param_insert(x, type, None, params):
+ ret = 1
+ return ret
+
+ ret = 0
+ if extract_from_set(rule.src_types, refpolicy.SRC_TYPE):
+ ret = 1
+
+ if extract_from_set(rule.tgt_types, refpolicy.TGT_TYPE):
+ ret = 1
+
+ if extract_from_set(rule.obj_classes, refpolicy.OBJ_CLASS):
+ ret = 1
+
+ if access.is_idparam(rule.dest_type):
+ if __param_insert(rule.dest_type, refpolicy.DEST_TYPE, None, params):
+ ret = 1
+
+ return ret
+
+def ifcall_extract_params(ifcall, params):
+ ret = 0
+ for arg in ifcall.args:
+ if access.is_idparam(arg):
+ # Assume interface arguments are source types. Fairly safe
+ # assumption for most interfaces
+ if __param_insert(arg, refpolicy.SRC_TYPE, None, params):
+ ret = 1
+
+ return ret
+
+
+class InterfaceVector:
+ def __init__(self, interface=None):
+ # Enabled is a loose concept currently - we are essentially
+ # not enabling interfaces that we can't handle currently.
+ # See InterfaceVector.add_ifv for more information.
+ self.enabled = True
+ self.name = ""
+ # The access that is enabled by this interface - eventually
+ # this will include indirect access from typeattribute
+ # statements.
+ self.access = access.AccessVectorSet()
+ # Paramaters are stored in a dictionary (key: param name
+ # value: Param object).
+ self.params = { }
+ if interface:
+ self.from_interface(interface)
+ self.expanded = False
+
+ def from_interface(self, interface):
+ self.name = interface.name
+
+ # Add allow rules
+ for avrule in interface.avrules():
+ if avrule.rule_type != refpolicy.AVRule.ALLOW:
+ continue
+ # Handle some policy bugs
+ if "dontaudit" in interface.name:
+ #print "allow rule in interface: %s" % interface
+ continue
+ avs = access.avrule_to_access_vectors(avrule)
+ for av in avs:
+ self.add_av(av)
+
+ # Extract paramaters from roles
+ for role in interface.roles():
+ if role_extract_params(role, self.params):
+ pass
+ #print "found conflicting role param %s for interface %s" % \
+ # (role.name, interface.name)
+ # Extract paramaters from type rules
+ for rule in interface.typerules():
+ if type_rule_extract_params(rule, self.params):
+ pass
+ #print "found conflicting params in rule %s in interface %s" % \
+ # (str(rule), interface.name)
+
+ for ifcall in interface.interface_calls():
+ if ifcall_extract_params(ifcall, self.params):
+ pass
+ #print "found conflicting params in ifcall %s in interface %s" % \
+ # (str(ifcall), interface.name)
+
+
+ def add_av(self, av):
+ if av_extract_params(av, self.params) == 1:
+ pass
+ #print "found conflicting perms [%s]" % str(av)
+ self.access.add_av(av)
+
+ def to_string(self):
+ s = []
+ s.append("[InterfaceVector %s]" % self.name)
+ for av in self.access:
+ s.append(str(av))
+ return "\n".join(s)
+
+ def __str__(self):
+ return self.__repr__()
+
+ def __repr__(self):
+ return "<InterfaceVector %s:%s>" % (self.name, self.enabled)
+
+
+class InterfaceSet:
+ def __init__(self, output=None):
+ self.interfaces = { }
+ self.tgt_type_map = { }
+ self.tgt_type_all = []
+ self.output = output
+
+ def o(self, str):
+ if self.output:
+ self.output.write(str + "\n")
+
+ def to_file(self, fd):
+ for iv in self.interfaces.values():
+ fd.write("[InterfaceVector %s " % iv.name)
+ for param in iv.params.values():
+ fd.write("%s:%s " % (param.name, refpolicy.field_to_str[param.type]))
+ fd.write("]\n")
+ avl = iv.access.to_list()
+ for av in avl:
+ fd.write(",".join(av))
+ fd.write("\n")
+
+ def from_file(self, fd):
+ def parse_ifv(line):
+ fields = line[1:-1].split()
+ if len(fields) < 2 or fields[0] != "InterfaceVector":
+ raise SyntaxError("Syntax error InterfaceVector statement %s" % line)
+ ifv = InterfaceVector()
+ ifv.name = fields[1]
+ if len(fields) == 2:
+ return
+ for field in fields[2:]:
+ p = field.split(":")
+ if len(p) != 2:
+ raise SyntaxError("Invalid param in InterfaceVector statement %s" % line)
+ param = Param()
+ param.name = p[0]
+ param.type = refpolicy.str_to_field[p[1]]
+ ifv.params[param.name] = param
+ return ifv
+
+ ifv = None
+ for line in fd:
+ line = line[:-1]
+ if line[0] == "[":
+ if ifv:
+ self.add_ifv(ifv)
+ ifv = parse_ifv(line)
+ elif ifv:
+ l = line.split(",")
+ av = access.AccessVector(l)
+ ifv.add_av(av)
+ if ifv:
+ self.add_ifv(ifv)
+
+ self.index()
+
+ def add_ifv(self, ifv):
+ self.interfaces[ifv.name] = ifv
+
+ def index(self):
+ for ifv in self.interfaces.values():
+ tgt_types = set()
+ for av in ifv.access:
+ if access.is_idparam(av.tgt_type):
+ self.tgt_type_all.append(ifv)
+ tgt_types = set()
+ break
+ tgt_types.add(av.tgt_type)
+
+ for type in tgt_types:
+ l = self.tgt_type_map.setdefault(type, [])
+ l.append(ifv)
+
+ def add(self, interface):
+ ifv = InterfaceVector(interface)
+ self.add_ifv(ifv)
+
+ def add_headers(self, headers, output=None):
+ for i in itertools.chain(headers.interfaces(), headers.templates()):
+ self.add(i)
+
+ self.expand_ifcalls(headers)
+ self.index()
+
+ def map_param(self, id, ifcall):
+ if access.is_idparam(id):
+ num = int(id[1:])
+ if num > len(ifcall.args):
+ # Tell caller to drop this because it must have
+ # been generated from an optional param.
+ return None
+ else:
+ arg = ifcall.args[num - 1]
+ if isinstance(arg, list):
+ return arg
+ else:
+ return [arg]
+ else:
+ return [id]
+
+ def map_add_av(self, ifv, av, ifcall):
+ src_types = self.map_param(av.src_type, ifcall)
+ if src_types is None:
+ return
+
+ tgt_types = self.map_param(av.tgt_type, ifcall)
+ if tgt_types is None:
+ return
+
+ obj_classes = self.map_param(av.obj_class, ifcall)
+ if obj_classes is None:
+ return
+
+ new_perms = refpolicy.IdSet()
+ for perm in av.perms:
+ p = self.map_param(perm, ifcall)
+ if p is None:
+ continue
+ else:
+ new_perms.update(p)
+ if len(new_perms) == 0:
+ return
+
+ for src_type in src_types:
+ for tgt_type in tgt_types:
+ for obj_class in obj_classes:
+ ifv.access.add(src_type, tgt_type, obj_class, new_perms)
+
+ def do_expand_ifcalls(self, interface, if_by_name):
+ # Descend an interface call tree adding the access
+ # from each interface. This is a depth first walk
+ # of the tree.
+
+ stack = [(interface, None)]
+ ifv = self.interfaces[interface.name]
+ ifv.expanded = True
+
+ while len(stack) > 0:
+ cur, cur_ifcall = stack.pop(-1)
+
+ cur_ifv = self.interfaces[cur.name]
+ if cur != interface:
+
+ for av in cur_ifv.access:
+ self.map_add_av(ifv, av, cur_ifcall)
+
+ # If we have already fully expanded this interface
+ # there is no reason to descend further.
+ if cur_ifv.expanded:
+ continue
+
+ for ifcall in cur.interface_calls():
+ if ifcall.ifname == interface.name:
+ self.o(_("Found circular interface class"))
+ return
+ try:
+ newif = if_by_name[ifcall.ifname]
+ except KeyError:
+ self.o(_("Missing interface definition for %s" % ifcall.ifname))
+ continue
+
+ stack.append((newif, ifcall))
+
+
+ def expand_ifcalls(self, headers):
+ # Create a map of interface names to interfaces -
+ # this mirrors the interface vector map we already
+ # have.
+ if_by_name = { }
+
+ for i in itertools.chain(headers.interfaces(), headers.templates()):
+ if_by_name[i.name] = i
+
+
+ for interface in itertools.chain(headers.interfaces(), headers.templates()):
+ self.do_expand_ifcalls(interface, if_by_name)
+
diff --git a/sepolgen/src/sepolgen/lex.py b/sepolgen/src/sepolgen/lex.py
new file mode 100644
index 0000000..c149366
--- /dev/null
+++ b/sepolgen/src/sepolgen/lex.py
@@ -0,0 +1,866 @@
+#-----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Author: David M. Beazley (dave@dabeaz.com)
+#
+# Copyright (C) 2001-2006, David M. Beazley
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# See the file COPYING for a complete copy of the LGPL.
+#-----------------------------------------------------------------------------
+
+__version__ = "2.2"
+
+import re, sys, types
+
+# Regular expression used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Available instance types. This is used when lexers are defined by a class.
+# It's a little funky because I want to preserve backwards compatibility
+# with Python 2.0 where types.ObjectType is undefined.
+
+try:
+ _INSTANCETYPE = (types.InstanceType, types.ObjectType)
+except AttributeError:
+ _INSTANCETYPE = types.InstanceType
+ class object: pass # Note: needed if no new-style classes present
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+ def __init__(self,message,s):
+ self.args = (message,)
+ self.text = s
+
+# Token class
+class LexToken(object):
+ def __str__(self):
+ return "LexToken(%s,%r,%d,%d)" % (self.type,self.value,self.lineno,self.lexpos)
+ def __repr__(self):
+ return str(self)
+ def skip(self,n):
+ self.lexer.skip(n)
+
+# -----------------------------------------------------------------------------
+# Lexer class
+#
+# This class encapsulates all of the methods and data associated with a lexer.
+#
+# input() - Store a new string in the lexer
+# token() - Get the next token
+# -----------------------------------------------------------------------------
+
+class Lexer:
+ def __init__(self):
+ self.lexre = None # Master regular expression. This is a list of
+ # tuples (re,findex) where re is a compiled
+ # regular expression and findex is a list
+ # mapping regex group numbers to rules
+ self.lexretext = None # Current regular expression strings
+ self.lexstatere = {} # Dictionary mapping lexer states to master regexs
+ self.lexstateretext = {} # Dictionary mapping lexer states to regex strings
+ self.lexstate = "INITIAL" # Current lexer state
+ self.lexstatestack = [] # Stack of lexer states
+ self.lexstateinfo = None # State information
+ self.lexstateignore = {} # Dictionary of ignored characters for each state
+ self.lexstateerrorf = {} # Dictionary of error functions for each state
+ self.lexreflags = 0 # Optional re compile flags
+ self.lexdata = None # Actual input data (as a string)
+ self.lexpos = 0 # Current position in input text
+ self.lexlen = 0 # Length of the input text
+ self.lexerrorf = None # Error rule (if any)
+ self.lextokens = None # List of valid tokens
+ self.lexignore = "" # Ignored characters
+ self.lexliterals = "" # Literal characters that can be passed through
+ self.lexmodule = None # Module
+ self.lineno = 1 # Current line number
+ self.lexdebug = 0 # Debugging mode
+ self.lexoptimize = 0 # Optimized mode
+
+ def clone(self,object=None):
+ c = Lexer()
+ c.lexstatere = self.lexstatere
+ c.lexstateinfo = self.lexstateinfo
+ c.lexstateretext = self.lexstateretext
+ c.lexstate = self.lexstate
+ c.lexstatestack = self.lexstatestack
+ c.lexstateignore = self.lexstateignore
+ c.lexstateerrorf = self.lexstateerrorf
+ c.lexreflags = self.lexreflags
+ c.lexdata = self.lexdata
+ c.lexpos = self.lexpos
+ c.lexlen = self.lexlen
+ c.lextokens = self.lextokens
+ c.lexdebug = self.lexdebug
+ c.lineno = self.lineno
+ c.lexoptimize = self.lexoptimize
+ c.lexliterals = self.lexliterals
+ c.lexmodule = self.lexmodule
+
+ # If the object parameter has been supplied, it means we are attaching the
+ # lexer to a new object. In this case, we have to rebind all methods in
+ # the lexstatere and lexstateerrorf tables.
+
+ if object:
+ newtab = { }
+ for key, ritem in self.lexstatere.items():
+ newre = []
+ for cre, findex in ritem:
+ newfindex = []
+ for f in findex:
+ if not f or not f[0]:
+ newfindex.append(f)
+ continue
+ newfindex.append((getattr(object,f[0].__name__),f[1]))
+ newre.append((cre,newfindex))
+ newtab[key] = newre
+ c.lexstatere = newtab
+ c.lexstateerrorf = { }
+ for key, ef in self.lexstateerrorf.items():
+ c.lexstateerrorf[key] = getattr(object,ef.__name__)
+ c.lexmodule = object
+
+ # Set up other attributes
+ c.begin(c.lexstate)
+ return c
+
+ # ------------------------------------------------------------
+ # writetab() - Write lexer information to a table file
+ # ------------------------------------------------------------
+ def writetab(self,tabfile):
+ tf = open(tabfile+".py","w")
+ tf.write("# %s.py. This file automatically created by PLY (version %s). Don't edit!\n" % (tabfile,__version__))
+ tf.write("_lextokens = %s\n" % repr(self.lextokens))
+ tf.write("_lexreflags = %s\n" % repr(self.lexreflags))
+ tf.write("_lexliterals = %s\n" % repr(self.lexliterals))
+ tf.write("_lexstateinfo = %s\n" % repr(self.lexstateinfo))
+
+ tabre = { }
+ for key, lre in self.lexstatere.items():
+ titem = []
+ for i in range(len(lre)):
+ titem.append((self.lexstateretext[key][i],_funcs_to_names(lre[i][1])))
+ tabre[key] = titem
+
+ tf.write("_lexstatere = %s\n" % repr(tabre))
+ tf.write("_lexstateignore = %s\n" % repr(self.lexstateignore))
+
+ taberr = { }
+ for key, ef in self.lexstateerrorf.items():
+ if ef:
+ taberr[key] = ef.__name__
+ else:
+ taberr[key] = None
+ tf.write("_lexstateerrorf = %s\n" % repr(taberr))
+ tf.close()
+
+ # ------------------------------------------------------------
+ # readtab() - Read lexer information from a tab file
+ # ------------------------------------------------------------
+ def readtab(self,tabfile,fdict):
+ exec "import %s as lextab" % tabfile
+ self.lextokens = lextab._lextokens
+ self.lexreflags = lextab._lexreflags
+ self.lexliterals = lextab._lexliterals
+ self.lexstateinfo = lextab._lexstateinfo
+ self.lexstateignore = lextab._lexstateignore
+ self.lexstatere = { }
+ self.lexstateretext = { }
+ for key,lre in lextab._lexstatere.items():
+ titem = []
+ txtitem = []
+ for i in range(len(lre)):
+ titem.append((re.compile(lre[i][0],lextab._lexreflags),_names_to_funcs(lre[i][1],fdict)))
+ txtitem.append(lre[i][0])
+ self.lexstatere[key] = titem
+ self.lexstateretext[key] = txtitem
+ self.lexstateerrorf = { }
+ for key,ef in lextab._lexstateerrorf.items():
+ self.lexstateerrorf[key] = fdict[ef]
+ self.begin('INITIAL')
+
+ # ------------------------------------------------------------
+ # input() - Push a new string into the lexer
+ # ------------------------------------------------------------
+ def input(self,s):
+ if not (isinstance(s,types.StringType) or isinstance(s,types.UnicodeType)):
+ raise ValueError, "Expected a string"
+ self.lexdata = s
+ self.lexpos = 0
+ self.lexlen = len(s)
+
+ # ------------------------------------------------------------
+ # begin() - Changes the lexing state
+ # ------------------------------------------------------------
+ def begin(self,state):
+ if not self.lexstatere.has_key(state):
+ raise ValueError, "Undefined state"
+ self.lexre = self.lexstatere[state]
+ self.lexretext = self.lexstateretext[state]
+ self.lexignore = self.lexstateignore.get(state,"")
+ self.lexerrorf = self.lexstateerrorf.get(state,None)
+ self.lexstate = state
+
+ # ------------------------------------------------------------
+ # push_state() - Changes the lexing state and saves old on stack
+ # ------------------------------------------------------------
+ def push_state(self,state):
+ self.lexstatestack.append(self.lexstate)
+ self.begin(state)
+
+ # ------------------------------------------------------------
+ # pop_state() - Restores the previous state
+ # ------------------------------------------------------------
+ def pop_state(self):
+ self.begin(self.lexstatestack.pop())
+
+ # ------------------------------------------------------------
+ # current_state() - Returns the current lexing state
+ # ------------------------------------------------------------
+ def current_state(self):
+ return self.lexstate
+
+ # ------------------------------------------------------------
+ # skip() - Skip ahead n characters
+ # ------------------------------------------------------------
+ def skip(self,n):
+ self.lexpos += n
+
+ # ------------------------------------------------------------
+ # token() - Return the next token from the Lexer
+ #
+ # Note: This function has been carefully implemented to be as fast
+ # as possible. Don't make changes unless you really know what
+ # you are doing
+ # ------------------------------------------------------------
+ def token(self):
+ # Make local copies of frequently referenced attributes
+ lexpos = self.lexpos
+ lexlen = self.lexlen
+ lexignore = self.lexignore
+ lexdata = self.lexdata
+
+ while lexpos < lexlen:
+ # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+ if lexdata[lexpos] in lexignore:
+ lexpos += 1
+ continue
+
+ # Look for a regular expression match
+ for lexre,lexindexfunc in self.lexre:
+ m = lexre.match(lexdata,lexpos)
+ if not m: continue
+
+ # Set last match in lexer so that rules can access it if they want
+ self.lexmatch = m
+
+ # Create a token for return
+ tok = LexToken()
+ tok.value = m.group()
+ tok.lineno = self.lineno
+ tok.lexpos = lexpos
+ tok.lexer = self
+
+ lexpos = m.end()
+ i = m.lastindex
+ func,tok.type = lexindexfunc[i]
+ self.lexpos = lexpos
+
+ if not func:
+ # If no token type was set, it's an ignored token
+ if tok.type: return tok
+ break
+
+ # if func not callable, it means it's an ignored token
+ if not callable(func):
+ break
+
+ # If token is processed by a function, call it
+ newtok = func(tok)
+
+ # Every function must return a token, if nothing, we just move to next token
+ if not newtok:
+ lexpos = self.lexpos # This is here in case user has updated lexpos.
+ break
+
+ # Verify type of the token. If not in the token map, raise an error
+ if not self.lexoptimize:
+ if not self.lextokens.has_key(newtok.type):
+ raise LexError, ("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+ func.func_code.co_filename, func.func_code.co_firstlineno,
+ func.__name__, newtok.type),lexdata[lexpos:])
+
+ return newtok
+ else:
+ # No match, see if in literals
+ if lexdata[lexpos] in self.lexliterals:
+ tok = LexToken()
+ tok.value = lexdata[lexpos]
+ tok.lineno = self.lineno
+ tok.lexer = self
+ tok.type = tok.value
+ tok.lexpos = lexpos
+ self.lexpos = lexpos + 1
+ return tok
+
+ # No match. Call t_error() if defined.
+ if self.lexerrorf:
+ tok = LexToken()
+ tok.value = self.lexdata[lexpos:]
+ tok.lineno = self.lineno
+ tok.type = "error"
+ tok.lexer = self
+ tok.lexpos = lexpos
+ self.lexpos = lexpos
+ newtok = self.lexerrorf(tok)
+ if lexpos == self.lexpos:
+ # Error method didn't change text position at all. This is an error.
+ raise LexError, ("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+ lexpos = self.lexpos
+ if not newtok: continue
+ return newtok
+
+ self.lexpos = lexpos
+ raise LexError, ("Illegal character '%s' at index %d" % (lexdata[lexpos],lexpos), lexdata[lexpos:])
+
+ self.lexpos = lexpos + 1
+ if self.lexdata is None:
+ raise RuntimeError, "No input string given with input()"
+ return None
+
+# -----------------------------------------------------------------------------
+# _validate_file()
+#
+# This checks to see if there are duplicated t_rulename() functions or strings
+# in the parser input file. This is done using a simple regular expression
+# match on each line in the filename.
+# -----------------------------------------------------------------------------
+
+def _validate_file(filename):
+ import os.path
+ base,ext = os.path.splitext(filename)
+ if ext != '.py': return 1 # No idea what the file is. Return OK
+
+ try:
+ f = open(filename)
+ lines = f.readlines()
+ f.close()
+ except IOError:
+ return 1 # Oh well
+
+ fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+ sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+ counthash = { }
+ linen = 1
+ noerror = 1
+ for l in lines:
+ m = fre.match(l)
+ if not m:
+ m = sre.match(l)
+ if m:
+ name = m.group(1)
+ prev = counthash.get(name)
+ if not prev:
+ counthash[name] = linen
+ else:
+ print "%s:%d: Rule %s redefined. Previously defined on line %d" % (filename,linen,name,prev)
+ noerror = 0
+ linen += 1
+ return noerror
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+
+def _funcs_to_names(funclist):
+ result = []
+ for f in funclist:
+ if f and f[0]:
+ result.append((f[0].__name__,f[1]))
+ else:
+ result.append(f)
+ return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+
+def _names_to_funcs(namelist,fdict):
+ result = []
+ for n in namelist:
+ if n and n[0]:
+ result.append((fdict[n[0]],n[1]))
+ else:
+ result.append(n)
+ return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression. Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+
+def _form_master_re(relist,reflags,ldict):
+ if not relist: return []
+ regex = "|".join(relist)
+ try:
+ lexre = re.compile(regex,re.VERBOSE | reflags)
+
+ # Build the index to function map for the matching engine
+ lexindexfunc = [ None ] * (max(lexre.groupindex.values())+1)
+ for f,i in lexre.groupindex.items():
+ handle = ldict.get(f,None)
+ if type(handle) in (types.FunctionType, types.MethodType):
+ lexindexfunc[i] = (handle,handle.__name__[2:])
+ elif handle is not None:
+ # If rule was specified as a string, we build an anonymous
+ # callback function to carry out the action
+ if f.find("ignore_") > 0:
+ lexindexfunc[i] = (None,None)
+ print "IGNORE", f
+ else:
+ lexindexfunc[i] = (None, f[2:])
+
+ return [(lexre,lexindexfunc)],[regex]
+ except Exception,e:
+ m = int(len(relist)/2)
+ if m == 0: m = 1
+ llist, lre = _form_master_re(relist[:m],reflags,ldict)
+ rlist, rre = _form_master_re(relist[m:],reflags,ldict)
+ return llist+rlist, lre+rre
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token. For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+
+def _statetoken(s,names):
+ nonstate = 1
+ parts = s.split("_")
+ for i in range(1,len(parts)):
+ if not names.has_key(parts[i]) and parts[i] != 'ANY': break
+ if i > 1:
+ states = tuple(parts[1:i])
+ else:
+ states = ('INITIAL',)
+
+ if 'ANY' in states:
+ states = tuple(names.keys())
+
+ tokenname = "_".join(parts[i:])
+ return (states,tokenname)
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None,object=None,debug=0,optimize=0,lextab="lextab",reflags=0,nowarn=0):
+ global lexer
+ ldict = None
+ stateinfo = { 'INITIAL' : 'inclusive'}
+ error = 0
+ files = { }
+ lexobj = Lexer()
+ lexobj.lexdebug = debug
+ lexobj.lexoptimize = optimize
+ global token,input
+
+ if nowarn: warn = 0
+ else: warn = 1
+
+ if object: module = object
+
+ if module:
+ # User supplied a module object.
+ if isinstance(module, types.ModuleType):
+ ldict = module.__dict__
+ elif isinstance(module, _INSTANCETYPE):
+ _items = [(k,getattr(module,k)) for k in dir(module)]
+ ldict = { }
+ for (i,v) in _items:
+ ldict[i] = v
+ else:
+ raise ValueError,"Expected a module or instance"
+ lexobj.lexmodule = module
+
+ else:
+ # No module given. We might be able to get information from the caller.
+ try:
+ raise RuntimeError
+ except RuntimeError:
+ e,b,t = sys.exc_info()
+ f = t.tb_frame
+ f = f.f_back # Walk out to our calling function
+ ldict = f.f_globals # Grab its globals dictionary
+
+ if optimize and lextab:
+ try:
+ lexobj.readtab(lextab,ldict)
+ token = lexobj.token
+ input = lexobj.input
+ lexer = lexobj
+ return lexobj
+
+ except ImportError:
+ pass
+
+ # Get the tokens, states, and literals variables (if any)
+ if (module and isinstance(module,_INSTANCETYPE)):
+ tokens = getattr(module,"tokens",None)
+ states = getattr(module,"states",None)
+ literals = getattr(module,"literals","")
+ else:
+ tokens = ldict.get("tokens",None)
+ states = ldict.get("states",None)
+ literals = ldict.get("literals","")
+
+ if not tokens:
+ raise SyntaxError,"lex: module does not define 'tokens'"
+ if not (isinstance(tokens,types.ListType) or isinstance(tokens,types.TupleType)):
+ raise SyntaxError,"lex: tokens must be a list or tuple."
+
+ # Build a dictionary of valid token names
+ lexobj.lextokens = { }
+ if not optimize:
+ for n in tokens:
+ if not _is_identifier.match(n):
+ print "lex: Bad token name '%s'" % n
+ error = 1
+ if warn and lexobj.lextokens.has_key(n):
+ print "lex: Warning. Token '%s' multiply defined." % n
+ lexobj.lextokens[n] = None
+ else:
+ for n in tokens: lexobj.lextokens[n] = None
+
+ if debug:
+ print "lex: tokens = '%s'" % lexobj.lextokens.keys()
+
+ try:
+ for c in literals:
+ if not (isinstance(c,types.StringType) or isinstance(c,types.UnicodeType)) or len(c) > 1:
+ print "lex: Invalid literal %s. Must be a single character" % repr(c)
+ error = 1
+ continue
+
+ except TypeError:
+ print "lex: Invalid literals specification. literals must be a sequence of characters."
+ error = 1
+
+ lexobj.lexliterals = literals
+
+ # Build statemap
+ if states:
+ if not (isinstance(states,types.TupleType) or isinstance(states,types.ListType)):
+ print "lex: states must be defined as a tuple or list."
+ error = 1
+ else:
+ for s in states:
+ if not isinstance(s,types.TupleType) or len(s) != 2:
+ print "lex: invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')" % repr(s)
+ error = 1
+ continue
+ name, statetype = s
+ if not isinstance(name,types.StringType):
+ print "lex: state name %s must be a string" % repr(name)
+ error = 1
+ continue
+ if not (statetype == 'inclusive' or statetype == 'exclusive'):
+ print "lex: state type for state %s must be 'inclusive' or 'exclusive'" % name
+ error = 1
+ continue
+ if stateinfo.has_key(name):
+ print "lex: state '%s' already defined." % name
+ error = 1
+ continue
+ stateinfo[name] = statetype
+
+ # Get a list of symbols with the t_ or s_ prefix
+ tsymbols = [f for f in ldict.keys() if f[:2] == 't_' ]
+
+ # Now build up a list of functions and a list of strings
+
+ funcsym = { } # Symbols defined as functions
+ strsym = { } # Symbols defined as strings
+ toknames = { } # Mapping of symbols to token names
+
+ for s in stateinfo.keys():
+ funcsym[s] = []
+ strsym[s] = []
+
+ ignore = { } # Ignore strings by state
+ errorf = { } # Error functions by state
+
+ if len(tsymbols) == 0:
+ raise SyntaxError,"lex: no rules of the form t_rulename are defined."
+
+ for f in tsymbols:
+ t = ldict[f]
+ states, tokname = _statetoken(f,stateinfo)
+ toknames[f] = tokname
+
+ if callable(t):
+ for s in states: funcsym[s].append((f,t))
+ elif (isinstance(t, types.StringType) or isinstance(t,types.UnicodeType)):
+ for s in states: strsym[s].append((f,t))
+ else:
+ print "lex: %s not defined as a function or string" % f
+ error = 1
+
+ # Sort the functions by line number
+ for f in funcsym.values():
+ f.sort(lambda x,y: cmp(x[1].func_code.co_firstlineno,y[1].func_code.co_firstlineno))
+
+ # Sort the strings by regular expression length
+ for s in strsym.values():
+ s.sort(lambda x,y: (len(x[1]) < len(y[1])) - (len(x[1]) > len(y[1])))
+
+ regexs = { }
+
+ # Build the master regular expressions
+ for state in stateinfo.keys():
+ regex_list = []
+
+ # Add rules defined by functions first
+ for fname, f in funcsym[state]:
+ line = f.func_code.co_firstlineno
+ file = f.func_code.co_filename
+ files[file] = None
+ tokname = toknames[fname]
+
+ ismethod = isinstance(f, types.MethodType)
+
+ if not optimize:
+ nargs = f.func_code.co_argcount
+ if ismethod:
+ reqargs = 2
+ else:
+ reqargs = 1
+ if nargs > reqargs:
+ print "%s:%d: Rule '%s' has too many arguments." % (file,line,f.__name__)
+ error = 1
+ continue
+
+ if nargs < reqargs:
+ print "%s:%d: Rule '%s' requires an argument." % (file,line,f.__name__)
+ error = 1
+ continue
+
+ if tokname == 'ignore':
+ print "%s:%d: Rule '%s' must be defined as a string." % (file,line,f.__name__)
+ error = 1
+ continue
+
+ if tokname == 'error':
+ errorf[state] = f
+ continue
+
+ if f.__doc__:
+ if not optimize:
+ try:
+ c = re.compile("(?P<%s>%s)" % (f.__name__,f.__doc__), re.VERBOSE | reflags)
+ if c.match(""):
+ print "%s:%d: Regular expression for rule '%s' matches empty string." % (file,line,f.__name__)
+ error = 1
+ continue
+ except re.error,e:
+ print "%s:%d: Invalid regular expression for rule '%s'. %s" % (file,line,f.__name__,e)
+ if '#' in f.__doc__:
+ print "%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'." % (file,line, f.__name__)
+ error = 1
+ continue
+
+ if debug:
+ print "lex: Adding rule %s -> '%s' (state '%s')" % (f.__name__,f.__doc__, state)
+
+ # Okay. The regular expression seemed okay. Let's append it to the master regular
+ # expression we're building
+
+ regex_list.append("(?P<%s>%s)" % (f.__name__,f.__doc__))
+ else:
+ print "%s:%d: No regular expression defined for rule '%s'" % (file,line,f.__name__)
+
+ # Now add all of the simple rules
+ for name,r in strsym[state]:
+ tokname = toknames[name]
+
+ if tokname == 'ignore':
+ ignore[state] = r
+ continue
+
+ if not optimize:
+ if tokname == 'error':
+ raise SyntaxError,"lex: Rule '%s' must be defined as a function" % name
+ error = 1
+ continue
+
+ if not lexobj.lextokens.has_key(tokname) and tokname.find("ignore_") < 0:
+ print "lex: Rule '%s' defined for an unspecified token %s." % (name,tokname)
+ error = 1
+ continue
+ try:
+ c = re.compile("(?P<%s>%s)" % (name,r),re.VERBOSE | reflags)
+ if (c.match("")):
+ print "lex: Regular expression for rule '%s' matches empty string." % name
+ error = 1
+ continue
+ except re.error,e:
+ print "lex: Invalid regular expression for rule '%s'. %s" % (name,e)
+ if '#' in r:
+ print "lex: Make sure '#' in rule '%s' is escaped with '\\#'." % name
+
+ error = 1
+ continue
+ if debug:
+ print "lex: Adding rule %s -> '%s' (state '%s')" % (name,r,state)
+
+ regex_list.append("(?P<%s>%s)" % (name,r))
+
+ if not regex_list:
+ print "lex: No rules defined for state '%s'" % state
+ error = 1
+
+ regexs[state] = regex_list
+
+
+ if not optimize:
+ for f in files.keys():
+ if not _validate_file(f):
+ error = 1
+
+ if error:
+ raise SyntaxError,"lex: Unable to build lexer."
+
+ # From this point forward, we're reasonably confident that we can build the lexer.
+ # No more errors will be generated, but there might be some warning messages.
+
+ # Build the master regular expressions
+
+ for state in regexs.keys():
+ lexre, re_text = _form_master_re(regexs[state],reflags,ldict)
+ lexobj.lexstatere[state] = lexre
+ lexobj.lexstateretext[state] = re_text
+ if debug:
+ for i in range(len(re_text)):
+ print "lex: state '%s'. regex[%d] = '%s'" % (state, i, re_text[i])
+
+ # For inclusive states, we need to add the INITIAL state
+ for state,type in stateinfo.items():
+ if state != "INITIAL" and type == 'inclusive':
+ lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+ lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+
+ lexobj.lexstateinfo = stateinfo
+ lexobj.lexre = lexobj.lexstatere["INITIAL"]
+ lexobj.lexretext = lexobj.lexstateretext["INITIAL"]
+
+ # Set up ignore variables
+ lexobj.lexstateignore = ignore
+ lexobj.lexignore = lexobj.lexstateignore.get("INITIAL","")
+
+ # Set up error functions
+ lexobj.lexstateerrorf = errorf
+ lexobj.lexerrorf = errorf.get("INITIAL",None)
+ if warn and not lexobj.lexerrorf:
+ print "lex: Warning. no t_error rule is defined."
+
+ # Check state information for ignore and error rules
+ for s,stype in stateinfo.items():
+ if stype == 'exclusive':
+ if warn and not errorf.has_key(s):
+ print "lex: Warning. no error rule is defined for exclusive state '%s'" % s
+ if warn and not ignore.has_key(s) and lexobj.lexignore:
+ print "lex: Warning. no ignore rule is defined for exclusive state '%s'" % s
+ elif stype == 'inclusive':
+ if not errorf.has_key(s):
+ errorf[s] = errorf.get("INITIAL",None)
+ if not ignore.has_key(s):
+ ignore[s] = ignore.get("INITIAL","")
+
+
+ # Create global versions of the token() and input() functions
+ token = lexobj.token
+ input = lexobj.input
+ lexer = lexobj
+
+ # If in optimize mode, we write the lextab
+ if lextab and optimize:
+ lexobj.writetab(lextab)
+
+ return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None,data=None):
+ if not data:
+ try:
+ filename = sys.argv[1]
+ f = open(filename)
+ data = f.read()
+ f.close()
+ except IndexError:
+ print "Reading from standard input (type EOF to end):"
+ data = sys.stdin.read()
+
+ if lexer:
+ _input = lexer.input
+ else:
+ _input = input
+ _input(data)
+ if lexer:
+ _token = lexer.token
+ else:
+ _token = token
+
+ while 1:
+ tok = _token()
+ if not tok: break
+ print "(%s,%r,%d,%d)" % (tok.type, tok.value, tok.lineno,tok.lexpos)
+
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+ def set_doc(f):
+ f.__doc__ = r
+ return f
+ return set_doc
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
+
diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
new file mode 100644
index 0000000..1a9a3e5
--- /dev/null
+++ b/sepolgen/src/sepolgen/matching.py
@@ -0,0 +1,254 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Classes and algorithms for matching requested access to access vectors.
+"""
+
+import access
+import objectmodel
+import itertools
+
+class Match:
+ def __init__(self, interface=None, dist=0):
+ self.interface = interface
+ self.dist = dist
+ self.info_dir_change = False
+
+ def __cmp__(self, other):
+ if self.dist == other.dist:
+ if self.info_dir_change:
+ if other.info_dir_change:
+ return 0
+ else:
+ return 1
+ else:
+ if other.info_dir_change:
+ return -1
+ else:
+ return 0
+ else:
+ if self.dist < other.dist:
+ return -1
+ else:
+ return 1
+
+class MatchList:
+ DEFAULT_THRESHOLD = 120
+ def __init__(self):
+ # Match objects that pass the threshold
+ self.children = []
+ # Match objects over the threshold
+ self.bastards = []
+ self.threshold = self.DEFAULT_THRESHOLD
+ self.allow_info_dir_change = False
+ self.av = None
+
+ def best(self):
+ if len(self.children):
+ return self.children[0]
+ else:
+ return None
+
+ def __len__(self):
+ # Only return the length of the matches so
+ # that this can be used to test if there is
+ # a match.
+ return len(self.children)
+
+ def __iter__(self):
+ return iter(self.children)
+
+ def all(self):
+ return itertools.chain(self.children, self.bastards)
+
+ def append(self, match):
+ if match.dist <= self.threshold:
+ if not match.info_dir_change or self.allow_info_dir_change:
+ self.children.append(match)
+ else:
+ self.bastards.append(match)
+ else:
+ self.bastards.append(match)
+
+ def sort(self):
+ self.children.sort()
+ self.bastards.sort()
+
+
+class AccessMatcher:
+ def __init__(self, perm_maps=None):
+ self.type_penalty = 10
+ self.obj_penalty = 10
+ if perm_maps:
+ self.perm_maps = perm_maps
+ else:
+ self.perm_maps = objectmodel.PermMappings()
+ # We want a change in the information flow direction
+ # to be a strong penalty - stronger than access to
+ # a few unrelated types.
+ self.info_dir_penalty = 100
+
+ def type_distance(self, a, b):
+ if a == b or access.is_idparam(b):
+ return 0
+ else:
+ return -self.type_penalty
+
+
+ def perm_distance(self, av_req, av_prov):
+ # First check that we have enough perms
+ diff = av_req.perms.difference(av_prov.perms)
+
+ if len(diff) != 0:
+ total = self.perm_maps.getdefault_distance(av_req.obj_class, diff)
+ return -total
+ else:
+ diff = av_prov.perms.difference(av_req.perms)
+ return self.perm_maps.getdefault_distance(av_req.obj_class, diff)
+
+ def av_distance(self, req, prov):
+ """Determine the 'distance' between 2 access vectors.
+
+ This function is used to find an access vector that matches
+ a 'required' access. To do this we comput a signed numeric
+ value that indicates how close the req access is to the
+ 'provided' access vector. The closer the value is to 0
+ the closer the match, with 0 being an exact match.
+
+ A value over 0 indicates that the prov access vector provides more
+ access than the req (in practice, this means that the source type,
+ target type, and object class is the same and the perms in prov is
+ a superset of those in req.
+
+ A value under 0 indicates that the prov access less - or unrelated
+ - access to the req access. A different type or object class will
+ result in a very low value.
+
+ The values other than 0 should only be interpreted relative to
+ one another - they have no exact meaning and are likely to
+ change.
+
+ Params:
+ req - [AccessVector] The access that is required. This is the
+ access being matched.
+ prov - [AccessVector] The access provided. This is the potential
+ match that is being evaluated for req.
+ Returns:
+ 0 : Exact match between the acess vectors.
+
+ < 0 : The prov av does not provide all of the access in req.
+ A smaller value indicates that the access is further.
+
+ > 0 : The prov av provides more access than req. The larger
+ the value the more access over req.
+ """
+ # FUTURE - this is _very_ expensive and probably needs some
+ # thorough performance work. This version is meant to give
+ # meaningful results relatively simply.
+ dist = 0
+
+ # Get the difference between the types. The addition is safe
+ # here because type_distance only returns 0 or negative.
+ dist += self.type_distance(req.src_type, prov.src_type)
+ dist += self.type_distance(req.tgt_type, prov.tgt_type)
+
+ # Object class distance
+ if req.obj_class != prov.obj_class and not access.is_idparam(prov.obj_class):
+ dist -= self.obj_penalty
+
+ # Permission distance
+
+ # If this av doesn't have a matching source type, target type, and object class
+ # count all of the permissions against it. Otherwise determine the perm
+ # distance and dir.
+ if dist < 0:
+ pdist = self.perm_maps.getdefault_distance(prov.obj_class, prov.perms)
+ else:
+ pdist = self.perm_distance(req, prov)
+
+ # Combine the perm and other distance
+ if dist < 0:
+ if pdist < 0:
+ return dist + pdist
+ else:
+ return dist - pdist
+ elif dist >= 0:
+ if pdist < 0:
+ return pdist - dist
+ else:
+ return dist + pdist
+
+ def av_set_match(self, av_set, av):
+ """
+
+ """
+ dist = None
+
+ # Get the distance for each access vector
+ for x in av_set:
+ tmp = self.av_distance(av, x)
+ if dist is None:
+ dist = tmp
+ elif tmp >= 0:
+ if dist >= 0:
+ dist += tmp
+ else:
+ dist = tmp + -dist
+ else:
+ if dist < 0:
+ dist += tmp
+ else:
+ dist -= tmp
+
+ # Penalize for information flow - we want to prevent the
+ # addition of a write if the requested is read none. We are
+ # much less concerned about the reverse.
+ av_dir = self.perm_maps.getdefault_direction(av.obj_class, av.perms)
+
+ if av_set.info_dir is None:
+ av_set.info_dir = objectmodel.FLOW_NONE
+ for x in av_set:
+ av_set.info_dir = av_set.info_dir | \
+ self.perm_maps.getdefault_direction(x.obj_class, x.perms)
+ if (av_dir & objectmodel.FLOW_WRITE == 0) and (av_set.info_dir & objectmodel.FLOW_WRITE):
+ if dist < 0:
+ dist -= self.info_dir_penalty
+ else:
+ dist += self.info_dir_penalty
+
+ return dist
+
+ def search_ifs(self, ifset, av, match_list):
+ match_list.av = av
+ for iv in itertools.chain(ifset.tgt_type_all,
+ ifset.tgt_type_map.get(av.tgt_type, [])):
+ if not iv.enabled:
+ #print "iv %s not enabled" % iv.name
+ continue
+
+ dist = self.av_set_match(iv.access, av)
+ if dist >= 0:
+ m = Match(iv, dist)
+ match_list.append(m)
+
+
+ match_list.sort()
+
+
diff --git a/sepolgen/src/sepolgen/module.py b/sepolgen/src/sepolgen/module.py
new file mode 100644
index 0000000..edd24c6
--- /dev/null
+++ b/sepolgen/src/sepolgen/module.py
@@ -0,0 +1,213 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Utilities for dealing with the compilation of modules and creation
+of module tress.
+"""
+
+import defaults
+
+import selinux
+
+import re
+import tempfile
+import commands
+import os
+import os.path
+import subprocess
+import shutil
+
+def is_valid_name(modname):
+ """Check that a module name is valid.
+ """
+ m = re.findall("[^a-zA-Z0-9]", modname)
+ if len(m) == 0:
+ return True
+ else:
+ return False
+
+class ModuleTree:
+ def __init__(self, modname):
+ self.modname = modname
+ self.dirname = None
+
+ def dir_name(self):
+ return self.dirname
+
+ def te_name(self):
+ return self.dirname + "/" + self.modname + ".te"
+
+ def fc_name(self):
+ return self.dirname + "/" + self.modname + ".fc"
+
+ def if_name(self):
+ return self.dirname + "/" + self.modname + ".if"
+
+ def package_name(self):
+ return self.dirname + "/" + self.modname + ".pp"
+
+ def makefile_name(self):
+ return self.dirname + "/Makefile"
+
+ def create(self, parent_dirname, makefile_include=None):
+ self.dirname = parent_dirname + "/" + self.modname
+ os.mkdir(self.dirname)
+ fd = open(self.makefile_name(), "w")
+ if makefile_include:
+ fd.write("include " + makefile_include)
+ else:
+ fd.write("include " + defaults.refpolicy_makefile())
+ fd.close()
+
+ # Create empty files for the standard refpolicy
+ # module files
+ open(self.te_name(), "w").close()
+ open(self.fc_name(), "w").close()
+ open(self.if_name(), "w").close()
+
+def modname_from_sourcename(sourcename):
+ return os.path.splitext(os.path.split(sourcename)[1])[0]
+
+class ModuleCompiler:
+ """ModuleCompiler eases running of the module compiler.
+
+ The ModuleCompiler class encapsulates running the commandline
+ module compiler (checkmodule) and module packager (semodule_package).
+ You are likely interested in the create_module_package method.
+
+ Several options are controlled via paramaters (only effects the
+ non-refpol builds):
+
+ .mls [boolean] Generate an MLS module (by passed -M to
+ checkmodule). True to generate an MLS module, false
+ otherwise.
+
+ .module [boolean] Generate a module instead of a base module.
+ True to generate a module, false to generate a base.
+
+ .checkmodule [string] Fully qualified path to the module compiler.
+ Default is /usr/bin/checkmodule.
+
+ .semodule_package [string] Fully qualified path to the module
+ packager. Defaults to /usr/bin/semodule_package.
+ .output [file object] File object used to write verbose
+ output of the compililation and packaging process.
+ """
+ def __init__(self, output=None):
+ """Create a ModuleCompiler instance, optionally with an
+ output file object for verbose output of the compilation process.
+ """
+ self.mls = selinux.is_selinux_mls_enabled()
+ self.module = True
+ self.checkmodule = "/usr/bin/checkmodule"
+ self.semodule_package = "/usr/bin/semodule_package"
+ self.output = output
+ self.last_output = ""
+ self.refpol_makefile = "/usr/share/selinux/devel/Makefile"
+ self.make = "/usr/bin/make"
+
+ def o(self, str):
+ if self.output:
+ self.output.write(str + "\n")
+ self.last_output = str
+
+ def run(self, command):
+ self.o(command)
+ rc, output = commands.getstatusoutput(command)
+ self.o(output)
+
+ return rc
+
+ def gen_filenames(self, sourcename):
+ """Generate the module and policy package filenames from
+ a source file name. The source file must be in the form
+ of "foo.te". This will generate "foo.mod" and "foo.pp".
+
+ Returns a tuple with (modname, policypackage).
+ """
+ splitname = sourcename.split(".")
+ if len(splitname) < 2:
+ raise RuntimeError("invalid sourcefile name %s (must end in .te)", sourcename)
+ # Handle other periods in the filename correctly
+ basename = ".".join(splitname[0:-1])
+ modname = basename + ".mod"
+ packagename = basename + ".pp"
+
+ return (modname, packagename)
+
+ def create_module_package(self, sourcename, refpolicy=True):
+ """Create a module package saved in a packagename from a
+ sourcename.
+
+ The create_module_package creates a module package saved in a
+ file named sourcename (.pp is the standard extension) from a
+ source file (.te is the standard extension). The source file
+ should contain SELinux policy statements appropriate for a
+ base or non-base module (depending on the setting of .module).
+
+ Only file names are accepted, not open file objects or
+ descriptors because the command line SELinux tools are used.
+
+ On error a RuntimeError will be raised with a descriptive
+ error message.
+ """
+ if refpolicy:
+ self.refpol_build(sourcename)
+ else:
+ modname, packagename = self.gen_filenames(sourcename)
+ self.compile(sourcename, modname)
+ self.package(modname, packagename)
+ os.unlink(modname)
+
+ def refpol_build(self, sourcename):
+ # Compile
+ command = self.make + " -f " + self.refpol_makefile
+ rc = self.run(command)
+
+ # Raise an error if the process failed
+ if rc != 0:
+ raise RuntimeError("compilation failed:\n%s" % self.last_output)
+
+ def compile(self, sourcename, modname):
+ s = [self.checkmodule]
+ if self.mls:
+ s.append("-M")
+ if self.module:
+ s.append("-m")
+ s.append("-o")
+ s.append(modname)
+ s.append(sourcename)
+
+ rc = self.run(" ".join(s))
+ if rc != 0:
+ raise RuntimeError("compilation failed:\n%s" % self.last_output)
+
+ def package(self, modname, packagename):
+ s = [self.semodule_package]
+ s.append("-o")
+ s.append(packagename)
+ s.append("-m")
+ s.append(modname)
+
+ rc = self.run(" ".join(s))
+ if rc != 0:
+ raise RuntimeError("packaging failed [%s]" % self.last_output)
+
+
diff --git a/sepolgen/src/sepolgen/objectmodel.py b/sepolgen/src/sepolgen/objectmodel.py
new file mode 100644
index 0000000..88c8a1f
--- /dev/null
+++ b/sepolgen/src/sepolgen/objectmodel.py
@@ -0,0 +1,172 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+This module provides knowledge object classes and permissions. It should
+be used to keep this knowledge from leaking into the more generic parts of
+the policy generation.
+"""
+
+# Objects that can be implicitly typed - these objects do
+# not _have_ to be implicitly typed (e.g., sockets can be
+# explicitly labeled), but they often are.
+#
+# File is in this list for /proc/self
+#
+# This list is useful when dealing with rules that have a
+# type (or param) used as both a subject and object. For
+# example:
+#
+# allow httpd_t httpd_t : socket read;
+#
+# This rule makes sense because the socket was (presumably) created
+# by a process with the type httpd_t.
+implicitly_typed_objects = ["socket", "fd", "process", "file", "lnk_file", "fifo_file",
+ "dbus", "capability", "unix_stream_socket"]
+
+#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+#
+#Information Flow
+#
+# All of the permissions in SELinux can be described in terms of
+# information flow. For example, a read of a file is a flow of
+# information from that file to the process reading. Viewing
+# permissions in these terms can be used to model a varity of
+# security properties.
+#
+# Here we have some infrastructure for understanding permissions
+# in terms of information flow
+#
+#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+
+# Information flow deals with information either flowing from a subject
+# to and object ("write") or to a subject from an object ("read"). Read
+# or write is described from the subject point-of-view. It is also possible
+# for a permission to represent both a read and write (though the flow is
+# typical asymettric in terms of bandwidth). It is also possible for
+# permission to not flow information (meaning that the result is pure
+# side-effect).
+#
+# The following constants are for representing the directionality
+# of information flow.
+FLOW_NONE = 0
+FLOW_READ = 1
+FLOW_WRITE = 2
+FLOW_BOTH = FLOW_READ | FLOW_WRITE
+
+# These are used by the parser and for nice disply of the directions
+str_to_dir = { "n" : FLOW_NONE, "r" : FLOW_READ, "w" : FLOW_WRITE, "b" : FLOW_BOTH }
+dir_to_str = { FLOW_NONE : "n", FLOW_READ : "r", FLOW_WRITE : "w", FLOW_BOTH : "b" }
+
+class PermMap:
+ """A mapping between a permission and its information flow properties.
+
+ PermMap represents the information flow properties of a single permission
+ including the direction (read, write, etc.) and an abstract representation
+ of the bandwidth of the flow (weight).
+ """
+ def __init__(self, perm, dir, weight):
+ self.perm = perm
+ self.dir = dir
+ self.weight = weight
+
+ def __repr__(self):
+ return "<sepolgen.objectmodel.PermMap %s %s %d>" % (self.perm,
+ dir_to_str[self.dir],
+ self.weight)
+
+class PermMappings:
+ """The information flow properties of a set of object classes and permissions.
+
+ PermMappings maps one or more classes and permissions to their PermMap objects
+ describing their information flow charecteristics.
+ """
+ def __init__(self):
+ self.classes = { }
+ self.default_weight = 5
+ self.default_dir = FLOW_BOTH
+
+ def from_file(self, fd):
+ """Read the permission mappings from a file. This reads the format used
+ by Apol in the setools suite.
+ """
+ # This parsing is deliberitely picky and bails at the least error. It
+ # is assumed that the permission map file will be shipped as part
+ # of sepolgen and not user modified, so this is a reasonable design
+ # choice. If user supplied permission mappings are needed the parser
+ # should be made a little more robust and give better error messages.
+ cur = None
+ for line in fd:
+ fields = line.split()
+ if len(fields) == 0 or len(fields) == 1 or fields[0] == "#":
+ continue
+ if fields[0] == "class":
+ c = fields[1]
+ if self.classes.has_key(c):
+ raise ValueError("duplicate class in perm map")
+ self.classes[c] = { }
+ cur = self.classes[c]
+ else:
+ if len(fields) != 3:
+ raise ValueError("error in object classs permissions")
+ if cur is None:
+ raise ValueError("permission outside of class")
+ pm = PermMap(fields[0], str_to_dir[fields[1]], int(fields[2]))
+ cur[pm.perm] = pm
+
+ def get(self, obj, perm):
+ """Get the permission map for the object permission.
+
+ Returns:
+ PermMap representing the permission
+ Raises:
+ KeyError if the object or permission is not defined
+ """
+ return self.classes[obj][perm]
+
+ def getdefault(self, obj, perm):
+ """Get the permission map for the object permission or a default.
+
+ getdefault is the same as get except that a default PermMap is
+ returned if the object class or permission is not defined. The
+ default is FLOW_BOTH with a weight of 5.
+ """
+ try:
+ pm = self.classes[obj][perm]
+ except KeyError:
+ return PermMap(perm, self.default_dir, self.default_weight)
+ return pm
+
+ def getdefault_direction(self, obj, perms):
+ dir = FLOW_NONE
+ for perm in perms:
+ pm = self.getdefault(obj, perm)
+ dir = dir | pm.dir
+ return dir
+
+ def getdefault_distance(self, obj, perms):
+ total = 0
+ for perm in perms:
+ pm = self.getdefault(obj, perm)
+ total += pm.weight
+
+ return total
+
+
+
diff --git a/sepolgen/src/sepolgen/output.py b/sepolgen/src/sepolgen/output.py
new file mode 100644
index 0000000..739452d
--- /dev/null
+++ b/sepolgen/src/sepolgen/output.py
@@ -0,0 +1,173 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+Classes and functions for the output of reference policy modules.
+
+This module takes a refpolicy.Module object and formats it for
+output using the ModuleWriter object. By separating the output
+in this way the other parts of Madison can focus solely on
+generating policy. This keeps the semantic / syntactic issues
+cleanly separated from the formatting issues.
+"""
+
+import refpolicy
+import util
+
+class ModuleWriter:
+ def __init__(self):
+ self.fd = None
+ self.module = None
+ self.sort = True
+ self.requires = True
+
+ def write(self, module, fd):
+ self.module = module
+
+ if self.sort:
+ sort_filter(self.module)
+
+ # FIXME - make this handle nesting
+ for node, depth in refpolicy.walktree(self.module, showdepth=True):
+ fd.write("%s\n" % str(node))
+
+# Helper functions for sort_filter - this is all done old school
+# C style rather than with polymorphic methods because this sorting
+# is specific to output. It is not necessarily the comparison you
+# want generally.
+
+# Compare two IdSets - we could probably do something clever
+# with different here, but this works.
+def id_set_cmp(x, y):
+ xl = util.set_to_list(x)
+ xl.sort()
+ yl = util.set_to_list(y)
+ yl.sort()
+
+ if len(xl) != len(yl):
+ return cmp(xl[0], yl[0])
+ for v in zip(xl, yl):
+ if v[0] != v[1]:
+ return cmp(v[0], v[1])
+ return 0
+
+# Compare two avrules
+def avrule_cmp(a, b):
+ ret = id_set_cmp(a.src_types, b.src_types)
+ if ret is not 0:
+ return ret
+ ret = id_set_cmp(a.tgt_types, b.tgt_types)
+ if ret is not 0:
+ return ret
+ ret = id_set_cmp(a.obj_classes, b.obj_classes)
+ if ret is not 0:
+ return ret
+
+ # At this point, who cares - just return something
+ return cmp(len(a.perms), len(b.perms))
+
+# Compare two interface calls
+def ifcall_cmp(a, b):
+ if a.args[0] != b.args[0]:
+ return cmp(a.args[0], b.args[0])
+ return cmp(a.ifname, b.ifname)
+
+# Compare an two avrules or interface calls
+def rule_cmp(a, b):
+ if isinstance(a, refpolicy.InterfaceCall):
+ if isinstance(b, refpolicy.InterfaceCall):
+ return ifcall_cmp(a, b)
+ else:
+ return id_set_cmp([a.args[0]], b.src_types)
+ else:
+ if isinstance(b, refpolicy.AVRule):
+ return avrule_cmp(a,b)
+ else:
+ return id_set_cmp(a.src_types, [b.args[0]])
+
+def role_type_cmp(a, b):
+ return cmp(a.role, b.role)
+
+def sort_filter(module):
+ """Sort and group the output for readability.
+ """
+ def sort_node(node):
+ c = []
+
+ # Module statement
+ for mod in node.module_declarations():
+ c.append(mod)
+ c.append(refpolicy.Comment())
+
+ # Requires
+ for require in node.requires():
+ c.append(require)
+ c.append(refpolicy.Comment())
+
+ # Rules
+ #
+ # We are going to group output by source type (which
+ # we assume is the first argument for interfaces).
+ rules = []
+ rules.extend(node.avrules())
+ rules.extend(node.interface_calls())
+ rules.sort(rule_cmp)
+
+ cur = None
+ sep_rules = []
+ for rule in rules:
+ if isinstance(rule, refpolicy.InterfaceCall):
+ x = rule.args[0]
+ else:
+ x = util.first(rule.src_types)
+
+ if cur != x:
+ if cur:
+ sep_rules.append(refpolicy.Comment())
+ cur = x
+ comment = refpolicy.Comment()
+ comment.lines.append("============= %s ==============" % cur)
+ sep_rules.append(comment)
+ sep_rules.append(rule)
+
+ c.extend(sep_rules)
+
+
+ ras = []
+ ras.extend(node.role_types())
+ ras.sort(role_type_cmp)
+ if len(ras):
+ comment = refpolicy.Comment()
+ comment.lines.append("============= ROLES ==============")
+ c.append(comment)
+
+
+ c.extend(ras)
+
+ # Everything else
+ for child in node.children:
+ if child not in c:
+ c.append(child)
+
+ node.children = c
+
+ for node in module.nodes():
+ sort_node(node)
+
+
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
new file mode 100644
index 0000000..7246fd6
--- /dev/null
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -0,0 +1,357 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+"""
+classes and algorithms for the generation of SELinux policy.
+"""
+
+import itertools
+import textwrap
+
+import refpolicy
+import objectmodel
+import access
+import interfaces
+import matching
+
+# Constants for the level of explanation from the generation
+# routines
+NO_EXPLANATION = 0
+SHORT_EXPLANATION = 1
+LONG_EXPLANATION = 2
+
+class PolicyGenerator:
+ """Generate a reference policy module from access vectors.
+
+ PolicyGenerator generates a new reference policy module
+ or updates an existing module based on requested access
+ in the form of access vectors.
+
+ It generates allow rules and optionally module require
+ statements and reference policy interfaces. By default
+ only allow rules are generated. The methods .set_gen_refpol
+ and .set_gen_requires turns on interface generation and
+ requires generation respectively.
+
+ PolicyGenerator can also optionally add comments explaining
+ why a particular access was allowed based on the audit
+ messages that generated the access. The access vectors
+ passed in must have the .audit_msgs field set correctly
+ and .explain set to SHORT|LONG_EXPLANATION to enable this
+ feature.
+
+ The module created by PolicyGenerator can be passed to
+ output.ModuleWriter to output a text representation.
+ """
+ def __init__(self, module=None):
+ """Initialize a PolicyGenerator with an optional
+ existing module.
+
+ If the module paramater is not None then access
+ will be added to the passed in module. Otherwise
+ a new reference policy module will be created.
+ """
+ self.ifgen = None
+ self.explain = NO_EXPLANATION
+ self.gen_requires = False
+ if module:
+ self.moduel = module
+ else:
+ self.module = refpolicy.Module()
+
+ def set_gen_refpol(self, if_set=None, perm_maps=None):
+ """Set whether reference policy interfaces are generated.
+
+ To turn on interface generation pass in an interface set
+ to use for interface generation. To turn off interface
+ generation pass in None.
+
+ If interface generation is enabled requires generation
+ will also be enabled.
+ """
+ if if_set:
+ self.ifgen = InterfaceGenerator(if_set, perm_maps)
+ self.gen_requires = True
+ else:
+ self.ifgen = None
+ self.__set_module_style()
+
+
+ def set_gen_requires(self, status=True):
+ """Set whether module requires are generated.
+
+ Passing in true will turn on requires generation and
+ False will disable generation. If requires generation is
+ disabled interface generation will also be disabled and
+ can only be re-enabled via .set_gen_refpol.
+ """
+ self.gen_requires = status
+
+ def set_gen_explain(self, explain=SHORT_EXPLANATION):
+ """Set whether access is explained.
+ """
+ self.explain = explain
+
+ def __set_module_style(self):
+ if self.ifgen:
+ refpolicy = True
+ else:
+ refpolicy = False
+ for mod in self.module.module_declarations():
+ mod.refpolicy = refpolicy
+
+ def set_module_name(self, name, version="1.0"):
+ """Set the name of the module and optionally the version.
+ """
+ # find an existing module declaration
+ m = None
+ for mod in self.module.module_declarations():
+ m = mod
+ if not m:
+ m = refpolicy.ModuleDeclaration()
+ self.module.children.insert(0, m)
+ m.name = name
+ m.version = version
+ if self.ifgen:
+ m.refpolicy = True
+ else:
+ m.refpolicy = False
+
+ def get_module(self):
+ """Return the generated module"""
+ return self.module
+
+ def __add_allow_rules(self, avs):
+ for av in avs:
+ rule = refpolicy.AVRule(av)
+ if self.explain:
+ rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
+ self.module.children.append(rule)
+
+
+ def add_access(self, av_set):
+ """Add the access from the access vector set to this
+ module.
+ """
+ # Use the interface generator to split the access
+ # into raw allow rules and interfaces. After this
+ # a will contain a list of access that should be
+ # used as raw allow rules and the interfaces will
+ # be added to the module.
+ if self.ifgen:
+ raw_allow, ifcalls = self.ifgen.gen(av_set, self.explain)
+ self.module.children.extend(ifcalls)
+ else:
+ raw_allow = av_set
+
+ # Generate the raw allow rules from the filtered list
+ self.__add_allow_rules(raw_allow)
+
+ # Generate the requires
+ if self.gen_requires:
+ gen_requires(self.module)
+
+ def add_role_types(self, role_type_set):
+ for role_type in role_type_set:
+ self.module.children.append(role_type)
+
+ # Generate the requires
+ if self.gen_requires:
+ gen_requires(self.module)
+
+def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
+ """Explain why a policy statement was generated.
+
+ Return a string containing a text explanation of
+ why a policy statement was generated. The string is
+ commented and wrapped and can be directly inserted
+ into a policy.
+
+ Params:
+ av - access vector representing the access. Should
+ have .audit_msgs set appropriately.
+ verbosity - the amount of explanation provided. Should
+ be set to NO_EXPLANATION, SHORT_EXPLANATION, or
+ LONG_EXPLANATION.
+ Returns:
+ list of strings - strings explaining the access or an empty
+ string if verbosity=NO_EXPLANATION or there is not sufficient
+ information to provide an explanation.
+ """
+ s = []
+
+ def explain_interfaces():
+ if not ml:
+ return
+ s.append(" Interface options:")
+ for match in ml.all():
+ ifcall = call_interface(match.interface, ml.av)
+ s.append(' %s # [%d]' % (ifcall.to_string(), match.dist))
+
+
+ # Format the raw audit data to explain why the
+ # access was requested - either long or short.
+ if verbosity == LONG_EXPLANATION:
+ for msg in av.audit_msgs:
+ s.append(' %s' % msg.header)
+ s.append(' scontext="%s" tcontext="%s"' %
+ (str(msg.scontext), str(msg.tcontext)))
+ s.append(' class="%s" perms="%s"' %
+ (msg.tclass, refpolicy.list_to_space_str(msg.accesses)))
+ s.append(' comm="%s" exe="%s" path="%s"' % (msg.comm, msg.exe, msg.path))
+ s.extend(textwrap.wrap('message="' + msg.message + '"', 80, initial_indent=" ",
+ subsequent_indent=" "))
+ explain_interfaces()
+ elif verbosity:
+ s.append(' src="%s" tgt="%s" class="%s", perms="%s"' %
+ (av.src_type, av.tgt_type, av.obj_class, av.perms.to_space_str()))
+ # For the short display we are only going to use the additional information
+ # from the first audit message. For the vast majority of cases this info
+ # will always be the same anyway.
+ if len(av.audit_msgs) > 0:
+ msg = av.audit_msgs[0]
+ s.append(' comm="%s" exe="%s" path="%s"' % (msg.comm, msg.exe, msg.path))
+ explain_interfaces()
+ return s
+
+def param_comp(a, b):
+ return cmp(b.num, a.num)
+
+def call_interface(interface, av):
+ params = []
+ args = []
+
+ params.extend(interface.params.values())
+ params.sort(param_comp)
+
+ ifcall = refpolicy.InterfaceCall()
+ ifcall.ifname = interface.name
+
+ for i in range(len(params)):
+ if params[i].type == refpolicy.SRC_TYPE:
+ ifcall.args.append(av.src_type)
+ elif params[i].type == refpolicy.TGT_TYPE:
+ ifcall.args.append(av.tgt_type)
+ elif params[i].type == refpolicy.OBJ_CLASS:
+ ifcall.args.append(av.obj_class)
+ else:
+ print params[i].type
+ assert(0)
+
+ assert(len(ifcall.args) > 0)
+
+ return ifcall
+
+class InterfaceGenerator:
+ def __init__(self, ifs, perm_maps=None):
+ self.ifs = ifs
+ self.hack_check_ifs(ifs)
+ self.matcher = matching.AccessMatcher(perm_maps)
+ self.calls = []
+
+ def hack_check_ifs(self, ifs):
+ # FIXME: Disable interfaces we can't call - this is a hack.
+ # Because we don't handle roles, multiple paramaters, etc.,
+ # etc., we must make certain we can actually use a returned
+ # interface.
+ for x in ifs.interfaces.values():
+ params = []
+ params.extend(x.params.values())
+ params.sort(param_comp)
+ for i in range(len(params)):
+ # Check that the paramater position matches
+ # the number (e.g., $1 is the first arg). This
+ # will fail if the parser missed something.
+ if (i + 1) != params[i].num:
+ x.enabled = False
+ break
+ # Check that we can handle the param type (currently excludes
+ # roles.
+ if params[i].type not in [refpolicy.SRC_TYPE, refpolicy.TGT_TYPE,
+ refpolicy.OBJ_CLASS]:
+ x.enabled = False
+ break
+
+ def gen(self, avs, verbosity):
+ raw_av = self.match(avs)
+ ifcalls = []
+ for ml in self.calls:
+ ifcall = call_interface(ml.best().interface, ml.av)
+ if verbosity:
+ ifcall.comment = refpolicy.Comment(explain_access(ml.av, ml, verbosity))
+ ifcalls.append((ifcall, ml))
+
+ d = []
+ for ifcall, ifs in ifcalls:
+ found = False
+ for o_ifcall in d:
+ if o_ifcall.matches(ifcall):
+ if o_ifcall.comment and ifcall.comment:
+ o_ifcall.comment.merge(ifcall.comment)
+ found = True
+ if not found:
+ d.append(ifcall)
+
+ return (raw_av, d)
+
+
+ def match(self, avs):
+ raw_av = []
+ for av in avs:
+ ans = matching.MatchList()
+ self.matcher.search_ifs(self.ifs, av, ans)
+ if len(ans):
+ self.calls.append(ans)
+ else:
+ raw_av.append(av)
+
+ return raw_av
+
+
+def gen_requires(module):
+ """Add require statements to the module.
+ """
+ def collect_requires(node):
+ r = refpolicy.Require()
+ for avrule in node.avrules():
+ r.types.update(avrule.src_types)
+ r.types.update(avrule.tgt_types)
+ for obj in avrule.obj_classes:
+ r.add_obj_class(obj, avrule.perms)
+
+ for ifcall in node.interface_calls():
+ for arg in ifcall.args:
+ # FIXME - handle non-type arguments when we
+ # can actually figure those out.
+ r.types.add(arg)
+
+ for role_type in node.role_types():
+ r.roles.add(role_type.role)
+ r.types.update(role_type.types)
+
+ r.types.discard("self")
+
+ node.children.insert(0, r)
+
+ # FUTURE - this is untested on modules with any sort of
+ # nesting
+ for node in module.nodes():
+ collect_requires(node)
+
+
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
new file mode 100644
index 0000000..65d1d90
--- /dev/null
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -0,0 +1,1030 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006-2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+# OVERVIEW
+#
+#
+# This is a parser for the refpolicy policy "language" - i.e., the
+# normal SELinux policy language plus the refpolicy style M4 macro
+# constructs on top of that base language. This parser is primarily
+# aimed at parsing the policy headers in order to create an abstract
+# policy representation suitable for generating policy.
+#
+# Both the lexer and parser are included in this file. The are implemented
+# using the Ply library (included with sepolgen).
+
+import sys
+import os
+import re
+import traceback
+
+import refpolicy
+import access
+import defaults
+
+import lex
+import yacc
+
+# :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+#
+# lexer
+#
+# :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+
+tokens = (
+ # basic tokens, punctuation
+ 'TICK',
+ 'SQUOTE',
+ 'OBRACE',
+ 'CBRACE',
+ 'SEMI',
+ 'COLON',
+ 'OPAREN',
+ 'CPAREN',
+ 'COMMA',
+ 'MINUS',
+ 'TILDE',
+ 'ASTERISK',
+ 'AMP',
+ 'BAR',
+ 'EXPL',
+ 'EQUAL',
+ 'IDENTIFIER',
+ 'NUMBER',
+ 'PATH',
+ 'IPV6_ADDR',
+ # reserved words
+ # module
+ 'MODULE',
+ 'POLICY_MODULE',
+ 'REQUIRE',
+ # flask
+ 'SID',
+ 'GENFSCON',
+ 'FS_USE_XATTR',
+ 'FS_USE_TRANS',
+ 'FS_USE_TASK',
+ 'PORTCON',
+ 'NODECON',
+ 'NETIFCON',
+ # object classes
+ 'CLASS',
+ # types and attributes
+ 'TYPEATTRIBUTE',
+ 'TYPE',
+ 'ATTRIBUTE',
+ 'ALIAS',
+ 'TYPEALIAS',
+ # conditional policy
+ 'BOOL',
+ 'TRUE',
+ 'FALSE',
+ 'IF',
+ 'ELSE',
+ # users and roles
+ 'ROLE',
+ 'TYPES',
+ # rules
+ 'ALLOW',
+ 'DONTAUDIT',
+ 'AUDITALLOW',
+ 'NEVERALLOW',
+ 'TYPE_TRANSITION',
+ 'TYPE_CHANGE',
+ 'TYPE_MEMBER',
+ 'RANGE_TRANSITION',
+ 'ROLE_TRANSITION',
+ # refpolicy keywords
+ 'OPT_POLICY',
+ 'INTERFACE',
+ 'TUNABLE_POLICY',
+ 'GEN_REQ',
+ 'TEMPLATE',
+ 'GEN_CONTEXT',
+ # m4
+ 'IFELSE',
+ 'IFDEF',
+ 'IFNDEF',
+ 'DEFINE'
+ )
+
+# All reserved keywords - see t_IDENTIFIER for how these are matched in
+# the lexer.
+reserved = {
+ # module
+ 'module' : 'MODULE',
+ 'policy_module' : 'POLICY_MODULE',
+ 'require' : 'REQUIRE',
+ # flask
+ 'sid' : 'SID',
+ 'genfscon' : 'GENFSCON',
+ 'fs_use_xattr' : 'FS_USE_XATTR',
+ 'fs_use_trans' : 'FS_USE_TRANS',
+ 'fs_use_task' : 'FS_USE_TASK',
+ 'portcon' : 'PORTCON',
+ 'nodecon' : 'NODECON',
+ 'netifcon' : 'NETIFCON',
+ # object classes
+ 'class' : 'CLASS',
+ # types and attributes
+ 'typeattribute' : 'TYPEATTRIBUTE',
+ 'type' : 'TYPE',
+ 'attribute' : 'ATTRIBUTE',
+ 'alias' : 'ALIAS',
+ 'typealias' : 'TYPEALIAS',
+ # conditional policy
+ 'bool' : 'BOOL',
+ 'true' : 'TRUE',
+ 'false' : 'FALSE',
+ 'if' : 'IF',
+ 'else' : 'ELSE',
+ # users and roles
+ 'role' : 'ROLE',
+ 'types' : 'TYPES',
+ # rules
+ 'allow' : 'ALLOW',
+ 'dontaudit' : 'DONTAUDIT',
+ 'auditallow' : 'AUDITALLOW',
+ 'neverallow' : 'NEVERALLOW',
+ 'type_transition' : 'TYPE_TRANSITION',
+ 'type_change' : 'TYPE_CHANGE',
+ 'type_member' : 'TYPE_MEMBER',
+ 'range_transition' : 'RANGE_TRANSITION',
+ 'role_transition' : 'ROLE_TRANSITION',
+ # refpolicy keywords
+ 'optional_policy' : 'OPT_POLICY',
+ 'interface' : 'INTERFACE',
+ 'tunable_policy' : 'TUNABLE_POLICY',
+ 'gen_require' : 'GEN_REQ',
+ 'template' : 'TEMPLATE',
+ 'gen_context' : 'GEN_CONTEXT',
+ # M4
+ 'ifelse' : 'IFELSE',
+ 'ifndef' : 'IFNDEF',
+ 'ifdef' : 'IFDEF',
+ 'define' : 'DEFINE'
+ }
+
+# The ply lexer allows definition of tokens in 2 ways: regular expressions
+# or functions.
+
+# Simple regex tokens
+t_TICK = r'\`'
+t_SQUOTE = r'\''
+t_OBRACE = r'\{'
+t_CBRACE = r'\}'
+# This will handle spurios extra ';' via the +
+t_SEMI = r'\;+'
+t_COLON = r'\:'
+t_OPAREN = r'\('
+t_CPAREN = r'\)'
+t_COMMA = r'\,'
+t_MINUS = r'\-'
+t_TILDE = r'\~'
+t_ASTERISK = r'\*'
+t_AMP = r'\&'
+t_BAR = r'\|'
+t_EXPL = r'\!'
+t_EQUAL = r'\='
+t_NUMBER = r'[0-9\.]+'
+t_PATH = r'/[a-zA-Z0-9)_\.\*/]*'
+#t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*'
+
+# Ignore whitespace - this is a special token for ply that more efficiently
+# ignores uninteresting tokens.
+t_ignore = " \t"
+
+# More complex tokens
+def t_IPV6_ADDR(t):
+ r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]|:)*'
+ # This is a function simply to force it sooner into
+ # the regex list
+ return t
+
+def t_m4comment(t):
+ r'dnl.*\n'
+ # Ignore all comments
+ t.lexer.lineno += 1
+
+def t_refpolicywarn1(t):
+ r'define.*refpolicywarn\(.*\n'
+ # Ignore refpolicywarn statements - they sometimes
+ # contain text that we can't parse.
+ t.skip(1)
+
+def t_refpolicywarn(t):
+ r'refpolicywarn\(.*\n'
+ # Ignore refpolicywarn statements - they sometimes
+ # contain text that we can't parse.
+ t.lexer.lineno += 1
+
+def t_IDENTIFIER(t):
+ r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
+ # Handle any keywords
+ t.type = reserved.get(t.value,'IDENTIFIER')
+ return t
+
+def t_comment(t):
+ r'\#.*\n'
+ # Ignore all comments
+ t.lexer.lineno += 1
+
+def t_error(t):
+ print "Illegal character '%s'" % t.value[0]
+ t.skip(1)
+
+def t_newline(t):
+ r'\n+'
+ t.lexer.lineno += len(t.value)
+
+# :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+#
+# Parser
+#
+# :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+
+# Global data used during parsing - making it global is easier than
+# passing the state through the parsing functions.
+
+# m is the top-level data structure (stands for modules).
+m = None
+# error is either None (indicating no error) or a string error message.
+error = None
+parse_file = ""
+# spt is the support macros (e.g., obj/perm sets) - it is an instance of
+# refpolicy.SupportMacros and should always be present during parsing
+# though it may not contain any macros.
+spt = None
+success=True
+
+# utilities
+def collect(stmts, parent, val=None):
+ if stmts is None:
+ return
+ for s in stmts:
+ if s is None:
+ continue
+ s.parent = parent
+ if val is not None:
+ parent.children.insert(0, (val, s))
+ else:
+ parent.children.insert(0, s)
+
+def expand(ids, s):
+ for id in ids:
+ if spt.has_key(id):
+ s.update(spt.by_name(id))
+ else:
+ s.add(id)
+
+# Top-level non-terminal
+def p_statements(p):
+ '''statements : statement
+ | statements statement
+ | empty
+ '''
+ if len(p) == 2 and p[1]:
+ m.children.append(p[1])
+ elif len(p) > 2 and p[2]:
+ m.children.append(p[2])
+
+def p_statement(p):
+ '''statement : interface
+ | template
+ | obj_perm_set
+ | policy
+ | policy_module_stmt
+ | module_stmt
+ '''
+ p[0] = p[1]
+
+def p_empty(p):
+ 'empty :'
+ pass
+
+#
+# Reference policy language constructs
+#
+
+# This is for the policy module statement (e.g., policy_module(foo,1.2.0)).
+# We have a separate terminal for either the basic language module statement
+# and interface calls to make it easier to identifier.
+def p_policy_module_stmt(p):
+ 'policy_module_stmt : POLICY_MODULE OPAREN IDENTIFIER COMMA NUMBER CPAREN'
+ m = refpolicy.ModuleDeclaration()
+ m.name = p[3]
+ m.version = p[5]
+ m.refpolicy = True
+ p[0] = m
+
+def p_interface(p):
+ '''interface : INTERFACE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ '''
+ x = refpolicy.Interface(p[4])
+ collect(p[8], x)
+ p[0] = x
+
+def p_template(p):
+ '''template : TEMPLATE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ | DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ '''
+ x = refpolicy.Template(p[4])
+ collect(p[8], x)
+ p[0] = x
+
+def p_define(p):
+ '''define : DEFINE OPAREN TICK IDENTIFIER SQUOTE CPAREN'''
+ # This is for defining single M4 values (to be used later in ifdef statements).
+ # Example: define(`sulogin_no_pam'). We don't currently do anything with these
+ # but we should in the future when we correctly resolve ifdef statements.
+ p[0] = None
+
+def p_interface_stmts(p):
+ '''interface_stmts : policy
+ | interface_stmts policy
+ | empty
+ '''
+ if len(p) == 2 and p[1]:
+ p[0] = p[1]
+ elif len(p) > 2:
+ if not p[1]:
+ if p[2]:
+ p[0] = p[2]
+ elif not p[2]:
+ p[0] = p[1]
+ else:
+ p[0] = p[1] + p[2]
+
+def p_optional_policy(p):
+ '''optional_policy : OPT_POLICY OPAREN TICK interface_stmts SQUOTE CPAREN
+ | OPT_POLICY OPAREN TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ '''
+ o = refpolicy.OptionalPolicy()
+ collect(p[4], o, val=True)
+ if len(p) > 7:
+ collect(p[8], o, val=False)
+ p[0] = [o]
+
+def p_tunable_policy(p):
+ '''tunable_policy : TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ | TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN
+ '''
+ x = refpolicy.TunablePolicy()
+ x.cond_expr = p[4]
+ collect(p[8], x, val=True)
+ if len(p) > 11:
+ collect(p[12], x, val=False)
+ p[0] = [x]
+
+def p_ifelse(p):
+ '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ '''
+# x = refpolicy.IfDef(p[4])
+# v = True
+# collect(p[8], x, val=v)
+# if len(p) > 12:
+# collect(p[12], x, val=False)
+# p[0] = [x]
+ pass
+
+
+def p_ifdef(p):
+ '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
+ '''
+ x = refpolicy.IfDef(p[4])
+ if p[1] == 'ifdef':
+ v = True
+ else:
+ v = False
+ collect(p[8], x, val=v)
+ if len(p) > 12:
+ collect(p[12], x, val=False)
+ p[0] = [x]
+
+def p_interface_call(p):
+ '''interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN
+ | IDENTIFIER OPAREN CPAREN
+ | IDENTIFIER OPAREN interface_call_param_list CPAREN SEMI'''
+ # Allow spurious semi-colons at the end of interface calls
+ i = refpolicy.InterfaceCall(ifname=p[1])
+ if len(p) > 4:
+ i.args.extend(p[3])
+ p[0] = i
+
+def p_interface_call_param(p):
+ '''interface_call_param : IDENTIFIER
+ | IDENTIFIER MINUS IDENTIFIER
+ | nested_id_set
+ | TRUE
+ | FALSE
+ '''
+ # Intentionally let single identifiers pass through
+ # List means set, non-list identifier
+ if len(p) == 2:
+ p[0] = p[1]
+ else:
+ p[0] = [p[1], "-" + p[3]]
+
+def p_interface_call_param_list(p):
+ '''interface_call_param_list : interface_call_param
+ | interface_call_param_list COMMA interface_call_param
+ '''
+ if len(p) == 2:
+ p[0] = [p[1]]
+ else:
+ p[0] = p[1] + [p[3]]
+
+
+def p_obj_perm_set(p):
+ 'obj_perm_set : DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK names SQUOTE CPAREN'
+ s = refpolicy.ObjPermSet(p[4])
+ s.perms = p[8]
+ p[0] = s
+
+#
+# Basic SELinux policy language
+#
+
+def p_policy(p):
+ '''policy : policy_stmt
+ | optional_policy
+ | tunable_policy
+ | ifdef
+ | ifelse
+ | conditional
+ '''
+ p[0] = p[1]
+
+def p_policy_stmt(p):
+ '''policy_stmt : gen_require
+ | avrule_def
+ | typerule_def
+ | typeattribute_def
+ | interface_call
+ | role_def
+ | role_allow
+ | type_def
+ | typealias_def
+ | attribute_def
+ | range_transition_def
+ | role_transition_def
+ | bool
+ | define
+ | initial_sid
+ | genfscon
+ | fs_use
+ | portcon
+ | nodecon
+ | netifcon
+ '''
+ if p[1]:
+ p[0] = [p[1]]
+
+def p_module_stmt(p):
+ 'module_stmt : MODULE IDENTIFIER NUMBER SEMI'
+ m = refpolicy.ModuleDeclaration()
+ m.name = p[2]
+ m.version = p[3]
+ m.refpolicy = False
+ p[0] = m
+
+def p_gen_require(p):
+ '''gen_require : GEN_REQ OPAREN TICK requires SQUOTE CPAREN
+ | REQUIRE OBRACE requires CBRACE'''
+ # We ignore the require statements - they are redundant data from our point-of-view.
+ # Checkmodule will verify them later anyway so we just assume that they match what
+ # is in the rest of the interface.
+ pass
+
+def p_requires(p):
+ '''requires : require
+ | requires require
+ | ifdef
+ | requires ifdef
+ '''
+ pass
+
+def p_require(p):
+ '''require : TYPE comma_list SEMI
+ | ROLE comma_list SEMI
+ | ATTRIBUTE comma_list SEMI
+ | CLASS comma_list SEMI
+ | BOOL comma_list SEMI
+ '''
+ pass
+
+def p_security_context(p):
+ '''security_context : IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER
+ | IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER COLON mls_range_def'''
+ # This will likely need some updates to handle complex levels
+ s = refpolicy.SecurityContext()
+ s.user = p[1]
+ s.role = p[3]
+ s.type = p[5]
+ if len(p) > 6:
+ s.level = p[7]
+
+ p[0] = s
+
+def p_gen_context(p):
+ '''gen_context : GEN_CONTEXT OPAREN security_context COMMA mls_range_def CPAREN
+ '''
+ # We actually store gen_context statements in a SecurityContext
+ # object - it knows how to output either a bare context or a
+ # gen_context statement.
+ s = p[3]
+ s.level = p[5]
+
+ p[0] = s
+
+def p_context(p):
+ '''context : security_context
+ | gen_context
+ '''
+ p[0] = p[1]
+
+def p_initial_sid(p):
+ '''initial_sid : SID IDENTIFIER context'''
+ s = refpolicy.InitialSid()
+ s.name = p[2]
+ s.context = p[3]
+ p[0] = s
+
+def p_genfscon(p):
+ '''genfscon : GENFSCON IDENTIFIER PATH context'''
+
+ g = refpolicy.GenfsCon()
+ g.filesystem = p[2]
+ g.path = p[3]
+ g.context = p[4]
+
+ p[0] = g
+
+def p_fs_use(p):
+ '''fs_use : FS_USE_XATTR IDENTIFIER context SEMI
+ | FS_USE_TASK IDENTIFIER context SEMI
+ | FS_USE_TRANS IDENTIFIER context SEMI
+ '''
+ f = refpolicy.FilesystemUse()
+ if p[1] == "fs_use_xattr":
+ f.type = refpolicy.FilesystemUse.XATTR
+ elif p[1] == "fs_use_task":
+ f.type = refpolicy.FilesystemUse.TASK
+ elif p[1] == "fs_use_trans":
+ f.type = refpolicy.FilesystemUse.TRANS
+
+ f.filesystem = p[2]
+ f.context = p[3]
+
+ p[0] = f
+
+def p_portcon(p):
+ '''portcon : PORTCON IDENTIFIER NUMBER context
+ | PORTCON IDENTIFIER NUMBER MINUS NUMBER context'''
+ c = refpolicy.PortCon()
+ c.port_type = p[2]
+ if len(p) == 5:
+ c.port_number = p[3]
+ c.context = p[4]
+ else:
+ c.port_number = p[3] + "-" + p[4]
+ c.context = p[5]
+
+ p[0] = c
+
+def p_nodecon(p):
+ '''nodecon : NODECON NUMBER NUMBER context
+ | NODECON IPV6_ADDR IPV6_ADDR context
+ '''
+ n = refpolicy.NodeCon()
+ n.start = p[2]
+ n.end = p[3]
+ n.context = p[4]
+
+ p[0] = n
+
+def p_netifcon(p):
+ 'netifcon : NETIFCON IDENTIFIER context context'
+ n = refpolicy.NetifCon()
+ n.interface = p[2]
+ n.interface_context = p[3]
+ n.packet_context = p[4]
+
+ p[0] = n
+
+def p_mls_range_def(p):
+ '''mls_range_def : mls_level_def MINUS mls_level_def
+ | mls_level_def
+ '''
+ p[0] = p[1]
+ if len(p) > 2:
+ p[0] = p[0] + "-" + p[3]
+
+def p_mls_level_def(p):
+ '''mls_level_def : IDENTIFIER COLON comma_list
+ | IDENTIFIER
+ '''
+ p[0] = p[1]
+ if len(p) > 2:
+ p[0] = p[0] + ":" + ",".join(p[3])
+
+def p_type_def(p):
+ '''type_def : TYPE IDENTIFIER COMMA comma_list SEMI
+ | TYPE IDENTIFIER SEMI
+ | TYPE IDENTIFIER ALIAS names SEMI
+ | TYPE IDENTIFIER ALIAS names COMMA comma_list SEMI
+ '''
+ t = refpolicy.Type(p[2])
+ if len(p) == 6:
+ if p[3] == ',':
+ t.attributes.update(p[4])
+ else:
+ t.aliases = p[4]
+ elif len(p) > 4:
+ t.aliases = p[4]
+ if len(p) == 8:
+ t.attributes.update(p[6])
+ p[0] = t
+
+def p_attribute_def(p):
+ 'attribute_def : ATTRIBUTE IDENTIFIER SEMI'
+ a = refpolicy.Attribute(p[2])
+ p[0] = a
+
+def p_typealias_def(p):
+ 'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI'
+ t = refpolicy.TypeAlias()
+ t.type = p[2]
+ t.aliases = p[4]
+ p[0] = t
+
+def p_role_def(p):
+ '''role_def : ROLE IDENTIFIER TYPES comma_list SEMI
+ | ROLE IDENTIFIER SEMI'''
+ r = refpolicy.Role()
+ r.role = p[2]
+ if len(p) > 4:
+ r.types.update(p[4])
+ p[0] = r
+
+def p_role_allow(p):
+ 'role_allow : ALLOW names names SEMI'
+ r = refpolicy.RoleAllow()
+ r.src_roles = p[2]
+ r.tgt_roles = p[3]
+ p[0] = r
+
+def p_avrule_def(p):
+ '''avrule_def : ALLOW names names COLON names names SEMI
+ | DONTAUDIT names names COLON names names SEMI
+ | AUDITALLOW names names COLON names names SEMI
+ | NEVERALLOW names names COLON names names SEMI
+ '''
+ a = refpolicy.AVRule()
+ if p[1] == 'dontaudit':
+ a.rule_type = refpolicy.AVRule.DONTAUDIT
+ elif p[1] == 'auditallow':
+ a.rule_type = refpolicy.AVRule.AUDITALLOW
+ elif p[1] == 'neverallow':
+ a.rule_type = refpolicy.AVRule.NEVERALLOW
+ a.src_types = p[2]
+ a.tgt_types = p[3]
+ a.obj_classes = p[5]
+ a.perms = p[6]
+ p[0] = a
+
+def p_typerule_def(p):
+ '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
+ | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
+ | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
+ '''
+ t = refpolicy.TypeRule()
+ if p[1] == 'type_change':
+ t.rule_type = refpolicy.TypeRule.TYPE_CHANGE
+ elif p[1] == 'type_member':
+ t.rule_type = refpolicy.TypeRule.TYPE_MEMBER
+ t.src_types = p[2]
+ t.tgt_types = p[3]
+ t.obj_classes = p[5]
+ t.dest_type = p[6]
+ p[0] = t
+
+def p_bool(p):
+ '''bool : BOOL IDENTIFIER TRUE SEMI
+ | BOOL IDENTIFIER FALSE SEMI'''
+ b = refpolicy.Bool()
+ b.name = p[2]
+ if p[3] == "true":
+ b.state = True
+ else:
+ b.state = False
+ p[0] = b
+
+def p_conditional(p):
+ ''' conditional : IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE
+ | IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE ELSE OBRACE interface_stmts CBRACE
+ '''
+ c = refpolicy.Conditional()
+ c.cond_expr = p[3]
+ collect(p[6], c, val=True)
+ if len(p) > 8:
+ collect(p[10], c, val=False)
+ p[0] = [c]
+
+def p_typeattribute_def(p):
+ '''typeattribute_def : TYPEATTRIBUTE IDENTIFIER comma_list SEMI'''
+ t = refpolicy.TypeAttribute()
+ t.type = p[2]
+ t.attributes.update(p[3])
+ p[0] = t
+
+def p_range_transition_def(p):
+ '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI
+ | RANGE_TRANSITION names names names SEMI'''
+ pass
+
+def p_role_transition_def(p):
+ '''role_transition_def : ROLE_TRANSITION names names names SEMI'''
+ pass
+
+def p_cond_expr(p):
+ '''cond_expr : IDENTIFIER
+ | EXPL cond_expr
+ | cond_expr AMP AMP cond_expr
+ | cond_expr BAR BAR cond_expr
+ | cond_expr EQUAL EQUAL cond_expr
+ | cond_expr EXPL EQUAL cond_expr
+ '''
+ l = len(p)
+ if l == 2:
+ p[0] = [p[1]]
+ elif l == 3:
+ p[0] = [p[1]] + p[2]
+ else:
+ p[0] = p[1] + [p[2] + p[3]] + p[4]
+
+
+#
+# Basic terminals
+#
+
+# Identifiers and lists of identifiers. These must
+# be handled somewhat gracefully. Names returns an IdSet and care must
+# be taken that this is _assigned_ to an object to correctly update
+# all of the flags (as opposed to using update). The other terminals
+# return list - this is to preserve ordering if it is important for
+# parsing (for example, interface_call must retain the ordering). Other
+# times the list should be used to update an IdSet.
+
+def p_names(p):
+ '''names : identifier
+ | nested_id_set
+ | asterisk
+ | TILDE identifier
+ | TILDE nested_id_set
+ | IDENTIFIER MINUS IDENTIFIER
+ '''
+ s = refpolicy.IdSet()
+ if len(p) < 3:
+ expand(p[1], s)
+ elif len(p) == 3:
+ expand(p[2], s)
+ s.compliment = True
+ else:
+ expand([p[1]])
+ s.add("-" + p[3])
+ p[0] = s
+
+def p_identifier(p):
+ 'identifier : IDENTIFIER'
+ p[0] = [p[1]]
+
+def p_asterisk(p):
+ 'asterisk : ASTERISK'
+ p[0] = [p[1]]
+
+def p_nested_id_set(p):
+ '''nested_id_set : OBRACE nested_id_list CBRACE
+ '''
+ p[0] = p[2]
+
+def p_nested_id_list(p):
+ '''nested_id_list : nested_id_element
+ | nested_id_list nested_id_element
+ '''
+ if len(p) == 2:
+ p[0] = p[1]
+ else:
+ p[0] = p[1] + p[2]
+
+def p_nested_id_element(p):
+ '''nested_id_element : identifier
+ | MINUS IDENTIFIER
+ | nested_id_set
+ '''
+ if len(p) == 2:
+ p[0] = p[1]
+ else:
+ # For now just leave the '-'
+ str = "-" + p[2]
+ p[0] = [str]
+
+def p_comma_list(p):
+ '''comma_list : nested_id_list
+ | comma_list COMMA nested_id_list
+ '''
+ if len(p) > 2:
+ p[1] = p[1] + p[3]
+ p[0] = p[1]
+
+def p_optional_semi(p):
+ '''optional_semi : SEMI
+ | empty'''
+ pass
+
+
+#
+# Interface to the parser
+#
+
+def p_error(tok):
+ global error
+ global parse_file
+ global success
+ error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type)
+ print error
+ success = False
+
+def prep_spt(spt):
+ if not spt:
+ return { }
+ map = {}
+ for x in spt:
+ map[x.name] = x
+
+parser = None
+lexer = None
+def create_globals(module, support, debug):
+ global parser, lexer, m, spt
+ if not parser:
+ lexer = lex.lex()
+ parser = yacc.yacc(method="LALR", debug=debug, write_tables=0)
+
+ if module is not None:
+ m = module
+ else:
+ m = refpolicy.Module()
+
+ if not support:
+ spt = refpolicy.SupportMacros()
+ else:
+ spt = support
+
+def parse(text, module=None, support=None, debug=False):
+ create_globals(module, support, debug)
+ lexer.lexdata = []
+ lexer.lexpos = 0
+ lexer.lineno = 1
+
+ try:
+ parser.parse(text, debug=debug)
+ except Exception, e:
+ global error
+ error = "internal parser error: %s" % str(e) + "\n" + traceback.format_exc()
+
+ if error is not None:
+ msg = 'could not parse text: "%s"' % error
+ raise ValueError(msg)
+ return m
+
+def list_headers(root):
+ modules = []
+ support_macros = None
+ blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
+
+ for dirpath, dirnames, filenames in os.walk(root):
+ for name in filenames:
+ # FIXME: these make the parser barf in various unrecoverable ways, so we must skip
+ # them.
+ if name in blacklist:
+ continue
+
+ modname = os.path.splitext(name)
+ filename = os.path.join(dirpath, name)
+
+ if modname[1] == '.spt':
+ if name == "obj_perm_sets.spt":
+ support_macros = filename
+ elif len(re.findall("patterns", modname[0])):
+ modules.append((modname[0], filename))
+ elif modname[1] == '.if':
+ modules.append((modname[0], filename))
+
+ return (modules, support_macros)
+
+
+def parse_headers(root, output=None, expand=True, debug=False):
+ import util
+
+ headers = refpolicy.Headers()
+
+ modules = []
+ support_macros = None
+
+ if os.path.isfile(root):
+ name = os.path.split(root)[1]
+ if name == '':
+ raise ValueError("Invalid file name %s" % root)
+ modname = os.path.splitext(name)
+ modules.append((modname[0], root))
+ all_modules, support_macros = list_headers(defaults.headers())
+ else:
+ modules, support_macros = list_headers(root)
+
+ if expand and not support_macros:
+ raise ValueError("could not find support macros (obj_perm_sets.spt)")
+
+ def o(msg):
+ if output:
+ output.write(msg)
+
+ def parse_file(f, module, spt=None):
+ global parse_file
+ if debug:
+ o("parsing file %s\n" % f)
+ try:
+ fd = open(f)
+ txt = fd.read()
+ fd.close()
+ parse_file = f
+ parse(txt, module, spt, debug)
+ except IOError, e:
+ return
+ except ValueError, e:
+ raise ValueError("error parsing file %s: %s" % (f, str(e)))
+
+ spt = None
+ if support_macros:
+ o("Parsing support macros (%s): " % support_macros)
+ spt = refpolicy.SupportMacros()
+ parse_file(support_macros, spt)
+
+ headers.children.append(spt)
+
+ # FIXME: Total hack - add in can_exec rather than parse the insanity
+ # of misc_macros. We are just going to pretend that this is an interface
+ # to make the expansion work correctly.
+ can_exec = refpolicy.Interface("can_exec")
+ av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
+ "getattr","lock","execute","ioctl"])
+
+ can_exec.children.append(refpolicy.AVRule(av))
+ headers.children.append(can_exec)
+
+ o("done.\n")
+
+ if output and not debug:
+ status = util.ConsoleProgressBar(sys.stdout, steps=len(modules))
+ status.start("Parsing interface files")
+
+ failures = []
+ for x in modules:
+ m = refpolicy.Module()
+ m.name = x[0]
+ try:
+ if expand:
+ parse_file(x[1], m, spt)
+ else:
+ parse_file(x[1], m)
+ except ValueError, e:
+ o(str(e) + "\n")
+ failures.append(x[1])
+ continue
+
+ headers.children.append(m)
+ if output and not debug:
+ status.step()
+
+ if len(failures):
+ o("failed to parse some headers: %s" % ", ".join(failures))
+
+ return headers
diff --git a/sepolgen/src/sepolgen/refpolicy.py b/sepolgen/src/sepolgen/refpolicy.py
new file mode 100644
index 0000000..724b870
--- /dev/null
+++ b/sepolgen/src/sepolgen/refpolicy.py
@@ -0,0 +1,840 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import string
+import itertools
+import selinux
+
+# OVERVIEW
+#
+# This file contains objects and functions used to represent the reference
+# policy (including the headers, M4 macros, and policy language statements).
+#
+# This representation is very different from the semantic representation
+# used in libsepol. Instead, it is a more typical abstract representation
+# used by the first stage of compilers. It is basically a parse tree.
+#
+# This choice is intentional as it allows us to handle the unprocessed
+# M4 statements - including the $1 style arguments - and to more easily generate
+# the data structures that we need for policy generation.
+#
+
+# Constans for referring to fields
+SRC_TYPE = 0
+TGT_TYPE = 1
+OBJ_CLASS = 2
+PERMS = 3
+ROLE = 4
+DEST_TYPE = 5
+
+# String represenations of the above constants
+field_to_str = ["source", "target", "object", "permission", "role", "destination" ]
+str_to_field = { "source" : SRC_TYPE, "target" : TGT_TYPE, "object" : OBJ_CLASS,
+ "permission" : PERMS, "role" : ROLE, "destination" : DEST_TYPE }
+
+# Base Classes
+
+class PolicyBase:
+ def __init__(self, parent=None):
+ self.parent = None
+ self.comment = None
+
+class Node(PolicyBase):
+ """Base class objects produced from parsing the reference policy.
+
+ The Node class is used as the base class for any non-leaf
+ object produced by parsing the reference policy. This object
+ should contain a reference to its parent (or None for a top-level
+ object) and 0 or more children.
+
+ The general idea here is to have a very simple tree structure. Children
+ are not separated out by type. Instead the tree structure represents
+ fairly closely the real structure of the policy statements.
+
+ The object should be iterable - by default over all children but
+ subclasses are free to provide additional iterators over a subset
+ of their childre (see Interface for example).
+ """
+
+ def __init__(self, parent=None):
+ PolicyBase.__init__(self, parent)
+ self.children = []
+
+ def __iter__(self):
+ return iter(self.children)
+
+ # Not all of the iterators will return something on all Nodes, but
+ # they won't explode either. Putting them here is just easier.
+
+ # Top level nodes
+
+ def nodes(self):
+ return itertools.ifilter(lambda x: isinstance(x, Node), walktree(self))
+
+ def modules(self):
+ return itertools.ifilter(lambda x: isinstance(x, Module), walktree(self))
+
+ def interfaces(self):
+ return itertools.ifilter(lambda x: isinstance(x, Interface), walktree(self))
+
+ def templates(self):
+ return itertools.ifilter(lambda x: isinstance(x, Template), walktree(self))
+
+ def support_macros(self):
+ return itertools.ifilter(lambda x: isinstance(x, SupportMacros), walktree(self))
+
+ # Common policy statements
+
+ def module_declarations(self):
+ return itertools.ifilter(lambda x: isinstance(x, ModuleDeclaration), walktree(self))
+
+ def interface_calls(self):
+ return itertools.ifilter(lambda x: isinstance(x, InterfaceCall), walktree(self))
+
+ def avrules(self):
+ return itertools.ifilter(lambda x: isinstance(x, AVRule), walktree(self))
+
+ def typerules(self):
+ return itertools.ifilter(lambda x: isinstance(x, TypeRule), walktree(self))
+
+ def typeattributes(self):
+ """Iterate over all of the TypeAttribute children of this Interface."""
+ return itertools.ifilter(lambda x: isinstance(x, TypeAttribute), walktree(self))
+
+ def requires(self):
+ return itertools.ifilter(lambda x: isinstance(x, Require), walktree(self))
+
+ def roles(self):
+ return itertools.ifilter(lambda x: isinstance(x, Role), walktree(self))
+
+ def role_allows(self):
+ return itertools.ifilter(lambda x: isinstance(x, RoleAllow), walktree(self))
+
+ def role_types(self):
+ return itertools.ifilter(lambda x: isinstance(x, RoleType), walktree(self))
+
+ def __str__(self):
+ if self.comment:
+ return str(self.comment) + "\n" + self.to_string()
+ else:
+ return self.to_string()
+
+ def __repr__(self):
+ return "<%s(%s)>" % (self.__class__.__name__, self.to_string())
+
+ def to_string(self):
+ return ""
+
+
+class Leaf(PolicyBase):
+ def __init__(self, parent=None):
+ PolicyBase.__init__(self, parent)
+
+ def __str__(self):
+ if self.comment:
+ return str(self.comment) + "\n" + self.to_string()
+ else:
+ return self.to_string()
+
+ def __repr__(self):
+ return "<%s(%s)>" % (self.__class__.__name__, self.to_string())
+
+ def to_string(self):
+ return ""
+
+
+
+# Utility functions
+
+def walktree(node, depthfirst=True, showdepth=False, type=None):
+ """Iterate over a Node and its Children.
+
+ The walktree function iterates over a tree containing Nodes and
+ leaf objects. The iteration can perform a depth first or a breadth
+ first traversal of the tree (controlled by the depthfirst
+ paramater. The passed in node will be returned.
+
+ This function will only work correctly for trees - arbitrary graphs
+ will likely cause infinite looping.
+ """
+ # We control depth first / versus breadth first by
+ # how we pop items off of the node stack.
+ if depthfirst:
+ index = -1
+ else:
+ index = 0
+
+ stack = [(node, 0)]
+ while len(stack) > 0:
+ cur, depth = stack.pop(index)
+ if showdepth:
+ yield cur, depth
+ else:
+ yield cur
+
+ # If the node is not a Node instance it must
+ # be a leaf - so no need to add it to the stack
+ if isinstance(cur, Node):
+ items = []
+ i = len(cur.children) - 1
+ while i >= 0:
+ if type is None or isinstance(cur.children[i], type):
+ items.append((cur.children[i], depth + 1))
+ i -= 1
+
+ stack.extend(items)
+
+def walknode(node, type=None):
+ """Iterate over the direct children of a Node.
+
+ The walktree function iterates over the children of a Node.
+ Unlike walktree it does note return the passed in node or
+ the children of any Node objects (that is, it does not go
+ beyond the current level in the tree).
+ """
+ for x in node:
+ if type is None or isinstance(x, type):
+ yield x
+
+
+def list_to_space_str(s, cont=('{', '}')):
+ """Convert a set (or any sequence type) into a string representation
+ formatted to match SELinux space separated list conventions.
+
+ For example the list ['read', 'write'] would be converted into:
+ '{ read write }'
+ """
+ l = len(s)
+ str = ""
+ if l < 1:
+ raise ValueError("cannot convert 0 len set to string")
+ str = " ".join(s)
+ if l == 1:
+ return str
+ else:
+ return cont[0] + " " + str + " " + cont[1]
+
+def list_to_comma_str(s):
+ l = len(s)
+ if l < 1:
+ raise ValueError("cannot conver 0 len set to comma string")
+
+ return ", ".join(s)
+
+# Basic SELinux types
+
+class IdSet(set):
+ def __init__(self, list=None):
+ if list:
+ set.__init__(self, list)
+ else:
+ set.__init__(self)
+ self.compliment = False
+
+ def to_space_str(self):
+ return list_to_space_str(self)
+
+ def to_comma_str(self):
+ return list_to_comma_str(self)
+
+class SecurityContext(Leaf):
+ """An SELinux security context with optional MCS / MLS fields."""
+ def __init__(self, context=None, parent=None):
+ """Create a SecurityContext object, optionally from a string.
+
+ Parameters:
+ [context] - string representing a security context. Same format
+ as a string passed to the from_string method.
+ """
+ Leaf.__init__(self, parent)
+ self.user = ""
+ self.role = ""
+ self.type = ""
+ self.level = None
+ if context is not None:
+ self.from_string(context)
+
+ def from_string(self, context):
+ """Parse a string representing a context into a SecurityContext.
+
+ The string should be in the standard format - e.g.,
+ 'user:role:type:level'.
+
+ Raises ValueError if the string is not parsable as a security context.
+ """
+ fields = context.split(":")
+ if len(fields) < 3:
+ raise ValueError("context string [%s] not in a valid format" % context)
+
+ self.user = fields[0]
+ self.role = fields[1]
+ self.type = fields[2]
+ if len(fields) > 3:
+ # FUTURE - normalize level fields to allow more comparisons to succeed.
+ self.level = string.join(fields[3:], ':')
+ else:
+ self.level = None
+
+ def __eq__(self, other):
+ """Compare two SecurityContext objects - all fields must be exactly the
+ the same for the comparison to work. It is possible for the level fields
+ to be semantically the same yet syntactically different - in this case
+ this function will return false.
+ """
+ return self.user == other.user and \
+ self.role == other.role and \
+ self.type == other.type and \
+ self.level == other.level
+
+ def to_string(self, default_level=None):
+ """Return a string representing this security context.
+
+ By default, the string will contiain a MCS / MLS level
+ potentially from the default which is passed in if none was
+ set.
+
+ Arguments:
+ default_level - the default level to use if self.level is an
+ empty string.
+
+ Returns:
+ A string represening the security context in the form
+ 'user:role:type:level'.
+ """
+ fields = [self.user, self.role, self.type]
+ if self.level is None:
+ if default_level is None:
+ if selinux.is_selinux_mls_enabled() == 1:
+ fields.append("s0")
+ else:
+ fields.append(default_level)
+ else:
+ fields.append(self.level)
+ return ":".join(fields)
+
+class ObjectClass(Leaf):
+ """SELinux object class and permissions.
+
+ This class is a basic representation of an SELinux object
+ class - it does not represent separate common permissions -
+ just the union of the common and class specific permissions.
+ It is meant to be convenient for policy generation.
+ """
+ def __init__(self, name="", parent=None):
+ Leaf.__init__(self, parent)
+ self.name = name
+ self.perms = IdSet()
+
+# Basic statements
+
+class TypeAttribute(Leaf):
+ """SElinux typeattribute statement.
+
+ This class represents a typeattribute statement.
+ """
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.type = ""
+ self.attributes = IdSet()
+
+ def to_string(self):
+ return "typeattribute %s %s;" % (self.type, self.attributes.to_comma_str())
+
+class Role(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.role = ""
+ self.types = IdSet()
+
+ def to_string(self):
+ return "role %s types %s;" % (self.role, self.types.to_comma_str())
+
+class Type(Leaf):
+ def __init__(self, name="", parent=None):
+ Leaf.__init__(self, parent)
+ self.name = name
+ self.attributes = IdSet()
+ self.aliases = IdSet()
+
+ def to_string(self):
+ s = "type %s" % self.name
+ if len(self.aliases) > 0:
+ s = s + "alias %s" % self.aliases.to_space_str()
+ if len(self.attributes) > 0:
+ s = s + ", %s" % self.attributes.to_comma_str()
+ return s + ";"
+
+class TypeAlias(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.type = ""
+ self.aliases = IdSet()
+
+ def to_string(self):
+ return "typealias %s alias %s;" % (self.type, self.aliases.to_space_str())
+
+class Attribute(Leaf):
+ def __init__(self, name="", parent=None):
+ Leaf.__init__(self, parent)
+ self.name = name
+
+ def to_string(self):
+ return "attribute %s;" % self.name
+
+# Classes representing rules
+
+class AVRule(Leaf):
+ """SELinux access vector (AV) rule.
+
+ The AVRule class represents all varieties of AV rules including
+ allow, dontaudit, and auditallow (indicated by the flags self.ALLOW,
+ self.DONTAUDIT, and self.AUDITALLOW respectively).
+
+ The source and target types, object classes, and perms are all represented
+ by sets containing strings. Sets are used to make it simple to add
+ strings repeatedly while avoiding duplicates.
+
+ No checking is done to make certain that the symbols are valid or
+ consistent (e.g., perms that don't match the object classes). It is
+ even possible to put invalid types like '$1' into the rules to allow
+ storage of the reference policy interfaces.
+ """
+ ALLOW = 0
+ DONTAUDIT = 1
+ AUDITALLOW = 2
+ NEVERALLOW = 3
+
+ def __init__(self, av=None, parent=None):
+ Leaf.__init__(self, parent)
+ self.src_types = IdSet()
+ self.tgt_types = IdSet()
+ self.obj_classes = IdSet()
+ self.perms = IdSet()
+ self.rule_type = self.ALLOW
+ if av:
+ self.from_av(av)
+
+ def __rule_type_str(self):
+ if self.rule_type == self.ALLOW:
+ return "allow"
+ elif self.rule_type == self.DONTAUDIT:
+ return "dontaudit"
+ else:
+ return "auditallow"
+
+ def from_av(self, av):
+ """Add the access from an access vector to this allow
+ rule.
+ """
+ self.src_types.add(av.src_type)
+ if av.src_type == av.tgt_type:
+ self.tgt_types.add("self")
+ else:
+ self.tgt_types.add(av.tgt_type)
+ self.obj_classes.add(av.obj_class)
+ self.perms.update(av.perms)
+
+ def to_string(self):
+ """Return a string representation of the rule
+ that is a valid policy language representation (assuming
+ that the types, object class, etc. are valie).
+ """
+ return "%s %s %s:%s %s;" % (self.__rule_type_str(),
+ self.src_types.to_space_str(),
+ self.tgt_types.to_space_str(),
+ self.obj_classes.to_space_str(),
+ self.perms.to_space_str())
+class TypeRule(Leaf):
+ """SELinux type rules.
+
+ This class is very similar to the AVRule class, but is for representing
+ the type rules (type_trans, type_change, and type_member). The major
+ difference is the lack of perms and only and sing destination type.
+ """
+ TYPE_TRANSITION = 0
+ TYPE_CHANGE = 1
+ TYPE_MEMBER = 2
+
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.src_types = IdSet()
+ self.tgt_types = IdSet()
+ self.obj_classes = IdSet()
+ self.dest_type = ""
+ self.rule_type = self.TYPE_TRANSITION
+
+ def __rule_type_str(self):
+ if self.rule_type == self.TYPE_TRANSITION:
+ return "type_transition"
+ elif self.rule_type == self.TYPE_CHANGE:
+ return "type_change"
+ else:
+ return "type_member"
+
+ def to_string(self):
+ return "%s %s %s:%s %s;" % (self.__rule_type_str(),
+ self.src_types.to_space_str(),
+ self.tgt_types.to_space_str(),
+ self.obj_classes.to_space_str(),
+ self.dest_type)
+
+class RoleAllow(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.src_roles = IdSet()
+ self.tgt_roles = IdSet()
+
+ def to_string(self):
+ return "allow %s %s;" % (self.src_roles.to_comma_str(),
+ self.tgt_roles.to_comma_str())
+
+class RoleType(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.role = ""
+ self.types = IdSet()
+
+ def to_string(self):
+ return "role %s types %s;" % (self.role, self.types.to_comma_str())
+
+class ModuleDeclaration(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.name = ""
+ self.version = ""
+ self.refpolicy = False
+
+ def to_string(self):
+ if self.refpolicy:
+ return "policy_module(%s, %s)" % (self.name, self.version)
+ else:
+ return "module %s %s;" % (self.name, self.version)
+
+class Conditional(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+ self.cond_expr = []
+
+ def to_string(self):
+ return "[If %s]" % list_to_space_str(self.cond_expr, cont=("", ""))
+
+class Bool(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.name = ""
+ self.state = False
+
+ def to_string(self):
+ s = "bool %s " % self.name
+ if s.state:
+ return s + "true"
+ else:
+ return s + "false"
+
+class InitialSid(Leaf):
+ def __init(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.name = ""
+ self.context = None
+
+ def to_string(self):
+ return "sid %s %s" % (self.name, str(self.context))
+
+class GenfsCon(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.filesystem = ""
+ self.path = ""
+ self.context = None
+
+ def to_string(self):
+ return "genfscon %s %s %s" % (self.filesystem, self.path, str(self.context))
+
+class FilesystemUse(Leaf):
+ XATTR = 1
+ TRANS = 2
+ TASK = 3
+
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.type = self.XATTR
+ self.filesystem = ""
+ self.context = None
+
+ def to_string(self):
+ s = ""
+ if self.type == XATTR:
+ s = "fs_use_xattr "
+ elif self.type == TRANS:
+ s = "fs_use_trans "
+ elif self.type == TASK:
+ s = "fs_use_task "
+
+ return "%s %s %s;" % (s, self.filesystem, str(self.context))
+
+class PortCon(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.port_type = ""
+ self.port_number = ""
+ self.context = None
+
+ def to_string(self):
+ return "portcon %s %s %s" % (self.port_type, self.port_number, str(self.context))
+
+class NodeCon(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.start = ""
+ self.end = ""
+ self.context = None
+
+ def to_string(self):
+ return "nodecon %s %s %s" % (self.start, self.end, str(self.context))
+
+class NetifCon(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.interface = ""
+ self.interface_context = None
+ self.packet_context = None
+
+ def to_string(self):
+ return "netifcon %s %s %s" % (self.interface, str(self.interface_context),
+ str(self.packet_context))
+
+# Reference policy specific types
+
+def print_tree(head):
+ for node, depth in walktree(head, showdepth=True):
+ s = ""
+ for i in range(depth):
+ s = s + "\t"
+ print s + str(node)
+
+
+class Headers(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+
+ def to_string(self):
+ return "[Headers]"
+
+
+class Module(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+
+ def to_string(self):
+ return ""
+
+class Interface(Node):
+ """A reference policy interface definition.
+
+ This class represents a reference policy interface definition.
+ """
+ def __init__(self, name="", parent=None):
+ Node.__init__(self, parent)
+ self.name = name
+
+ def to_string(self):
+ return "[Interface name: %s]" % self.name
+
+class TunablePolicy(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+ self.cond_expr = []
+
+ def to_string(self):
+ return "[Tunable Policy %s]" % list_to_space_str(self.cond_expr, cont=("", ""))
+
+class Template(Node):
+ def __init__(self, name="", parent=None):
+ Node.__init__(self, parent)
+ self.name = name
+
+ def to_string(self):
+ return "[Template name: %s]" % self.name
+
+class IfDef(Node):
+ def __init__(self, name="", parent=None):
+ Node.__init__(self, parent)
+ self.name = name
+
+ def to_string(self):
+ return "[Ifdef name: %s]" % self.name
+
+class InterfaceCall(Leaf):
+ def __init__(self, ifname="", parent=None):
+ Leaf.__init__(self, parent)
+ self.ifname = ifname
+ self.args = []
+ self.comments = []
+
+ def matches(self, other):
+ if self.ifname != other.ifname:
+ return False
+ if len(self.args) != len(other.args):
+ return False
+ for a,b in zip(self.args, other.args):
+ if a != b:
+ return False
+ return True
+
+ def to_string(self):
+ s = "%s(" % self.ifname
+ i = 0
+ for a in self.args:
+ if isinstance(a, list):
+ str = list_to_space_str(a)
+ else:
+ str = a
+
+ if i != 0:
+ s = s + ", %s" % str
+ else:
+ s = s + str
+ i += 1
+ return s + ")"
+
+class OptionalPolicy(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+
+ def to_string(self):
+ return "[Optional Policy]"
+
+class SupportMacros(Node):
+ def __init__(self, parent=None):
+ Node.__init__(self, parent)
+ self.map = None
+
+ def to_string(self):
+ return "[Support Macros]"
+
+ def __expand_perm(self, perm):
+ # Recursive expansion - the assumption is that these
+ # are ordered correctly so that no macro is used before
+ # it is defined
+ s = set()
+ if self.map.has_key(perm):
+ for p in self.by_name(perm):
+ s.update(self.__expand_perm(p))
+ else:
+ s.add(perm)
+ return s
+
+ def __gen_map(self):
+ self.map = {}
+ for x in self:
+ exp_perms = set()
+ for perm in x.perms:
+ exp_perms.update(self.__expand_perm(perm))
+ self.map[x.name] = exp_perms
+
+ def by_name(self, name):
+ if not self.map:
+ self.__gen_map()
+ return self.map[name]
+
+ def has_key(self, name):
+ if not self.map:
+ self.__gen_map()
+ return self.map.has_key(name)
+
+class Require(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.types = IdSet()
+ self.obj_classes = { }
+ self.roles = IdSet()
+ self.bools = IdSet()
+ self.users = IdSet()
+
+ def add_obj_class(self, obj_class, perms):
+ p = self.obj_classes.setdefault(obj_class, IdSet())
+ p.update(perms)
+
+
+ def to_string(self):
+ s = []
+ s.append("require {")
+ for type in self.types:
+ s.append("\ttype %s;" % type)
+ for obj_class, perms in self.obj_classes.items():
+ s.append("\tclass %s %s;" % (obj_class, perms.to_space_str()))
+ for role in self.roles:
+ s.append("\trole %s;" % role)
+ for bool in self.bools:
+ s.append("\tbool %s;" % bool)
+ for user in self.users:
+ s.append("\tuser %s;" % user)
+ s.append("}")
+
+ # Handle empty requires
+ if len(s) == 2:
+ return ""
+
+ return "\n".join(s)
+
+
+class ObjPermSet:
+ def __init__(self, name):
+ self.name = name
+ self.perms = set()
+
+ def to_string(self):
+ return "define(`%s', `%s')" % (self.name, self.perms.to_space_str())
+
+class ClassMap:
+ def __init__(self, obj_class, perms):
+ self.obj_class = obj_class
+ self.perms = perms
+
+ def to_string(self):
+ return self.obj_class + ": " + self.perms
+
+class Comment:
+ def __init__(self, l=None):
+ if l:
+ self.lines = l
+ else:
+ self.lines = []
+
+ def to_string(self):
+ # If there are no lines, treat this as a spacer between
+ # policy statements and return a new line.
+ if len(self.lines) == 0:
+ return ""
+ else:
+ out = []
+ for line in self.lines:
+ out.append("#" + line)
+ return "\n".join(out)
+
+ def merge(self, other):
+ if len(other.lines):
+ for line in other.lines:
+ if line != "":
+ self.lines.append(line)
+
+ def __str__(self):
+ return self.to_string()
+
+
diff --git a/sepolgen/src/sepolgen/sepolgeni18n.py b/sepolgen/src/sepolgen/sepolgeni18n.py
new file mode 100644
index 0000000..998c435
--- /dev/null
+++ b/sepolgen/src/sepolgen/sepolgeni18n.py
@@ -0,0 +1,26 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+try:
+ import gettext
+ t = gettext.translation( 'yumex' )
+ _ = t.gettext
+except:
+ def _(str):
+ return str
diff --git a/sepolgen/src/sepolgen/util.py b/sepolgen/src/sepolgen/util.py
new file mode 100644
index 0000000..74a11f5
--- /dev/null
+++ b/sepolgen/src/sepolgen/util.py
@@ -0,0 +1,87 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+class ConsoleProgressBar:
+ def __init__(self, out, steps=100, indicator='#'):
+ self.blocks = 0
+ self.current = 0
+ self.steps = steps
+ self.indicator = indicator
+ self.out = out
+ self.done = False
+
+ def start(self, message=None):
+ self.done = False
+ if message:
+ self.out.write('\n%s:\n' % message)
+ self.out.write('%--10---20---30---40---50---60---70---80---90--100\n')
+
+ def step(self, n=1):
+ self.current += n
+
+ old = self.blocks
+ self.blocks = int(round(self.current / float(self.steps) * 100) / 2)
+
+ if self.blocks > 50:
+ self.blocks = 50
+
+ new = self.blocks - old
+
+ self.out.write(self.indicator * new)
+ self.out.flush()
+
+ if self.blocks == 50 and not self.done:
+ self.done = True
+ self.out.write("\n")
+
+def set_to_list(s):
+ l = []
+ l.extend(s)
+ return l
+
+def first(s, sorted=False):
+ """
+ Return the first element of a set.
+
+ It sometimes useful to return the first element from a set but,
+ because sets are not indexable, this is rather hard. This function
+ will return the first element from a set. If sorted is True, then
+ the set will first be sorted (making this an expensive operation).
+ Otherwise a random element will be returned (as sets are not ordered).
+ """
+ if not len(s):
+ raise IndexError("empty containter")
+
+ if sorted:
+ l = set_to_list(s)
+ l.sort()
+ return l[0]
+ else:
+ for x in s:
+ return x
+
+if __name__ == "__main__":
+ import sys
+ import time
+ p = ConsoleProgressBar(sys.stdout, steps=999)
+ p.start("computing pi")
+ for i in range(999):
+ p.step()
+ time.sleep(0.001)
+
diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
new file mode 100644
index 0000000..caf98af
--- /dev/null
+++ b/sepolgen/src/sepolgen/yacc.py
@@ -0,0 +1,2209 @@
+#-----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Author(s): David M. Beazley (dave@dabeaz.com)
+#
+# Copyright (C) 2001-2006, David M. Beazley
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# See the file COPYING for a complete copy of the LGPL.
+#
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammer is specified by supplying the BNF inside
+# Python documentation strings. The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system. PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist). However, most of the variables used during table
+# construction are defined in terms of global variables. Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing. LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book). LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style." Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+__version__ = "2.2"
+
+#-----------------------------------------------------------------------------
+# === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug = 1 # Debugging mode. If set, yacc generates a
+ # a 'parser.out' file in the current directory
+
+debug_file = 'parser.out' # Default name of the debugging file
+tab_module = 'parsetab' # Default name of the table module
+default_lr = 'LALR' # Default LR table generation method
+
+error_count = 3 # Number of symbols that must be shifted to leave recovery mode
+
+import re, types, sys, cStringIO, md5, os.path
+
+# Exception raised for yacc-related errors
+class YaccError(Exception): pass
+
+#-----------------------------------------------------------------------------
+# === LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself. These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+# .type = Grammar symbol type
+# .value = Symbol value
+# .lineno = Starting line number
+# .endlineno = Ending line number (optional, set automatically)
+# .lexpos = Starting lex position
+# .endlexpos = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+ def __str__(self): return self.type
+ def __repr__(self): return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule. Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined). The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol. The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+ def __init__(self,s,stack=None):
+ self.slice = s
+ self.pbstack = []
+ self.stack = stack
+
+ def __getitem__(self,n):
+ if type(n) == types.IntType:
+ if n >= 0: return self.slice[n].value
+ else: return self.stack[n].value
+ else:
+ return [s.value for s in self.slice[n.start:n.stop:n.step]]
+
+ def __setitem__(self,n,v):
+ self.slice[n].value = v
+
+ def __len__(self):
+ return len(self.slice)
+
+ def lineno(self,n):
+ return getattr(self.slice[n],"lineno",0)
+
+ def linespan(self,n):
+ startline = getattr(self.slice[n],"lineno",0)
+ endline = getattr(self.slice[n],"endlineno",startline)
+ return startline,endline
+
+ def lexpos(self,n):
+ return getattr(self.slice[n],"lexpos",0)
+
+ def lexspan(self,n):
+ startpos = getattr(self.slice[n],"lexpos",0)
+ endpos = getattr(self.slice[n],"endlexpos",startpos)
+ return startpos,endpos
+
+ def pushback(self,n):
+ if n <= 0:
+ raise ValueError, "Expected a positive value"
+ if n > (len(self.slice)-1):
+ raise ValueError, "Can't push %d tokens. Only %d are available." % (n,len(self.slice)-1)
+ for i in range(0,n):
+ self.pbstack.append(self.slice[-i-1])
+
+# The LR Parsing engine. This is defined as a class so that multiple parsers
+# can exist in the same process. A user never instantiates this directly.
+# Instead, the global yacc() function should be used to create a suitable Parser
+# object.
+
+class Parser:
+ def __init__(self,magic=None):
+
+ # This is a hack to keep users from trying to instantiate a Parser
+ # object directly.
+
+ if magic != "xyzzy":
+ raise YaccError, "Can't instantiate Parser. Use yacc() instead."
+
+ # Reset internal state
+ self.productions = None # List of productions
+ self.errorfunc = None # Error handling function
+ self.action = { } # LR Action table
+ self.goto = { } # LR goto table
+ self.require = { } # Attribute require table
+ self.method = "Unknown LR" # Table construction method used
+
+ def errok(self):
+ self.errorcount = 0
+
+ def restart(self):
+ del self.statestack[:]
+ del self.symstack[:]
+ sym = YaccSymbol()
+ sym.type = '$end'
+ self.symstack.append(sym)
+ self.statestack.append(0)
+
+ def parse(self,input=None,lexer=None,debug=0):
+ lookahead = None # Current lookahead symbol
+ lookaheadstack = [ ] # Stack of lookahead symbols
+ actions = self.action # Local reference to action table
+ goto = self.goto # Local reference to goto table
+ prod = self.productions # Local reference to production list
+ pslice = YaccProduction(None) # Production object passed to grammar rules
+ pslice.parser = self # Parser object
+ self.errorcount = 0 # Used during error recovery
+
+ # If no lexer was given, we will try to use the lex module
+ if not lexer:
+ import lex
+ lexer = lex.lexer
+
+ pslice.lexer = lexer
+
+ # If input was supplied, pass to lexer
+ if input:
+ lexer.input(input)
+
+ # Tokenize function
+ get_token = lexer.token
+
+ statestack = [ ] # Stack of parsing states
+ self.statestack = statestack
+ symstack = [ ] # Stack of grammar symbols
+ self.symstack = symstack
+
+ pslice.stack = symstack # Put in the production
+ errtoken = None # Err token
+
+ # The start state is assumed to be (0,$end)
+ statestack.append(0)
+ sym = YaccSymbol()
+ sym.type = '$end'
+ symstack.append(sym)
+
+ while 1:
+ # Get the next symbol on the input. If a lookahead symbol
+ # is already set, we just use that. Otherwise, we'll pull
+ # the next token off of the lookaheadstack or from the lexer
+ if debug > 1:
+ print 'state', statestack[-1]
+ if not lookahead:
+ if not lookaheadstack:
+ lookahead = get_token() # Get the next token
+ else:
+ lookahead = lookaheadstack.pop()
+ if not lookahead:
+ lookahead = YaccSymbol()
+ lookahead.type = '$end'
+ if debug:
+ errorlead = ("%s . %s" % (" ".join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip()
+
+ # Check the action table
+ s = statestack[-1]
+ ltype = lookahead.type
+ t = actions.get((s,ltype),None)
+
+ if debug > 1:
+ print 'action', t
+ if t is not None:
+ if t > 0:
+ # shift a symbol on the stack
+ if ltype == '$end':
+ # Error, end of input
+ sys.stderr.write("yacc: Parse error. EOF\n")
+ return
+ statestack.append(t)
+ if debug > 1:
+ sys.stderr.write("%-60s shift state %s\n" % (errorlead, t))
+ symstack.append(lookahead)
+ lookahead = None
+
+ # Decrease error count on successful shift
+ if self.errorcount > 0:
+ self.errorcount -= 1
+
+ continue
+
+ if t < 0:
+ # reduce a symbol on the stack, emit a production
+ p = prod[-t]
+ pname = p.name
+ plen = p.len
+
+ # Get production function
+ sym = YaccSymbol()
+ sym.type = pname # Production name
+ sym.value = None
+ if debug > 1:
+ sys.stderr.write("%-60s reduce %d\n" % (errorlead, -t))
+
+ if plen:
+ targ = symstack[-plen-1:]
+ targ[0] = sym
+ try:
+ sym.lineno = targ[1].lineno
+ sym.endlineno = getattr(targ[-1],"endlineno",targ[-1].lineno)
+ sym.lexpos = targ[1].lexpos
+ sym.endlexpos = getattr(targ[-1],"endlexpos",targ[-1].lexpos)
+ except AttributeError:
+ sym.lineno = 0
+ del symstack[-plen:]
+ del statestack[-plen:]
+ else:
+ sym.lineno = 0
+ targ = [ sym ]
+ pslice.slice = targ
+ pslice.pbstack = []
+ # Call the grammar rule with our special slice object
+ p.func(pslice)
+
+ # If there was a pushback, put that on the stack
+ if pslice.pbstack:
+ lookaheadstack.append(lookahead)
+ for _t in pslice.pbstack:
+ lookaheadstack.append(_t)
+ lookahead = None
+
+ symstack.append(sym)
+ statestack.append(goto[statestack[-1],pname])
+ continue
+
+ if t == 0:
+ n = symstack[-1]
+ return getattr(n,"value",None)
+ sys.stderr.write(errorlead, "\n")
+
+ if t == None:
+ if debug:
+ sys.stderr.write(errorlead + "\n")
+ # We have some kind of parsing error here. To handle
+ # this, we are going to push the current token onto
+ # the tokenstack and replace it with an 'error' token.
+ # If there are any synchronization rules, they may
+ # catch it.
+ #
+ # In addition to pushing the error token, we call call
+ # the user defined p_error() function if this is the
+ # first syntax error. This function is only called if
+ # errorcount == 0.
+ if not self.errorcount:
+ self.errorcount = error_count
+ errtoken = lookahead
+ if errtoken.type == '$end':
+ errtoken = None # End of file!
+ if self.errorfunc:
+ global errok,token,restart
+ errok = self.errok # Set some special functions available in error recovery
+ token = get_token
+ restart = self.restart
+ tok = self.errorfunc(errtoken)
+ del errok, token, restart # Delete special functions
+
+ if not self.errorcount:
+ # User must have done some kind of panic
+ # mode recovery on their own. The
+ # returned token is the next lookahead
+ lookahead = tok
+ errtoken = None
+ continue
+ else:
+ if errtoken:
+ if hasattr(errtoken,"lineno"): lineno = lookahead.lineno
+ else: lineno = 0
+ if lineno:
+ sys.stderr.write("yacc: Syntax error at line %d, token=%s\n" % (lineno, errtoken.type))
+ else:
+ sys.stderr.write("yacc: Syntax error, token=%s" % errtoken.type)
+ else:
+ sys.stderr.write("yacc: Parse error in input. EOF\n")
+ return
+
+ else:
+ self.errorcount = error_count
+
+ # case 1: the statestack only has 1 entry on it. If we're in this state, the
+ # entire parse has been rolled back and we're completely hosed. The token is
+ # discarded and we just keep going.
+
+ if len(statestack) <= 1 and lookahead.type != '$end':
+ lookahead = None
+ errtoken = None
+ # Nuke the pushback stack
+ del lookaheadstack[:]
+ continue
+
+ # case 2: the statestack has a couple of entries on it, but we're
+ # at the end of the file. nuke the top entry and generate an error token
+
+ # Start nuking entries on the stack
+ if lookahead.type == '$end':
+ # Whoa. We're really hosed here. Bail out
+ return
+
+ if lookahead.type != 'error':
+ sym = symstack[-1]
+ if sym.type == 'error':
+ # Hmmm. Error is on top of stack, we'll just nuke input
+ # symbol and continue
+ lookahead = None
+ continue
+ t = YaccSymbol()
+ t.type = 'error'
+ if hasattr(lookahead,"lineno"):
+ t.lineno = lookahead.lineno
+ t.value = lookahead
+ lookaheadstack.append(lookahead)
+ lookahead = t
+ else:
+ symstack.pop()
+ statestack.pop()
+
+ continue
+
+ # Call an error function here
+ raise RuntimeError, "yacc: internal parser error!!!\n"
+
+# -----------------------------------------------------------------------------
+# === Parser Construction ===
+#
+# The following functions and variables are used to implement the yacc() function
+# itself. This is pretty hairy stuff involving lots of error checking,
+# construction of LR items, kernels, and so forth. Although a lot of
+# this work is done using global variables, the resulting Parser object
+# is completely self contained--meaning that it is safe to repeatedly
+# call yacc() with different grammars in the same application.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# validate_file()
+#
+# This function checks to see if there are duplicated p_rulename() functions
+# in the parser module file. Without this function, it is really easy for
+# users to make mistakes by cutting and pasting code fragments (and it's a real
+# bugger to try and figure out why the resulting parser doesn't work). Therefore,
+# we just do a little regular expression pattern matching of def statements
+# to try and detect duplicates.
+# -----------------------------------------------------------------------------
+
+def validate_file(filename):
+ base,ext = os.path.splitext(filename)
+ if ext != '.py': return 1 # No idea. Assume it's okay.
+
+ try:
+ f = open(filename)
+ lines = f.readlines()
+ f.close()
+ except IOError:
+ return 1 # Oh well
+
+ # Match def p_funcname(
+ fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+ counthash = { }
+ linen = 1
+ noerror = 1
+ for l in lines:
+ m = fre.match(l)
+ if m:
+ name = m.group(1)
+ prev = counthash.get(name)
+ if not prev:
+ counthash[name] = linen
+ else:
+ sys.stderr.write("%s:%d: Function %s redefined. Previously defined on line %d\n" % (filename,linen,name,prev))
+ noerror = 0
+ linen += 1
+ return noerror
+
+# This function looks for functions that might be grammar rules, but which don't have the proper p_suffix.
+def validate_dict(d):
+ for n,v in d.items():
+ if n[0:2] == 'p_' and type(v) in (types.FunctionType, types.MethodType): continue
+ if n[0:2] == 't_': continue
+
+ if n[0:2] == 'p_':
+ sys.stderr.write("yacc: Warning. '%s' not defined as a function\n" % n)
+ if 1 and isinstance(v,types.FunctionType) and v.func_code.co_argcount == 1:
+ try:
+ doc = v.__doc__.split(" ")
+ if doc[1] == ':':
+ sys.stderr.write("%s:%d: Warning. Possible grammar rule '%s' defined without p_ prefix.\n" % (v.func_code.co_filename, v.func_code.co_firstlineno,n))
+ except StandardError:
+ pass
+
+# -----------------------------------------------------------------------------
+# === GRAMMAR FUNCTIONS ===
+#
+# The following global variables and functions are used to store, manipulate,
+# and verify the grammar rules specified by the user.
+# -----------------------------------------------------------------------------
+
+# Initialize all of the global variables used during grammar construction
+def initialize_vars():
+ global Productions, Prodnames, Prodmap, Terminals
+ global Nonterminals, First, Follow, Precedence, LRitems
+ global Errorfunc, Signature, Requires
+
+ Productions = [None] # A list of all of the productions. The first
+ # entry is always reserved for the purpose of
+ # building an augmented grammar
+
+ Prodnames = { } # A dictionary mapping the names of nonterminals to a list of all
+ # productions of that nonterminal.
+
+ Prodmap = { } # A dictionary that is only used to detect duplicate
+ # productions.
+
+ Terminals = { } # A dictionary mapping the names of terminal symbols to a
+ # list of the rules where they are used.
+
+ Nonterminals = { } # A dictionary mapping names of nonterminals to a list
+ # of rule numbers where they are used.
+
+ First = { } # A dictionary of precomputed FIRST(x) symbols
+
+ Follow = { } # A dictionary of precomputed FOLLOW(x) symbols
+
+ Precedence = { } # Precedence rules for each terminal. Contains tuples of the
+ # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+ LRitems = [ ] # A list of all LR items for the grammar. These are the
+ # productions with the "dot" like E -> E . PLUS E
+
+ Errorfunc = None # User defined error handler
+
+ Signature = md5.new() # Digital signature of the grammar rules, precedence
+ # and other information. Used to determined when a
+ # parsing table needs to be regenerated.
+
+ Requires = { } # Requires list
+
+ # File objects used when creating the parser.out debugging file
+ global _vf, _vfc
+ _vf = cStringIO.StringIO()
+ _vfc = cStringIO.StringIO()
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# It has a few required attributes:
+#
+# name - Name of the production (nonterminal)
+# prod - A list of symbols making up its production
+# number - Production number.
+#
+# In addition, a few additional attributes are used to help with debugging or
+# optimization of table generation.
+#
+# file - File where production action is defined.
+# lineno - Line number where action is defined
+# func - Action function
+# prec - Precedence level
+# lr_next - Next LR item. Example, if we are ' E -> E . PLUS E'
+# then lr_next refers to 'E -> E PLUS . E'
+# lr_index - LR item index (location of the ".") in the prod list.
+# lookaheads - LALR lookahead symbols for this item
+# len - Length of the production (number of symbols on right hand side)
+# -----------------------------------------------------------------------------
+
+class Production:
+ def __init__(self,**kw):
+ for k,v in kw.items():
+ setattr(self,k,v)
+ self.lr_index = -1
+ self.lr0_added = 0 # Flag indicating whether or not added to LR0 closure
+ self.lr1_added = 0 # Flag indicating whether or not added to LR1
+ self.usyms = [ ]
+ self.lookaheads = { }
+ self.lk_added = { }
+ self.setnumbers = [ ]
+
+ def __str__(self):
+ if self.prod:
+ s = "%s -> %s" % (self.name," ".join(self.prod))
+ else:
+ s = "%s -> <empty>" % self.name
+ return s
+
+ def __repr__(self):
+ return str(self)
+
+ # Compute lr_items from the production
+ def lr_item(self,n):
+ if n > len(self.prod): return None
+ p = Production()
+ p.name = self.name
+ p.prod = list(self.prod)
+ p.number = self.number
+ p.lr_index = n
+ p.lookaheads = { }
+ p.setnumbers = self.setnumbers
+ p.prod.insert(n,".")
+ p.prod = tuple(p.prod)
+ p.len = len(p.prod)
+ p.usyms = self.usyms
+
+ # Precompute list of productions immediately following
+ try:
+ p.lrafter = Prodnames[p.prod[n+1]]
+ except (IndexError,KeyError),e:
+ p.lrafter = []
+ try:
+ p.lrbefore = p.prod[n-1]
+ except IndexError:
+ p.lrbefore = None
+
+ return p
+
+class MiniProduction:
+ pass
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# add_production()
+#
+# Given an action function, this function assembles a production rule.
+# The production rule is assumed to be found in the function's docstring.
+# This rule has the general syntax:
+#
+# name1 ::= production1
+# | production2
+# | production3
+# ...
+# | productionn
+# name2 ::= production1
+# | production2
+# ...
+# -----------------------------------------------------------------------------
+
+def add_production(f,file,line,prodname,syms):
+
+ if Terminals.has_key(prodname):
+ sys.stderr.write("%s:%d: Illegal rule name '%s'. Already defined as a token.\n" % (file,line,prodname))
+ return -1
+ if prodname == 'error':
+ sys.stderr.write("%s:%d: Illegal rule name '%s'. error is a reserved word.\n" % (file,line,prodname))
+ return -1
+
+ if not _is_identifier.match(prodname):
+ sys.stderr.write("%s:%d: Illegal rule name '%s'\n" % (file,line,prodname))
+ return -1
+
+ for x in range(len(syms)):
+ s = syms[x]
+ if s[0] in "'\"":
+ try:
+ c = eval(s)
+ if (len(c) > 1):
+ sys.stderr.write("%s:%d: Literal token %s in rule '%s' may only be a single character\n" % (file,line,s, prodname))
+ return -1
+ if not Terminals.has_key(c):
+ Terminals[c] = []
+ syms[x] = c
+ continue
+ except SyntaxError:
+ pass
+ if not _is_identifier.match(s) and s != '%prec':
+ sys.stderr.write("%s:%d: Illegal name '%s' in rule '%s'\n" % (file,line,s, prodname))
+ return -1
+
+ # See if the rule is already in the rulemap
+ map = "%s -> %s" % (prodname,syms)
+ if Prodmap.has_key(map):
+ m = Prodmap[map]
+ sys.stderr.write("%s:%d: Duplicate rule %s.\n" % (file,line, m))
+ sys.stderr.write("%s:%d: Previous definition at %s:%d\n" % (file,line, m.file, m.line))
+ return -1
+
+ p = Production()
+ p.name = prodname
+ p.prod = syms
+ p.file = file
+ p.line = line
+ p.func = f
+ p.number = len(Productions)
+
+
+ Productions.append(p)
+ Prodmap[map] = p
+ if not Nonterminals.has_key(prodname):
+ Nonterminals[prodname] = [ ]
+
+ # Add all terminals to Terminals
+ i = 0
+ while i < len(p.prod):
+ t = p.prod[i]
+ if t == '%prec':
+ try:
+ precname = p.prod[i+1]
+ except IndexError:
+ sys.stderr.write("%s:%d: Syntax error. Nothing follows %%prec.\n" % (p.file,p.line))
+ return -1
+
+ prec = Precedence.get(precname,None)
+ if not prec:
+ sys.stderr.write("%s:%d: Nothing known about the precedence of '%s'\n" % (p.file,p.line,precname))
+ return -1
+ else:
+ p.prec = prec
+ del p.prod[i]
+ del p.prod[i]
+ continue
+
+ if Terminals.has_key(t):
+ Terminals[t].append(p.number)
+ # Is a terminal. We'll assign a precedence to p based on this
+ if not hasattr(p,"prec"):
+ p.prec = Precedence.get(t,('right',0))
+ else:
+ if not Nonterminals.has_key(t):
+ Nonterminals[t] = [ ]
+ Nonterminals[t].append(p.number)
+ i += 1
+
+ if not hasattr(p,"prec"):
+ p.prec = ('right',0)
+
+ # Set final length of productions
+ p.len = len(p.prod)
+ p.prod = tuple(p.prod)
+
+ # Calculate unique syms in the production
+ p.usyms = [ ]
+ for s in p.prod:
+ if s not in p.usyms:
+ p.usyms.append(s)
+
+ # Add to the global productions list
+ try:
+ Prodnames[p.name].append(p)
+ except KeyError:
+ Prodnames[p.name] = [ p ]
+ return 0
+
+# Given a raw rule function, this function rips out its doc string
+# and adds rules to the grammar
+
+def add_function(f):
+ line = f.func_code.co_firstlineno
+ file = f.func_code.co_filename
+ error = 0
+
+ if isinstance(f,types.MethodType):
+ reqdargs = 2
+ else:
+ reqdargs = 1
+
+ if f.func_code.co_argcount > reqdargs:
+ sys.stderr.write("%s:%d: Rule '%s' has too many arguments.\n" % (file,line,f.__name__))
+ return -1
+
+ if f.func_code.co_argcount < reqdargs:
+ sys.stderr.write("%s:%d: Rule '%s' requires an argument.\n" % (file,line,f.__name__))
+ return -1
+
+ if f.__doc__:
+ # Split the doc string into lines
+ pstrings = f.__doc__.splitlines()
+ lastp = None
+ dline = line
+ for ps in pstrings:
+ dline += 1
+ p = ps.split()
+ if not p: continue
+ try:
+ if p[0] == '|':
+ # This is a continuation of a previous rule
+ if not lastp:
+ sys.stderr.write("%s:%d: Misplaced '|'.\n" % (file,dline))
+ return -1
+ prodname = lastp
+ if len(p) > 1:
+ syms = p[1:]
+ else:
+ syms = [ ]
+ else:
+ prodname = p[0]
+ lastp = prodname
+ assign = p[1]
+ if len(p) > 2:
+ syms = p[2:]
+ else:
+ syms = [ ]
+ if assign != ':' and assign != '::=':
+ sys.stderr.write("%s:%d: Syntax error. Expected ':'\n" % (file,dline))
+ return -1
+
+
+ e = add_production(f,file,dline,prodname,syms)
+ error += e
+
+
+ except StandardError:
+ sys.stderr.write("%s:%d: Syntax error in rule '%s'\n" % (file,dline,ps))
+ error -= 1
+ else:
+ sys.stderr.write("%s:%d: No documentation string specified in function '%s'\n" % (file,line,f.__name__))
+ return error
+
+
+# Cycle checking code (Michael Dyck)
+
+def compute_reachable():
+ '''
+ Find each symbol that can be reached from the start symbol.
+ Print a warning for any nonterminals that can't be reached.
+ (Unused terminals have already had their warning.)
+ '''
+ Reachable = { }
+ for s in Terminals.keys() + Nonterminals.keys():
+ Reachable[s] = 0
+
+ mark_reachable_from( Productions[0].prod[0], Reachable )
+
+ for s in Nonterminals.keys():
+ if not Reachable[s]:
+ sys.stderr.write("yacc: Symbol '%s' is unreachable.\n" % s)
+
+def mark_reachable_from(s, Reachable):
+ '''
+ Mark all symbols that are reachable from symbol s.
+ '''
+ if Reachable[s]:
+ # We've already reached symbol s.
+ return
+ Reachable[s] = 1
+ for p in Prodnames.get(s,[]):
+ for r in p.prod:
+ mark_reachable_from(r, Reachable)
+
+# -----------------------------------------------------------------------------
+# compute_terminates()
+#
+# This function looks at the various parsing rules and tries to detect
+# infinite recursion cycles (grammar rules where there is no possible way
+# to derive a string of only terminals).
+# -----------------------------------------------------------------------------
+def compute_terminates():
+ '''
+ Raise an error for any symbols that don't terminate.
+ '''
+ Terminates = {}
+
+ # Terminals:
+ for t in Terminals.keys():
+ Terminates[t] = 1
+
+ Terminates['$end'] = 1
+
+ # Nonterminals:
+
+ # Initialize to false:
+ for n in Nonterminals.keys():
+ Terminates[n] = 0
+
+ # Then propagate termination until no change:
+ while 1:
+ some_change = 0
+ for (n,pl) in Prodnames.items():
+ # Nonterminal n terminates iff any of its productions terminates.
+ for p in pl:
+ # Production p terminates iff all of its rhs symbols terminate.
+ for s in p.prod:
+ if not Terminates[s]:
+ # The symbol s does not terminate,
+ # so production p does not terminate.
+ p_terminates = 0
+ break
+ else:
+ # didn't break from the loop,
+ # so every symbol s terminates
+ # so production p terminates.
+ p_terminates = 1
+
+ if p_terminates:
+ # symbol n terminates!
+ if not Terminates[n]:
+ Terminates[n] = 1
+ some_change = 1
+ # Don't need to consider any more productions for this n.
+ break
+
+ if not some_change:
+ break
+
+ some_error = 0
+ for (s,terminates) in Terminates.items():
+ if not terminates:
+ if not Prodnames.has_key(s) and not Terminals.has_key(s) and s != 'error':
+ # s is used-but-not-defined, and we've already warned of that,
+ # so it would be overkill to say that it's also non-terminating.
+ pass
+ else:
+ sys.stderr.write("yacc: Infinite recursion detected for symbol '%s'.\n" % s)
+ some_error = 1
+
+ return some_error
+
+# -----------------------------------------------------------------------------
+# verify_productions()
+#
+# This function examines all of the supplied rules to see if they seem valid.
+# -----------------------------------------------------------------------------
+def verify_productions(cycle_check=1):
+ error = 0
+ for p in Productions:
+ if not p: continue
+
+ for s in p.prod:
+ if not Prodnames.has_key(s) and not Terminals.has_key(s) and s != 'error':
+ sys.stderr.write("%s:%d: Symbol '%s' used, but not defined as a token or a rule.\n" % (p.file,p.line,s))
+ error = 1
+ continue
+
+ unused_tok = 0
+ # Now verify all of the tokens
+ if yaccdebug:
+ _vf.write("Unused terminals:\n\n")
+ for s,v in Terminals.items():
+ if s != 'error' and not v:
+ sys.stderr.write("yacc: Warning. Token '%s' defined, but not used.\n" % s)
+ if yaccdebug: _vf.write(" %s\n"% s)
+ unused_tok += 1
+
+ # Print out all of the productions
+ if yaccdebug:
+ _vf.write("\nGrammar\n\n")
+ for i in range(1,len(Productions)):
+ _vf.write("Rule %-5d %s\n" % (i, Productions[i]))
+
+ unused_prod = 0
+ # Verify the use of all productions
+ for s,v in Nonterminals.items():
+ if not v:
+ p = Prodnames[s][0]
+ sys.stderr.write("%s:%d: Warning. Rule '%s' defined, but not used.\n" % (p.file,p.line, s))
+ unused_prod += 1
+
+
+ if unused_tok == 1:
+ sys.stderr.write("yacc: Warning. There is 1 unused token.\n")
+ if unused_tok > 1:
+ sys.stderr.write("yacc: Warning. There are %d unused tokens.\n" % unused_tok)
+
+ if unused_prod == 1:
+ sys.stderr.write("yacc: Warning. There is 1 unused rule.\n")
+ if unused_prod > 1:
+ sys.stderr.write("yacc: Warning. There are %d unused rules.\n" % unused_prod)
+
+ if yaccdebug:
+ _vf.write("\nTerminals, with rules where they appear\n\n")
+ ks = Terminals.keys()
+ ks.sort()
+ for k in ks:
+ _vf.write("%-20s : %s\n" % (k, " ".join([str(s) for s in Terminals[k]])))
+ _vf.write("\nNonterminals, with rules where they appear\n\n")
+ ks = Nonterminals.keys()
+ ks.sort()
+ for k in ks:
+ _vf.write("%-20s : %s\n" % (k, " ".join([str(s) for s in Nonterminals[k]])))
+
+ if (cycle_check):
+ compute_reachable()
+ error += compute_terminates()
+# error += check_cycles()
+ return error
+
+# -----------------------------------------------------------------------------
+# build_lritems()
+#
+# This function walks the list of productions and builds a complete set of the
+# LR items. The LR items are stored in two ways: First, they are uniquely
+# numbered and placed in the list _lritems. Second, a linked list of LR items
+# is built for each production. For example:
+#
+# E -> E PLUS E
+#
+# Creates the list
+#
+# [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+# -----------------------------------------------------------------------------
+
+def build_lritems():
+ for p in Productions:
+ lastlri = p
+ lri = p.lr_item(0)
+ i = 0
+ while 1:
+ lri = p.lr_item(i)
+ lastlri.lr_next = lri
+ if not lri: break
+ lri.lr_num = len(LRitems)
+ LRitems.append(lri)
+ lastlri = lri
+ i += 1
+
+ # In order for the rest of the parser generator to work, we need to
+ # guarantee that no more lritems are generated. Therefore, we nuke
+ # the p.lr_item method. (Only used in debugging)
+ # Production.lr_item = None
+
+# -----------------------------------------------------------------------------
+# add_precedence()
+#
+# Given a list of precedence rules, add to the precedence table.
+# -----------------------------------------------------------------------------
+
+def add_precedence(plist):
+ plevel = 0
+ error = 0
+ for p in plist:
+ plevel += 1
+ try:
+ prec = p[0]
+ terms = p[1:]
+ if prec != 'left' and prec != 'right' and prec != 'nonassoc':
+ sys.stderr.write("yacc: Invalid precedence '%s'\n" % prec)
+ return -1
+ for t in terms:
+ if Precedence.has_key(t):
+ sys.stderr.write("yacc: Precedence already specified for terminal '%s'\n" % t)
+ error += 1
+ continue
+ Precedence[t] = (prec,plevel)
+ except:
+ sys.stderr.write("yacc: Invalid precedence table.\n")
+ error += 1
+
+ return error
+
+# -----------------------------------------------------------------------------
+# augment_grammar()
+#
+# Compute the augmented grammar. This is just a rule S' -> start where start
+# is the starting symbol.
+# -----------------------------------------------------------------------------
+
+def augment_grammar(start=None):
+ if not start:
+ start = Productions[1].name
+ Productions[0] = Production(name="S'",prod=[start],number=0,len=1,prec=('right',0),func=None)
+ Productions[0].usyms = [ start ]
+ Nonterminals[start].append(0)
+
+
+# -------------------------------------------------------------------------
+# first()
+#
+# Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+#
+# During execution of compute_first1, the result may be incomplete.
+# Afterward (e.g., when called from compute_follow()), it will be complete.
+# -------------------------------------------------------------------------
+def first(beta):
+
+ # We are computing First(x1,x2,x3,...,xn)
+ result = [ ]
+ for x in beta:
+ x_produces_empty = 0
+
+ # Add all the non-<empty> symbols of First[x] to the result.
+ for f in First[x]:
+ if f == '<empty>':
+ x_produces_empty = 1
+ else:
+ if f not in result: result.append(f)
+
+ if x_produces_empty:
+ # We have to consider the next x in beta,
+ # i.e. stay in the loop.
+ pass
+ else:
+ # We don't have to consider any further symbols in beta.
+ break
+ else:
+ # There was no 'break' from the loop,
+ # so x_produces_empty was true for all x in beta,
+ # so beta produces empty as well.
+ result.append('<empty>')
+
+ return result
+
+
+# FOLLOW(x)
+# Given a non-terminal. This function computes the set of all symbols
+# that might follow it. Dragon book, p. 189.
+
+def compute_follow(start=None):
+ # Add '$end' to the follow list of the start symbol
+ for k in Nonterminals.keys():
+ Follow[k] = [ ]
+
+ if not start:
+ start = Productions[1].name
+
+ Follow[start] = [ '$end' ]
+
+ while 1:
+ didadd = 0
+ for p in Productions[1:]:
+ # Here is the production set
+ for i in range(len(p.prod)):
+ B = p.prod[i]
+ if Nonterminals.has_key(B):
+ # Okay. We got a non-terminal in a production
+ fst = first(p.prod[i+1:])
+ hasempty = 0
+ for f in fst:
+ if f != '<empty>' and f not in Follow[B]:
+ Follow[B].append(f)
+ didadd = 1
+ if f == '<empty>':
+ hasempty = 1
+ if hasempty or i == (len(p.prod)-1):
+ # Add elements of follow(a) to follow(b)
+ for f in Follow[p.name]:
+ if f not in Follow[B]:
+ Follow[B].append(f)
+ didadd = 1
+ if not didadd: break
+
+ if 0 and yaccdebug:
+ _vf.write('\nFollow:\n')
+ for k in Nonterminals.keys():
+ _vf.write("%-20s : %s\n" % (k, " ".join([str(s) for s in Follow[k]])))
+
+# -------------------------------------------------------------------------
+# compute_first1()
+#
+# Compute the value of FIRST1(X) for all symbols
+# -------------------------------------------------------------------------
+def compute_first1():
+
+ # Terminals:
+ for t in Terminals.keys():
+ First[t] = [t]
+
+ First['$end'] = ['$end']
+ First['#'] = ['#'] # what's this for?
+
+ # Nonterminals:
+
+ # Initialize to the empty set:
+ for n in Nonterminals.keys():
+ First[n] = []
+
+ # Then propagate symbols until no change:
+ while 1:
+ some_change = 0
+ for n in Nonterminals.keys():
+ for p in Prodnames[n]:
+ for f in first(p.prod):
+ if f not in First[n]:
+ First[n].append( f )
+ some_change = 1
+ if not some_change:
+ break
+
+ if 0 and yaccdebug:
+ _vf.write('\nFirst:\n')
+ for k in Nonterminals.keys():
+ _vf.write("%-20s : %s\n" %
+ (k, " ".join([str(s) for s in First[k]])))
+
+# -----------------------------------------------------------------------------
+# === SLR Generation ===
+#
+# The following functions are used to construct SLR (Simple LR) parsing tables
+# as described on p.221-229 of the dragon book.
+# -----------------------------------------------------------------------------
+
+# Global variables for the LR parsing engine
+def lr_init_vars():
+ global _lr_action, _lr_goto, _lr_method
+ global _lr_goto_cache, _lr0_cidhash
+
+ _lr_action = { } # Action table
+ _lr_goto = { } # Goto table
+ _lr_method = "Unknown" # LR method used
+ _lr_goto_cache = { }
+ _lr0_cidhash = { }
+
+
+# Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+# prodlist is a list of productions.
+
+_add_count = 0 # Counter used to detect cycles
+
+def lr0_closure(I):
+ global _add_count
+
+ _add_count += 1
+ prodlist = Productions
+
+ # Add everything in I to J
+ J = I[:]
+ didadd = 1
+ while didadd:
+ didadd = 0
+ for j in J:
+ for x in j.lrafter:
+ if x.lr0_added == _add_count: continue
+ # Add B --> .G to J
+ J.append(x.lr_next)
+ x.lr0_added = _add_count
+ didadd = 1
+
+ return J
+
+# Compute the LR(0) goto function goto(I,X) where I is a set
+# of LR(0) items and X is a grammar symbol. This function is written
+# in a way that guarantees uniqueness of the generated goto sets
+# (i.e. the same goto set will never be returned as two different Python
+# objects). With uniqueness, we can later do fast set comparisons using
+# id(obj) instead of element-wise comparison.
+
+def lr0_goto(I,x):
+ # First we look for a previously cached entry
+ g = _lr_goto_cache.get((id(I),x),None)
+ if g: return g
+
+ # Now we generate the goto set in a way that guarantees uniqueness
+ # of the result
+
+ s = _lr_goto_cache.get(x,None)
+ if not s:
+ s = { }
+ _lr_goto_cache[x] = s
+
+ gs = [ ]
+ for p in I:
+ n = p.lr_next
+ if n and n.lrbefore == x:
+ s1 = s.get(id(n),None)
+ if not s1:
+ s1 = { }
+ s[id(n)] = s1
+ gs.append(n)
+ s = s1
+ g = s.get('$end',None)
+ if not g:
+ if gs:
+ g = lr0_closure(gs)
+ s['$end'] = g
+ else:
+ s['$end'] = gs
+ _lr_goto_cache[(id(I),x)] = g
+ return g
+
+_lr0_cidhash = { }
+
+# Compute the LR(0) sets of item function
+def lr0_items():
+
+ C = [ lr0_closure([Productions[0].lr_next]) ]
+ i = 0
+ for I in C:
+ _lr0_cidhash[id(I)] = i
+ i += 1
+
+ # Loop over the items in C and each grammar symbols
+ i = 0
+ while i < len(C):
+ I = C[i]
+ i += 1
+
+ # Collect all of the symbols that could possibly be in the goto(I,X) sets
+ asyms = { }
+ for ii in I:
+ for s in ii.usyms:
+ asyms[s] = None
+
+ for x in asyms.keys():
+ g = lr0_goto(I,x)
+ if not g: continue
+ if _lr0_cidhash.has_key(id(g)): continue
+ _lr0_cidhash[id(g)] = len(C)
+ C.append(g)
+
+ return C
+
+# -----------------------------------------------------------------------------
+# ==== LALR(1) Parsing ====
+#
+# LALR(1) parsing is almost exactly the same as SLR except that instead of
+# relying upon Follow() sets when performing reductions, a more selective
+# lookahead set that incorporates the state of the LR(0) machine is utilized.
+# Thus, we mainly just have to focus on calculating the lookahead sets.
+#
+# The method used here is due to DeRemer and Pennelo (1982).
+#
+# DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+# Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+# Vol. 4, No. 4, Oct. 1982, pp. 615-649
+#
+# Further details can also be found in:
+#
+# J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+# McGraw-Hill Book Company, (1985).
+#
+# Note: This implementation is a complete replacement of the LALR(1)
+# implementation in PLY-1.x releases. That version was based on
+# a less efficient algorithm and it had bugs in its implementation.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# compute_nullable_nonterminals()
+#
+# Creates a dictionary containing all of the non-terminals that might produce
+# an empty production.
+# -----------------------------------------------------------------------------
+
+def compute_nullable_nonterminals():
+ nullable = {}
+ num_nullable = 0
+ while 1:
+ for p in Productions[1:]:
+ if p.len == 0:
+ nullable[p.name] = 1
+ continue
+ for t in p.prod:
+ if not nullable.has_key(t): break
+ else:
+ nullable[p.name] = 1
+ if len(nullable) == num_nullable: break
+ num_nullable = len(nullable)
+ return nullable
+
+# -----------------------------------------------------------------------------
+# find_nonterminal_trans(C)
+#
+# Given a set of LR(0) items, this functions finds all of the non-terminal
+# transitions. These are transitions in which a dot appears immediately before
+# a non-terminal. Returns a list of tuples of the form (state,N) where state
+# is the state number and N is the nonterminal symbol.
+#
+# The input C is the set of LR(0) items.
+# -----------------------------------------------------------------------------
+
+def find_nonterminal_transitions(C):
+ trans = []
+ for state in range(len(C)):
+ for p in C[state]:
+ if p.lr_index < p.len - 1:
+ t = (state,p.prod[p.lr_index+1])
+ if Nonterminals.has_key(t[1]):
+ if t not in trans: trans.append(t)
+ state = state + 1
+ return trans
+
+# -----------------------------------------------------------------------------
+# dr_relation()
+#
+# Computes the DR(p,A) relationships for non-terminal transitions. The input
+# is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+#
+# Returns a list of terminals.
+# -----------------------------------------------------------------------------
+
+def dr_relation(C,trans,nullable):
+ dr_set = { }
+ state,N = trans
+ terms = []
+
+ g = lr0_goto(C[state],N)
+ for p in g:
+ if p.lr_index < p.len - 1:
+ a = p.prod[p.lr_index+1]
+ if Terminals.has_key(a):
+ if a not in terms: terms.append(a)
+
+ # This extra bit is to handle the start state
+ if state == 0 and N == Productions[0].prod[0]:
+ terms.append('$end')
+
+ return terms
+
+# -----------------------------------------------------------------------------
+# reads_relation()
+#
+# Computes the READS() relation (p,A) READS (t,C).
+# -----------------------------------------------------------------------------
+
+def reads_relation(C, trans, empty):
+ # Look for empty transitions
+ rel = []
+ state, N = trans
+
+ g = lr0_goto(C[state],N)
+ j = _lr0_cidhash.get(id(g),-1)
+ for p in g:
+ if p.lr_index < p.len - 1:
+ a = p.prod[p.lr_index + 1]
+ if empty.has_key(a):
+ rel.append((j,a))
+
+ return rel
+
+# -----------------------------------------------------------------------------
+# compute_lookback_includes()
+#
+# Determines the lookback and includes relations
+#
+# LOOKBACK:
+#
+# This relation is determined by running the LR(0) state machine forward.
+# For example, starting with a production "N : . A B C", we run it forward
+# to obtain "N : A B C ." We then build a relationship between this final
+# state and the starting state. These relationships are stored in a dictionary
+# lookdict.
+#
+# INCLUDES:
+#
+# Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+#
+# This relation is used to determine non-terminal transitions that occur
+# inside of other non-terminal transition states. (p,A) INCLUDES (p', B)
+# if the following holds:
+#
+# B -> LAT, where T -> epsilon and p' -L-> p
+#
+# L is essentially a prefix (which may be empty), T is a suffix that must be
+# able to derive an empty string. State p' must lead to state p with the string L.
+#
+# -----------------------------------------------------------------------------
+
+def compute_lookback_includes(C,trans,nullable):
+
+ lookdict = {} # Dictionary of lookback relations
+ includedict = {} # Dictionary of include relations
+
+ # Make a dictionary of non-terminal transitions
+ dtrans = {}
+ for t in trans:
+ dtrans[t] = 1
+
+ # Loop over all transitions and compute lookbacks and includes
+ for state,N in trans:
+ lookb = []
+ includes = []
+ for p in C[state]:
+ if p.name != N: continue
+
+ # Okay, we have a name match. We now follow the production all the way
+ # through the state machine until we get the . on the right hand side
+
+ lr_index = p.lr_index
+ j = state
+ while lr_index < p.len - 1:
+ lr_index = lr_index + 1
+ t = p.prod[lr_index]
+
+ # Check to see if this symbol and state are a non-terminal transition
+ if dtrans.has_key((j,t)):
+ # Yes. Okay, there is some chance that this is an includes relation
+ # the only way to know for certain is whether the rest of the
+ # production derives empty
+
+ li = lr_index + 1
+ while li < p.len:
+ if Terminals.has_key(p.prod[li]): break # No forget it
+ if not nullable.has_key(p.prod[li]): break
+ li = li + 1
+ else:
+ # Appears to be a relation between (j,t) and (state,N)
+ includes.append((j,t))
+
+ g = lr0_goto(C[j],t) # Go to next set
+ j = _lr0_cidhash.get(id(g),-1) # Go to next state
+
+ # When we get here, j is the final state, now we have to locate the production
+ for r in C[j]:
+ if r.name != p.name: continue
+ if r.len != p.len: continue
+ i = 0
+ # This look is comparing a production ". A B C" with "A B C ."
+ while i < r.lr_index:
+ if r.prod[i] != p.prod[i+1]: break
+ i = i + 1
+ else:
+ lookb.append((j,r))
+ for i in includes:
+ if not includedict.has_key(i): includedict[i] = []
+ includedict[i].append((state,N))
+ lookdict[(state,N)] = lookb
+
+ return lookdict,includedict
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+# F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs: X - An input set
+# R - A relation
+# FP - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X,R,FP):
+ N = { }
+ for x in X:
+ N[x] = 0
+ stack = []
+ F = { }
+ for x in X:
+ if N[x] == 0: traverse(x,N,stack,F,X,R,FP)
+ return F
+
+def traverse(x,N,stack,F,X,R,FP):
+ stack.append(x)
+ d = len(stack)
+ N[x] = d
+ F[x] = FP(x) # F(X) <- F'(x)
+
+ rel = R(x) # Get y's related to x
+ for y in rel:
+ if N[y] == 0:
+ traverse(y,N,stack,F,X,R,FP)
+ N[x] = min(N[x],N[y])
+ for a in F.get(y,[]):
+ if a not in F[x]: F[x].append(a)
+ if N[x] == d:
+ N[stack[-1]] = sys.maxint
+ F[stack[-1]] = F[x]
+ element = stack.pop()
+ while element != x:
+ N[stack[-1]] = sys.maxint
+ F[stack[-1]] = F[x]
+ element = stack.pop()
+
+# -----------------------------------------------------------------------------
+# compute_read_sets()
+#
+# Given a set of LR(0) items, this function computes the read sets.
+#
+# Inputs: C = Set of LR(0) items
+# ntrans = Set of nonterminal transitions
+# nullable = Set of empty transitions
+#
+# Returns a set containing the read sets
+# -----------------------------------------------------------------------------
+
+def compute_read_sets(C, ntrans, nullable):
+ FP = lambda x: dr_relation(C,x,nullable)
+ R = lambda x: reads_relation(C,x,nullable)
+ F = digraph(ntrans,R,FP)
+ return F
+
+# -----------------------------------------------------------------------------
+# compute_follow_sets()
+#
+# Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+# and an include set, this function computes the follow sets
+#
+# Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+#
+# Inputs:
+# ntrans = Set of nonterminal transitions
+# readsets = Readset (previously computed)
+# inclsets = Include sets (previously computed)
+#
+# Returns a set containing the follow sets
+# -----------------------------------------------------------------------------
+
+def compute_follow_sets(ntrans,readsets,inclsets):
+ FP = lambda x: readsets[x]
+ R = lambda x: inclsets.get(x,[])
+ F = digraph(ntrans,R,FP)
+ return F
+
+# -----------------------------------------------------------------------------
+# add_lookaheads()
+#
+# Attaches the lookahead symbols to grammar rules.
+#
+# Inputs: lookbacks - Set of lookback relations
+# followset - Computed follow set
+#
+# This function directly attaches the lookaheads to productions contained
+# in the lookbacks set
+# -----------------------------------------------------------------------------
+
+def add_lookaheads(lookbacks,followset):
+ for trans,lb in lookbacks.items():
+ # Loop over productions in lookback
+ for state,p in lb:
+ if not p.lookaheads.has_key(state):
+ p.lookaheads[state] = []
+ f = followset.get(trans,[])
+ for a in f:
+ if a not in p.lookaheads[state]: p.lookaheads[state].append(a)
+
+# -----------------------------------------------------------------------------
+# add_lalr_lookaheads()
+#
+# This function does all of the work of adding lookahead information for use
+# with LALR parsing
+# -----------------------------------------------------------------------------
+
+def add_lalr_lookaheads(C):
+ # Determine all of the nullable nonterminals
+ nullable = compute_nullable_nonterminals()
+
+ # Find all non-terminal transitions
+ trans = find_nonterminal_transitions(C)
+
+ # Compute read sets
+ readsets = compute_read_sets(C,trans,nullable)
+
+ # Compute lookback/includes relations
+ lookd, included = compute_lookback_includes(C,trans,nullable)
+
+ # Compute LALR FOLLOW sets
+ followsets = compute_follow_sets(trans,readsets,included)
+
+ # Add all of the lookaheads
+ add_lookaheads(lookd,followsets)
+
+# -----------------------------------------------------------------------------
+# lr_parse_table()
+#
+# This function constructs the parse tables for SLR or LALR
+# -----------------------------------------------------------------------------
+def lr_parse_table(method):
+ global _lr_method
+ goto = _lr_goto # Goto array
+ action = _lr_action # Action array
+ actionp = { } # Action production array (temporary)
+
+ _lr_method = method
+
+ n_srconflict = 0
+ n_rrconflict = 0
+
+ if yaccdebug:
+ sys.stderr.write("yacc: Generating %s parsing table...\n" % method)
+ _vf.write("\n\nParsing method: %s\n\n" % method)
+
+ # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+ # This determines the number of states
+
+ C = lr0_items()
+
+ if method == 'LALR':
+ add_lalr_lookaheads(C)
+
+ # Build the parser table, state by state
+ st = 0
+ for I in C:
+ # Loop over each production in I
+ actlist = [ ] # List of actions
+
+ if yaccdebug:
+ _vf.write("\nstate %d\n\n" % st)
+ for p in I:
+ _vf.write(" (%d) %s\n" % (p.number, str(p)))
+ _vf.write("\n")
+
+ for p in I:
+ try:
+ if p.prod[-1] == ".":
+ if p.name == "S'":
+ # Start symbol. Accept!
+ action[st,"$end"] = 0
+ actionp[st,"$end"] = p
+ else:
+ # We are at the end of a production. Reduce!
+ if method == 'LALR':
+ laheads = p.lookaheads[st]
+ else:
+ laheads = Follow[p.name]
+ for a in laheads:
+ actlist.append((a,p,"reduce using rule %d (%s)" % (p.number,p)))
+ r = action.get((st,a),None)
+ if r is not None:
+ # Whoa. Have a shift/reduce or reduce/reduce conflict
+ if r > 0:
+ # Need to decide on shift or reduce here
+ # By default we favor shifting. Need to add
+ # some precedence rules here.
+ sprec,slevel = Productions[actionp[st,a].number].prec
+ rprec,rlevel = Precedence.get(a,('right',0))
+ if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+ # We really need to reduce here.
+ action[st,a] = -p.number
+ actionp[st,a] = p
+ if not slevel and not rlevel:
+ _vfc.write("shift/reduce conflict in state %d resolved as reduce.\n" % st)
+ _vf.write(" ! shift/reduce conflict for %s resolved as reduce.\n" % a)
+ n_srconflict += 1
+ elif (slevel == rlevel) and (rprec == 'nonassoc'):
+ action[st,a] = None
+ else:
+ # Hmmm. Guess we'll keep the shift
+ if not rlevel:
+ _vfc.write("shift/reduce conflict in state %d resolved as shift.\n" % st)
+ _vf.write(" ! shift/reduce conflict for %s resolved as shift.\n" % a)
+ n_srconflict +=1
+ elif r < 0:
+ # Reduce/reduce conflict. In this case, we favor the rule
+ # that was defined first in the grammar file
+ oldp = Productions[-r]
+ pp = Productions[p.number]
+ if oldp.line > pp.line:
+ action[st,a] = -p.number
+ actionp[st,a] = p
+ # sys.stderr.write("Reduce/reduce conflict in state %d\n" % st)
+ n_rrconflict += 1
+ _vfc.write("reduce/reduce conflict in state %d resolved using rule %d (%s).\n" % (st, actionp[st,a].number, actionp[st,a]))
+ _vf.write(" ! reduce/reduce conflict for %s resolved using rule %d (%s).\n" % (a,actionp[st,a].number, actionp[st,a]))
+ else:
+ sys.stderr.write("Unknown conflict in state %d\n" % st)
+ else:
+ action[st,a] = -p.number
+ actionp[st,a] = p
+ else:
+ i = p.lr_index
+ a = p.prod[i+1] # Get symbol right after the "."
+ if Terminals.has_key(a):
+ g = lr0_goto(I,a)
+ j = _lr0_cidhash.get(id(g),-1)
+ if j >= 0:
+ # We are in a shift state
+ actlist.append((a,p,"shift and go to state %d" % j))
+ r = action.get((st,a),None)
+ if r is not None:
+ # Whoa have a shift/reduce or shift/shift conflict
+ if r > 0:
+ if r != j:
+ sys.stderr.write("Shift/shift conflict in state %d\n" % st)
+ elif r < 0:
+ # Do a precedence check.
+ # - if precedence of reduce rule is higher, we reduce.
+ # - if precedence of reduce is same and left assoc, we reduce.
+ # - otherwise we shift
+ rprec,rlevel = Productions[actionp[st,a].number].prec
+ sprec,slevel = Precedence.get(a,('right',0))
+ if (slevel > rlevel) or ((slevel == rlevel) and (rprec != 'left')):
+ # We decide to shift here... highest precedence to shift
+ action[st,a] = j
+ actionp[st,a] = p
+ if not rlevel:
+ n_srconflict += 1
+ _vfc.write("shift/reduce conflict in state %d resolved as shift.\n" % st)
+ _vf.write(" ! shift/reduce conflict for %s resolved as shift.\n" % a)
+ elif (slevel == rlevel) and (rprec == 'nonassoc'):
+ action[st,a] = None
+ else:
+ # Hmmm. Guess we'll keep the reduce
+ if not slevel and not rlevel:
+ n_srconflict +=1
+ _vfc.write("shift/reduce conflict in state %d resolved as reduce.\n" % st)
+ _vf.write(" ! shift/reduce conflict for %s resolved as reduce.\n" % a)
+
+ else:
+ sys.stderr.write("Unknown conflict in state %d\n" % st)
+ else:
+ action[st,a] = j
+ actionp[st,a] = p
+
+ except StandardError,e:
+ raise YaccError, "Hosed in lr_parse_table", e
+
+ # Print the actions associated with each terminal
+ if yaccdebug:
+ _actprint = { }
+ for a,p,m in actlist:
+ if action.has_key((st,a)):
+ if p is actionp[st,a]:
+ _vf.write(" %-15s %s\n" % (a,m))
+ _actprint[(a,m)] = 1
+ _vf.write("\n")
+ for a,p,m in actlist:
+ if action.has_key((st,a)):
+ if p is not actionp[st,a]:
+ if not _actprint.has_key((a,m)):
+ _vf.write(" ! %-15s [ %s ]\n" % (a,m))
+ _actprint[(a,m)] = 1
+
+ # Construct the goto table for this state
+ if yaccdebug:
+ _vf.write("\n")
+ nkeys = { }
+ for ii in I:
+ for s in ii.usyms:
+ if Nonterminals.has_key(s):
+ nkeys[s] = None
+ for n in nkeys.keys():
+ g = lr0_goto(I,n)
+ j = _lr0_cidhash.get(id(g),-1)
+ if j >= 0:
+ goto[st,n] = j
+ if yaccdebug:
+ _vf.write(" %-30s shift and go to state %d\n" % (n,j))
+
+ st += 1
+
+ if yaccdebug:
+ if n_srconflict == 1:
+ sys.stderr.write("yacc: %d shift/reduce conflict\n" % n_srconflict)
+ if n_srconflict > 1:
+ sys.stderr.write("yacc: %d shift/reduce conflicts\n" % n_srconflict)
+ if n_rrconflict == 1:
+ sys.stderr.write("yacc: %d reduce/reduce conflict\n" % n_rrconflict)
+ if n_rrconflict > 1:
+ sys.stderr.write("yacc: %d reduce/reduce conflicts\n" % n_rrconflict)
+
+# -----------------------------------------------------------------------------
+# ==== LR Utility functions ====
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _lr_write_tables()
+#
+# This function writes the LR parsing tables to a file
+# -----------------------------------------------------------------------------
+
+def lr_write_tables(modulename=tab_module,outputdir=''):
+ filename = os.path.join(outputdir,modulename) + ".py"
+ try:
+ f = open(filename,"w")
+
+ f.write("""
+# %s
+# This file is automatically generated. Do not edit.
+
+_lr_method = %s
+
+_lr_signature = %s
+""" % (filename, repr(_lr_method), repr(Signature.digest())))
+
+ # Change smaller to 0 to go back to original tables
+ smaller = 1
+
+ # Factor out names to try and make smaller
+ if smaller:
+ items = { }
+
+ for k,v in _lr_action.items():
+ i = items.get(k[1])
+ if not i:
+ i = ([],[])
+ items[k[1]] = i
+ i[0].append(k[0])
+ i[1].append(v)
+
+ f.write("\n_lr_action_items = {")
+ for k,v in items.items():
+ f.write("%r:([" % k)
+ for i in v[0]:
+ f.write("%r," % i)
+ f.write("],[")
+ for i in v[1]:
+ f.write("%r," % i)
+
+ f.write("]),")
+ f.write("}\n")
+
+ f.write("""
+_lr_action = { }
+for _k, _v in _lr_action_items.items():
+ for _x,_y in zip(_v[0],_v[1]):
+ _lr_action[(_x,_k)] = _y
+del _lr_action_items
+""")
+
+ else:
+ f.write("\n_lr_action = { ");
+ for k,v in _lr_action.items():
+ f.write("(%r,%r):%r," % (k[0],k[1],v))
+ f.write("}\n");
+
+ if smaller:
+ # Factor out names to try and make smaller
+ items = { }
+
+ for k,v in _lr_goto.items():
+ i = items.get(k[1])
+ if not i:
+ i = ([],[])
+ items[k[1]] = i
+ i[0].append(k[0])
+ i[1].append(v)
+
+ f.write("\n_lr_goto_items = {")
+ for k,v in items.items():
+ f.write("%r:([" % k)
+ for i in v[0]:
+ f.write("%r," % i)
+ f.write("],[")
+ for i in v[1]:
+ f.write("%r," % i)
+
+ f.write("]),")
+ f.write("}\n")
+
+ f.write("""
+_lr_goto = { }
+for _k, _v in _lr_goto_items.items():
+ for _x,_y in zip(_v[0],_v[1]):
+ _lr_goto[(_x,_k)] = _y
+del _lr_goto_items
+""")
+ else:
+ f.write("\n_lr_goto = { ");
+ for k,v in _lr_goto.items():
+ f.write("(%r,%r):%r," % (k[0],k[1],v))
+ f.write("}\n");
+
+ # Write production table
+ f.write("_lr_productions = [\n")
+ for p in Productions:
+ if p:
+ if (p.func):
+ f.write(" (%r,%d,%r,%r,%d),\n" % (p.name, p.len, p.func.__name__,p.file,p.line))
+ else:
+ f.write(" (%r,%d,None,None,None),\n" % (p.name, p.len))
+ else:
+ f.write(" None,\n")
+ f.write("]\n")
+
+ f.close()
+
+ except IOError,e:
+ print "Unable to create '%s'" % filename
+ print e
+ return
+
+def lr_read_tables(module=tab_module,optimize=0):
+ global _lr_action, _lr_goto, _lr_productions, _lr_method
+ try:
+ exec "import %s as parsetab" % module
+
+ if (optimize) or (Signature.digest() == parsetab._lr_signature):
+ _lr_action = parsetab._lr_action
+ _lr_goto = parsetab._lr_goto
+ _lr_productions = parsetab._lr_productions
+ _lr_method = parsetab._lr_method
+ return 1
+ else:
+ return 0
+
+ except (ImportError,AttributeError):
+ return 0
+
+
+# Available instance types. This is used when parsers are defined by a class.
+# it's a little funky because I want to preserve backwards compatibility
+# with Python 2.0 where types.ObjectType is undefined.
+
+try:
+ _INSTANCETYPE = (types.InstanceType, types.ObjectType)
+except AttributeError:
+ _INSTANCETYPE = types.InstanceType
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build the parser module
+# -----------------------------------------------------------------------------
+
+def yacc(method=default_lr, debug=yaccdebug, module=None, tabmodule=tab_module, start=None, check_recursion=1, optimize=0,write_tables=1,debugfile=debug_file,outputdir=''):
+ global yaccdebug
+ yaccdebug = debug
+
+ initialize_vars()
+ files = { }
+ error = 0
+
+
+ # Add parsing method to signature
+ Signature.update(method)
+
+ # If a "module" parameter was supplied, extract its dictionary.
+ # Note: a module may in fact be an instance as well.
+
+ if module:
+ # User supplied a module object.
+ if isinstance(module, types.ModuleType):
+ ldict = module.__dict__
+ elif isinstance(module, _INSTANCETYPE):
+ _items = [(k,getattr(module,k)) for k in dir(module)]
+ ldict = { }
+ for i in _items:
+ ldict[i[0]] = i[1]
+ else:
+ raise ValueError,"Expected a module"
+
+ else:
+ # No module given. We might be able to get information from the caller.
+ # Throw an exception and unwind the traceback to get the globals
+
+ try:
+ raise RuntimeError
+ except RuntimeError:
+ e,b,t = sys.exc_info()
+ f = t.tb_frame
+ f = f.f_back # Walk out to our calling function
+ ldict = f.f_globals # Grab its globals dictionary
+
+ # Add starting symbol to signature
+ if not start:
+ start = ldict.get("start",None)
+ if start:
+ Signature.update(start)
+
+ # If running in optimized mode. We're going to
+
+ if (optimize and lr_read_tables(tabmodule,1)):
+ # Read parse table
+ del Productions[:]
+ for p in _lr_productions:
+ if not p:
+ Productions.append(None)
+ else:
+ m = MiniProduction()
+ m.name = p[0]
+ m.len = p[1]
+ m.file = p[3]
+ m.line = p[4]
+ if p[2]:
+ m.func = ldict[p[2]]
+ Productions.append(m)
+
+ else:
+ # Get the tokens map
+ if (module and isinstance(module,_INSTANCETYPE)):
+ tokens = getattr(module,"tokens",None)
+ else:
+ tokens = ldict.get("tokens",None)
+
+ if not tokens:
+ raise YaccError,"module does not define a list 'tokens'"
+ if not (isinstance(tokens,types.ListType) or isinstance(tokens,types.TupleType)):
+ raise YaccError,"tokens must be a list or tuple."
+
+ # Check to see if a requires dictionary is defined.
+ requires = ldict.get("require",None)
+ if requires:
+ if not (isinstance(requires,types.DictType)):
+ raise YaccError,"require must be a dictionary."
+
+ for r,v in requires.items():
+ try:
+ if not (isinstance(v,types.ListType)):
+ raise TypeError
+ v1 = [x.split(".") for x in v]
+ Requires[r] = v1
+ except StandardError:
+ print "Invalid specification for rule '%s' in require. Expected a list of strings" % r
+
+
+ # Build the dictionary of terminals. We a record a 0 in the
+ # dictionary to track whether or not a terminal is actually
+ # used in the grammar
+
+ if 'error' in tokens:
+ print "yacc: Illegal token 'error'. Is a reserved word."
+ raise YaccError,"Illegal token name"
+
+ for n in tokens:
+ if Terminals.has_key(n):
+ print "yacc: Warning. Token '%s' multiply defined." % n
+ Terminals[n] = [ ]
+
+ Terminals['error'] = [ ]
+
+ # Get the precedence map (if any)
+ prec = ldict.get("precedence",None)
+ if prec:
+ if not (isinstance(prec,types.ListType) or isinstance(prec,types.TupleType)):
+ raise YaccError,"precedence must be a list or tuple."
+ add_precedence(prec)
+ Signature.update(repr(prec))
+
+ for n in tokens:
+ if not Precedence.has_key(n):
+ Precedence[n] = ('right',0) # Default, right associative, 0 precedence
+
+ # Look for error handler
+ ef = ldict.get('p_error',None)
+ if ef:
+ if isinstance(ef,types.FunctionType):
+ ismethod = 0
+ elif isinstance(ef, types.MethodType):
+ ismethod = 1
+ else:
+ raise YaccError,"'p_error' defined, but is not a function or method."
+ eline = ef.func_code.co_firstlineno
+ efile = ef.func_code.co_filename
+ files[efile] = None
+
+ if (ef.func_code.co_argcount != 1+ismethod):
+ raise YaccError,"%s:%d: p_error() requires 1 argument." % (efile,eline)
+ global Errorfunc
+ Errorfunc = ef
+ else:
+ print "yacc: Warning. no p_error() function is defined."
+
+ # Get the list of built-in functions with p_ prefix
+ symbols = [ldict[f] for f in ldict.keys()
+ if (type(ldict[f]) in (types.FunctionType, types.MethodType) and ldict[f].__name__[:2] == 'p_'
+ and ldict[f].__name__ != 'p_error')]
+
+ # Check for non-empty symbols
+ if len(symbols) == 0:
+ raise YaccError,"no rules of the form p_rulename are defined."
+
+ # Sort the symbols by line number
+ symbols.sort(lambda x,y: cmp(x.func_code.co_firstlineno,y.func_code.co_firstlineno))
+
+ # Add all of the symbols to the grammar
+ for f in symbols:
+ if (add_function(f)) < 0:
+ error += 1
+ else:
+ files[f.func_code.co_filename] = None
+
+ # Make a signature of the docstrings
+ for f in symbols:
+ if f.__doc__:
+ Signature.update(f.__doc__)
+
+ lr_init_vars()
+
+ if error:
+ raise YaccError,"Unable to construct parser."
+
+ if not lr_read_tables(tabmodule):
+
+ # Validate files
+ for filename in files.keys():
+ if not validate_file(filename):
+ error = 1
+
+ # Validate dictionary
+ validate_dict(ldict)
+
+ if start and not Prodnames.has_key(start):
+ raise YaccError,"Bad starting symbol '%s'" % start
+
+ augment_grammar(start)
+ error = verify_productions(cycle_check=check_recursion)
+ otherfunc = [ldict[f] for f in ldict.keys()
+ if (type(f) in (types.FunctionType,types.MethodType) and ldict[f].__name__[:2] != 'p_')]
+
+ if error:
+ raise YaccError,"Unable to construct parser."
+
+ build_lritems()
+ compute_first1()
+ compute_follow(start)
+
+ if method in ['SLR','LALR']:
+ lr_parse_table(method)
+ else:
+ raise YaccError, "Unknown parsing method '%s'" % method
+
+ if write_tables:
+ lr_write_tables(tabmodule,outputdir)
+
+ if yaccdebug:
+ try:
+ f = open(os.path.join(outputdir,debugfile),"w")
+ f.write(_vfc.getvalue())
+ f.write("\n\n")
+ f.write(_vf.getvalue())
+ f.close()
+ except IOError,e:
+ print "yacc: can't create '%s'" % debugfile,e
+
+ # Made it here. Create a parser object and set up its internal state.
+ # Set global parse() method to bound method of parser object.
+
+ p = Parser("xyzzy")
+ p.productions = Productions
+ p.errorfunc = Errorfunc
+ p.action = _lr_action
+ p.goto = _lr_goto
+ p.method = _lr_method
+ p.require = Requires
+
+ global parse
+ parse = p.parse
+
+ global parser
+ parser = p
+
+ # Clean up all of the globals we created
+ if (not optimize):
+ yacc_cleanup()
+ return p
+
+# yacc_cleanup function. Delete all of the global variables
+# used during table construction
+
+def yacc_cleanup():
+ global _lr_action, _lr_goto, _lr_method, _lr_goto_cache
+ del _lr_action, _lr_goto, _lr_method, _lr_goto_cache
+
+ global Productions, Prodnames, Prodmap, Terminals
+ global Nonterminals, First, Follow, Precedence, LRitems
+ global Errorfunc, Signature, Requires
+
+ del Productions, Prodnames, Prodmap, Terminals
+ del Nonterminals, First, Follow, Precedence, LRitems
+ del Errorfunc, Signature, Requires
+
+ global _vf, _vfc
+ del _vf, _vfc
+
+
+# Stub that raises an error if parsing is attempted without first calling yacc()
+def parse(*args,**kwargs):
+ raise YaccError, "yacc: No parser built with yacc()"
+
diff --git a/sepolgen/src/share/Makefile b/sepolgen/src/share/Makefile
new file mode 100644
index 0000000..c46229b
--- /dev/null
+++ b/sepolgen/src/share/Makefile
@@ -0,0 +1,8 @@
+SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+
+install:
+ -mkdir -p $(SHAREDIR)
+ install -m 644 perm_map $(SHAREDIR)
+
+clean:
+ rm -f *~
\ No newline at end of file
diff --git a/sepolgen/src/share/perm_map b/sepolgen/src/share/perm_map
new file mode 100644
index 0000000..eb2e23b
--- /dev/null
+++ b/sepolgen/src/share/perm_map
@@ -0,0 +1,993 @@
+# This is a permission map file for use in policy analysis. This
+# file maps object permissions (read, getattr, setattr, ..., etc.)
+# for an object class, to exactly one of the following: read, write,
+# both, or none. This file may be edited as long as the specific
+# syntax rules are obeyed.
+#
+# For each object class, there is a set of object permissions that are
+# individually mapped to read, write, both, or none. If a new object
+# class is added, make sure that the current number of object classes
+# is increased.
+#
+# The syntax for an object class definition is:
+# class <class_name> <num_permissions>
+#
+# This is followed by each permission and its individual mapping to one
+# of the following:
+#
+# r = Read
+# w = Write
+# n = None
+# b = Both
+#
+# Additionally, you can choose to follow the mapping with an optional
+# permission weight value from 1 (less importance) to 10 (higher importance).
+# 10 is the default weight value if one is not provided.
+#
+# Look to the examples below for further clarification.
+#
+# Number of object classes.
+58
+
+class security 11
+ compute_av n 1
+ compute_create n 1
+ compute_member n 1
+ check_context n 1
+ load_policy n 1
+ compute_relabel n 1
+ compute_user n 1
+ setenforce n 1
+ setbool n 1
+ setsecparam n 1
+ setcheckreqprot n 1
+
+class process 29
+ fork n 1
+ transition w 5
+ sigchld w 1
+ sigkill w 1
+ sigstop w 1
+ signull n 1
+ signal w 5
+ ptrace b 10
+ getsched r 1
+ setsched w 1
+ getsession r 1
+ getpgid r 1
+ setpgid w 5
+ getcap r 3
+ setcap w 1
+ share b 1
+ getattr r 1
+ setexec w 1
+ setfscreate w 1
+ noatsecure n 1
+ siginh n 1
+ setrlimit n 1
+ rlimitinh n 1
+ dyntransition w 10
+ setcurrent w 1
+ execmem n 1
+ execstack n 1
+ execheap n 1
+ setkeycreate w 1
+
+class system 4
+ ipc_info n 1
+ syslog_read n 1
+ syslog_mod n 1
+ syslog_console n 1
+
+class capability 31
+ chown n 3
+ dac_override n 1
+ dac_read_search n 1
+ fowner n 1
+ fsetid n 1
+ kill n 1
+ setgid n 3
+ setuid n 1
+ setpcap n 3
+ linux_immutable n 1
+ net_bind_service n 1
+ net_broadcast n 1
+ net_admin n 1
+ net_raw n 1
+ ipc_lock n 1
+ ipc_owner n 1
+ sys_module n 1
+ sys_rawio n 1
+ sys_chroot n 1
+ sys_ptrace n 1
+ sys_pacct n 1
+ sys_admin n 3
+ sys_boot n 1
+ sys_nice n 1
+ sys_resource n 1
+ sys_time n 1
+ sys_tty_config n 1
+ mknod n 1
+ lease n 1
+ audit_write n 3
+ audit_control n 1
+
+class filesystem 10
+ mount w 1
+ remount w 1
+ unmount w 1
+ getattr r 1
+ relabelfrom r 10
+ relabelto w 10
+ transition w 1
+ associate n 1
+ quotamod w 1
+ quotaget r 1
+
+class file 20
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 10
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 100
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class dir 22
+ add_name w 5
+ remove_name w 1
+ reparent w 1
+ search r 1
+ rmdir b 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class fd 1
+ use b 1
+
+class lnk_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 1
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class chr_file 20
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class blk_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class sock_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 1
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class fifo_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class tcp_socket 27
+ connectto w 1
+ newconn w 1
+ acceptfrom r 1
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+ name_connect w 1
+
+class udp_socket 23
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class rawip_socket 23
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 1
+ setattr w 1
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class node 7
+ tcp_recv r 10
+ tcp_send w 10
+ udp_recv r 10
+ udp_send w 10
+ rawip_recv r 10
+ rawip_send w 10
+ enforce_dest n 1
+
+class netif 6
+ tcp_recv r 10
+ tcp_send w 10
+ udp_recv r 10
+ udp_send w 10
+ rawip_recv r 10
+ rawip_send w 10
+
+class netlink_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class packet_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class key_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class unix_stream_socket 25
+ connectto w 1
+ newconn w 1
+ acceptfrom r 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class unix_dgram_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class sem 9
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class msg 2
+ send w 10
+ receive r 10
+
+class msgq 10
+ enqueue w 1
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class shm 10
+ lock w 1
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class ipc 9
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class passwd 5
+ passwd w 1
+ chfn w 5
+ chsh w 5
+ rootok n 1
+ crontab w 5
+
+class drawable 5
+ create w 1
+ destroy w 1
+ draw w 10
+ copy r 10
+ getattr r 7
+
+class window 26
+ addchild w 1
+ create w 1
+ destroy w 1
+ map w 1
+ unmap w 1
+ chstack w 10
+ chproplist w 7
+ chprop w 10
+ listprop r 5
+ getattr r 5
+ setattr w 5
+ setfocus w 1
+ move w 10
+ chselection w 10
+ chparent w 5
+ ctrllife w 5
+ enumerate w 1
+ transparent w 1
+ mousemotion w 10
+ clientcomevent w 5
+ inputevent w 5
+ drawevent w 5
+ windowchangeevent w 5
+windowchangerequest w 5
+ serverchangeevent w 5
+ extensionevent w 5
+
+class gc 4
+ create w 1
+ free w 1
+ getattr r 5
+ setattr w 5
+
+class font 4
+ load r 1
+ free w 1
+ getattr r 5
+ use r 1
+
+class colormap 9
+ create w 1
+ free w 1
+ install w 10
+ uninstall w 1
+ list r 5
+ read r 10
+ store w 10
+ getattr r 5
+ setattr w 5
+
+class property 4
+ create w 1
+ free w 1
+ read r 10
+ write w 10
+
+class cursor 5
+ create w 1
+ createglyph w 10
+ free w 1
+ assign w 10
+ setattr w 5
+
+class xclient 1
+ kill w 1
+
+class xinput 11
+ lookup r 10
+ getattr r 5
+ setattr w 5
+ setfocus w 10
+ warppointer w 10
+ activegrab w 1
+ passivegrab w 1
+ ungrab w 1
+ bell w 3
+ mousemotion w 10
+ relabelinput b 3
+
+class xserver 8
+ screensaver w 10
+ gethostlist r 7
+ sethostlist w 7
+ getfontpath r 7
+ setfontpath w 7
+ getattr r 7
+ grab w 10
+ ungrab w 1
+
+class xextension 2
+ query r 10
+ use b 1
+
+class pax 6
+ pageexec n 1
+ emutramp n 1
+ mprotect n 1
+ randmmap n 1
+ randexec n 1
+ segmexec n 1
+
+class netlink_route_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_firewall_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_tcpdiag_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_nflog_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_xfrm_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_selinux_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_audit_socket 26
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+ nlmsg_relay w 10
+ nlmsg_readpriv r 10
+
+class netlink_ip6fw_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_dnrt_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_kobject_uevent_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class dbus 2
+ acquire_svc b 1
+ send_msg w 10
+
+class nscd 8
+ getpwd r 7
+ getgrp r 7
+ gethost r 7
+ getstat r 7
+ admin w 5
+ shmempwd r 7
+ shmemgrp r 7
+ shmemhost r 7
+
+class association 4
+ sendto w 10
+ recvfrom r 10
+ setcontext w 3
+ polmatch r 1
+
+class appletalk_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 1
+ setattr w 1
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class key 7
+ view r 7
+ read r 10
+ write w 10
+ search r 5
+ link w 7
+ setattr w 7
+ create w 10
+
+class packet 3
+ send w 10
+ recv r 10
+ relabelto w 3
diff --git a/sepolgen/tests/Makefile b/sepolgen/tests/Makefile
new file mode 100644
index 0000000..56e9a5f
--- /dev/null
+++ b/sepolgen/tests/Makefile
@@ -0,0 +1,9 @@
+clean:
+ rm -f *~ *.pyc
+ rm -f parser.out parsetab.py
+ rm -f out.txt
+ rm -f module_compile_test.pp
+ rm -f output
+
+test:
+ python run-tests.py
\ No newline at end of file
diff --git a/sepolgen/tests/audit.txt b/sepolgen/tests/audit.txt
new file mode 100644
index 0000000..a7cc225
--- /dev/null
+++ b/sepolgen/tests/audit.txt
@@ -0,0 +1,200 @@
+type=AVC msg=audit(1158584779.745:708): avc: denied { dac_read_search } for pid=8132 comm="sh" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.745:708): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf9132f8 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8132 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584779.753:709): avc: denied { dac_override } for pid=8133 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584779.753:709): avc: denied { dac_read_search } for pid=8133 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.753:709): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf910a48 a2=4c56cff4 a3=0 items=0 ppid=8132 pid=8133 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584779.825:710): avc: denied { dac_override } for pid=8134 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584779.825:710): avc: denied { dac_read_search } for pid=8134 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.825:710): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf910a48 a2=4c56cff4 a3=0 items=0 ppid=8132 pid=8134 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.793:711): avc: denied { dac_override } for pid=8144 comm="sh" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.793:711): avc: denied { dac_read_search } for pid=8144 comm="sh" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.793:711): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0ba38 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8144 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.797:712): avc: denied { dac_override } for pid=8145 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.797:712): avc: denied { dac_read_search } for pid=8145 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.797:712): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0b188 a2=4c56cff4 a3=0 items=0 ppid=8144 pid=8145 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.801:713): avc: denied { dac_override } for pid=8146 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.801:713): avc: denied { dac_read_search } for pid=8146 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.801:713): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0b188 a2=4c56cff4 a3=0 items=0 ppid=8144 pid=8146 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.805:714): avc: denied { dac_override } for pid=8144 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.805:714): avc: denied { dac_read_search } for pid=8144 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.805:714): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0a6c8 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8144 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.849:715): avc: denied { dac_override } for pid=8152 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.849:715): avc: denied { dac_read_search } for pid=8152 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.849:715): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0a0b8 a2=4c56cff4 a3=0 items=0 ppid=8151 pid=8152 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.853:716): avc: denied { dac_override } for pid=8153 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.853:716): avc: denied { dac_read_search } for pid=8153 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.853:716): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc09c78 a2=4c56cff4 a3=0 items=0 ppid=8151 pid=8153 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.945:717): avc: denied { dac_override } for pid=8144 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.945:717): avc: denied { dac_read_search } for pid=8144 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.945:717): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc09be8 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8144 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.957:718): avc: denied { dac_override } for pid=8144 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.957:718): avc: denied { dac_read_search } for pid=8144 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.957:718): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc09be8 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8144 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=CRED_ACQ msg=audit(1158584988.203:719): user pid=8264 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_START msg=audit(1158584988.203:720): user pid=8264 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_END msg=audit(1158584988.203:721): user pid=8264 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session close acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_ACCT msg=audit(1158585001.341:722): user pid=8294 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158585001.341:723): login pid=8294 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158585001.341:724): user pid=8294 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158585001.345:725): user pid=8294 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158585001.397:726): user pid=8294 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158585001.397:727): user pid=8294 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158585033.003:728): user pid=8331 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_START msg=audit(1158585033.003:729): user pid=8331 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_END msg=audit(1158585033.003:730): user pid=8331 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session close acct=root : exe="/usr/bin/sudo" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_ACCT msg=audit(1158585601.463:731): user pid=8495 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158585601.463:732): login pid=8495 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158585601.463:733): user pid=8495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158585601.463:734): user pid=8495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158585601.483:735): user pid=8495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158585601.483:736): user pid=8495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158586201.552:737): user pid=8538 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158586201.552:738): login pid=8538 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158586201.552:739): user pid=8538 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158586201.556:740): user pid=8538 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158586201.576:741): user pid=8538 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158586201.576:742): user pid=8538 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158586801.646:743): user pid=8563 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158586801.650:744): login pid=8563 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158586801.650:745): user pid=8563 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158586801.650:746): user pid=8563 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158586801.670:747): user pid=8563 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158586801.670:748): user pid=8563 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158587401.735:749): user pid=8628 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158587401.735:750): login pid=8628 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158587401.739:751): user pid=8628 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158587401.739:752): user pid=8628 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158587401.759:753): user pid=8628 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158587401.759:754): user pid=8628 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158588001.825:755): user pid=8779 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158588001.825:756): login pid=8779 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158588001.825:757): user pid=8779 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158588001.825:758): user pid=8779 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158588001.885:759): user pid=8779 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158588001.885:760): user pid=8779 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158588061.896:761): user pid=8787 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158588061.900:762): login pid=8787 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158588061.900:763): user pid=8787 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158588061.900:764): user pid=8787 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158588061.920:765): user pid=8787 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158588061.920:766): user pid=8787 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_AUTH msg=audit(1158588251.786:767): user pid=8857 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=USER_ACCT msg=audit(1158588251.786:768): user pid=8857 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=LOGIN msg=audit(1158588251.790:769): login pid=8859 uid=0 old auid=4294967295 new auid=500
+type=USER_START msg=audit(1158588251.790:770): user pid=8859 uid=0 auid=500 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=CRED_REFR msg=audit(1158588251.790:771): user pid=8859 uid=0 auid=500 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=USER_AUTH msg=audit(1158588258.499:772): user pid=8877 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=USER_ACCT msg=audit(1158588258.499:773): user pid=8877 uid=0 auid=4294967295 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=LOGIN msg=audit(1158588258.503:774): login pid=8879 uid=0 old auid=4294967295 new auid=500
+type=USER_START msg=audit(1158588258.503:775): user pid=8879 uid=0 auid=500 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=CRED_REFR msg=audit(1158588258.503:776): user pid=8879 uid=0 auid=500 subj=system_u:system_r:unconfined_t:s0-s0:c0.c255 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/sshd" (hostname=192.168.1.102, addr=2.0.0.0, terminal=ssh res=success)'
+type=USER_ACCT msg=audit(1158588601.986:777): user pid=8933 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158588601.986:778): login pid=8933 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158588601.986:779): user pid=8933 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158588601.990:780): user pid=8933 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158588602.010:781): user pid=8933 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158588602.010:782): user pid=8933 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158589201.084:783): user pid=8966 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158589201.084:784): login pid=8966 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158589201.084:785): user pid=8966 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158589201.084:786): user pid=8966 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158589201.104:787): user pid=8966 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158589201.104:788): user pid=8966 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158589801.165:789): user pid=9001 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158589801.165:790): login pid=9001 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158589801.169:791): user pid=9001 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158589801.169:792): user pid=9001 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158589801.189:793): user pid=9001 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158589801.189:794): user pid=9001 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158590401.255:795): user pid=9040 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158590401.255:796): login pid=9040 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158590401.255:797): user pid=9040 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158590401.255:798): user pid=9040 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158590401.279:799): user pid=9040 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158590401.279:800): user pid=9040 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158591001.345:801): user pid=9074 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158591001.345:802): login pid=9074 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158591001.349:803): user pid=9074 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158591001.349:804): user pid=9074 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158591001.365:805): user pid=9074 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158591001.365:806): user pid=9074 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158591601.438:807): user pid=9094 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158591601.438:808): login pid=9094 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158591601.438:809): user pid=9094 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158591601.438:810): user pid=9094 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158591601.458:811): user pid=9094 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158591601.458:812): user pid=9094 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158591661.469:813): user pid=9184 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158591661.469:814): login pid=9184 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158591661.469:815): user pid=9184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158591661.469:816): user pid=9184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158591661.509:817): user pid=9184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158591661.513:818): user pid=9184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158592201.576:819): user pid=9289 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158592201.576:820): login pid=9289 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158592201.580:821): user pid=9289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158592201.580:822): user pid=9289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158592201.604:823): user pid=9289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158592201.604:824): user pid=9289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158592801.674:825): user pid=9341 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158592801.674:826): login pid=9341 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158592801.674:827): user pid=9341 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158592801.674:828): user pid=9341 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158592801.694:829): user pid=9341 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158592801.694:830): user pid=9341 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158593401.759:831): user pid=9374 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158593401.759:832): login pid=9374 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158593401.759:833): user pid=9374 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158593401.759:834): user pid=9374 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158593401.775:835): user pid=9374 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158593401.775:836): user pid=9374 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158594001.885:837): user pid=9432 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158594001.885:838): login pid=9432 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158594001.889:839): user pid=9432 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158594001.889:840): user pid=9432 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158594001.909:841): user pid=9432 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158594001.909:842): user pid=9432 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158594601.982:843): user pid=9466 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158594601.982:844): login pid=9466 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158594601.982:845): user pid=9466 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158594601.982:846): user pid=9466 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158594601.998:847): user pid=9466 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158594602.002:848): user pid=9466 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158595201.064:849): user pid=9502 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158595201.064:850): login pid=9502 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158595201.068:851): user pid=9502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158595201.068:852): user pid=9502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158595201.084:853): user pid=9502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158595201.084:854): user pid=9502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158595261.095:855): user pid=9507 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158595261.095:856): login pid=9507 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158595261.095:857): user pid=9507 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158595261.095:858): user pid=9507 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158595261.119:859): user pid=9507 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158595261.119:860): user pid=9507 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_AUTH msg=audit(1158595693.694:861): user pid=9561 uid=500 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_ACCT msg=audit(1158595693.694:862): user pid=9561 uid=500 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_START msg=audit(1158595693.734:863): user pid=9561 uid=500 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=CRED_ACQ msg=audit(1158595693.758:864): user pid=9561 uid=500 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_AUTH msg=audit(1158595701.599:865): user pid=9582 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_ACCT msg=audit(1158595701.599:866): user pid=9582 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_START msg=audit(1158595701.627:867): user pid=9582 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=CRED_ACQ msg=audit(1158595701.627:868): user pid=9582 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_ACCT msg=audit(1158595801.182:869): user pid=9617 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158595801.182:870): login pid=9617 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158595801.182:871): user pid=9617 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158595801.182:872): user pid=9617 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158595801.202:873): user pid=9617 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158595801.202:874): user pid=9617 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158596401.275:875): user pid=9645 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158596401.279:876): login pid=9645 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158596401.279:877): user pid=9645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158596401.279:878): user pid=9645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158596401.295:879): user pid=9645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158596401.295:880): user pid=9645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1158597001.361:881): user pid=9692 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1158597001.361:882): login pid=9692 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1158597001.361:883): user pid=9692 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1158597001.361:884): user pid=9692 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1158597001.381:885): user pid=9692 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1158597001.381:886): user pid=9692 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c255 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
diff --git a/sepolgen/tests/module_compile_test.te b/sepolgen/tests/module_compile_test.te
new file mode 100644
index 0000000..446c8dc
--- /dev/null
+++ b/sepolgen/tests/module_compile_test.te
@@ -0,0 +1,8 @@
+module foo 1.0;
+
+require {
+ type foo, bar;
+ class file { read write };
+}
+
+allow foo bar : file { read write };
\ No newline at end of file
diff --git a/sepolgen/tests/perm_map b/sepolgen/tests/perm_map
new file mode 100644
index 0000000..a7123ad
--- /dev/null
+++ b/sepolgen/tests/perm_map
@@ -0,0 +1,993 @@
+# This is a permission map file for use in policy analysis. This
+# file maps object permissions (read, getattr, setattr, ..., etc.)
+# for an object class, to exactly one of the following: read, write,
+# both, or none. This file may be edited as long as the specific
+# syntax rules are obeyed.
+#
+# For each object class, there is a set of object permissions that are
+# individually mapped to read, write, both, or none. If a new object
+# class is added, make sure that the current number of object classes
+# is increased.
+#
+# The syntax for an object class definition is:
+# class <class_name> <num_permissions>
+#
+# This is followed by each permission and its individual mapping to one
+# of the following:
+#
+# r = Read
+# w = Write
+# n = None
+# b = Both
+#
+# Additionally, you can choose to follow the mapping with an optional
+# permission weight value from 1 (less importance) to 10 (higher importance).
+# 10 is the default weight value if one is not provided.
+#
+# Look to the examples below for further clarification.
+#
+# Number of object classes.
+58
+
+class security 11
+ compute_av n 1
+ compute_create n 1
+ compute_member n 1
+ check_context n 1
+ load_policy n 1
+ compute_relabel n 1
+ compute_user n 1
+ setenforce n 1
+ setbool n 1
+ setsecparam n 1
+ setcheckreqprot n 1
+
+class process 29
+ fork n 1
+ transition w 5
+ sigchld w 1
+ sigkill w 1
+ sigstop w 1
+ signull n 1
+ signal w 5
+ ptrace b 10
+ getsched r 1
+ setsched w 1
+ getsession r 1
+ getpgid r 1
+ setpgid w 5
+ getcap r 3
+ setcap w 1
+ share b 1
+ getattr r 1
+ setexec w 1
+ setfscreate w 1
+ noatsecure n 1
+ siginh n 1
+ setrlimit n 1
+ rlimitinh n 1
+ dyntransition w 10
+ setcurrent w 1
+ execmem n 1
+ execstack n 1
+ execheap n 1
+ setkeycreate w 1
+
+class system 4
+ ipc_info n 1
+ syslog_read n 1
+ syslog_mod n 1
+ syslog_console n 1
+
+class capability 31
+ chown n 3
+ dac_override n 1
+ dac_read_search n 1
+ fowner n 1
+ fsetid n 1
+ kill n 1
+ setgid n 3
+ setuid n 1
+ setpcap n 3
+ linux_immutable n 1
+ net_bind_service n 1
+ net_broadcast n 1
+ net_admin n 1
+ net_raw n 1
+ ipc_lock n 1
+ ipc_owner n 1
+ sys_module n 1
+ sys_rawio n 1
+ sys_chroot n 1
+ sys_ptrace n 1
+ sys_pacct n 1
+ sys_admin n 3
+ sys_boot n 1
+ sys_nice n 1
+ sys_resource n 1
+ sys_time n 1
+ sys_tty_config n 1
+ mknod n 1
+ lease n 1
+ audit_write n 3
+ audit_control n 1
+
+class filesystem 10
+ mount w 1
+ remount w 1
+ unmount w 1
+ getattr r 1
+ relabelfrom r 10
+ relabelto w 10
+ transition w 1
+ associate n 1
+ quotamod w 1
+ quotaget r 1
+
+class file 20
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class dir 22
+ add_name w 5
+ remove_name w 1
+ reparent w 1
+ search r 1
+ rmdir b 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class fd 1
+ use b 1
+
+class lnk_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 1
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class chr_file 20
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class blk_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class sock_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 1
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class fifo_file 17
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ unlink w 1
+ link w 1
+ rename w 5
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
+
+class socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class tcp_socket 27
+ connectto w 1
+ newconn w 1
+ acceptfrom r 1
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+ name_connect w 1
+
+class udp_socket 23
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class rawip_socket 23
+ node_bind n 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 1
+ setattr w 1
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class node 7
+ tcp_recv r 10
+ tcp_send w 10
+ udp_recv r 10
+ udp_send w 10
+ rawip_recv r 10
+ rawip_send w 10
+ enforce_dest n 1
+
+class netif 6
+ tcp_recv r 10
+ tcp_send w 10
+ udp_recv r 10
+ udp_send w 10
+ rawip_recv r 10
+ rawip_send w 10
+
+class netlink_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class packet_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class key_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class unix_stream_socket 25
+ connectto w 1
+ newconn w 1
+ acceptfrom r 1
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class unix_dgram_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class sem 9
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class msg 2
+ send w 10
+ receive r 10
+
+class msgq 10
+ enqueue w 1
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class shm 10
+ lock w 1
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class ipc 9
+ create w 1
+ destroy w 1
+ getattr r 1
+ setattr w 1
+ read r 10
+ write w 10
+ associate n 1
+ unix_read r 3
+ unix_write w 3
+
+class passwd 5
+ passwd w 1
+ chfn w 5
+ chsh w 5
+ rootok n 1
+ crontab w 5
+
+class drawable 5
+ create w 1
+ destroy w 1
+ draw w 10
+ copy r 10
+ getattr r 7
+
+class window 26
+ addchild w 1
+ create w 1
+ destroy w 1
+ map w 1
+ unmap w 1
+ chstack w 10
+ chproplist w 7
+ chprop w 10
+ listprop r 5
+ getattr r 5
+ setattr w 5
+ setfocus w 1
+ move w 10
+ chselection w 10
+ chparent w 5
+ ctrllife w 5
+ enumerate w 1
+ transparent w 1
+ mousemotion w 10
+ clientcomevent w 5
+ inputevent w 5
+ drawevent w 5
+ windowchangeevent w 5
+windowchangerequest w 5
+ serverchangeevent w 5
+ extensionevent w 5
+
+class gc 4
+ create w 1
+ free w 1
+ getattr r 5
+ setattr w 5
+
+class font 4
+ load r 1
+ free w 1
+ getattr r 5
+ use r 1
+
+class colormap 9
+ create w 1
+ free w 1
+ install w 10
+ uninstall w 1
+ list r 5
+ read r 10
+ store w 10
+ getattr r 5
+ setattr w 5
+
+class property 4
+ create w 1
+ free w 1
+ read r 10
+ write w 10
+
+class cursor 5
+ create w 1
+ createglyph w 10
+ free w 1
+ assign w 10
+ setattr w 5
+
+class xclient 1
+ kill w 1
+
+class xinput 11
+ lookup r 10
+ getattr r 5
+ setattr w 5
+ setfocus w 10
+ warppointer w 10
+ activegrab w 1
+ passivegrab w 1
+ ungrab w 1
+ bell w 3
+ mousemotion w 10
+ relabelinput b 3
+
+class xserver 8
+ screensaver w 10
+ gethostlist r 7
+ sethostlist w 7
+ getfontpath r 7
+ setfontpath w 7
+ getattr r 7
+ grab w 10
+ ungrab w 1
+
+class xextension 2
+ query r 10
+ use b 1
+
+class pax 6
+ pageexec n 1
+ emutramp n 1
+ mprotect n 1
+ randmmap n 1
+ randexec n 1
+ segmexec n 1
+
+class netlink_route_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_firewall_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_tcpdiag_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_nflog_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_xfrm_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_selinux_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_audit_socket 26
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+ nlmsg_relay w 10
+ nlmsg_readpriv r 10
+
+class netlink_ip6fw_socket 24
+ nlmsg_read r 10
+ nlmsg_write w 10
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_dnrt_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto r 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class netlink_kobject_uevent_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 7
+ setattr w 7
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class dbus 2
+ acquire_svc b 1
+ send_msg w 10
+
+class nscd 8
+ getpwd r 7
+ getgrp r 7
+ gethost r 7
+ getstat r 7
+ admin w 5
+ shmempwd r 7
+ shmemgrp r 7
+ shmemhost r 7
+
+class association 4
+ sendto w 10
+ recvfrom r 10
+ setcontext w 3
+ polmatch r 1
+
+class appletalk_socket 22
+ ioctl n 1
+ read r 10
+ write w 10
+ create w 1
+ getattr r 1
+ setattr w 1
+ lock n 1
+ relabelfrom r 10
+ relabelto w 10
+ append w 1
+ bind w 1
+ connect w 1
+ listen r 1
+ accept r 1
+ getopt r 1
+ setopt w 1
+ shutdown w 1
+ recvfrom r 10
+ sendto w 10
+ recv_msg r 10
+ send_msg w 10
+ name_bind n 1
+
+class key 7
+ view r 7
+ read r 10
+ write w 10
+ search r 5
+ link w 7
+ setattr w 7
+ create w 10
+
+class packet 3
+ send w 10
+ recv r 10
+ relabelto w 3
diff --git a/sepolgen/tests/run-tests.py b/sepolgen/tests/run-tests.py
new file mode 100644
index 0000000..3e0c448
--- /dev/null
+++ b/sepolgen/tests/run-tests.py
@@ -0,0 +1,16 @@
+import unittest
+import sys
+
+sys.path.insert(0, "../src/.")
+from test_access import *
+from test_audit import *
+from test_refpolicy import *
+from test_refparser import *
+from test_policygen import *
+from test_matching import *
+from test_interfaces import *
+from test_objectmodel import *
+from test_module import *
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/sepolgen/tests/test_access.py b/sepolgen/tests/test_access.py
new file mode 100644
index 0000000..16d856e
--- /dev/null
+++ b/sepolgen/tests/test_access.py
@@ -0,0 +1,238 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.refpolicy as refpolicy
+import sepolgen.refparser as refparser
+import sepolgen.policygen as policygen
+import sepolgen.access as access
+
+class TestAccessVector(unittest.TestCase):
+ def test_init(self):
+ # Default construction
+ a = access.AccessVector()
+ self.assertEqual(a.src_type, None)
+ self.assertEqual(a.tgt_type, None)
+ self.assertEqual(a.obj_class, None)
+ self.assertTrue(isinstance(a.perms, refpolicy.IdSet))
+ self.assertTrue(isinstance(a.audit_msgs, type([])))
+ self.assertEquals(len(a.audit_msgs), 0)
+
+ # Construction from a list
+ a = access.AccessVector()
+ a.src_type = "foo"
+ a.tgt_type = "bar"
+ a.obj_class = "file"
+ a.perms.update(["read", "write"])
+
+ l = access.AccessVector(['foo', 'bar', 'file', 'read', 'write'])
+ self.assertEqual(a.src_type, l.src_type)
+ self.assertEqual(a.tgt_type, l.tgt_type)
+ self.assertEqual(a.obj_class, l.obj_class)
+ self.assertEqual(a.perms, l.perms)
+
+ def test_from_list(self):
+ a = access.AccessVector()
+ a.src_type = "foo"
+ a.tgt_type = "bar"
+ a.obj_class = "file"
+ a.perms.update(["read", "write"])
+
+ l = access.AccessVector()
+ l.from_list(['foo', 'bar', 'file', 'read', 'write'])
+ self.assertEqual(a.src_type, l.src_type)
+ self.assertEqual(a.tgt_type, l.tgt_type)
+ self.assertEqual(a.obj_class, l.obj_class)
+ self.assertEqual(a.perms, l.perms)
+
+ def test_to_list(self):
+ a = access.AccessVector()
+ a.src_type = "foo"
+ a.tgt_type = "bar"
+ a.obj_class = "file"
+ a.perms.update(["read", "write"])
+
+ l = a.to_list()
+ self.assertEqual(l[0], "foo")
+ self.assertEqual(l[1], "bar")
+ self.assertEqual(l[2], "file")
+ self.assertEqual(l[3], "read")
+ self.assertEqual(l[4], "write")
+
+ def test_to_string(self):
+ a = access.AccessVector()
+ a.src_type = "foo"
+ a.tgt_type = "bar"
+ a.obj_class = "file"
+ a.perms.update(["read", "write"])
+
+ self.assertEquals(str(a), "allow foo bar : file { read write };")
+ self.assertEquals(a.to_string(), "allow foo bar : file { read write };")
+
+ def test_cmp(self):
+ a = access.AccessVector()
+ a.src_type = "foo"
+ a.tgt_type = "bar"
+ a.obj_class = "file"
+ a.perms.update(["read", "write"])
+
+ b = access.AccessVector()
+ b.src_type = "foo"
+ b.tgt_type = "bar"
+ b.obj_class = "file"
+ b.perms.update(["read", "write"])
+
+ self.assertEquals(a, b)
+
+ # Source Type
+ b.src_type = "baz"
+ self.assertEquals(cmp(a, b), 1)
+
+ b.src_type = "gaz"
+ self.assertEquals(cmp(a, b), -1)
+
+ # Target Type
+ b.src_type = "foo"
+ b.tgt_type = "aar"
+ self.assertEquals(cmp(a, b), 1)
+
+ b.tgt_type = "gaz"
+ self.assertEquals(cmp(a, b), -1)
+
+ # Perms
+ b.tgt_type = "bar"
+ b.perms = refpolicy.IdSet(["read"])
+ ret = cmp(a, b)
+ self.assertEquals(ret, 1)
+
+ b.perms = refpolicy.IdSet(["read", "write", "append"])
+ ret = cmp(a, b)
+ self.assertEquals(ret, -1)
+
+ b.perms = refpolicy.IdSet(["read", "append"])
+ ret = cmp(a, b)
+ self.assertEquals(ret, 1)
+
+class TestUtilFunctions(unittest.TestCase):
+ def test_is_idparam(self):
+ self.assertTrue(access.is_idparam("$1"))
+ self.assertTrue(access.is_idparam("$2"))
+ self.assertTrue(access.is_idparam("$123"))
+ self.assertFalse(access.is_idparam("$123.23"))
+ self.assertFalse(access.is_idparam("$A"))
+
+ def test_avrule_to_access_vectors(self):
+ rule = refpolicy.AVRule()
+ rule.src_types.add("foo")
+ rule.src_types.add("baz")
+ rule.tgt_types.add("bar")
+ rule.tgt_types.add("what")
+ rule.obj_classes.add("file")
+ rule.obj_classes.add("dir")
+ rule.perms.add("read")
+ rule.perms.add("write")
+
+ avs = access.avrule_to_access_vectors(rule)
+ self.assertEquals(len(avs), 8)
+ comps = [("foo", "what", "dir"),
+ ("foo", "what", "file"),
+ ("foo", "bar", "dir"),
+ ("foo", "bar", "file"),
+ ("baz", "what", "dir"),
+ ("baz", "what", "file"),
+ ("baz", "bar", "dir"),
+ ("baz", "bar", "file")]
+ status = [False] * 8
+ for av in access.avrule_to_access_vectors(rule):
+ self.assertEquals(av.perms, refpolicy.IdSet(["read", "write"]))
+ for i in xrange(len(comps)):
+ if comps[i][0] == av.src_type and \
+ comps[i][1] == av.tgt_type and \
+ comps[i][2] == av.obj_class:
+ status[i] = True
+
+ for s in status:
+ self.assertEquals(s, True)
+
+
+class TestAccessVectorSet(unittest.TestCase):
+ def setUp(self):
+ rule = refpolicy.AVRule()
+ rule.src_types.add("foo")
+ rule.src_types.add("baz")
+ rule.tgt_types.add("bar")
+ rule.tgt_types.add("what")
+ rule.obj_classes.add("file")
+ rule.obj_classes.add("dir")
+ rule.perms.add("read")
+ rule.perms.add("write")
+
+ s = access.AccessVectorSet()
+ avs = access.avrule_to_access_vectors(rule)
+ for av in avs:
+ s.add_av(av)
+ self.s = s
+
+ def test_init(self):
+ a = access.AccessVectorSet()
+
+ def test_iter(self):
+ comps = [("foo", "what", "dir"),
+ ("foo", "what", "file"),
+ ("foo", "bar", "dir"),
+ ("foo", "bar", "file"),
+ ("baz", "what", "dir"),
+ ("baz", "what", "file"),
+ ("baz", "bar", "dir"),
+ ("baz", "bar", "file")]
+ status = [False] * 8
+ for av in self.s:
+ self.assertEquals(av.perms, refpolicy.IdSet(["read", "write"]))
+ for i in xrange(len(comps)):
+ if comps[i][0] == av.src_type and \
+ comps[i][1] == av.tgt_type and \
+ comps[i][2] == av.obj_class:
+ status[i] = True
+
+ for s in status:
+ self.assertEquals(s, True)
+
+ def test_len(self):
+ self.assertEquals(len(self.s), 8)
+
+ def test_list(self):
+ a = access.AccessVectorSet()
+ a.add("$1", "foo", "file", refpolicy.IdSet(["read", "write"]))
+ a.add("$1", "bar", "file", refpolicy.IdSet(["read", "write"]))
+ a.add("what", "bar", "file", refpolicy.IdSet(["read", "write"]))
+
+ avl = a.to_list()
+
+ test_l = [['what','bar','file','read','write'],
+ ['$1','foo','file','read','write'],
+ ['$1','bar','file','read','write']]
+
+ for a,b in zip(test_l, avl):
+ self.assertEqual(len(a), len(b))
+ for x,y in zip(a,b):
+ self.assertEqual(x, y)
+
+ b = access.AccessVectorSet()
+ b.from_list(avl)
+ self.assertEqual(len(b), 3)
diff --git a/sepolgen/tests/test_audit.py b/sepolgen/tests/test_audit.py
new file mode 100644
index 0000000..7b74220
--- /dev/null
+++ b/sepolgen/tests/test_audit.py
@@ -0,0 +1,192 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.audit
+import sepolgen.refpolicy
+
+# syslog message
+audit1 = """Sep 12 08:26:43 dhcp83-5 kernel: audit(1158064002.046:4): avc: denied { read } for pid=2 496 comm="bluez-pin" name=".gdm1K3IFT" dev=dm-0 ino=3601333 scontext=user_u:system_r:bluetooth_helper_t:s0-s0:c0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file"""
+
+# audit daemon messages
+audit2 = """type=AVC msg=audit(1158584779.745:708): avc: denied { dac_read_search } for pid=8132 comm="sh" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability"""
+
+log1 = """type=AVC msg=audit(1158584779.745:708): avc: denied { dac_read_search } for pid=8132 comm="sh" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.745:708): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf9132f8 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8132 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584779.753:709): avc: denied { dac_override } for pid=8133 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584779.753:709): avc: denied { dac_read_search } for pid=8133 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.753:709): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf910a48 a2=4c56cff4 a3=0 items=0 ppid=8132 pid=8133 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584779.825:710): avc: denied { dac_override } for pid=8134 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584779.825:710): avc: denied { dac_read_search } for pid=8134 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584779.825:710): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bf910a48 a2=4c56cff4 a3=0 items=0 ppid=8132 pid=8134 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.793:711): avc: denied { dac_override } for pid=8144 comm="sh" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.793:711): avc: denied { dac_read_search } for pid=8144 comm="sh" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.793:711): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0ba38 a2=4c56cff4 a3=0 items=0 ppid=8131 pid=8144 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.797:712): avc: denied { dac_override } for pid=8145 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.797:712): avc: denied { dac_read_search } for pid=8145 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=SYSCALL msg=audit(1158584780.797:712): arch=40000003 syscall=195 success=no exit=-13 a0=80d2437 a1=bfc0b188 a2=4c56cff4 a3=0 items=0 ppid=8144 pid=8145 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc-script" exe="/bin/bash" subj=user_u:system_r:vpnc_t:s0 key=(null)
+type=AVC msg=audit(1158584780.801:713): avc: denied { dac_override } for pid=8146 comm="vpnc-script" capability=1 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC msg=audit(1158584780.801:713): avc: denied { dac_read_search } for pid=8146 comm="vpnc-script" capability=2 scontext=user_u:system_r:vpnc_t:s0 tcontext=user_u:system_r:vpnc_t:s0 tclass=capability
+type=AVC_PATH msg=audit(1162850461.778:1113): path="/etc/rc.d/init.d/innd"
+"""
+
+granted1 = """type=AVC msg=audit(1188833848.190:34): avc: granted { getattr } for pid=4310 comm="ls" name="foo.pp" dev=sda5 ino=295171 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file"""
+
+path1 = """type=AVC_PATH msg=audit(1162852201.019:1225): path="/usr/lib/sa/sa1"
+"""
+
+log2 = """type=AVC_PATH msg=audit(1162852201.019:1225): path="/usr/lib/sa/sa1"
+type=SYSCALL msg=audit(1162852201.019:1225): arch=40000003 syscall=11 success=yes exit=0 a0=87271b0 a1=8727358 a2=8727290 a3=8727008 items=0 ppid=6973 pid=6974 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162852201.019:1225): avc: denied { execute_no_trans } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162852201.019:1225): avc: denied { execute } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file"""
+
+class TestAVCMessage(unittest.TestCase):
+ def test_defs(self):
+ avc = sepolgen.audit.AVCMessage(audit1)
+ sc = sepolgen.refpolicy.SecurityContext()
+ self.assertEquals(avc.scontext, sc)
+ self.assertEquals(avc.tcontext, sc)
+ self.assertEquals(avc.tclass, "")
+ self.assertEquals(avc.accesses, [])
+
+ def test_granted(self):
+ avc = sepolgen.audit.AVCMessage(granted1)
+ avc.from_split_string(granted1.split())
+
+ self.assertEquals(avc.scontext.user, "user_u")
+ self.assertEquals(avc.scontext.role, "system_r")
+ self.assertEquals(avc.scontext.type, "unconfined_t")
+ self.assertEquals(avc.scontext.level, "s0")
+
+ self.assertEquals(avc.tcontext.user, "user_u")
+ self.assertEquals(avc.tcontext.role, "object_r")
+ self.assertEquals(avc.tcontext.type, "user_home_t")
+ self.assertEquals(avc.tcontext.level, "s0")
+
+ self.assertEquals(avc.tclass, "file")
+ self.assertEquals(avc.accesses, ["getattr"])
+
+ self.assertEquals(avc.denial, False)
+
+
+ def test_from_split_string(self):
+ # syslog message
+ avc = sepolgen.audit.AVCMessage(audit1)
+ recs = audit1.split()
+ avc.from_split_string(recs)
+
+ self.assertEquals(avc.header, "audit(1158064002.046:4):")
+ self.assertEquals(avc.scontext.user, "user_u")
+ self.assertEquals(avc.scontext.role, "system_r")
+ self.assertEquals(avc.scontext.type, "bluetooth_helper_t")
+ self.assertEquals(avc.scontext.level, "s0-s0:c0")
+
+ self.assertEquals(avc.tcontext.user, "system_u")
+ self.assertEquals(avc.tcontext.role, "object_r")
+ self.assertEquals(avc.tcontext.type, "xdm_tmp_t")
+ self.assertEquals(avc.tcontext.level, "s0")
+
+ self.assertEquals(avc.tclass, "file")
+ self.assertEquals(avc.accesses, ["read"])
+
+ self.assertEquals(avc.comm, "bluez-pin")
+
+
+ self.assertEquals(avc.denial, True)
+
+ # audit daemon message
+ avc = sepolgen.audit.AVCMessage(audit2)
+ recs = audit2.split()
+ avc.from_split_string(recs)
+
+ self.assertEquals(avc.header, "audit(1158584779.745:708):")
+ self.assertEquals(avc.scontext.user, "user_u")
+ self.assertEquals(avc.scontext.role, "system_r")
+ self.assertEquals(avc.scontext.type, "vpnc_t")
+ self.assertEquals(avc.scontext.level, "s0")
+
+ self.assertEquals(avc.tcontext.user, "user_u")
+ self.assertEquals(avc.tcontext.role, "system_r")
+ self.assertEquals(avc.tcontext.type, "vpnc_t")
+ self.assertEquals(avc.tcontext.level, "s0")
+
+ self.assertEquals(avc.tclass, "capability")
+ self.assertEquals(avc.accesses, ["dac_read_search"])
+
+ self.assertEquals(avc.comm, "sh")
+
+ self.assertEquals(avc.denial, True)
+
+class TestPathMessage(unittest.TestCase):
+ def test_from_split_string(self):
+ path = sepolgen.audit.PathMessage(path1)
+ recs = path1.split()
+ path.from_split_string(recs)
+ self.assertEquals(path.path, "/usr/lib/sa/sa1")
+
+# TODO - add tests for the other message types
+
+
+# TODO - these tests need a lot of expansion and more examples of
+# different types of log files
+class TestAuditParser(unittest.TestCase):
+ def test_parse_string(self):
+ a = sepolgen.audit.AuditParser()
+ a.parse_string(log1)
+ self.assertEquals(len(a.avc_msgs), 11)
+ self.assertEquals(len(a.compute_sid_msgs), 0)
+ self.assertEquals(len(a.invalid_msgs), 0)
+ self.assertEquals(len(a.policy_load_msgs), 0)
+ self.assertEquals(len(a.path_msgs), 1)
+
+ def test_post_process(self):
+ a = sepolgen.audit.AuditParser()
+ a.parse_string(log2)
+ self.assertEquals(len(a.avc_msgs), 2)
+ self.assertEquals(a.avc_msgs[0].path, "/usr/lib/sa/sa1")
+ self.assertEquals(a.avc_msgs[1].path, "/usr/lib/sa/sa1")
+
+ def test_parse_file(self):
+ f = open("audit.txt")
+ a = sepolgen.audit.AuditParser()
+ a.parse_file(f)
+ self.assertEquals(len(a.avc_msgs), 21)
+ self.assertEquals(len(a.compute_sid_msgs), 0)
+ self.assertEquals(len(a.invalid_msgs), 0)
+ self.assertEquals(len(a.policy_load_msgs), 0)
+
+class TestGeneration(unittest.TestCase):
+ def test_generation(self):
+ parser = sepolgen.audit.AuditParser()
+ parser.parse_string(log1)
+ avs = parser.to_access()
+
+ self.assertEqual(len(avs), 1)
+
+ def test_genaration_granted(self):
+ parser = sepolgen.audit.AuditParser()
+ parser.parse_string(granted1)
+ avs = parser.to_access()
+
+ self.assertEqual(len(avs), 0)
+
+ avs = parser.to_access(only_denials=False)
+
+ self.assertEqual(len(avs), 1)
+
diff --git a/sepolgen/tests/test_data/audit.log b/sepolgen/tests/test_data/audit.log
new file mode 100644
index 0000000..4483eb8
--- /dev/null
+++ b/sepolgen/tests/test_data/audit.log
@@ -0,0 +1,5225 @@
+type=AVC msg=audit(1162850331.422:978): avc: denied { ioctl } for pid=6314 comm="pam_timestamp_c" name="[96391]" dev=pipefs ino=96391 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1162850331.422:978): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfb6479c a3=bfb647dc items=0 ppid=6311 pid=6314 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850331.422:978): path="pipe:[96391]"
+type=AVC msg=audit(1162850332.318:979): avc: denied { read } for pid=6306 comm="beagled" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850332.318:979): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb2fde a1=4 a2=4db18a64 a3=bfdb2fde items=0 ppid=1 pid=6306 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850333.186:980): avc: denied { read } for pid=6306 comm="beagled" name="max_user_instances" dev=proc ino=-268435218 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850333.186:980): arch=40000003 syscall=5 success=yes exit=24 a0=11833c a1=0 a2=1 a3=8aeffb8 items=0 ppid=1 pid=6306 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850335.022:981): avc: denied { read write } for pid=6336 comm="clock-applet" name="bonobo-activation-register.lock" dev=dm-0 ino=5434689 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850335.022:981): arch=40000003 syscall=5 success=yes exit=13 a0=9c0e840 a1=42 a2=1c0 a3=9c0e840 items=0 ppid=1 pid=6336 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clock-applet" exe="/usr/libexec/clock-applet" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850335.022:982): avc: denied { lock } for pid=6336 comm="clock-applet" name="bonobo-activation-register.lock" dev=dm-0 ino=5434689 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850335.022:982): arch=40000003 syscall=221 success=yes exit=0 a0=d a1=7 a2=bf991e3c a3=bf991e3c items=0 ppid=1 pid=6336 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clock-applet" exe="/usr/libexec/clock-applet" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850335.022:982): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=USER_AUTH msg=audit(1162850343.419:983): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1162850343.419:984): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850343.419:985): avc: denied { search } for pid=6377 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850343.419:985): arch=40000003 syscall=5 success=no exit=-2 a0=bf95cd98 a1=8000 a2=1b6 a3=8e1f9a8 items=0 ppid=6356 pid=6377 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:986): avc: denied { write } for pid=6378 comm="xauth" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:986): arch=40000003 syscall=33 success=yes exit=0 a0=bfa1f935 a1=2 a2=bfa1e1e0 a3=0 items=0 ppid=6377 pid=6378 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:987): avc: denied { read } for pid=6378 comm="xauth" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:987): arch=40000003 syscall=5 success=yes exit=2 a0=bfa1f935 a1=0 a2=1b6 a3=85b5008 items=0 ppid=6377 pid=6378 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:988): avc: denied { getattr } for pid=6378 comm="xauth" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:988): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfa1df2c a2=ce8ff4 a3=85b5008 items=0 ppid=6377 pid=6378 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850343.427:988): path="/tmp/.gdmDOM7HT"
+type=AVC msg=audit(1162850343.427:989): avc: denied { write } for pid=6377 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850343.427:989): avc: denied { add_name } for pid=6377 comm="su" name=".xauthqtQAcS" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850343.427:989): avc: denied { create } for pid=6377 comm="su" name=".xauthqtQAcS" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:989): arch=40000003 syscall=5 success=yes exit=4 a0=8e1facb a1=80c2 a2=180 a3=80c2 items=0 ppid=6356 pid=6377 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:990): avc: denied { setattr } for pid=6377 comm="su" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:990): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=16d69f items=0 ppid=6356 pid=6377 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:991): avc: denied { search } for pid=6379 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850343.427:991): arch=40000003 syscall=195 success=no exit=-2 a0=bffc4257 a1=bffc3d70 a2=ad6ff4 a3=3 items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:992): avc: denied { write } for pid=6379 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850343.427:992): avc: denied { add_name } for pid=6379 comm="xauth" name=".xauthqtQAcS-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850343.427:992): avc: denied { create } for pid=6379 comm="xauth" name=".xauthqtQAcS-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:992): arch=40000003 syscall=5 success=yes exit=2 a0=bffc4257 a1=c1 a2=180 a3=ffffffff items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:993): avc: denied { link } for pid=6379 comm="xauth" name=".xauthqtQAcS-c" dev=dm-0 ino=13127377 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:993): arch=40000003 syscall=9 success=yes exit=0 a0=bffc4257 a1=bffc3e56 a2=4db18a64 a3=2 items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:994): avc: denied { write } for pid=6379 comm="xauth" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:994): arch=40000003 syscall=33 success=yes exit=0 a0=bffc5931 a1=2 a2=bffc4780 a3=0 items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:995): avc: denied { read } for pid=6379 comm="xauth" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:995): arch=40000003 syscall=5 success=yes exit=2 a0=bffc5931 a1=0 a2=1b6 a3=8a85008 items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850343.427:996): avc: denied { getattr } for pid=6379 comm="xauth" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:996): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bffc44cc a2=ad6ff4 a3=8a85008 items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850343.427:996): path="/root/.xauthqtQAcS"
+type=AVC msg=audit(1162850343.427:997): avc: denied { remove_name } for pid=6379 comm="xauth" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850343.427:997): avc: denied { unlink } for pid=6379 comm="xauth" name=".xauthqtQAcS" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.427:997): arch=40000003 syscall=10 success=yes exit=0 a0=8a85008 a1=1000 a2=0 a3=8a8508a items=0 ppid=6377 pid=6379 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1162850343.431:998): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=CRED_ACQ msg=audit(1162850343.431:999): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850343.455:1000): avc: denied { dac_override } for pid=6380 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1162850343.455:1000): arch=40000003 syscall=195 success=yes exit=0 a0=80d2437 a1=bfdd2a90 a2=566ff4 a3=bfdd2af0 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850343.455:1001): avc: denied { read } for pid=6380 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.455:1001): arch=40000003 syscall=5 success=yes exit=3 a0=83cdb10 a1=8000 a2=0 a3=8000 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850343.495:1002): avc: denied { read } for pid=6380 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850343.495:1002): arch=40000003 syscall=5 success=yes exit=3 a0=83cdcf0 a1=8000 a2=0 a3=8000 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850348.747:1003): avc: denied { write } for pid=6145 comm="gconfd-2" name="linc-12e8-0-2a09eb386cb5" dev=dm-0 ino=14469619 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850348.747:1003): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=bf8754a0 a2=4e570f80 a3=0 items=0 ppid=1 pid=6145 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1162850353.595:1004): user pid=6400 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1162850353.595:1005): user pid=6400 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ROLE_CHANGE msg=audit(1162850353.599:1006): user pid=6401 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='newrole: old-context=staff_u:staff_r:staff_t new-context=staff_u:sysadm_r:sysadm_t: exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=/dev/pts/1 res=success)'
+type=AVC msg=audit(1162850355.108:1007): avc: denied { create } for pid=6431 comm="gnome-screensav" name="linc-191f-0-64d0738e1c346" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850355.108:1007): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfafe8a0 a2=4e570f80 a3=b7fa968c items=0 ppid=1 pid=6431 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/bin/gnome-screensaver" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850368.976:1008): avc: denied { execute } for pid=6401 comm="bash" name="audit2policy" dev=dm-0 ino=6618077 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850368.976:1008): arch=40000003 syscall=33 success=yes exit=0 a0=9abfcc0 a1=1 a2=11 a3=9abfcc0 items=0 ppid=6400 pid=6401 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC msg=audit(1162850370.221:1009): avc: denied { execute_no_trans } for pid=6434 comm="bash" name="audit2policy" dev=dm-0 ino=6618077 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850370.221:1009): arch=40000003 syscall=11 success=yes exit=0 a0=9ab8fc8 a1=9abaed8 a2=9abc6f8 a3=9acc6d8 items=0 ppid=6401 pid=6434 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850370.221:1009): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=AVC msg=audit(1162850382.557:1010): avc: denied { connectto } for pid=6436 comm="xterm" name="6179" scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162850382.557:1010): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfed9e20 a2=4dc5d770 a3=15 items=0 ppid=6401 pid=6436 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xterm" exe="/usr/bin/xterm" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850382.557:1010): path="/tmp/.ICE-unix/6179"
+type=AVC msg=audit(1162850382.717:1011): avc: denied { read } for pid=6449 comm="consoletype" name="Compose" dev=dm-0 ino=10378015 scontext=staff_u:sysadm_r:consoletype_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850382.717:1011): arch=40000003 syscall=11 success=yes exit=0 a0=9d12630 a1=9d12048 a2=9d0cd08 a3=9d120e0 items=0 ppid=6448 pid=6449 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:sysadm_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850382.717:1011): path="/usr/share/X11/locale/en_US.UTF-8/Compose"
+type=AVC msg=audit(1162850395.230:1012): avc: denied { execheap } for pid=6462 comm="beagled" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162850395.230:1012): avc: denied { execmem } for pid=6462 comm="beagled" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162850395.230:1012): arch=40000003 syscall=125 success=yes exit=0 a0=8bf8000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=6462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850395.986:1013): avc: denied { ptrace } for pid=3896 comm="dbus-daemon" scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=MAC_POLICY_LOAD msg=audit(1162850395.870:1014): policy loaded auid=500
+type=SYSCALL msg=audit(1162850395.986:1013): arch=40000003 syscall=85 success=yes exit=16 a0=4d8cbfce a1=b7f49b58 a2=fff a3=b7f4ceba items=0 ppid=1 pid=3896 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=SYSCALL msg=audit(1162850395.870:1014): arch=40000003 syscall=4 success=yes exit=2097911 a0=4 a1=b7b16000 a2=2002f7 a3=bfc9e918 items=0 ppid=6401 pid=6470 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:sysadm_r:load_policy_t:s0 key=(null)
+type=AVC msg=audit(1162850395.986:1015): avc: denied { getattr } for pid=3895 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1162850395.986:1015): arch=40000003 syscall=100 success=yes exit=0 a0=a a1=bf95fbdc a2=cf6ff4 a3=ffffffb8 items=0 ppid=1 pid=3895 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162850395.990:1016): avc: denied { search } for pid=3895 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850395.990:1016): avc: denied { search } for pid=3895 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850395.990:1016): arch=40000003 syscall=5 success=no exit=-2 a0=8170658 a1=18800 a2=0 a3=bf95fd18 items=0 ppid=1 pid=3895 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162850398.546:1017): avc: denied { execute } for pid=6472 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850398.546:1017): arch=40000003 syscall=33 success=yes exit=0 a0=8db9868 a1=1 a2=11 a3=8db9868 items=0 ppid=1 pid=6472 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled-index-h" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850398.546:1018): avc: denied { read } for pid=6472 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850398.546:1018): arch=40000003 syscall=33 success=yes exit=0 a0=8db9868 a1=4 a2=ffffffff a3=8db9868 items=0 ppid=1 pid=6472 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled-index-h" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850398.546:1019): avc: denied { execute_no_trans } for pid=6472 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850398.546:1019): arch=40000003 syscall=11 success=yes exit=0 a0=8db9b80 a1=8db9808 a2=8dba5f0 a3=8db9808 items=0 ppid=1 pid=6472 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850398.546:1019): path="/usr/bin/mono"
+type=AVC msg=audit(1162850398.546:1020): avc: denied { execheap } for pid=6472 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162850398.546:1020): avc: denied { execmem } for pid=6472 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162850398.546:1020): arch=40000003 syscall=125 success=yes exit=0 a0=9aec000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=6472 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850398.674:1021): avc: denied { read } for pid=6472 comm="beagled-helper" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850398.674:1021): arch=40000003 syscall=33 success=yes exit=0 a0=bfeb1fde a1=4 a2=4db18a64 a3=bfeb1fde items=0 ppid=1 pid=6472 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled-helper" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.226:1022): avc: denied { write } for pid=6253 comm="gnome-power-man" name="orbit-kmacmill" dev=dm-0 ino=14469563 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.226:1022): avc: denied { remove_name } for pid=6253 comm="gnome-power-man" name="linc-1868-0-3840e8f2aa88e" dev=dm-0 ino=5434685 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.226:1022): avc: denied { unlink } for pid=6253 comm="gnome-power-man" name="linc-1868-0-3840e8f2aa88e" dev=dm-0 ino=5434685 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850399.226:1022): arch=40000003 syscall=10 success=yes exit=0 a0=9997538 a1=996db90 a2=4df37708 a3=b items=0 ppid=1 pid=6253 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-power-man" exe="/usr/bin/gnome-power-manager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.246:1023): avc: denied { write } for pid=6273 comm="gnome-panel" name="linc-18c0-0-55b6afc2586c" dev=dm-0 ino=14469575 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850399.246:1023): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfff15f0 a2=4e570f80 a3=0 items=0 ppid=1 pid=6273 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-panel" exe="/usr/bin/gnome-panel" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.322:1024): avc: denied { write } for pid=6380 comm="bash" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162850399.322:1024): arch=40000003 syscall=4 success=no exit=-5 a0=2 a1=b7f2b000 a2=2e a3=2e items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850399.322:1024): path=2F6465762F7074732F31202864656C6574656429
+type=AVC msg=audit(1162850399.322:1025): avc: denied { read } for pid=6380 comm="bash" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162850399.322:1025): arch=40000003 syscall=3 success=yes exit=0 a0=0 a1=bfdd204b a2=1 a3=567420 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850399.322:1025): path=2F6465762F7074732F31202864656C6574656429
+type=AVC msg=audit(1162850399.322:1026): avc: denied { append } for pid=6380 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850399.322:1026): arch=40000003 syscall=5 success=yes exit=3 a0=83cdcf0 a1=8401 a2=0 a3=8401 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.326:1027): avc: denied { read } for pid=6380 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850399.326:1027): arch=40000003 syscall=5 success=yes exit=3 a0=83cdcf0 a1=8000 a2=0 a3=8000 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.326:1028): avc: denied { write } for pid=6380 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850399.326:1028): arch=40000003 syscall=5 success=yes exit=3 a0=83cdcf0 a1=8201 a2=0 a3=8201 items=0 ppid=6377 pid=6380 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1162850399.338:1029): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850399.338:1030): avc: denied { search } for pid=6377 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.338:1030): avc: denied { write } for pid=6377 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.338:1030): avc: denied { remove_name } for pid=6377 comm="su" name=".xauthqtQAcS" dev=dm-0 ino=13127378 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.338:1030): avc: denied { unlink } for pid=6377 comm="su" name=".xauthqtQAcS" dev=dm-0 ino=13127378 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850399.338:1030): arch=40000003 syscall=10 success=yes exit=0 a0=8e1f9a8 a1=8e1fa86 a2=16ebc8 a3=8e1c008 items=0 ppid=1 pid=6377 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_END msg=audit(1162850399.338:1031): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850399.422:1032): avc: denied { setattr } for pid=6485 comm="metacity" name="orbit-kmacmill" dev=dm-0 ino=14469563 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850399.422:1032): arch=40000003 syscall=30 success=yes exit=0 a0=8ca7af0 a1=bf8d0a64 a2=4e570f80 a3=1f4 items=0 ppid=1 pid=6485 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850399.426:1033): avc: denied { add_name } for pid=6485 comm="metacity" name="linc-1955-0-51d5b0be68eb4" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162850399.426:1033): avc: denied { create } for pid=6485 comm="metacity" name="linc-1955-0-51d5b0be68eb4" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850399.426:1033): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf8d11f0 a2=4e570f80 a3=b7f03a1c items=0 ppid=1 pid=6485 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_END msg=audit(1162850399.534:1034): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session close acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_DISP msg=audit(1162850399.534:1035): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_ACCT msg=audit(1162850401.602:1036): user pid=6513 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162850401.606:1037): login pid=6513 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162850401.606:1038): user pid=6513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162850401.606:1039): user pid=6513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162850401.610:1040): avc: denied { execute } for pid=6514 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162850401.610:1040): avc: denied { execute_no_trans } for pid=6514 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.610:1040): arch=40000003 syscall=11 success=yes exit=0 a0=9d241b0 a1=9d24358 a2=9d24290 a3=9d24008 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850401.610:1040): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162850401.614:1041): avc: denied { execute } for pid=6514 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162850401.614:1041): avc: denied { execute_no_trans } for pid=6514 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162850401.614:1041): avc: denied { read } for pid=6514 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.614:1041): arch=40000003 syscall=11 success=yes exit=0 a0=8841d48 a1=8841740 a2=8841d60 a3=8841740 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850401.614:1041): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162850401.614:1041): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162850401.618:1042): avc: denied { search } for pid=6514 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162850401.618:1042): avc: denied { read } for pid=6514 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.618:1042): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9d7f800 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850401.618:1043): avc: denied { getattr } for pid=6514 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.618:1043): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfc5ed88 a2=b45ff4 a3=9d7f800 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850401.618:1043): path="/proc/net/dev"
+type=AVC msg=audit(1162850401.618:1044): avc: denied { search } for pid=6514 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850401.618:1044): arch=40000003 syscall=33 success=yes exit=0 a0=bfc5f134 a1=0 a2=bfc5f028 a3=bfc5f030 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850401.618:1045): avc: denied { read append } for pid=6514 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.618:1045): arch=40000003 syscall=5 success=yes exit=3 a0=bfc5f134 a1=402 a2=bfc5f2f8 a3=bfc5f030 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850401.622:1046): avc: denied { search } for pid=6514 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162850401.622:1046): avc: denied { read } for pid=6514 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.622:1046): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9d7fdf0 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850401.622:1047): avc: denied { getattr } for pid=6514 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.622:1047): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfc5ebe4 a2=b45ff4 a3=9d7fdf0 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850401.622:1047): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162850401.622:1048): avc: denied { search } for pid=6514 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850401.622:1048): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9d7fdf0 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850401.622:1049): avc: denied { lock } for pid=6514 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850401.622:1049): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfc5f030 a3=3 items=0 ppid=6513 pid=6514 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850401.622:1049): path="/var/log/sa/sa06"
+type=CRED_DISP msg=audit(1162850401.630:1050): user pid=6513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162850401.630:1051): user pid=6513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162850416.415:1052): user pid=3839 uid=0 auid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)'
+type=USER_END msg=audit(1162850416.415:1053): user pid=3839 uid=0 auid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)'
+type=USER_AUTH msg=audit(1162850424.220:1054): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_ACCT msg=audit(1162850424.220:1055): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_ACQ msg=audit(1162850424.224:1056): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=LOGIN msg=audit(1162850424.248:1057): login pid=4697 uid=0 old auid=500 new auid=500
+type=USER_START msg=audit(1162850424.260:1058): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_LOGIN msg=audit(1162850424.260:1059): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)'
+type=AVC msg=audit(1162850424.292:1060): avc: denied { read } for pid=6531 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850424.292:1060): arch=40000003 syscall=5 success=yes exit=12 a0=80865d5 a1=0 a2=1 a3=d items=0 ppid=4697 pid=6531 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850424.292:1061): avc: denied { getattr } for pid=6531 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850424.292:1061): arch=40000003 syscall=196 success=yes exit=0 a0=80865d5 a1=bffa43e0 a2=958ff4 a3=3 items=0 ppid=4697 pid=6531 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850424.292:1061): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162850424.308:1062): avc: denied { read } for pid=6544 comm="xrdb" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850424.308:1062): arch=40000003 syscall=33 success=yes exit=0 a0=bf81cfce a1=4 a2=4db18a64 a3=bf81cfce items=0 ppid=6531 pid=6544 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xrdb" exe="/usr/bin/xrdb" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850424.412:1063): avc: denied { getattr } for pid=6585 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1162850424.412:1063): arch=40000003 syscall=100 success=yes exit=0 a0=5 a1=bfcb232c a2=248ff4 a3=ffffffb8 items=0 ppid=6584 pid=6585 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162850424.412:1064): avc: denied { search } for pid=6585 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850424.412:1064): arch=40000003 syscall=5 success=no exit=-2 a0=8e56b98 a1=18800 a2=11525c a3=bfcb2468 items=0 ppid=6584 pid=6585 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162850424.796:1065): avc: denied { write } for pid=6531 comm="gnome-session" name=".ICE-unix" dev=dm-0 ino=14469315 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162850424.796:1065): avc: denied { add_name } for pid=6531 comm="gnome-session" name="6531" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162850424.796:1065): avc: denied { create } for pid=6531 comm="gnome-session" name="6531" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850424.796:1065): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfa77710 a2=4dc5d770 a3=0 items=0 ppid=4697 pid=6531 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850424.808:1066): avc: denied { read write } for pid=6595 comm="gnome-settings-" name="[98613]" dev=sockfs ino=98613 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1162850424.808:1066): arch=40000003 syscall=11 success=yes exit=0 a0=8e5d9b0 a1=8e5ccd8 a2=8e5db70 a3=b items=0 ppid=6594 pid=6595 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850424.808:1066): path="socket:[98613]"
+type=AVC msg=audit(1162850424.940:1067): avc: denied { read } for pid=6595 comm="gnome-settings-" name="resolv.conf" dev=dm-0 ino=9330746 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850424.940:1067): arch=40000003 syscall=5 success=yes exit=21 a0=5b1d13 a1=0 a2=1b6 a3=8230208 items=0 ppid=6594 pid=6595 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850424.948:1068): avc: denied { read } for pid=6603 comm="esd" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850424.948:1068): arch=40000003 syscall=5 success=yes exit=14 a0=8206258 a1=0 a2=1b6 a3=8206278 items=0 ppid=1 pid=6603 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="esd" exe="/usr/bin/esd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850425.140:1069): avc: denied { write } for pid=6620 comm="metacity" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162850425.140:1069): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf9dcf80 a2=4dc5d770 a3=15 items=0 ppid=1 pid=6620 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850425.384:1070): avc: denied { execheap } for pid=6639 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162850425.384:1070): avc: denied { execmem } for pid=6639 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162850425.384:1070): arch=40000003 syscall=125 success=yes exit=0 a0=9a4f000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=6639 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850425.596:1071): avc: denied { sigchld } for pid=6655 comm="dbus-daemon" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1162850425.596:1071): arch=40000003 syscall=7 success=yes exit=0 a0=1a00 a1=bfcb1eb8 a2=1 a3=1a00 items=0 ppid=6587 pid=6655 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162850426.060:1072): avc: denied { ioctl } for pid=6686 comm="pam_timestamp_c" name="[98476]" dev=pipefs ino=98476 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1162850426.060:1072): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfaea71c a3=bfaea75c items=0 ppid=6664 pid=6686 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850426.060:1072): path="pipe:[98476]"
+type=AVC msg=audit(1162850426.816:1073): avc: denied { read } for pid=6666 comm="beagled" name="max_user_instances" dev=proc ino=-268435218 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850426.816:1073): arch=40000003 syscall=5 success=yes exit=24 a0=11833c a1=0 a2=1 a3=9178500 items=0 ppid=1 pid=6666 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1162850432.292:1074): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1162850432.292:1075): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850432.292:1076): avc: denied { search } for pid=6720 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850432.292:1076): arch=40000003 syscall=5 success=no exit=-2 a0=bfd04948 a1=8000 a2=1b6 a3=93769a8 items=0 ppid=6699 pid=6720 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850432.296:1077): avc: denied { write } for pid=6721 comm="xauth" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.296:1077): arch=40000003 syscall=33 success=yes exit=0 a0=bfccb935 a1=2 a2=bfccb490 a3=0 items=0 ppid=6720 pid=6721 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.296:1078): avc: denied { read } for pid=6721 comm="xauth" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.296:1078): arch=40000003 syscall=5 success=yes exit=2 a0=bfccb935 a1=0 a2=1b6 a3=9ab6008 items=0 ppid=6720 pid=6721 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.296:1079): avc: denied { getattr } for pid=6721 comm="xauth" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.296:1079): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfccb1dc a2=ccdff4 a3=9ab6008 items=0 ppid=6720 pid=6721 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850432.296:1079): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162850432.296:1080): avc: denied { write } for pid=6720 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850432.296:1080): avc: denied { add_name } for pid=6720 comm="su" name=".xauthyeka65" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850432.296:1080): avc: denied { create } for pid=6720 comm="su" name=".xauthyeka65" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.296:1080): arch=40000003 syscall=5 success=yes exit=4 a0=9376acb a1=80c2 a2=180 a3=80c2 items=0 ppid=6699 pid=6720 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850432.296:1081): avc: denied { setattr } for pid=6720 comm="su" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.296:1081): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=13f69f items=0 ppid=6699 pid=6720 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1082): avc: denied { search } for pid=6722 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162850432.300:1082): arch=40000003 syscall=195 success=no exit=-2 a0=bf8b6b47 a1=bf8b6660 a2=ac4ff4 a3=3 items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1083): avc: denied { write } for pid=6722 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850432.300:1083): avc: denied { add_name } for pid=6722 comm="xauth" name=".xauthyeka65-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850432.300:1083): avc: denied { create } for pid=6722 comm="xauth" name=".xauthyeka65-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1083): arch=40000003 syscall=5 success=yes exit=2 a0=bf8b6b47 a1=c1 a2=180 a3=ffffffff items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1084): avc: denied { link } for pid=6722 comm="xauth" name=".xauthyeka65-c" dev=dm-0 ino=13127377 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1084): arch=40000003 syscall=9 success=yes exit=0 a0=bf8b6b47 a1=bf8b6746 a2=4db18a64 a3=2 items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1085): avc: denied { write } for pid=6722 comm="xauth" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1085): arch=40000003 syscall=33 success=yes exit=0 a0=bf8b7931 a1=2 a2=bf8b7070 a3=0 items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1086): avc: denied { read } for pid=6722 comm="xauth" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1086): arch=40000003 syscall=5 success=yes exit=2 a0=bf8b7931 a1=0 a2=1b6 a3=8a8e008 items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162850432.300:1087): avc: denied { getattr } for pid=6722 comm="xauth" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1087): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf8b6dbc a2=ac4ff4 a3=8a8e008 items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850432.300:1087): path="/root/.xauthyeka65"
+type=AVC msg=audit(1162850432.300:1088): avc: denied { remove_name } for pid=6722 comm="xauth" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162850432.300:1088): avc: denied { unlink } for pid=6722 comm="xauth" name=".xauthyeka65" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.300:1088): arch=40000003 syscall=10 success=yes exit=0 a0=8a8e008 a1=1000 a2=0 a3=8a8e08a items=0 ppid=6720 pid=6722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1162850432.300:1089): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=CRED_ACQ msg=audit(1162850432.300:1090): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850432.304:1091): avc: denied { dac_override } for pid=6723 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1162850432.304:1091): arch=40000003 syscall=195 success=yes exit=0 a0=80d2437 a1=bf866d20 a2=248ff4 a3=bf866d80 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850432.304:1092): avc: denied { read } for pid=6723 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.304:1092): arch=40000003 syscall=5 success=yes exit=3 a0=8250b10 a1=8000 a2=0 a3=8000 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850432.348:1093): avc: denied { read } for pid=6723 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850432.348:1093): arch=40000003 syscall=5 success=yes exit=3 a0=8250cf0 a1=8000 a2=0 a3=8000 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1162850439.333:1094): user pid=6743 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1162850439.333:1095): user pid=6743 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ROLE_CHANGE msg=audit(1162850439.333:1096): user pid=6744 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='newrole: old-context=staff_u:staff_r:staff_t new-context=staff_u:sysadm_r:sysadm_t: exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=/dev/pts/1 res=success)'
+type=AVC msg=audit(1162850449.753:1097): avc: denied { execute } for pid=6744 comm="bash" name="audit2policy" dev=dm-0 ino=6618077 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850449.753:1097): arch=40000003 syscall=33 success=yes exit=0 a0=85adb38 a1=1 a2=11 a3=85adb38 items=0 ppid=6743 pid=6744 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC msg=audit(1162850449.985:1098): avc: denied { read } for pid=6774 comm="gnome-screensav" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850449.985:1098): arch=40000003 syscall=33 success=yes exit=0 a0=bfb0ae9e a1=4 a2=4db18a64 a3=bfb0ae9e items=0 ppid=1 pid=6774 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/bin/gnome-screensaver" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850451.210:1099): avc: denied { execute_no_trans } for pid=6776 comm="bash" name="audit2policy" dev=dm-0 ino=6618077 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850451.210:1099): arch=40000003 syscall=11 success=yes exit=0 a0=85ad0a0 a1=85add38 a2=85ab188 a3=85bba58 items=0 ppid=6744 pid=6776 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850451.210:1099): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=USER_ACCT msg=audit(1162850461.642:1100): user pid=6778 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162850461.642:1101): login pid=6778 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162850461.646:1102): user pid=6778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162850461.646:1103): user pid=6778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162850461.646:1104): avc: denied { getattr } for pid=6779 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.646:1104): arch=40000003 syscall=195 success=yes exit=0 a0=9ebe120 a1=bfdaae60 a2=248ff4 a3=9ebe120 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.646:1104): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162850461.678:1105): avc: denied { execute } for pid=6779 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.678:1105): arch=40000003 syscall=33 success=yes exit=0 a0=9ebe120 a1=1 a2=11 a3=9ebe120 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850461.678:1106): avc: denied { read } for pid=6779 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.678:1106): arch=40000003 syscall=33 success=yes exit=0 a0=9ebe120 a1=4 a2=ffffffff a3=9ebe120 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850461.678:1107): avc: denied { execute_no_trans } for pid=6779 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.678:1107): arch=40000003 syscall=11 success=yes exit=0 a0=9ebe120 a1=9ebe3d8 a2=9ebe2f8 a3=9ebdf98 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.678:1107): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162850461.682:1108): avc: denied { ioctl } for pid=6779 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.682:1108): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd9c878 a3=bfd9c8b8 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.682:1108): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162850461.698:1109): avc: denied { execute } for pid=6779 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.698:1109): arch=40000003 syscall=33 success=yes exit=0 a0=9a07990 a1=1 a2=1 a3=9a07c98 items=0 ppid=6778 pid=6779 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850461.698:1110): avc: denied { execute_no_trans } for pid=6780 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.698:1110): arch=40000003 syscall=11 success=yes exit=0 a0=9a07a10 a1=9a07ad8 a2=9a07ae8 a3=9a07758 items=0 ppid=6779 pid=6780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.698:1110): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162850461.714:1111): avc: denied { execute } for pid=6782 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162850461.714:1111): avc: denied { execute_no_trans } for pid=6782 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162850461.714:1111): avc: denied { read } for pid=6782 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.714:1111): arch=40000003 syscall=11 success=yes exit=0 a0=8b4d678 a1=8b4d808 a2=8b4d720 a3=8b4d508 items=0 ppid=6780 pid=6782 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.714:1111): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162850461.714:1111): path="/sbin/chkconfig"
+type=AVC msg=audit(1162850461.778:1112): avc: denied { read } for pid=6782 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.778:1112): arch=40000003 syscall=5 success=yes exit=3 a0=bfe8d950 a1=0 a2=ffffffff a3=9f27038 items=0 ppid=6780 pid=6782 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162850461.778:1113): avc: denied { getattr } for pid=6782 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850461.778:1113): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe8d8c0 a2=f70ff4 a3=3 items=0 ppid=6780 pid=6782 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162850461.778:1113): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162850461.790:1114): user pid=6778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162850461.790:1115): user pid=6778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162850490.680:1116): avc: denied { execute } for pid=6807 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850490.680:1116): arch=40000003 syscall=33 success=yes exit=0 a0=882a868 a1=1 a2=11 a3=882a868 items=0 ppid=1 pid=6807 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled-index-h" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850490.680:1117): avc: denied { read } for pid=6807 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850490.680:1117): arch=40000003 syscall=33 success=yes exit=0 a0=882a868 a1=4 a2=ffffffff a3=882a868 items=0 ppid=1 pid=6807 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled-index-h" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850490.680:1118): avc: denied { execute_no_trans } for pid=6807 comm="beagled-index-h" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850490.680:1118): arch=40000003 syscall=11 success=yes exit=0 a0=882ab80 a1=882a808 a2=882b5f0 a3=882a808 items=0 ppid=1 pid=6807 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850490.680:1118): path="/usr/bin/mono"
+type=USER_ACCT msg=audit(1162851001.852:1119): user pid=6858 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162851001.852:1120): login pid=6858 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162851001.852:1121): user pid=6858 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162851001.852:1122): user pid=6858 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162851001.856:1123): avc: denied { execute } for pid=6859 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162851001.856:1123): avc: denied { execute_no_trans } for pid=6859 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.856:1123): arch=40000003 syscall=11 success=yes exit=0 a0=87b01b0 a1=87b0358 a2=87b0290 a3=87b0008 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851001.856:1123): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162851001.856:1124): avc: denied { execute } for pid=6859 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162851001.856:1124): avc: denied { execute_no_trans } for pid=6859 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162851001.856:1124): avc: denied { read } for pid=6859 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.856:1124): arch=40000003 syscall=11 success=yes exit=0 a0=894cd48 a1=894c740 a2=894cd60 a3=894c740 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851001.856:1124): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162851001.856:1124): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162851001.860:1125): avc: denied { search } for pid=6859 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162851001.860:1125): avc: denied { read } for pid=6859 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1125): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=88a7800 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851001.860:1126): avc: denied { getattr } for pid=6859 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1126): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfce6e18 a2=dc5ff4 a3=88a7800 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851001.860:1126): path="/proc/net/dev"
+type=AVC msg=audit(1162851001.860:1127): avc: denied { search } for pid=6859 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851001.860:1127): arch=40000003 syscall=33 success=yes exit=0 a0=bfce71c4 a1=0 a2=bfce70b8 a3=bfce70c0 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851001.860:1128): avc: denied { read append } for pid=6859 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1128): arch=40000003 syscall=5 success=yes exit=3 a0=bfce71c4 a1=402 a2=bfce7388 a3=bfce70c0 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851001.860:1129): avc: denied { search } for pid=6859 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162851001.860:1129): avc: denied { read } for pid=6859 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1129): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=88a7df0 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851001.860:1130): avc: denied { getattr } for pid=6859 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1130): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfce6c74 a2=dc5ff4 a3=88a7df0 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851001.860:1130): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162851001.860:1131): avc: denied { search } for pid=6859 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851001.860:1131): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=88a7df0 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851001.860:1132): avc: denied { lock } for pid=6859 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851001.860:1132): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfce70c0 a3=3 items=0 ppid=6858 pid=6859 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851001.860:1132): path="/var/log/sa/sa06"
+type=CRED_DISP msg=audit(1162851001.872:1133): user pid=6858 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162851001.872:1134): user pid=6858 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162851238.587:1135): avc: denied { search } for pid=6868 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851238.587:1135): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfcceb18 a2=aa0ff4 a3=3 items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851238.591:1136): avc: denied { read } for pid=6868 comm="evolution" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.591:1136): arch=40000003 syscall=33 success=yes exit=0 a0=bfcd0dff a1=4 a2=4db18a64 a3=bfcd0dff items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851238.591:1137): avc: denied { getattr } for pid=6868 comm="evolution" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.591:1137): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfccea4c a2=aa0ff4 a3=8c90730 items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.591:1137): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162851238.603:1138): avc: denied { search } for pid=6868 comm="evolution" name=".ICE-unix" dev=dm-0 ino=14469315 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.603:1138): avc: denied { write } for pid=6868 comm="evolution" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162851238.603:1138): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcceb50 a2=4dc5d770 a3=15 items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851238.603:1139): avc: denied { read } for pid=6868 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.603:1139): arch=40000003 syscall=33 success=yes exit=0 a0=8ca6218 a1=4 a2=4dc5d770 a3=8ca6218 items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851238.603:1140): avc: denied { getattr } for pid=6868 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.603:1140): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bfccebec a2=aa0ff4 a3=8ca6af8 items=0 ppid=1 pid=6868 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.603:1140): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162851238.827:1141): avc: denied { write } for pid=6871 comm="evolution-data-" name="[100190]" dev=pipefs ino=100190 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162851238.827:1141): arch=40000003 syscall=11 success=yes exit=0 a0=8112db0 a1=8112d58 a2=8106478 a3=0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.827:1141): path="pipe:[100190]"
+type=AVC msg=audit(1162851238.839:1142): avc: denied { read } for pid=6871 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.839:1142): arch=40000003 syscall=5 success=yes exit=3 a0=2589dc a1=0 a2=0 a3=0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.839:1143): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.839:1143): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd5cbcc a2=26fff4 a3=3 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.839:1143): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1162851238.839:1144): avc: denied { getsched } for pid=6871 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1162851238.839:1144): arch=40000003 syscall=155 success=yes exit=0 a0=1ad7 a1=b7f328dc a2=4fbff4 a3=b7f326d0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.839:1145): avc: denied { search } for pid=6871 comm="evolution-data-" name="locale" dev=dm-0 ino=10311905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.839:1145): avc: denied { read } for pid=6871 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.839:1145): arch=40000003 syscall=5 success=yes exit=3 a0=4df2984c a1=8000 a2=1b6 a3=86fa480 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.839:1146): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.839:1146): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd5d0f8 a2=26fff4 a3=86fa480 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.839:1146): path="/usr/share/locale/locale.alias"
+type=AVC msg=audit(1162851238.843:1147): avc: denied { read } for pid=6871 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.843:1147): arch=40000003 syscall=5 success=yes exit=3 a0=258a00 a1=8000 a2=1 a3=bfd5d0c0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.843:1148): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.843:1148): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=270aa0 a2=26fff4 a3=bfd5d0c0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.843:1148): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1162851238.843:1149): avc: denied { read } for pid=6871 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851238.843:1149): arch=40000003 syscall=5 success=yes exit=9 a0=86fc5a8 a1=18800 a2=60dfc0 a3=86fc5a8 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.843:1150): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851238.843:1150): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bfd5d1dc a2=26fff4 a3=9 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.843:1150): path="/tmp"
+type=AVC msg=audit(1162851238.843:1151): avc: denied { search } for pid=6871 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.843:1151): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851238.843:1151): arch=40000003 syscall=195 success=yes exit=0 a0=86fca68 a1=bfd5d220 a2=26fff4 a3=3 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.843:1151): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1162851238.843:1152): avc: denied { setattr } for pid=6871 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851238.843:1152): arch=40000003 syscall=30 success=yes exit=0 a0=86fca90 a1=bfd5d274 a2=4e570f80 a3=1f4 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.843:1153): avc: denied { read } for pid=6871 comm="evolution-data-" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851238.843:1153): arch=40000003 syscall=5 success=yes exit=9 a0=4def9880 a1=8000 a2=1b6 a3=86fd800 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.843:1154): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851238.843:1154): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bfd5d1fc a2=26fff4 a3=86fd800 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.843:1154): path="/dev/urandom"
+type=AVC msg=audit(1162851238.843:1155): avc: denied { ioctl } for pid=6871 comm="evolution-data-" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851238.843:1155): arch=40000003 syscall=54 success=no exit=-22 a0=9 a1=5401 a2=bfd5d15c a3=bfd5d19c items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.843:1155): path="/dev/urandom"
+type=AVC msg=audit(1162851238.847:1156): avc: denied { search } for pid=6871 comm="evolution-data-" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.847:1156): avc: denied { read } for pid=6871 comm="evolution-data-" name="ior" dev=dm-0 ino=15648303 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.847:1156): arch=40000003 syscall=5 success=yes exit=9 a0=86fee38 a1=0 a2=1b6 a3=86fee60 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.847:1157): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="ior" dev=dm-0 ino=15648303 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.847:1157): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bfd5c888 a2=26fff4 a3=86fee60 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.847:1157): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1162851238.847:1158): avc: denied { write } for pid=6871 comm="evolution-data-" name="linc-19be-0-41f49a5b6e22f" dev=dm-0 ino=15648248 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1162851238.847:1158): avc: denied { connectto } for pid=6871 comm="evolution-data-" name="linc-19be-0-41f49a5b6e22f" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162851238.847:1158): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd5cfa0 a2=4e570f80 a3=0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.847:1158): path="/tmp/orbit-kmacmill/linc-19be-0-41f49a5b6e22f"
+type=AVC msg=audit(1162851238.847:1159): avc: denied { write } for pid=6871 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.847:1159): avc: denied { add_name } for pid=6871 comm="evolution-data-" name="linc-1ad7-0-5a56670ecf53d" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851238.847:1159): avc: denied { create } for pid=6871 comm="evolution-data-" name="linc-1ad7-0-5a56670ecf53d" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162851238.847:1159): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfd5cfe0 a2=4e570f80 a3=b7f3269c items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.847:1160): avc: denied { connectto } for pid=6590 comm="gconfd-2" name="linc-1ad7-0-5a56670ecf53d" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162851238.847:1160): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe86020 a2=4e570f80 a3=0 items=0 ppid=1 pid=6590 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.847:1160): path="/tmp/orbit-kmacmill/linc-1ad7-0-5a56670ecf53d"
+type=AVC msg=audit(1162851238.867:1161): avc: denied { write } for pid=6871 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=15648339 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.867:1161): arch=40000003 syscall=5 success=yes exit=16 a0=87058b8 a1=42 a2=1c0 a3=87058b8 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851238.867:1162): avc: denied { lock } for pid=6871 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=15648339 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851238.867:1162): arch=40000003 syscall=221 success=yes exit=0 a0=10 a1=7 a2=bfd5d23c a3=bfd5d23c items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.867:1162): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1162851238.871:1163): avc: denied { getattr } for pid=6871 comm="evolution-data-" name="[100190]" dev=pipefs ino=100190 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162851238.871:1163): arch=40000003 syscall=197 success=yes exit=0 a0=1e a1=bfd5d274 a2=26fff4 a3=8712c88 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851238.871:1163): path="pipe:[100190]"
+type=USER_AVC msg=audit(1162851239.127:1164): user pid=2350 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=6868 tpid=2797 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1162851239.131:1165): user pid=2350 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.50 spid=2797 tpid=6868 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1162851239.179:1166): avc: denied { create } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162851239.179:1166): arch=40000003 syscall=102 success=yes exit=35 a0=1 a1=b0cfd274 a2=aa0ff4 a3=727d7f items=0 ppid=1 pid=6882 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851239.179:1167): avc: denied { bind } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162851239.179:1167): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b0cfd274 a2=aa0ff4 a3=23 items=0 ppid=1 pid=6882 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851239.179:1168): avc: denied { getattr } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162851239.179:1168): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b0cfd274 a2=aa0ff4 a3=23 items=0 ppid=1 pid=6882 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851239.179:1169): avc: denied { write } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162851239.179:1169): avc: denied { nlmsg_read } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162851239.179:1169): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b0cfc1b4 a2=aa0ff4 a3=0 items=0 ppid=1 pid=6882 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851239.179:1170): avc: denied { read } for pid=6882 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162851239.179:1170): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b0cfc1b4 a2=aa0ff4 a3=0 items=0 ppid=1 pid=6882 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162851239.747:1171): avc: denied { read } for pid=6885 comm="xchat" name="resolv.conf" dev=dm-0 ino=9330746 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851239.747:1171): arch=40000003 syscall=5 success=yes exit=9 a0=230d13 a1=0 a2=1b6 a3=8948c28 items=0 ppid=6884 pid=6885 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xchat" exe="/usr/bin/xchat" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162851240.015:1172): avc: denied { write } for pid=6892 comm="evolution-alarm" name="[100287]" dev=pipefs ino=100287 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162851240.015:1172): arch=40000003 syscall=11 success=yes exit=0 a0=80fc700 a1=8105200 a2=81179b0 a3=0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.015:1172): path="pipe:[100287]"
+type=AVC msg=audit(1162851240.015:1173): avc: denied { read } for pid=6892 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.015:1173): arch=40000003 syscall=5 success=yes exit=3 a0=bff64ed0 a1=0 a2=0 a3=bff64ed0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.015:1174): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.015:1174): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff64f24 a2=322fc0 a3=4 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.015:1174): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1162851240.015:1175): avc: denied { execute } for pid=6892 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.015:1175): arch=40000003 syscall=192 success=yes exit=1297682432 a0=4d591000 a1=33cd0 a2=5 a3=802 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.015:1175): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1162851240.015:1176): avc: denied { read } for pid=6892 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.015:1176): arch=40000003 syscall=5 success=yes exit=3 a0=320037 a1=0 a2=323650 a3=ffffffff items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.015:1177): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.015:1177): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff64e18 a2=322fc0 a3=ffffffff items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.015:1177): path="/etc/ld.so.cache"
+type=AVC msg=audit(1162851240.051:1178): avc: denied { read } for pid=6892 comm="evolution-alarm" name="ld-2.5.90.so" dev=dm-0 ino=13716563 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.051:1178): arch=40000003 syscall=125 success=yes exit=0 a0=322000 a1=1000 a2=1 a3=380 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.051:1178): path="/lib/ld-2.5.90.so"
+type=AVC msg=audit(1162851240.055:1179): avc: denied { getsched } for pid=6892 comm="evolution-alarm" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=process
+type=SYSCALL msg=audit(1162851240.055:1179): arch=40000003 syscall=155 success=yes exit=0 a0=1aec a1=b7f3eaec a2=baaff4 a3=b7f3e8e0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.099:1180): avc: denied { read } for pid=6892 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9330856 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.099:1180): arch=40000003 syscall=5 success=yes exit=3 a0=797e3d a1=0 a2=1b6 a3=9302a00 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.099:1181): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9330856 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.099:1181): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff65008 a2=7afff4 a3=9302a00 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.099:1181): path="/etc/nsswitch.conf"
+type=AVC msg=audit(1162851240.103:1182): avc: denied { read } for pid=6892 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=10379454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.103:1182): arch=40000003 syscall=5 success=yes exit=3 a0=bff60fa8 a1=0 a2=1b6 a3=930a280 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.103:1183): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=10379454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.103:1183): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff60bc8 a2=7afff4 a3=930a280 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.103:1183): path="/usr/share/X11/locale/locale.alias"
+type=AVC msg=audit(1162851240.107:1184): avc: denied { read } for pid=6892 comm="evolution-alarm" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.107:1184): arch=40000003 syscall=33 success=yes exit=0 a0=bff65b68 a1=4 a2=4db18a64 a3=bff65b68 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.107:1185): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.107:1185): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff64e5c a2=7afff4 a3=930d6c0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.107:1185): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162851240.255:1186): avc: denied { read } for pid=6892 comm="evolution-alarm" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851240.255:1186): arch=40000003 syscall=5 success=yes exit=10 a0=9302700 a1=18800 a2=322fc0 a3=9302700 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.255:1187): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851240.255:1187): arch=40000003 syscall=195 success=yes exit=0 a0=931f210 a1=bff654c0 a2=7afff4 a3=3 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.255:1187): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1162851240.255:1188): avc: denied { setattr } for pid=6892 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851240.255:1188): arch=40000003 syscall=30 success=yes exit=0 a0=931f238 a1=bff65514 a2=4e570f80 a3=1f4 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.255:1189): avc: denied { read } for pid=6892 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851240.255:1189): arch=40000003 syscall=5 success=yes exit=10 a0=4def9880 a1=8000 a2=1b6 a3=931f2e0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.255:1190): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851240.255:1190): arch=40000003 syscall=197 success=yes exit=0 a0=a a1=bff6549c a2=7afff4 a3=931f2e0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.255:1190): path="/dev/urandom"
+type=AVC msg=audit(1162851240.255:1191): avc: denied { ioctl } for pid=6892 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2055 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162851240.255:1191): arch=40000003 syscall=54 success=no exit=-22 a0=a a1=5401 a2=bff653fc a3=bff6543c items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.255:1191): path="/dev/urandom"
+type=AVC msg=audit(1162851240.259:1192): avc: denied { read } for pid=6892 comm="evolution-alarm" name="modules" dev=dm-0 ino=9331073 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851240.259:1192): arch=40000003 syscall=5 success=yes exit=10 a0=9320610 a1=18800 a2=4dea3d07 a3=9320610 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.259:1193): avc: denied { search } for pid=6892 comm="evolution-alarm" name=".ICE-unix" dev=dm-0 ino=14469315 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851240.259:1193): avc: denied { write } for pid=6892 comm="evolution-alarm" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1162851240.259:1193): avc: denied { connectto } for pid=6892 comm="evolution-alarm" name="6531" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162851240.259:1193): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff64f10 a2=4dc5d770 a3=15 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.259:1193): path="/tmp/.ICE-unix/6531"
+type=AVC msg=audit(1162851240.259:1194): avc: denied { read } for pid=6892 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.259:1194): arch=40000003 syscall=33 success=yes exit=0 a0=9322f90 a1=4 a2=4dc5d770 a3=9322f90 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.259:1195): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.259:1195): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bff64fac a2=7afff4 a3=9323870 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.259:1195): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162851240.267:1196): avc: denied { search } for pid=6892 comm="evolution-alarm" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851240.267:1196): avc: denied { read } for pid=6892 comm="evolution-alarm" name="ior" dev=dm-0 ino=15648303 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.267:1196): arch=40000003 syscall=5 success=yes exit=11 a0=9326700 a1=0 a2=1b6 a3=9326748 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.267:1197): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="ior" dev=dm-0 ino=15648303 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.267:1197): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bff64ac8 a2=7afff4 a3=9326748 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.267:1197): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1162851240.267:1198): avc: denied { write } for pid=6892 comm="evolution-alarm" name="linc-19be-0-41f49a5b6e22f" dev=dm-0 ino=15648248 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162851240.267:1198): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff651e0 a2=4e570f80 a3=0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.267:1199): avc: denied { write } for pid=6892 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851240.267:1199): avc: denied { add_name } for pid=6892 comm="evolution-alarm" name="linc-1aec-0-7f9bab7e41c94" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162851240.267:1199): avc: denied { create } for pid=6892 comm="evolution-alarm" name="linc-1aec-0-7f9bab7e41c94" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162851240.267:1199): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bff65220 a2=4e570f80 a3=b7f3e8ac items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.267:1200): avc: denied { connectto } for pid=6590 comm="gconfd-2" name="linc-1aec-0-7f9bab7e41c94" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162851240.267:1200): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe86020 a2=4e570f80 a3=0 items=0 ppid=1 pid=6590 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.267:1200): path="/tmp/orbit-kmacmill/linc-1aec-0-7f9bab7e41c94"
+type=AVC msg=audit(1162851240.279:1201): avc: denied { read } for pid=6892 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.279:1201): arch=40000003 syscall=5 success=yes exit=18 a0=79799a a1=0 a2=1b6 a3=933ee60 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.279:1202): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.279:1202): arch=40000003 syscall=197 success=yes exit=0 a0=12 a1=bff60d3c a2=7afff4 a3=933ee60 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.279:1202): path="/proc/meminfo"
+type=AVC msg=audit(1162851240.279:1203): avc: denied { connectto } for pid=6892 comm="evolution-alarm" path=002F746D702F646275732D47416759386D56457350 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162851240.279:1203): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff65040 a2=fb9494 a3=0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.291:1204): avc: denied { write } for pid=6892 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=15648339 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.291:1204): arch=40000003 syscall=5 success=yes exit=19 a0=934c9a0 a1=42 a2=1c0 a3=934c9a0 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162851240.291:1205): avc: denied { lock } for pid=6892 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=15648339 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851240.291:1205): arch=40000003 syscall=221 success=yes exit=0 a0=13 a1=7 a2=bff650ec a3=bff650ec items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.291:1205): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1162851240.295:1206): avc: denied { signal } for pid=6896 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1162851240.295:1206): arch=40000003 syscall=270 success=yes exit=0 a0=1ad7 a1=1af3 a2=21 a3=b72efbd0 items=0 ppid=1 pid=6896 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162851240.307:1207): avc: denied { getattr } for pid=6892 comm="evolution-alarm" name="[100287]" dev=pipefs ino=100287 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162851240.307:1207): arch=40000003 syscall=197 success=yes exit=0 a0=1f a1=bff654b4 a2=7afff4 a3=9354540 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162851240.307:1207): path="pipe:[100287]"
+type=USER_ACCT msg=audit(1162851601.929:1208): user pid=6948 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162851601.933:1209): login pid=6948 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162851601.933:1210): user pid=6948 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162851601.933:1211): user pid=6948 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162851601.937:1212): avc: denied { search } for pid=6949 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162851601.937:1212): avc: denied { read } for pid=6949 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.937:1212): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=85b0800 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851601.937:1213): avc: denied { getattr } for pid=6949 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.937:1213): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfb0b438 a2=96aff4 a3=85b0800 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851601.937:1213): path="/proc/net/dev"
+type=AVC msg=audit(1162851601.937:1214): avc: denied { search } for pid=6949 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162851601.937:1214): arch=40000003 syscall=33 success=yes exit=0 a0=bfb0b7e4 a1=0 a2=bfb0b6d8 a3=bfb0b6e0 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851601.937:1215): avc: denied { read append } for pid=6949 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.937:1215): arch=40000003 syscall=5 success=yes exit=3 a0=bfb0b7e4 a1=402 a2=bfb0b9a8 a3=bfb0b6e0 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851601.937:1216): avc: denied { search } for pid=6949 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162851601.937:1216): avc: denied { read } for pid=6949 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.937:1216): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=85b0df0 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162851601.937:1217): avc: denied { getattr } for pid=6949 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.937:1217): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfb0b294 a2=96aff4 a3=85b0df0 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851601.937:1217): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162851601.941:1218): avc: denied { lock } for pid=6949 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162851601.941:1218): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfb0b6e0 a3=3 items=0 ppid=6948 pid=6949 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162851601.941:1218): path="/var/log/sa/sa06"
+type=CRED_DISP msg=audit(1162851601.949:1219): user pid=6948 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162851601.949:1220): user pid=6948 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162852201.015:1221): user pid=6973 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162852201.015:1222): login pid=6973 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162852201.015:1223): user pid=6973 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162852201.015:1224): user pid=6973 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162852201.019:1225): avc: denied { execute } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162852201.019:1225): avc: denied { execute_no_trans } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162852201.019:1225): arch=40000003 syscall=11 success=yes exit=0 a0=87271b0 a1=8727358 a2=8727290 a3=8727008 items=0 ppid=6973 pid=6974 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162852201.019:1225): path="/usr/lib/sa/sa1"
+type=CRED_DISP msg=audit(1162852201.031:1226): user pid=6973 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162852201.031:1227): user pid=6973 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162852801.092:1228): user pid=7028 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162852801.092:1229): login pid=7028 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162852801.092:1230): user pid=7028 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162852801.092:1231): user pid=7028 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162852801.104:1232): user pid=7028 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162852801.104:1233): user pid=7028 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162853401.170:1234): user pid=7088 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162853401.170:1235): login pid=7088 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162853401.170:1236): user pid=7088 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162853401.170:1237): user pid=7088 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162853401.186:1238): user pid=7088 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162853401.186:1239): user pid=7088 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162853418.483:1240): avc: denied { search } for pid=7092 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162853418.483:1240): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfcd8318 a2=269ff4 a3=3 items=0 ppid=1 pid=7092 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.487:1241): avc: denied { read } for pid=7092 comm="evolution" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162853418.487:1241): arch=40000003 syscall=33 success=yes exit=0 a0=bfcd9dff a1=4 a2=4db18a64 a3=bfcd9dff items=0 ppid=1 pid=7092 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.487:1242): avc: denied { getattr } for pid=7092 comm="evolution" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162853418.487:1242): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfcd824c a2=269ff4 a3=98cb730 items=0 ppid=1 pid=7092 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162853418.487:1242): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162853418.495:1243): avc: denied { read } for pid=7092 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162853418.495:1243): arch=40000003 syscall=33 success=yes exit=0 a0=98e1218 a1=4 a2=4dc5d770 a3=98e1218 items=0 ppid=1 pid=7092 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.495:1244): avc: denied { getattr } for pid=7092 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162853418.495:1244): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bfcd83ec a2=269ff4 a3=98e1af8 items=0 ppid=1 pid=7092 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162853418.495:1244): path="/home/kmacmill/.ICEauthority"
+type=USER_AVC msg=audit(1162853418.735:1245): user pid=2350 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=7092 tpid=2797 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1162853418.735:1246): user pid=2350 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.51 spid=2797 tpid=7092 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1162853418.791:1247): avc: denied { create } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162853418.791:1247): arch=40000003 syscall=102 success=yes exit=33 a0=1 a1=b16fe274 a2=269ff4 a3=a7ed7f items=0 ppid=1 pid=7101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.791:1248): avc: denied { bind } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162853418.791:1248): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b16fe274 a2=269ff4 a3=21 items=0 ppid=1 pid=7101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.791:1249): avc: denied { getattr } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162853418.791:1249): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b16fe274 a2=269ff4 a3=21 items=0 ppid=1 pid=7101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.791:1250): avc: denied { write } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162853418.791:1250): avc: denied { nlmsg_read } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162853418.791:1250): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b16fd1b4 a2=269ff4 a3=0 items=0 ppid=1 pid=7101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162853418.791:1251): avc: denied { read } for pid=7101 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162853418.791:1251): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b16fd1b4 a2=269ff4 a3=0 items=0 ppid=1 pid=7101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162854001.247:1252): user pid=7134 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162854001.247:1253): login pid=7134 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162854001.247:1254): user pid=7134 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162854001.247:1255): user pid=7134 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162854001.251:1256): avc: denied { execute } for pid=7135 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162854001.251:1256): avc: denied { execute_no_trans } for pid=7135 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162854001.251:1256): avc: denied { read } for pid=7135 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854001.251:1256): arch=40000003 syscall=11 success=yes exit=0 a0=87bfd48 a1=87bf740 a2=87bfd60 a3=87bf740 items=0 ppid=7134 pid=7135 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854001.251:1256): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162854001.251:1256): path="/usr/lib/sa/sadc"
+type=CRED_DISP msg=audit(1162854001.263:1257): user pid=7134 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162854001.263:1258): user pid=7134 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162854041.050:1259): avc: denied { execmem } for pid=7137 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162854041.050:1259): arch=40000003 syscall=192 success=yes exit=7720960 a0=75d000 a1=1a000 a2=7 a3=812 items=0 ppid=6775 pid=7137 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162854041.086:1260): avc: denied { execstack } for pid=7137 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162854041.086:1260): arch=40000003 syscall=125 success=yes exit=0 a0=bff9d000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=6775 pid=7137 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162854041.278:1261): avc: denied { execute } for pid=7137 comm="gnome-screensav" name="zero" dev=tmpfs ino=1524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162854041.278:1261): arch=40000003 syscall=192 success=yes exit=10993664 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=6775 pid=7137 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162854041.278:1261): path="/dev/zero"
+type=AVC msg=audit(1162854041.282:1262): avc: denied { read } for pid=7137 comm="gnome-screensav" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854041.282:1262): arch=40000003 syscall=33 success=yes exit=0 a0=bff9ee90 a1=4 a2=4db18a64 a3=bff9ee90 items=0 ppid=6775 pid=7137 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162854061.267:1263): user pid=7139 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162854061.271:1264): login pid=7139 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162854061.271:1265): user pid=7139 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162854061.271:1266): user pid=7139 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162854061.275:1267): avc: denied { getattr } for pid=7140 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.275:1267): arch=40000003 syscall=195 success=yes exit=0 a0=9961120 a1=bfe19ed0 a2=bd9ff4 a3=9961120 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854061.275:1267): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162854061.275:1268): avc: denied { execute } for pid=7140 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.275:1268): arch=40000003 syscall=33 success=yes exit=0 a0=9961120 a1=1 a2=11 a3=9961120 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162854061.275:1269): avc: denied { read } for pid=7140 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.275:1269): arch=40000003 syscall=33 success=yes exit=0 a0=9961120 a1=4 a2=ffffffff a3=9961120 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162854061.275:1270): avc: denied { execute_no_trans } for pid=7140 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.275:1270): arch=40000003 syscall=11 success=yes exit=0 a0=9961120 a1=99613d8 a2=99612f8 a3=9960f98 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854061.275:1270): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162854061.275:1271): avc: denied { ioctl } for pid=7140 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.275:1271): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf837318 a3=bf837358 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854061.275:1271): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162854061.279:1272): avc: denied { execute } for pid=7140 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.279:1272): arch=40000003 syscall=33 success=yes exit=0 a0=9e6d990 a1=1 a2=1 a3=9e6dc98 items=0 ppid=7139 pid=7140 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162854061.279:1273): avc: denied { execute_no_trans } for pid=7141 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.279:1273): arch=40000003 syscall=11 success=yes exit=0 a0=9e6da10 a1=9e6dad8 a2=9e6dae8 a3=9e6d758 items=0 ppid=7140 pid=7141 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854061.279:1273): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162854061.279:1274): avc: denied { read } for pid=7143 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.279:1274): arch=40000003 syscall=5 success=yes exit=3 a0=bff001c0 a1=0 a2=ffffffff a3=96b9038 items=0 ppid=7141 pid=7143 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162854061.279:1275): avc: denied { getattr } for pid=7143 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162854061.279:1275): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff00130 a2=a98ff4 a3=3 items=0 ppid=7141 pid=7143 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162854061.279:1275): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162854061.291:1276): user pid=7139 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162854061.291:1277): user pid=7139 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162854601.345:1278): user pid=7165 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162854601.345:1279): login pid=7165 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162854601.345:1280): user pid=7165 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162854601.345:1281): user pid=7165 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162854601.361:1282): user pid=7165 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162854601.361:1283): user pid=7165 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162855201.426:1284): user pid=7183 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162855201.426:1285): login pid=7183 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162855201.426:1286): user pid=7183 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162855201.426:1287): user pid=7183 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162855201.438:1288): user pid=7183 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162855201.438:1289): user pid=7183 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162855801.500:1290): user pid=7201 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162855801.500:1291): login pid=7201 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162855801.504:1292): user pid=7201 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162855801.504:1293): user pid=7201 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162855801.516:1294): user pid=7201 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162855801.516:1295): user pid=7201 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162855927.312:1296): avc: denied { read } for pid=7208 comm="firefox-bin" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162855927.312:1296): arch=40000003 syscall=33 success=yes exit=0 a0=bfacdfcb a1=4 a2=4db18a64 a3=bfacdfcb items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162855927.312:1297): avc: denied { getattr } for pid=7208 comm="firefox-bin" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162855927.312:1297): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfacc66c a2=9eaff4 a3=8156140 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162855927.312:1297): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162855963.506:1298): avc: denied { getattr } for pid=7208 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162855963.506:1298): arch=40000003 syscall=196 success=yes exit=0 a0=bfacb558 a1=bfacb4bc a2=9eaff4 a3=90c12c0 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162855963.506:1298): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162855965.502:1299): avc: denied { read } for pid=7208 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162855965.502:1299): arch=40000003 syscall=5 success=yes exit=56 a0=8c33338 a1=0 a2=8c33330 a3=8c33338 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162855965.506:1300): avc: denied { execute } for pid=7208 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162855965.506:1300): arch=40000003 syscall=192 success=yes exit=24420352 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162855965.506:1300): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162856262.425:1301): avc: denied { ioctl } for pid=7279 comm="ps" name="[102106]" dev=pipefs ino=102106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162856262.425:1301): arch=40000003 syscall=54 success=no exit=-22 a0=1 a1=5413 a2=bfb23d94 a3=bfb23dd8 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.425:1301): path="pipe:[102106]"
+type=AVC msg=audit(1162856262.425:1302): avc: denied { getattr } for pid=7279 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.425:1302): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.425:1302): path="/proc/1"
+type=AVC msg=audit(1162856262.425:1303): avc: denied { search } for pid=7279 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.425:1303): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=65549 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.425:1303): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.425:1304): avc: denied { getattr } for pid=7279 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.425:1304): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.425:1304): path="/proc/2"
+type=AVC msg=audit(1162856262.425:1305): avc: denied { search } for pid=7279 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.425:1305): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=131085 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.425:1305): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1306): avc: denied { getattr } for pid=7279 comm="ps" name="455" dev=proc ino=29818882 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1306): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1306): path="/proc/455"
+type=AVC msg=audit(1162856262.429:1307): avc: denied { search } for pid=7279 comm="ps" name="455" dev=proc ino=29818882 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.429:1307): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=29818893 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1307): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1308): avc: denied { getattr } for pid=7279 comm="ps" name="2180" dev=proc ino=142868482 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1308): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1308): path="/proc/2180"
+type=AVC msg=audit(1162856262.429:1309): avc: denied { search } for pid=7279 comm="ps" name="2180" dev=proc ino=142868482 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.429:1309): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=142868493 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1309): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1310): avc: denied { getattr } for pid=7279 comm="ps" name="2192" dev=proc ino=143654914 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1310): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1310): path="/proc/2192"
+type=AVC msg=audit(1162856262.429:1311): avc: denied { search } for pid=7279 comm="ps" name="2192" dev=proc ino=143654914 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.429:1311): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=143654925 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1311): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1312): avc: denied { getattr } for pid=7279 comm="ps" name="2208" dev=proc ino=144703490 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1312): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1312): path="/proc/2208"
+type=AVC msg=audit(1162856262.429:1313): avc: denied { search } for pid=7279 comm="ps" name="2208" dev=proc ino=144703490 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.429:1313): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=144703501 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1313): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1314): avc: denied { getattr } for pid=7279 comm="ps" name="2211" dev=proc ino=144900098 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1314): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1314): path="/proc/2211"
+type=AVC msg=audit(1162856262.429:1315): avc: denied { search } for pid=7279 comm="ps" name="2211" dev=proc ino=144900098 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.429:1315): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=144900109 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1315): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.429:1316): avc: denied { getattr } for pid=7279 comm="ps" name="2223" dev=proc ino=145686530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.429:1316): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.429:1316): path="/proc/2223"
+type=AVC msg=audit(1162856262.429:1317): avc: denied { search } for pid=7279 comm="ps" name="2223" dev=proc ino=145686530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.429:1317): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=145686541 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.429:1317): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1318): avc: denied { getattr } for pid=7279 comm="ps" name="2239" dev=proc ino=146735106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1318): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1318): path="/proc/2239"
+type=AVC msg=audit(1162856262.433:1319): avc: denied { search } for pid=7279 comm="ps" name="2239" dev=proc ino=146735106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.433:1319): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=146735117 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1319): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1320): avc: denied { getattr } for pid=7279 comm="ps" name="2252" dev=proc ino=147587074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1320): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1320): path="/proc/2252"
+type=AVC msg=audit(1162856262.433:1321): avc: denied { search } for pid=7279 comm="ps" name="2252" dev=proc ino=147587074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1321): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=147587085 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1321): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1322): avc: denied { getattr } for pid=7279 comm="ps" name="2286" dev=proc ino=149815298 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1322): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1322): path="/proc/2286"
+type=AVC msg=audit(1162856262.433:1323): avc: denied { search } for pid=7279 comm="ps" name="2286" dev=proc ino=149815298 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1323): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=149815309 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1323): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1324): avc: denied { getattr } for pid=7279 comm="ps" name="2350" dev=proc ino=154009602 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1324): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1324): path="/proc/2350"
+type=AVC msg=audit(1162856262.433:1325): avc: denied { search } for pid=7279 comm="ps" name="2350" dev=proc ino=154009602 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1325): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=154009613 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1325): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1326): avc: denied { getattr } for pid=7279 comm="ps" name="2362" dev=proc ino=154796034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1326): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1326): path="/proc/2362"
+type=AVC msg=audit(1162856262.433:1327): avc: denied { search } for pid=7279 comm="ps" name="2362" dev=proc ino=154796034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1327): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=154796045 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1327): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1328): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=156827661 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1328): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1329): avc: denied { getattr } for pid=7279 comm="ps" name="2452" dev=proc ino=160694274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1329): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1329): path="/proc/2452"
+type=AVC msg=audit(1162856262.433:1330): avc: denied { search } for pid=7279 comm="ps" name="2452" dev=proc ino=160694274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1330): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=160694285 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1330): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1331): avc: denied { getattr } for pid=7279 comm="ps" name="2471" dev=proc ino=161939458 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1331): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1331): path="/proc/2471"
+type=AVC msg=audit(1162856262.433:1332): avc: denied { search } for pid=7279 comm="ps" name="2471" dev=proc ino=161939458 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1332): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=161939469 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1332): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1333): avc: denied { getattr } for pid=7279 comm="ps" name="2482" dev=proc ino=162660354 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1333): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1333): path="/proc/2482"
+type=AVC msg=audit(1162856262.433:1334): avc: denied { search } for pid=7279 comm="ps" name="2482" dev=proc ino=162660354 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1334): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=162660365 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1334): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1335): avc: denied { getattr } for pid=7279 comm="ps" name="2499" dev=proc ino=163774466 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1335): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1335): path="/proc/2499"
+type=AVC msg=audit(1162856262.433:1336): avc: denied { search } for pid=7279 comm="ps" name="2499" dev=proc ino=163774466 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.433:1336): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=163774477 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1336): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1337): avc: denied { getattr } for pid=7279 comm="ps" name="2513" dev=proc ino=164691970 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1337): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1337): path="/proc/2513"
+type=AVC msg=audit(1162856262.433:1338): avc: denied { search } for pid=7279 comm="ps" name="2513" dev=proc ino=164691970 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.433:1338): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=164691981 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1338): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1339): avc: denied { getattr } for pid=7279 comm="ps" name="2525" dev=proc ino=165478402 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1339): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1339): path="/proc/2525"
+type=AVC msg=audit(1162856262.433:1340): avc: denied { search } for pid=7279 comm="ps" name="2525" dev=proc ino=165478402 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1340): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=165478413 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1340): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.433:1341): avc: denied { getattr } for pid=7279 comm="ps" name="2545" dev=proc ino=166789122 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.433:1341): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.433:1341): path="/proc/2545"
+type=AVC msg=audit(1162856262.433:1342): avc: denied { search } for pid=7279 comm="ps" name="2545" dev=proc ino=166789122 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.433:1342): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=166789133 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.433:1342): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1343): avc: denied { getattr } for pid=7279 comm="ps" name="2566" dev=proc ino=168165378 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1343): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1343): path="/proc/2566"
+type=AVC msg=audit(1162856262.437:1344): avc: denied { search } for pid=7279 comm="ps" name="2566" dev=proc ino=168165378 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1344): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=168165389 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1344): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1345): avc: denied { getattr } for pid=7279 comm="ps" name="2577" dev=proc ino=168886274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1345): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1345): path="/proc/2577"
+type=AVC msg=audit(1162856262.437:1346): avc: denied { search } for pid=7279 comm="ps" name="2577" dev=proc ino=168886274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.437:1346): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=168886285 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1346): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1347): avc: denied { getattr } for pid=7279 comm="ps" name="2614" dev=proc ino=171311106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1347): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1347): path="/proc/2614"
+type=AVC msg=audit(1162856262.437:1348): avc: denied { search } for pid=7279 comm="ps" name="2614" dev=proc ino=171311106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1348): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=171311117 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1348): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1349): avc: denied { getattr } for pid=7279 comm="ps" name="2707" dev=proc ino=177405954 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1349): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1349): path="/proc/2707"
+type=AVC msg=audit(1162856262.437:1350): avc: denied { search } for pid=7279 comm="ps" name="2707" dev=proc ino=177405954 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1350): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=177405965 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1350): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1351): avc: denied { getattr } for pid=7279 comm="ps" name="2719" dev=proc ino=178192386 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1351): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1351): path="/proc/2719"
+type=AVC msg=audit(1162856262.437:1352): avc: denied { search } for pid=7279 comm="ps" name="2719" dev=proc ino=178192386 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1352): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=178192397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1352): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1353): avc: denied { getattr } for pid=7279 comm="ps" name="2730" dev=proc ino=178913282 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1353): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1353): path="/proc/2730"
+type=AVC msg=audit(1162856262.437:1354): avc: denied { search } for pid=7279 comm="ps" name="2730" dev=proc ino=178913282 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1354): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=178913293 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1354): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1355): avc: denied { getattr } for pid=7279 comm="ps" name="2797" dev=proc ino=183304194 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1355): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1355): path="/proc/2797"
+type=AVC msg=audit(1162856262.437:1356): avc: denied { search } for pid=7279 comm="ps" name="2797" dev=proc ino=183304194 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1356): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=183304205 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1356): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1357): avc: denied { getattr } for pid=7279 comm="ps" name="2824" dev=proc ino=185073666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1357): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1357): path="/proc/2824"
+type=AVC msg=audit(1162856262.437:1358): avc: denied { search } for pid=7279 comm="ps" name="2824" dev=proc ino=185073666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.437:1358): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=185073677 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.437:1358): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.437:1359): avc: denied { getattr } for pid=7279 comm="ps" name="2835" dev=proc ino=185794562 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.437:1359): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.437:1359): path="/proc/2835"
+type=AVC msg=audit(1162856262.441:1360): avc: denied { search } for pid=7279 comm="ps" name="2835" dev=proc ino=185794562 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.441:1360): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=185794573 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1360): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.441:1361): avc: denied { getattr } for pid=7279 comm="ps" name="3060" dev=proc ino=200540162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.441:1361): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.441:1361): path="/proc/3060"
+type=AVC msg=audit(1162856262.441:1362): avc: denied { search } for pid=7279 comm="ps" name="3060" dev=proc ino=200540162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.441:1362): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=200540173 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1362): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.441:1363): avc: denied { getattr } for pid=7279 comm="ps" name="3895" dev=proc ino=255262722 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.441:1363): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.441:1363): path="/proc/3895"
+type=AVC msg=audit(1162856262.441:1364): avc: denied { search } for pid=7279 comm="ps" name="3895" dev=proc ino=255262722 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.441:1364): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=255262733 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1364): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.441:1365): avc: denied { getattr } for pid=7279 comm="ps" name="4653" dev=proc ino=304939010 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.441:1365): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.441:1365): path="/proc/4653"
+type=AVC msg=audit(1162856262.441:1366): avc: denied { search } for pid=7279 comm="ps" name="4653" dev=proc ino=304939010 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.441:1366): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=304939021 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1366): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.441:1367): avc: denied { getattr } for pid=7279 comm="ps" name="6279" dev=proc ino=411500546 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.441:1367): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.441:1367): path="/proc/6279"
+type=AVC msg=audit(1162856262.441:1368): avc: denied { search } for pid=7279 comm="ps" name="6279" dev=proc ino=411500546 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.441:1368): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=411500557 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1368): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.441:1369): avc: denied { getattr } for pid=7279 comm="ps" name="6501" dev=proc ino=426049538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162856262.441:1369): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.441:1369): path="/proc/6501"
+type=AVC msg=audit(1162856262.441:1370): avc: denied { search } for pid=7279 comm="ps" name="6501" dev=proc ino=426049538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162856262.441:1370): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=426049549 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162856262.441:1370): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.445:1371): avc: denied { getattr } for pid=7279 comm="ps" name="6583" dev=proc ino=431423490 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.445:1371): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.445:1371): path="/proc/6583"
+type=AVC msg=audit(1162856262.445:1372): avc: denied { search } for pid=7279 comm="ps" name="6583" dev=proc ino=431423490 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.445:1372): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=431423501 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.445:1372): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.449:1373): avc: denied { getattr } for pid=7279 comm="ps" name="6686" dev=proc ino=438173698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.449:1373): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1373): path="/proc/6686"
+type=AVC msg=audit(1162856262.449:1374): avc: denied { search } for pid=7279 comm="ps" name="6686" dev=proc ino=438173698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.449:1374): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=438173709 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.449:1374): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.449:1375): avc: denied { getattr } for pid=7279 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.449:1375): arch=40000003 syscall=195 success=yes exit=0 a0=4cfe2840 a1=bfb21500 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1375): path="/dev/pts"
+type=AVC msg=audit(1162856262.449:1376): avc: denied { read } for pid=7279 comm="ps" name="2" dev=proc ino=439058434 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=lnk_file
+type=AVC msg=audit(1162856262.449:1376): avc: denied { ptrace } for pid=7279 comm="ps" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162856262.449:1376): arch=40000003 syscall=85 success=yes exit=10 a0=bfb21538 a1=4cfe2840 a2=7f a3=bfb21538 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.449:1377): avc: denied { search } for pid=7279 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.449:1377): avc: denied { getattr } for pid=7279 comm="ps" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162856262.449:1377): arch=40000003 syscall=195 success=yes exit=0 a0=4cfe2840 a1=bfb21440 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1377): path="/dev/pts/1"
+type=AVC msg=audit(1162856262.449:1378): avc: denied { getattr } for pid=7279 comm="ps" name="6720" dev=proc ino=440401922 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.449:1378): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1378): path="/proc/6720"
+type=AVC msg=audit(1162856262.449:1379): avc: denied { search } for pid=7279 comm="ps" name="6720" dev=proc ino=440401922 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.449:1379): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=440401933 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.449:1379): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.449:1380): avc: denied { getattr } for pid=7279 comm="ps" name="6743" dev=proc ino=441909250 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.449:1380): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1380): path="/proc/6743"
+type=AVC msg=audit(1162856262.449:1381): avc: denied { search } for pid=7279 comm="ps" name="6743" dev=proc ino=441909250 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.449:1381): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=441909261 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.449:1381): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.449:1382): avc: denied { getattr } for pid=7279 comm="ps" name="6744" dev=proc ino=441974786 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.449:1382): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.449:1382): path="/proc/6744"
+type=AVC msg=audit(1162856262.449:1383): avc: denied { search } for pid=7279 comm="ps" name="6744" dev=proc ino=441974786 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.449:1383): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=441974797 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.449:1383): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.453:1384): avc: denied { getattr } for pid=7279 comm="ps" name="6871" dev=proc ino=450297858 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.453:1384): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.453:1384): path="/proc/6871"
+type=AVC msg=audit(1162856262.453:1385): avc: denied { search } for pid=7279 comm="ps" name="6871" dev=proc ino=450297858 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.453:1385): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=450297869 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.453:1385): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.453:1386): avc: denied { getattr } for pid=7279 comm="ps" name="6892" dev=proc ino=451674114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856262.453:1386): arch=40000003 syscall=195 success=yes exit=0 a0=868d97c a1=bfb23cf0 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.453:1386): path="/proc/6892"
+type=AVC msg=audit(1162856262.453:1387): avc: denied { search } for pid=7279 comm="ps" name="6892" dev=proc ino=451674114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.453:1387): avc: denied { read } for pid=7279 comm="ps" name="stat" dev=proc ino=451674125 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.453:1387): arch=40000003 syscall=5 success=yes exit=18 a0=4cfe4780 a1=0 a2=0 a3=4cfe4780 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.453:1388): avc: denied { getattr } for pid=7279 comm="ps" name="2" dev=devpts ino=4 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162856262.453:1388): arch=40000003 syscall=195 success=yes exit=0 a0=4cfe2840 a1=bfb21440 a2=648ff4 a3=3 items=0 ppid=7278 pid=7279 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.453:1388): path="/dev/pts/2"
+type=AVC msg=audit(1162856262.873:1389): avc: denied { write } for pid=7208 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.873:1389): avc: denied { add_name } for pid=7208 comm="firefox-bin" name="FlashoraxPs" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162856262.873:1389): avc: denied { create } for pid=7208 comm="firefox-bin" name="FlashoraxPs" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.873:1389): arch=40000003 syscall=5 success=yes exit=46 a0=bfacc47b a1=c2 a2=180 a3=1dfd81 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.873:1390): avc: denied { read write } for pid=7208 comm="firefox-bin" name="FlashoraxPs" dev=dm-0 ino=14469565 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.873:1390): arch=40000003 syscall=5 success=yes exit=46 a0=a6808db8 a1=242 a2=1b6 a3=9a75398 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856262.873:1391): avc: denied { getattr } for pid=7208 comm="firefox-bin" name="FlashoraxPs" dev=dm-0 ino=14469565 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856262.873:1391): arch=40000003 syscall=197 success=yes exit=0 a0=2e a1=bfacc2f8 a2=9eaff4 a3=9a75398 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856262.873:1391): path="/tmp/FlashoraxPs"
+type=AVC msg=audit(1162856263.025:1392): avc: denied { search } for pid=7208 comm="firefox-bin" name="pcm" dev=dm-0 ino=9330155 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1162856263.025:1392): avc: denied { read } for pid=7208 comm="firefox-bin" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856263.025:1392): arch=40000003 syscall=5 success=yes exit=50 a0=99095e8 a1=0 a2=1b6 a3=8c4dd48 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856263.025:1393): avc: denied { getattr } for pid=7208 comm="firefox-bin" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856263.025:1393): arch=40000003 syscall=197 success=yes exit=0 a0=32 a1=bfacc280 a2=9eaff4 a3=8c4dd48 items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856263.025:1393): path="/etc/alsa/pcm/default.conf"
+type=AVC msg=audit(1162856263.029:1394): avc: denied { search } for pid=7208 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856263.029:1394): arch=40000003 syscall=54 success=yes exit=0 a0=32 a1=c25c4111 a2=bfacbfbc a3=bfacbfbc items=0 ppid=1 pid=7208 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162856278.190:1395): avc: denied { remove_name } for pid=7281 comm="firefox-bin" name="FlashoraxPs" dev=dm-0 ino=14469565 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162856278.190:1395): avc: denied { unlink } for pid=7281 comm="firefox-bin" name="FlashoraxPs" dev=dm-0 ino=14469565 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856278.190:1395): arch=40000003 syscall=10 success=yes exit=0 a0=a6808d70 a1=1 a2=1d711e0 a3=a6805e28 items=0 ppid=1 pid=7281 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162856401.581:1396): user pid=7297 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162856401.581:1397): login pid=7297 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162856401.581:1398): user pid=7297 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162856401.581:1399): user pid=7297 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162856401.585:1400): avc: denied { execute } for pid=7298 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162856401.585:1400): avc: denied { execute_no_trans } for pid=7298 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.585:1400): arch=40000003 syscall=11 success=yes exit=0 a0=8b581b0 a1=8b58358 a2=8b58290 a3=8b58008 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162856401.585:1400): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162856401.589:1401): avc: denied { execute } for pid=7298 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162856401.589:1401): avc: denied { execute_no_trans } for pid=7298 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162856401.589:1401): avc: denied { read } for pid=7298 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1401): arch=40000003 syscall=11 success=yes exit=0 a0=8b58d48 a1=8b58740 a2=8b58d60 a3=8b58740 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162856401.589:1401): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162856401.589:1401): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162856401.589:1402): avc: denied { search } for pid=7298 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162856401.589:1402): avc: denied { read } for pid=7298 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1402): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8089800 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162856401.589:1403): avc: denied { getattr } for pid=7298 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1403): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf97e2a8 a2=c69ff4 a3=8089800 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162856401.589:1403): path="/proc/net/dev"
+type=AVC msg=audit(1162856401.589:1404): avc: denied { search } for pid=7298 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856401.589:1404): arch=40000003 syscall=33 success=yes exit=0 a0=bf97e654 a1=0 a2=bf97e548 a3=bf97e550 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162856401.589:1405): avc: denied { read append } for pid=7298 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1405): arch=40000003 syscall=5 success=yes exit=3 a0=bf97e654 a1=402 a2=bf97e818 a3=bf97e550 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162856401.589:1406): avc: denied { search } for pid=7298 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162856401.589:1406): avc: denied { read } for pid=7298 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1406): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8089d60 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162856401.589:1407): avc: denied { getattr } for pid=7298 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.589:1407): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf97e104 a2=c69ff4 a3=8089d60 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162856401.589:1407): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162856401.589:1408): avc: denied { search } for pid=7298 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162856401.589:1408): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8089d60 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162856401.593:1409): avc: denied { lock } for pid=7298 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856401.593:1409): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf97e550 a3=3 items=0 ppid=7297 pid=7298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162856401.593:1409): path="/var/log/sa/sa06"
+type=CRED_DISP msg=audit(1162856401.601:1410): user pid=7297 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162856401.601:1411): user pid=7297 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162856952.116:1412): avc: denied { execmem } for pid=7314 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162856952.116:1412): arch=40000003 syscall=192 success=yes exit=8175616 a0=7cc000 a1=1a000 a2=7 a3=812 items=0 ppid=6775 pid=7314 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162856952.116:1413): avc: denied { execstack } for pid=7314 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162856952.116:1413): arch=40000003 syscall=125 success=yes exit=0 a0=bfa30000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=6775 pid=7314 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162856952.140:1414): avc: denied { execute } for pid=7314 comm="gnome-screensav" name="zero" dev=tmpfs ino=1524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162856952.140:1414): arch=40000003 syscall=192 success=yes exit=1114112 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=6775 pid=7314 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162856952.140:1414): path="/dev/zero"
+type=AVC msg=audit(1162856952.144:1415): avc: denied { read } for pid=7314 comm="gnome-screensav" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162856952.144:1415): arch=40000003 syscall=33 success=yes exit=0 a0=bfa30e90 a1=4 a2=4db18a64 a3=bfa30e90 items=0 ppid=6775 pid=7314 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162857001.671:1416): user pid=7316 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162857001.675:1417): login pid=7316 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162857001.675:1418): user pid=7316 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162857001.675:1419): user pid=7316 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162857001.687:1420): user pid=7316 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162857001.687:1421): user pid=7316 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162857601.756:1422): user pid=7334 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162857601.756:1423): login pid=7334 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162857601.756:1424): user pid=7334 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162857601.756:1425): user pid=7334 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162857601.772:1426): user pid=7334 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162857601.772:1427): user pid=7334 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162857661.784:1428): user pid=7338 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162857661.784:1429): login pid=7338 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162857661.784:1430): user pid=7338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162857661.784:1431): user pid=7338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162857661.788:1432): avc: denied { getattr } for pid=7339 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.788:1432): arch=40000003 syscall=195 success=yes exit=0 a0=9b4a120 a1=bfd0fdd0 a2=248ff4 a3=9b4a120 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.788:1432): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162857661.788:1433): avc: denied { execute } for pid=7339 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.788:1433): arch=40000003 syscall=33 success=yes exit=0 a0=9b4a120 a1=1 a2=11 a3=9b4a120 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162857661.788:1434): avc: denied { read } for pid=7339 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.788:1434): arch=40000003 syscall=33 success=yes exit=0 a0=9b4a120 a1=4 a2=ffffffff a3=9b4a120 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162857661.788:1435): avc: denied { execute_no_trans } for pid=7339 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.788:1435): arch=40000003 syscall=11 success=yes exit=0 a0=9b4a120 a1=9b4a3d8 a2=9b4a2f8 a3=9b49f98 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.788:1435): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162857661.788:1436): avc: denied { ioctl } for pid=7339 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.788:1436): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd0ffe8 a3=bfd10028 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.788:1436): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162857661.792:1437): avc: denied { execute } for pid=7339 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.792:1437): arch=40000003 syscall=33 success=yes exit=0 a0=9b4b990 a1=1 a2=1 a3=9b4bc98 items=0 ppid=7338 pid=7339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162857661.792:1438): avc: denied { execute_no_trans } for pid=7340 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.792:1438): arch=40000003 syscall=11 success=yes exit=0 a0=9b4ba10 a1=9b4bad8 a2=9b4bae8 a3=9b4b758 items=0 ppid=7339 pid=7340 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.792:1438): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162857661.796:1439): avc: denied { execute } for pid=7342 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162857661.796:1439): avc: denied { execute_no_trans } for pid=7342 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162857661.796:1439): avc: denied { read } for pid=7342 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.796:1439): arch=40000003 syscall=11 success=yes exit=0 a0=9776678 a1=9776808 a2=9776720 a3=9776508 items=0 ppid=7340 pid=7342 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.796:1439): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162857661.796:1439): path="/sbin/chkconfig"
+type=AVC msg=audit(1162857661.796:1440): avc: denied { read } for pid=7342 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.796:1440): arch=40000003 syscall=5 success=yes exit=3 a0=bfddf8a0 a1=0 a2=ffffffff a3=9d41038 items=0 ppid=7340 pid=7342 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162857661.796:1441): avc: denied { getattr } for pid=7342 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162857661.796:1441): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfddf810 a2=977ff4 a3=3 items=0 ppid=7340 pid=7342 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162857661.796:1441): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162857661.804:1442): user pid=7338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162857661.804:1443): user pid=7338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162858201.870:1444): user pid=7364 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162858201.870:1445): login pid=7364 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162858201.870:1446): user pid=7364 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162858201.870:1447): user pid=7364 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162858201.882:1448): user pid=7364 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162858201.886:1449): user pid=7364 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162858801.947:1450): user pid=7382 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162858801.947:1451): login pid=7382 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162858801.947:1452): user pid=7382 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162858801.947:1453): user pid=7382 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162858801.967:1454): user pid=7382 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162858801.967:1455): user pid=7382 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162859401.037:1456): user pid=7400 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162859401.037:1457): login pid=7400 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162859401.037:1458): user pid=7400 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162859401.037:1459): user pid=7400 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162859401.049:1460): user pid=7400 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162859401.049:1461): user pid=7400 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162859927.374:1462): avc: denied { read } for pid=7418 comm="firefox-bin" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162859927.374:1462): arch=40000003 syscall=33 success=yes exit=0 a0=bfb2ffcb a1=4 a2=4db18a64 a3=bfb2ffcb items=0 ppid=1 pid=7418 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162859927.374:1463): avc: denied { getattr } for pid=7418 comm="firefox-bin" name=".gdmAHKGIT" dev=dm-0 ino=14469334 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162859927.374:1463): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfb2decc a2=7bfff4 a3=9356140 items=0 ppid=1 pid=7418 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162859927.374:1463): path="/tmp/.gdmAHKGIT"
+type=AVC msg=audit(1162859943.499:1464): avc: denied { getattr } for pid=7418 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162859943.499:1464): arch=40000003 syscall=196 success=yes exit=0 a0=bfb2c628 a1=bfb2c58c a2=7bfff4 a3=9e16d28 items=0 ppid=1 pid=7418 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162859943.499:1464): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162859943.627:1465): avc: denied { read } for pid=7418 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162859943.627:1465): arch=40000003 syscall=5 success=yes exit=47 a0=9f09628 a1=0 a2=7c1150 a3=9f09628 items=0 ppid=1 pid=7418 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162859943.627:1466): avc: denied { execute } for pid=7418 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162859943.627:1466): arch=40000003 syscall=192 success=yes exit=74682368 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=7418 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162859943.627:1466): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=USER_ACCT msg=audit(1162860001.106:1467): user pid=7444 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162860001.106:1468): login pid=7444 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162860001.106:1469): user pid=7444 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162860001.110:1470): user pid=7444 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162860001.114:1471): avc: denied { search } for pid=7445 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162860001.114:1471): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8646d60 items=0 ppid=7444 pid=7445 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162860001.122:1472): user pid=7444 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162860001.122:1473): user pid=7444 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162860601.192:1474): user pid=7484 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162860601.192:1475): login pid=7484 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162860601.192:1476): user pid=7484 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162860601.192:1477): user pid=7484 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162860601.200:1478): avc: denied { search } for pid=7485 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162860601.200:1478): avc: denied { read } for pid=7485 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162860601.200:1478): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8a2f800 items=0 ppid=7484 pid=7485 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162860601.200:1479): avc: denied { getattr } for pid=7485 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162860601.200:1479): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe9d7c8 a2=371ff4 a3=8a2f800 items=0 ppid=7484 pid=7485 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162860601.200:1479): path="/proc/net/dev"
+type=AVC msg=audit(1162860601.200:1480): avc: denied { read append } for pid=7485 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162860601.200:1480): arch=40000003 syscall=5 success=yes exit=3 a0=bfe9db74 a1=402 a2=bfe9dd38 a3=bfe9da70 items=0 ppid=7484 pid=7485 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162860601.200:1481): avc: denied { lock } for pid=7485 comm="sadc" name="sa06" dev=dm-0 ino=14600291 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162860601.200:1481): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfe9da70 a3=3 items=0 ppid=7484 pid=7485 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162860601.200:1481): path="/var/log/sa/sa06"
+type=CRED_DISP msg=audit(1162860601.244:1482): user pid=7484 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162860601.244:1483): user pid=7484 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162861201.297:1484): user pid=7540 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162861201.297:1485): login pid=7540 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162861201.301:1486): user pid=7540 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162861201.301:1487): user pid=7540 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162861201.329:1488): user pid=7540 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162861201.329:1489): user pid=7540 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162861261.337:1490): user pid=7544 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162861261.337:1491): login pid=7544 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162861261.337:1492): user pid=7544 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162861261.337:1493): user pid=7544 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162861261.357:1494): user pid=7544 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162861261.357:1495): user pid=7544 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162861801.415:1496): user pid=7575 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162861801.415:1497): login pid=7575 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162861801.415:1498): user pid=7575 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162861801.415:1499): user pid=7575 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162861801.423:1500): avc: denied { search } for pid=7576 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162861801.423:1500): arch=40000003 syscall=33 success=yes exit=0 a0=bf951624 a1=0 a2=bf951518 a3=bf951520 items=0 ppid=7575 pid=7576 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162861801.443:1501): user pid=7575 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162861801.443:1502): user pid=7575 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162862333.952:1503): avc: denied { write } for pid=6892 comm="evolution-alarm" name=".gnome2" dev=dm-0 ino=6547212 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.952:1503): avc: denied { add_name } for pid=6892 comm="evolution-alarm" name="evolution-alarm-notify-vSUaW9" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.952:1503): avc: denied { create } for pid=6892 comm="evolution-alarm" name="evolution-alarm-notify-vSUaW9" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862333.952:1503): arch=40000003 syscall=5 success=yes exit=23 a0=934d450 a1=c2 a2=180 a3=2f829a items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162862333.952:1504): avc: denied { remove_name } for pid=6892 comm="evolution-alarm" name="evolution-alarm-notify-vSUaW9" dev=dm-0 ino=6574545 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.952:1504): avc: denied { unlink } for pid=6892 comm="evolution-alarm" name="evolution-alarm-notify-vSUaW9" dev=dm-0 ino=6574545 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862333.952:1504): arch=40000003 syscall=10 success=yes exit=0 a0=934d450 a1=2 a2=4d48efd8 a3=9323060 items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162862333.960:1505): avc: denied { search } for pid=6892 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.960:1505): avc: denied { write } for pid=6892 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.960:1505): avc: denied { remove_name } for pid=6892 comm="evolution-alarm" name="linc-1aec-0-7f9bab7e41c94" dev=dm-0 ino=15648472 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.960:1505): avc: denied { unlink } for pid=6892 comm="evolution-alarm" name="linc-1aec-0-7f9bab7e41c94" dev=dm-0 ino=15648472 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162862333.960:1505): arch=40000003 syscall=10 success=yes exit=0 a0=9327b10 a1=92fbb90 a2=4df37708 a3=c items=0 ppid=1 pid=6892 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162862333.960:1506): avc: denied { search } for pid=6871 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.960:1506): avc: denied { search } for pid=6871 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862333.960:1507): avc: denied { signal } for pid=7604 comm="evolution-alarm" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=process
+type=SYSCALL msg=audit(1162862333.960:1507): arch=40000003 syscall=270 success=yes exit=0 a0=1aec a1=1db4 a2=6 a3=b72f9c2c items=0 ppid=1 pid=7604 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=SYSCALL msg=audit(1162862333.960:1506): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfd5d1c0 a2=4e570f80 a3=0 items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162862334.088:1508): avc: denied { write } for pid=6723 comm="bash" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162862334.088:1508): arch=40000003 syscall=4 success=no exit=-5 a0=2 a1=b7fa8000 a2=2e a3=2e items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162862334.088:1508): path=2F6465762F7074732F31202864656C6574656429
+type=AVC msg=audit(1162862334.092:1509): avc: denied { read } for pid=6723 comm="bash" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162862334.092:1509): arch=40000003 syscall=3 success=yes exit=0 a0=0 a1=bf8662db a2=1 a3=249420 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162862334.092:1509): path=2F6465762F7074732F31202864656C6574656429
+type=AVC msg=audit(1162862334.092:1510): avc: denied { append } for pid=6723 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862334.092:1510): arch=40000003 syscall=5 success=yes exit=3 a0=8250cf0 a1=8401 a2=0 a3=8401 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162862334.092:1511): avc: denied { read } for pid=6723 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862334.092:1511): arch=40000003 syscall=5 success=yes exit=3 a0=8250cf0 a1=8000 a2=0 a3=8000 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162862334.092:1512): avc: denied { write } for pid=6723 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862334.092:1512): arch=40000003 syscall=5 success=yes exit=3 a0=8250cf0 a1=8201 a2=0 a3=8201 items=0 ppid=6720 pid=6723 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1162862334.096:1513): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162862334.096:1514): avc: denied { search } for pid=6720 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162862334.096:1514): avc: denied { write } for pid=6720 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162862334.096:1514): avc: denied { remove_name } for pid=6720 comm="su" name=".xauthyeka65" dev=dm-0 ino=13127378 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162862334.096:1514): avc: denied { unlink } for pid=6720 comm="su" name=".xauthyeka65" dev=dm-0 ino=13127378 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162862334.096:1514): arch=40000003 syscall=10 success=yes exit=0 a0=93769a8 a1=9376a86 a2=140bc8 a3=9373008 items=0 ppid=1 pid=6720 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_END msg=audit(1162862334.100:1515): user pid=6720 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162862334.116:1516): avc: denied { execheap } for pid=6639 comm="beagle-search" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162862334.116:1516): avc: denied { execmem } for pid=6639 comm="beagle-search" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162862334.116:1516): arch=40000003 syscall=125 success=yes exit=0 a0=9b76000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=6639 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162862334.212:1517): avc: denied { write } for pid=7607 comm="bug-buddy" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162862334.212:1517): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf8965f0 a2=4dc5d770 a3=15 items=0 ppid=7606 pid=7607 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bug-buddy" exe="/usr/bin/bug-buddy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162862338.965:1518): avc: denied { write } for pid=6871 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=15648177 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862338.965:1518): avc: denied { remove_name } for pid=6871 comm="evolution-data-" name="linc-1ad7-0-5a56670ecf53d" dev=dm-0 ino=15648464 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862338.965:1518): avc: denied { unlink } for pid=6871 comm="evolution-data-" name="linc-1ad7-0-5a56670ecf53d" dev=dm-0 ino=15648464 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162862338.965:1518): arch=40000003 syscall=10 success=yes exit=0 a0=87021d8 a1=86f70c8 a2=4df37708 a3=a items=0 ppid=1 pid=6871 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162862343.985:1519): avc: denied { write } for pid=6531 comm="gnome-session" name=".ICE-unix" dev=dm-0 ino=14469315 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862343.985:1519): avc: denied { remove_name } for pid=6531 comm="gnome-session" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162862343.985:1519): avc: denied { unlink } for pid=6531 comm="gnome-session" name="6531" dev=dm-0 ino=14469454 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162862343.985:1519): arch=40000003 syscall=10 success=yes exit=0 a0=8b4bb7a a1=1 a2=4dc5d770 a3=8b4bb08 items=0 ppid=4697 pid=6531 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_END msg=audit(1162862344.101:1520): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session close acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_DISP msg=audit(1162862344.101:1521): user pid=4697 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=DAEMON_END msg=audit(1162862354.005:5730) auditd normal halt, sending auid=4294967295 pid=8144 subj=system_u:system_r:initrc_t:s0
+type=DAEMON_START msg=audit(1162905957.883:2600) auditd start, ver=1.2.9, format=raw, auid=4294967295 pid=2166 res=success, auditd pid=21
+type=CONFIG_CHANGE msg=audit(1162905957.979:51): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0
+type=CONFIG_CHANGE msg=audit(1162905958.435:52): audit_backlog_limit=256 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0
+type=AVC msg=audit(1162905958.459:53): avc: denied { read write } for pid=2181 comm="syslogd" name="0" dev=devpts ino=2 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905958.459:53): arch=40000003 syscall=11 success=yes exit=0 a0=8887ae8 a1=88880d8 a2=8887fe0 a3=8887a58 items=0 ppid=2180 pid=2181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="syslogd" exe="/sbin/syslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905958.459:53): path="/dev/pts/0"
+type=AVC msg=audit(1162905959.207:54): avc: denied { read write } for pid=2184 comm="klogd" name="0" dev=devpts ino=2 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905959.207:54): arch=40000003 syscall=11 success=yes exit=0 a0=99e5b28 a1=99e6078 a2=99e5f88 a3=99e59e0 items=0 ppid=2183 pid=2184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="klogd" exe="/sbin/klogd" subj=system_u:system_r:klogd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905959.207:54): path="/dev/pts/0"
+type=AVC msg=audit(1162905959.763:55): avc: denied { read write } for pid=2196 comm="irqbalance" name="0" dev=devpts ino=2 scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905959.763:55): arch=40000003 syscall=11 success=yes exit=0 a0=9a2ad70 a1=9a2b068 a2=9a2af70 a3=9a2a9e8 items=0 ppid=2195 pid=2196 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="irqbalance" exe="/usr/sbin/irqbalance" subj=system_u:system_r:irqbalance_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905959.763:55): path="/dev/pts/0"
+type=AVC msg=audit(1162905960.255:56): avc: denied { read write } for pid=2212 comm="mcstransd" name="0" dev=devpts ino=2 scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905960.255:56): arch=40000003 syscall=11 success=yes exit=0 a0=8f11ce0 a1=8f11fe0 a2=8f11ef8 a3=8f11970 items=0 ppid=2211 pid=2212 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mcstransd" exe="/sbin/mcstransd" subj=system_u:system_r:setrans_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162905960.255:56): path="/dev/pts/0"
+type=AVC msg=audit(1162905960.935:57): avc: denied { read write } for pid=2225 comm="portmap" name="0" dev=devpts ino=2 scontext=system_u:system_r:portmap_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905960.935:57): arch=40000003 syscall=11 success=yes exit=0 a0=99b3c18 a1=99b4048 a2=99b3f58 a3=99b39b0 items=0 ppid=2224 pid=2225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="portmap" exe="/sbin/portmap" subj=system_u:system_r:portmap_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905960.935:57): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.171:58): avc: denied { read write } for pid=2259 comm="rpc.statd" name="0" dev=devpts ino=2 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.171:58): arch=40000003 syscall=11 success=yes exit=0 a0=8394d58 a1=8395060 a2=8394f70 a3=83949e8 items=0 ppid=2258 pid=2259 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.statd" exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.171:58): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.379:59): avc: denied { read write } for pid=2266 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.379:59): arch=40000003 syscall=11 success=yes exit=0 a0=8ce8b70 a1=8ce8bb8 a2=8ce86c0 a3=8ce8a90 items=0 ppid=2265 pid=2266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.379:59): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.383:60): avc: denied { getattr } for pid=2266 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.383:60): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfa8ff20 a2=42aff4 a3=3 items=0 ppid=2265 pid=2266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.383:60): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.447:61): avc: denied { read write } for pid=2282 comm="modprobe" name="0" dev=devpts ino=2 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.447:61): arch=40000003 syscall=11 success=yes exit=0 a0=8b460b8 a1=8b48428 a2=8b517c8 a3=8b48320 items=0 ppid=2271 pid=2282 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.447:61): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.447:62): avc: denied { getattr } for pid=2282 comm="modprobe" name="0" dev=devpts ino=2 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.447:62): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfd2d770 a2=7d9ff4 a3=3 items=0 ppid=2271 pid=2282 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.447:62): path="/dev/pts/0"
+type=AVC msg=audit(1162905964.523:63): avc: denied { ioctl } for pid=2283 comm="sh" name="0" dev=devpts ino=2 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905964.523:63): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5401 a2=bffae19c a3=bffae1dc items=0 ppid=2282 pid=2283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:insmod_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905964.523:63): path="/dev/pts/0"
+type=AVC msg=audit(1162905965.040:64): avc: denied { read write } for pid=2321 comm="dbus-daemon" name="0" dev=devpts ino=2 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905965.040:64): arch=40000003 syscall=11 success=yes exit=0 a0=82c3ad0 a1=82c40c8 a2=82c3fc8 a3=82c3a40 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905965.040:64): path="/dev/pts/0"
+type=AVC msg=audit(1162905965.880:65): avc: denied { read write } for pid=2335 comm="hcid" name="0" dev=devpts ino=2 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905965.880:65): arch=40000003 syscall=11 success=yes exit=0 a0=8abba80 a1=8abbf78 a2=8abbe80 a3=8abba00 items=0 ppid=2334 pid=2335 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="hcid" exe="/usr/sbin/hcid" subj=system_u:system_r:bluetooth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905965.880:65): path="/dev/pts/0"
+type=AVC msg=audit(1162905966.308:66): avc: denied { read write } for pid=2400 comm="hidd" name="0" dev=devpts ino=2 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905966.308:66): arch=40000003 syscall=11 success=yes exit=0 a0=8fd9b78 a1=8fd9fc8 a2=8fd9ec8 a3=8fd9a48 items=0 ppid=2399 pid=2400 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="hidd" exe="/usr/bin/hidd" subj=system_u:system_r:bluetooth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905966.308:66): path="/dev/pts/0"
+type=AVC msg=audit(1162905966.616:67): avc: denied { read write } for pid=2425 comm="automount" name="0" dev=devpts ino=2 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905966.616:67): arch=40000003 syscall=11 success=yes exit=0 a0=964d738 a1=964d698 a2=964da90 a3=964d5c8 items=0 ppid=2414 pid=2425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905966.616:67): path="/dev/pts/0"
+type=AVC msg=audit(1162905966.900:68): avc: denied { read write } for pid=2444 comm="acpid" name="0" dev=devpts ino=2 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905966.900:68): arch=40000003 syscall=11 success=yes exit=0 a0=8fc6a80 a1=8fc6f78 a2=8fc6e80 a3=8fc6a00 items=0 ppid=2443 pid=2444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="acpid" exe="/usr/sbin/acpid" subj=system_u:system_r:apmd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905966.900:68): path="/dev/pts/0"
+type=AVC msg=audit(1162905967.032:69): avc: denied { read write } for pid=2455 comm="hpiod" name="0" dev=devpts ino=2 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905967.032:69): arch=40000003 syscall=11 success=yes exit=0 a0=8a9cc58 a1=8a9cf40 a2=8a9ce58 a3=8a9c9b8 items=0 ppid=2454 pid=2455 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod" subj=system_u:system_r:hplip_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905967.032:69): path="/dev/pts/0"
+type=AVC msg=audit(1162905967.336:70): avc: denied { ioctl } for pid=2459 comm="python" name="0" dev=devpts ino=2 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905967.336:70): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5401 a2=bfafb6c8 a3=bfafb708 items=0 ppid=2458 pid=2459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905967.336:70): path="/dev/pts/0"
+type=AVC msg=audit(1162905967.336:71): avc: denied { getattr } for pid=2459 comm="python" name="0" dev=devpts ino=2 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905967.336:71): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfafb6a8 a2=813ff4 a3=81483c items=0 ppid=2458 pid=2459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905967.336:71): path="/dev/pts/0"
+type=AVC msg=audit(1162905968.076:72): avc: denied { read write } for pid=2472 comm="cupsd" name="0" dev=devpts ino=2 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905968.076:72): arch=40000003 syscall=11 success=yes exit=0 a0=9749c18 a1=974a048 a2=9749f58 a3=97499b0 items=0 ppid=2471 pid=2472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162905968.076:72): path="/dev/pts/0"
+type=LABEL_LEVEL_CHANGE msg=audit(1162905968.484:73): user pid=2473 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=ML-1740 uri=hal:///org/freedesktop/Hal/devices/usb_device_4e8_324c_2W61BKCX911232K0_if0_printer_noserial banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
+type=AVC msg=audit(1162905968.808:74): avc: denied { setfscreate } for pid=2485 comm="cp" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process
+type=SYSCALL msg=audit(1162905968.808:74): arch=40000003 syscall=4 success=yes exit=30 a0=3 a1=9a41088 a2=1e a3=4d02f748 items=0 ppid=2477 pid=2485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cp" exe="/bin/cp" subj=system_u:system_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1162905968.808:75): avc: denied { relabelfrom } for pid=2485 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=AVC msg=audit(1162905968.808:75): avc: denied { relabelto } for pid=2485 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905968.808:75): arch=40000003 syscall=228 success=yes exit=0 a0=4 a1=4d02f0d3 a2=9a41088 a3=1e items=0 ppid=2477 pid=2485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cp" exe="/bin/cp" subj=system_u:system_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1162905968.808:76): avc: denied { setattr } for pid=2485 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905968.808:76): arch=40000003 syscall=271 success=yes exit=0 a0=bf97d034 a1=bf97d09c a2=e1aff4 a3=0 items=0 ppid=2477 pid=2485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cp" exe="/bin/cp" subj=system_u:system_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1162905968.808:77): avc: denied { read write } for pid=2486 comm="sshd" name="0" dev=devpts ino=2 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905968.808:77): arch=40000003 syscall=11 success=yes exit=0 a0=9fa6398 a1=9fa67a0 a2=9fa69c0 a3=9fa3830 items=0 ppid=2477 pid=2486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162905968.808:77): path="/dev/pts/0"
+type=AVC msg=audit(1162905968.840:78): avc: denied { read write } for pid=2493 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905968.840:78): arch=40000003 syscall=11 success=yes exit=0 a0=8e03de8 a1=8e03e30 a2=8e03930 a3=8e03d08 items=0 ppid=2492 pid=2493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905968.840:78): path="/dev/pts/0"
+type=AVC msg=audit(1162905968.840:79): avc: denied { getattr } for pid=2493 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905968.840:79): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfb27fb0 a2=516ff4 a3=3 items=0 ppid=2492 pid=2493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905968.840:79): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.004:80): avc: denied { read write } for pid=2498 comm="xinetd" name="0" dev=devpts ino=2 scontext=system_u:system_r:inetd_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.004:80): arch=40000003 syscall=11 success=yes exit=0 a0=8d06258 a1=8d067f0 a2=8d066c8 a3=8d06128 items=0 ppid=2497 pid=2498 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xinetd" exe="/usr/sbin/xinetd" subj=system_u:system_r:inetd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905969.004:80): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.340:81): avc: denied { read write } for pid=2514 comm="newaliases" name="0" dev=devpts ino=2 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.340:81): arch=40000003 syscall=11 success=yes exit=0 a0=8945d70 a1=8941ae0 a2=894cde8 a3=895dcd8 items=0 ppid=2503 pid=2514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) comm="newaliases" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905969.340:81): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.344:82): avc: denied { getattr } for pid=2514 comm="newaliases" name="0" dev=devpts ino=2 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.344:82): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bf95cf00 a2=514ff4 a3=3 items=0 ppid=2503 pid=2514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) comm="newaliases" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905969.344:82): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.352:83): avc: denied { ioctl } for pid=2514 comm="newaliases" name="0" dev=devpts ino=2 scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.352:83): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5401 a2=bf95cd88 a3=bf95cdc8 items=0 ppid=2503 pid=2514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) comm="newaliases" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:sendmail_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905969.352:83): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.800:84): avc: denied { read write } for pid=2539 comm="gpm" name="0" dev=devpts ino=2 scontext=system_u:system_r:gpm_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.800:84): arch=40000003 syscall=11 success=yes exit=0 a0=9da1d30 a1=9da2180 a2=9da2078 a3=9da1af0 items=0 ppid=2538 pid=2539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="gpm" exe="/usr/sbin/gpm" subj=system_u:system_r:gpm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905969.800:84): path="/dev/pts/0"
+type=AVC msg=audit(1162905969.828:85): avc: denied { read write } for pid=2550 comm="crond" name="0" dev=devpts ino=2 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905969.828:85): arch=40000003 syscall=11 success=yes exit=0 a0=9c3bc18 a1=9c3c048 a2=9c3bf58 a3=9c3b9b0 items=0 ppid=2549 pid=2550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="crond" exe="/usr/sbin/crond" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162905969.828:85): path="/dev/pts/0"
+type=AVC msg=audit(1162905970.036:86): avc: denied { ioctl } for pid=1460 comm="Xorg" name="nvidia0" dev=tmpfs ino=1535 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file
+type=AVC msg=audit(1162905970.040:87): avc: denied { read write } for pid=1460 comm="Xorg" name="nvidia0" dev=tmpfs ino=1535 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file
+type=AVC msg=audit(1162905970.784:88): avc: denied { read write } for pid=2587 comm="xfs" name="0" dev=devpts ino=2 scontext=system_u:system_r:xfs_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905970.784:88): arch=40000003 syscall=11 success=yes exit=0 a0=a0e4b00 a1=a0e50f8 a2=a0e4ff8 a3=a0e4a70 items=0 ppid=2586 pid=2587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xfs" exe="/usr/bin/xfs" subj=system_u:system_r:xfs_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905970.784:88): path="/dev/pts/0"
+type=AVC msg=audit(1162905970.848:89): avc: denied { read write } for pid=2598 comm="anacron" name="0" dev=devpts ino=2 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905970.848:89): arch=40000003 syscall=11 success=yes exit=0 a0=9e58d88 a1=9e59090 a2=9e58fa0 a3=9e58a18 items=0 ppid=2597 pid=2598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905970.848:89): path="/dev/pts/0"
+type=AVC msg=audit(1162905970.936:90): avc: denied { ioctl } for pid=2598 comm="anacron" name="0" dev=devpts ino=2 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905970.936:90): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5422 a2=0 a3=2 items=0 ppid=2597 pid=2598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905970.936:90): path="/dev/pts/0"
+type=AVC msg=audit(1162905970.936:91): avc: denied { write } for pid=2599 comm="anacron" name="run" dev=dm-0 ino=14436616 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1162905970.936:91): avc: denied { add_name } for pid=2599 comm="anacron" name="anacron.pid" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1162905970.936:91): avc: denied { create } for pid=2599 comm="anacron" name="anacron.pid" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905970.936:91): arch=40000003 syscall=5 success=yes exit=3 a0=804c925 a1=241 a2=1b6 a3=8269020 items=0 ppid=2598 pid=2599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162905970.936:92): avc: denied { write } for pid=2599 comm="anacron" name="anacron.pid" dev=dm-0 ino=14437020 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905970.936:92): arch=40000003 syscall=4 success=yes exit=4 a0=3 a1=b7fe7000 a2=4 a3=4 items=0 ppid=2598 pid=2599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905970.936:92): path="/var/run/anacron.pid"
+type=AVC msg=audit(1162905970.964:93): avc: denied { read write } for pid=2608 comm="atd" name="0" dev=devpts ino=2 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905970.964:93): arch=40000003 syscall=11 success=yes exit=0 a0=9823a80 a1=9823f78 a2=9823e80 a3=9823a00 items=0 ppid=2607 pid=2608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="atd" exe="/usr/sbin/atd" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162905970.964:93): path="/dev/pts/0"
+type=AVC msg=audit(1162905971.144:94): avc: denied { read write } for pid=2670 comm="readahead" name="0" dev=devpts ino=2 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905971.144:94): arch=40000003 syscall=11 success=yes exit=0 a0=88ca0d0 a1=88c9f98 a2=88d4658 a3=88c82f8 items=0 ppid=1 pid=2670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="readahead" exe="/usr/sbin/readahead" subj=system_u:system_r:readahead_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905971.144:94): path="/dev/pts/0"
+type=AVC msg=audit(1162905971.252:95): avc: denied { getattr } for pid=2670 comm="readahead" name="0" dev=devpts ino=2 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905971.252:95): arch=40000003 syscall=195 success=yes exit=0 a0=bfa53aa4 a1=bfa53980 a2=40bff4 a3=3 items=0 ppid=1 pid=2670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="readahead" exe="/usr/sbin/readahead" subj=system_u:system_r:readahead_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905971.252:95): path="/dev/pts/0"
+type=AVC msg=audit(1162905971.360:96): avc: denied { setattr } for pid=2678 comm="cp" name="localtime" dev=dm-0 ino=9330774 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905971.360:96): arch=40000003 syscall=271 success=yes exit=0 a0=bfda1c54 a1=bfda1cbc a2=248ff4 a3=0 items=0 ppid=2673 pid=2678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cp" exe="/bin/cp" subj=system_u:system_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1162905971.360:97): avc: denied { read write } for pid=2679 comm="avahi-daemon" name="0" dev=devpts ino=2 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905971.360:97): arch=40000003 syscall=11 success=yes exit=0 a0=85e3370 a1=85e35d0 a2=85eb8f8 a3=85e3168 items=0 ppid=2673 pid=2679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=system_u:system_r:avahi_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905971.360:97): path="/dev/pts/0"
+type=AVC msg=audit(1162905974.672:98): avc: denied { read write } for pid=2705 comm="hald" name="0" dev=devpts ino=2 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905974.672:98): arch=40000003 syscall=11 success=yes exit=0 a0=82c4c18 a1=82c5048 a2=82c4f58 a3=82c49b0 items=0 ppid=2704 pid=2705 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald" subj=system_u:system_r:hald_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905974.672:98): path="/dev/pts/0"
+type=AVC msg=audit(1162905977.128:99): avc: denied { accept } for pid=1460 comm="Xorg" lport=6009 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:system_r:rhgb_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1162905977.216:100): avc: denied { write } for pid=2718 comm="xkbcomp" name="xkb" dev=dm-0 ino=14437298 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162905977.216:100): avc: denied { add_name } for pid=2718 comm="xkbcomp" name="server-9.xkm" scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162905977.216:100): avc: denied { create } for pid=2718 comm="xkbcomp" name="server-9.xkm" scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905977.216:100): arch=40000003 syscall=5 success=yes exit=0 a0=bfdc3efe a1=c1 a2=1b6 a3=2494c0 items=0 ppid=1460 pid=2718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty8 comm="xkbcomp" exe="/usr/bin/xkbcomp" subj=system_u:system_r:rhgb_t:s0 key=(null)
+type=AVC msg=audit(1162905977.216:101): avc: denied { write } for pid=2718 comm="xkbcomp" name="server-9.xkm" dev=dm-0 ino=14437174 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162905977.216:101): arch=40000003 syscall=4 success=yes exit=4096 a0=0 a1=b7f0f000 a2=1000 a3=1000 items=0 ppid=1460 pid=2718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty8 comm="xkbcomp" exe="/usr/bin/xkbcomp" subj=system_u:system_r:rhgb_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905977.216:101): path="/var/lib/xkb/server-9.xkm"
+type=AVC msg=audit(1162905977.216:102): avc: denied { remove_name } for pid=1460 comm="Xorg" name="server-9.xkm" dev=dm-0 ino=14437174 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162905977.216:103): avc: denied { unlink } for pid=1460 comm="Xorg" name="server-9.xkm" dev=dm-0 ino=14437174 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=AVC msg=audit(1162905980.961:104): avc: denied { read write } for pid=2765 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905980.961:104): arch=40000003 syscall=11 success=yes exit=0 a0=96c5d70 a1=96c5db8 a2=96c58e8 a3=96c5c90 items=0 ppid=2764 pid=2765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905980.961:104): path="/dev/pts/0"
+type=AVC msg=audit(1162905980.961:105): avc: denied { getattr } for pid=2765 comm="consoletype" name="0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905980.961:105): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfa696f0 a2=b97ff4 a3=3 items=0 ppid=2764 pid=2765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905980.961:105): path="/dev/pts/0"
+type=AVC msg=audit(1162905980.977:106): avc: denied { read write } for pid=2770 comm="NetworkManager" name="0" dev=devpts ino=2 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905980.977:106): arch=40000003 syscall=11 success=yes exit=0 a0=90ebe88 a1=90ec2d0 a2=90ec198 a3=90ebad8 items=0 ppid=2769 pid=2770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905980.977:106): path="/dev/pts/0"
+type=AVC msg=audit(1162905982.669:107): avc: denied { read write } for pid=2796 comm="smartd" name="0" dev=devpts ino=2 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162905982.669:107): arch=40000003 syscall=11 success=yes exit=0 a0=8db3ba8 a1=8db3ff8 a2=8db3ef8 a3=8db3a78 items=0 ppid=2795 pid=2796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smartd" exe="/usr/sbin/smartd" subj=system_u:system_r:fsdaemon_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162905982.669:107): path="/dev/pts/0"
+type=AVC msg=audit(1162905985.521:108): avc: denied { ioctl } for pid=1460 comm="Xorg" name="nvidiactl" dev=tmpfs ino=1545 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file
+type=AVC msg=audit(1162905985.569:109): avc: denied { write } for pid=1460 comm="Xorg" name="00.0" dev=proc ino=-268435022 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=AVC msg=audit(1162905985.573:110): avc: denied { chown } for pid=1460 comm="Xorg" capability=0 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:system_r:rhgb_t:s0 tclass=capability
+type=AVC msg=audit(1162905985.573:111): avc: denied { setattr } for pid=1460 comm="Xorg" name="tty0" dev=tmpfs ino=761 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=USER_ERR msg=audit(1162905989.541:112): user pid=2827 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: bad_ident acct=? : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=console res=failed)'
+type=USER_AUTH msg=audit(1162906001.198:113): user pid=2934 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_ACCT msg=audit(1162906001.206:114): user pid=2934 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_ACQ msg=audit(1162906001.206:115): user pid=2934 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=LOGIN msg=audit(1162906001.210:116): login pid=2934 uid=0 old auid=4294967295 new auid=500
+type=USER_START msg=audit(1162906001.254:117): user pid=2934 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_LOGIN msg=audit(1162906001.254:118): user pid=2934 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)'
+type=AVC msg=audit(1162906001.634:119): avc: denied { read } for pid=2965 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906001.634:119): arch=40000003 syscall=5 success=yes exit=9 a0=80865d5 a1=0 a2=1 a3=a items=0 ppid=2934 pid=2965 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906001.654:120): avc: denied { getattr } for pid=2965 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906001.654:120): arch=40000003 syscall=196 success=yes exit=0 a0=80865d5 a1=bffc5400 a2=82dff4 a3=3 items=0 ppid=2934 pid=2965 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906001.654:120): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162906001.670:121): avc: denied { read } for pid=2978 comm="xrdb" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906001.670:121): arch=40000003 syscall=33 success=yes exit=0 a0=bfaeffce a1=4 a2=4db18a64 a3=bfaeffce items=0 ppid=2965 pid=2978 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xrdb" exe="/usr/bin/xrdb" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906001.974:122): avc: denied { getattr } for pid=3019 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1162906001.974:122): arch=40000003 syscall=100 success=yes exit=0 a0=5 a1=bff14d8c a2=493ff4 a3=ffffffb8 items=0 ppid=3018 pid=3019 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162906001.974:123): avc: denied { search } for pid=3019 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162906001.974:123): avc: denied { search } for pid=3019 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906001.974:123): arch=40000003 syscall=5 success=no exit=-2 a0=8eddb98 a1=18800 a2=36025c a3=bff14ec8 items=0 ppid=3018 pid=3019 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162906003.926:124): avc: denied { write } for pid=2965 comm="gnome-session" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906003.926:124): avc: denied { add_name } for pid=2965 comm="gnome-session" name="2965" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906003.926:124): avc: denied { create } for pid=2965 comm="gnome-session" name="2965" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906003.926:124): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf9ce660 a2=4dc5d770 a3=0 items=0 ppid=2934 pid=2965 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906004.018:125): avc: denied { read write } for pid=3029 comm="gnome-settings-" name="[11958]" dev=sockfs ino=11958 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1162906004.018:125): arch=40000003 syscall=11 success=yes exit=0 a0=8ee4b88 a1=8ee4430 a2=8ee4d68 a3=b items=0 ppid=3028 pid=3029 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906004.018:125): path="socket:[11958]"
+type=AVC msg=audit(1162906004.602:126): avc: denied { read } for pid=3029 comm="gnome-settings-" name="resolv.conf" dev=dm-0 ino=9330746 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906004.602:126): arch=40000003 syscall=5 success=yes exit=21 a0=581d13 a1=0 a2=1b6 a3=9ddb1c8 items=0 ppid=3028 pid=3029 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906004.734:127): avc: denied { read } for pid=3037 comm="esd" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906004.734:127): arch=40000003 syscall=5 success=yes exit=14 a0=99dd258 a1=0 a2=1b6 a3=99dd278 items=0 ppid=1 pid=3037 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="esd" exe="/usr/bin/esd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906005.982:128): avc: denied { write } for pid=3056 comm="metacity" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906005.982:128): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe71c10 a2=4dc5d770 a3=15 items=0 ppid=1 pid=3056 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906006.202:129): avc: denied { sigchld } for pid=3073 comm="dbus-daemon" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906006.202:129): arch=40000003 syscall=7 success=yes exit=0 a0=c02 a1=bff14918 a2=1 a3=c02 items=0 ppid=3021 pid=3073 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1162906006.414:130): avc: denied { execute } for pid=3080 comm="beagle-search" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906006.414:130): arch=40000003 syscall=33 success=yes exit=0 a0=8e8db10 a1=1 a2=11 a3=8e8db10 items=0 ppid=1 pid=3080 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906006.414:131): avc: denied { read } for pid=3080 comm="beagle-search" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906006.414:131): arch=40000003 syscall=33 success=yes exit=0 a0=8e8db10 a1=4 a2=ffffffff a3=8e8db10 items=0 ppid=1 pid=3080 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906006.414:132): avc: denied { execute_no_trans } for pid=3080 comm="beagle-search" name="mono" dev=dm-0 ino=10323612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906006.414:132): arch=40000003 syscall=11 success=yes exit=0 a0=8e8d928 a1=8e8daf8 a2=8e8e200 a3=8e8daf8 items=0 ppid=1 pid=3080 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906006.414:132): path="/usr/bin/mono"
+type=AVC msg=audit(1162906006.718:133): avc: denied { execheap } for pid=3080 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162906006.718:133): avc: denied { execmem } for pid=3080 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906006.718:133): arch=40000003 syscall=125 success=yes exit=0 a0=9fec000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=3080 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906008.014:134): avc: denied { ioctl } for pid=3112 comm="pam_timestamp_c" name="[11821]" dev=pipefs ino=11821 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1162906008.014:134): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfe86abc a3=bfe86afc items=0 ppid=3106 pid=3112 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906008.014:134): path="pipe:[11821]"
+type=AVC msg=audit(1162906008.338:135): avc: denied { execheap } for pid=3111 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162906008.338:135): avc: denied { execmem } for pid=3111 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906008.338:135): arch=40000003 syscall=125 success=yes exit=0 a0=994f000 a1=1000 a2=7 a3=1 items=0 ppid=3093 pid=3111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906010.194:136): avc: denied { read } for pid=3087 comm="sealert" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906010.194:136): arch=40000003 syscall=33 success=yes exit=0 a0=bf82ce56 a1=4 a2=4db18a64 a3=bf82ce56 items=0 ppid=1 pid=3087 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sealert" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906018.299:137): avc: denied { read } for pid=3111 comm="beagled" name="max_user_instances" dev=proc ino=-268435218 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906018.299:137): arch=40000003 syscall=5 success=yes exit=24 a0=f0733c a1=0 a2=1 a3=9ad4110 items=0 ppid=1 pid=3111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906035.312:138): avc: denied { write } for pid=3159 comm="nm-vpnc-auth-di" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906035.312:138): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfef76b0 a2=4dc5d770 a3=15 items=0 ppid=3098 pid=3159 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906041.868:139): avc: denied { read write } for pid=3191 comm="notification-da" name="[11958]" dev=sockfs ino=11958 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1162906041.868:139): arch=40000003 syscall=11 success=yes exit=0 a0=8ef6540 a1=8eea710 a2=8ef66c8 a3=15 items=0 ppid=3190 pid=3191 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="notification-da" exe="/usr/libexec/notification-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906041.868:139): path="socket:[11958]"
+type=AVC msg=audit(1162906044.868:140): avc: denied { read } for pid=3193 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906044.868:140): arch=40000003 syscall=33 success=yes exit=0 a0=bffb3fcb a1=4 a2=4db18a64 a3=bffb3fcb items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162906044.868:141): avc: denied { getattr } for pid=3193 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906044.868:141): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bffb1b4c a2=f64ff4 a3=8f15140 items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906044.868:141): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162906050.593:142): avc: denied { search } for pid=3205 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906050.593:142): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bf99bfe8 a2=fb4ff4 a3=3 items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906050.597:143): avc: denied { read } for pid=3205 comm="evolution" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906050.597:143): arch=40000003 syscall=33 success=yes exit=0 a0=bf99edff a1=4 a2=4db18a64 a3=bf99edff items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906050.597:144): avc: denied { getattr } for pid=3205 comm="evolution" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906050.597:144): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf99bf1c a2=fb4ff4 a3=9602730 items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906050.597:144): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162906050.609:145): avc: denied { search } for pid=3205 comm="evolution" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906050.609:145): avc: denied { write } for pid=3205 comm="evolution" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906050.609:145): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf99c020 a2=4dc5d770 a3=15 items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906050.609:146): avc: denied { read } for pid=3205 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906050.609:146): arch=40000003 syscall=33 success=yes exit=0 a0=9618218 a1=4 a2=4dc5d770 a3=9618218 items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906050.609:147): avc: denied { getattr } for pid=3205 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906050.609:147): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bf99c0bc a2=fb4ff4 a3=9618af8 items=0 ppid=1 pid=3205 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906050.609:147): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162906053.301:148): avc: denied { read } for pid=3207 comm="xchat" name="resolv.conf" dev=dm-0 ino=9334542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.301:148): arch=40000003 syscall=5 success=yes exit=9 a0=432d13 a1=0 a2=1b6 a3=9b48c68 items=0 ppid=3203 pid=3207 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xchat" exe="/usr/bin/xchat" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906053.377:149): avc: denied { write } for pid=3214 comm="evolution-data-" name="[13401]" dev=pipefs ino=13401 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162906053.377:149): arch=40000003 syscall=11 success=yes exit=0 a0=833e808 a1=833e478 a2=833e4d0 a3=0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.377:149): path="pipe:[13401]"
+type=AVC msg=audit(1162906053.497:150): avc: denied { read } for pid=3214 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.497:150): arch=40000003 syscall=5 success=yes exit=3 a0=6a29dc a1=0 a2=0 a3=0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.497:151): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.497:151): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf841ebc a2=6b9ff4 a3=3 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.497:151): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1162906053.501:152): avc: denied { getsched } for pid=3214 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906053.501:152): arch=40000003 syscall=155 success=yes exit=0 a0=c8e a1=b7f858dc a2=12bff4 a3=b7f856d0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:153): avc: denied { search } for pid=3214 comm="evolution-data-" name="locale" dev=dm-0 ino=10311905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1162906053.501:153): avc: denied { read } for pid=3214 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.501:153): arch=40000003 syscall=5 success=yes exit=3 a0=4df2984c a1=8000 a2=1b6 a3=8ea7480 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:154): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.501:154): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8423e8 a2=6b9ff4 a3=8ea7480 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:154): path="/usr/share/locale/locale.alias"
+type=AVC msg=audit(1162906053.501:155): avc: denied { read } for pid=3214 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.501:155): arch=40000003 syscall=5 success=yes exit=3 a0=6a2a00 a1=8000 a2=1 a3=bf8423b0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:156): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.501:156): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=6baaa0 a2=6b9ff4 a3=bf8423b0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:156): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1162906053.501:157): avc: denied { read } for pid=3214 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906053.501:157): arch=40000003 syscall=5 success=yes exit=9 a0=8ea95a8 a1=18800 a2=bdefc0 a3=8ea95a8 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:158): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906053.501:158): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf8424cc a2=6b9ff4 a3=9 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:158): path="/tmp"
+type=AVC msg=audit(1162906053.501:159): avc: denied { search } for pid=3214 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906053.501:159): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906053.501:159): arch=40000003 syscall=195 success=yes exit=0 a0=8ea9a68 a1=bf842510 a2=6b9ff4 a3=3 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:159): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1162906053.501:160): avc: denied { setattr } for pid=3214 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906053.501:160): arch=40000003 syscall=30 success=yes exit=0 a0=8ea9a90 a1=bf842564 a2=4e570f80 a3=1f4 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:161): avc: denied { read } for pid=3214 comm="evolution-data-" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906053.501:161): arch=40000003 syscall=5 success=yes exit=9 a0=4def9880 a1=8000 a2=1b6 a3=8eaa800 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.501:162): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906053.501:162): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf8424ec a2=6b9ff4 a3=8eaa800 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:162): path="/dev/urandom"
+type=AVC msg=audit(1162906053.501:163): avc: denied { ioctl } for pid=3214 comm="evolution-data-" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906053.501:163): arch=40000003 syscall=54 success=no exit=-22 a0=9 a1=5401 a2=bf84244c a3=bf84248c items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.501:163): path="/dev/urandom"
+type=AVC msg=audit(1162906053.505:164): avc: denied { search } for pid=3214 comm="evolution-data-" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906053.505:164): avc: denied { read } for pid=3214 comm="evolution-data-" name="ior" dev=dm-0 ino=15648171 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.505:164): arch=40000003 syscall=5 success=yes exit=9 a0=8eabe38 a1=0 a2=1b6 a3=8eabe60 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.505:165): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="ior" dev=dm-0 ino=15648171 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.505:165): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf841b78 a2=6b9ff4 a3=8eabe60 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.505:165): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1162906053.505:166): avc: denied { write } for pid=3214 comm="evolution-data-" name="linc-bd0-0-6f75742e134f6" dev=dm-0 ino=14567714 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1162906053.505:166): avc: denied { connectto } for pid=3214 comm="evolution-data-" name="linc-bd0-0-6f75742e134f6" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162906053.505:166): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf842290 a2=4e570f80 a3=0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.505:166): path="/tmp/orbit-kmacmill/linc-bd0-0-6f75742e134f6"
+type=AVC msg=audit(1162906053.505:167): avc: denied { write } for pid=3214 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906053.505:167): avc: denied { add_name } for pid=3214 comm="evolution-data-" name="linc-c8e-0-2f6d638e7c118" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906053.505:167): avc: denied { create } for pid=3214 comm="evolution-data-" name="linc-c8e-0-2f6d638e7c118" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906053.505:167): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf8422d0 a2=4e570f80 a3=b7f8569c items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.505:168): avc: denied { connectto } for pid=3024 comm="gconfd-2" name="linc-c8e-0-2f6d638e7c118" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162906053.505:168): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf902a90 a2=4e570f80 a3=0 items=0 ppid=1 pid=3024 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.505:168): path="/tmp/orbit-kmacmill/linc-c8e-0-2f6d638e7c118"
+type=AVC msg=audit(1162906053.837:169): avc: denied { write } for pid=3214 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=14567725 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.837:169): arch=40000003 syscall=5 success=yes exit=16 a0=8eb28b8 a1=42 a2=1c0 a3=8eb28b8 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906053.837:170): avc: denied { lock } for pid=3214 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=14567725 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906053.837:170): arch=40000003 syscall=221 success=yes exit=0 a0=10 a1=7 a2=bf84252c a3=bf84252c items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906053.837:170): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1162906054.041:171): avc: denied { getattr } for pid=3214 comm="evolution-data-" name="[13401]" dev=pipefs ino=13401 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162906054.041:171): arch=40000003 syscall=197 success=yes exit=0 a0=1d a1=bf842564 a2=6b9ff4 a3=8ebfca0 items=0 ppid=1 pid=3214 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906054.041:171): path="pipe:[13401]"
+type=USER_AVC msg=audit(1162906057.949:172): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=3205 tpid=2771 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1162906057.949:173): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.22 spid=2771 tpid=3205 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1162906057.997:174): avc: denied { create } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162906057.997:174): arch=40000003 syscall=102 success=yes exit=35 a0=1 a1=b184f274 a2=fb4ff4 a3=8cfd7f items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906057.997:175): avc: denied { bind } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162906057.997:175): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b184f274 a2=fb4ff4 a3=23 items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906057.997:176): avc: denied { getattr } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162906057.997:176): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b184f274 a2=fb4ff4 a3=23 items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906058.001:177): avc: denied { write } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162906058.001:177): avc: denied { nlmsg_read } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162906058.001:177): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b184e1b4 a2=fb4ff4 a3=0 items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906058.001:178): avc: denied { read } for pid=3226 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162906058.001:178): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b184e1b4 a2=fb4ff4 a3=0 items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906058.001:179): avc: denied { search } for pid=3226 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906058.001:179): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=b184ee74 a2=fb4ff4 a3=0 items=0 ppid=1 pid=3226 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162906060.209:180): avc: denied { write } for pid=3239 comm="evolution-alarm" name="[13479]" dev=pipefs ino=13479 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162906060.209:180): arch=40000003 syscall=11 success=yes exit=0 a0=833fbc0 a1=8346628 a2=83477f8 a3=0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.209:180): path="pipe:[13479]"
+type=AVC msg=audit(1162906060.433:181): avc: denied { read } for pid=3239 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.433:181): arch=40000003 syscall=5 success=yes exit=3 a0=bf922090 a1=0 a2=0 a3=bf922090 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.433:182): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.433:182): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf9220e4 a2=daafc0 a3=4 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.433:182): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1162906060.433:183): avc: denied { execute } for pid=3239 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=14174689 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.433:183): arch=40000003 syscall=192 success=yes exit=1297682432 a0=4d591000 a1=33cd0 a2=5 a3=802 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.433:183): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1162906060.433:184): avc: denied { read } for pid=3239 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.433:184): arch=40000003 syscall=5 success=yes exit=3 a0=da8037 a1=0 a2=dab650 a3=ffffffff items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.433:185): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.433:185): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf921fd8 a2=daafc0 a3=ffffffff items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.433:185): path="/etc/ld.so.cache"
+type=AVC msg=audit(1162906060.673:186): avc: denied { read } for pid=3239 comm="evolution-alarm" name="ld-2.5.90.so" dev=dm-0 ino=13716563 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.673:186): arch=40000003 syscall=125 success=yes exit=0 a0=daa000 a1=1000 a2=1 a3=380 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.673:186): path="/lib/ld-2.5.90.so"
+type=AVC msg=audit(1162906060.677:187): avc: denied { getsched } for pid=3239 comm="evolution-alarm" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906060.677:187): arch=40000003 syscall=155 success=yes exit=0 a0=ca7 a1=b7f8daec a2=ba4ff4 a3=b7f8d8e0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.677:188): avc: denied { read } for pid=3239 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9330856 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.677:188): arch=40000003 syscall=5 success=yes exit=3 a0=2c3e3d a1=0 a2=1b6 a3=87b3a00 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.677:189): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9330856 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.677:189): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf9221c8 a2=2dbff4 a3=87b3a00 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.677:189): path="/etc/nsswitch.conf"
+type=AVC msg=audit(1162906060.677:190): avc: denied { read } for pid=3239 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.677:190): arch=40000003 syscall=5 success=yes exit=3 a0=da8037 a1=0 a2=2a a3=ffffffff items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.677:191): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=user_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.677:191): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf921c58 a2=daafc0 a3=ffffffff items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.677:191): path="/etc/ld.so.cache"
+type=AVC msg=audit(1162906060.681:192): avc: denied { read } for pid=3239 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=10379454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.681:192): arch=40000003 syscall=5 success=yes exit=3 a0=bf91e168 a1=0 a2=1b6 a3=87bb280 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.681:193): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=10379454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.681:193): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf91dd88 a2=2dbff4 a3=87bb280 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.681:193): path="/usr/share/X11/locale/locale.alias"
+type=AVC msg=audit(1162906060.685:194): avc: denied { read } for pid=3239 comm="evolution-alarm" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.685:194): arch=40000003 syscall=33 success=yes exit=0 a0=bf924b68 a1=4 a2=4db18a64 a3=bf924b68 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.685:195): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.685:195): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf92201c a2=2dbff4 a3=87be6c0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.685:195): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162906060.685:196): avc: denied { read } for pid=3239 comm="evolution-alarm" name="ISO8859-1.so" dev=dm-0 ino=10387600 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.685:196): arch=40000003 syscall=5 success=yes exit=4 a0=87cd8d0 a1=0 a2=87cd8c8 a3=87cd8d0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.685:197): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="ISO8859-1.so" dev=dm-0 ino=10387600 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.685:197): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf921bcc a2=daafc0 a3=5 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.685:197): path="/usr/lib/gconv/ISO8859-1.so"
+type=AVC msg=audit(1162906060.685:198): avc: denied { execute } for pid=3239 comm="evolution-alarm" name="ISO8859-1.so" dev=dm-0 ino=10387600 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.685:198): arch=40000003 syscall=192 success=yes exit=12324864 a0=0 a1=2014 a2=5 a3=802 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.685:198): path="/usr/lib/gconv/ISO8859-1.so"
+type=AVC msg=audit(1162906060.689:199): avc: denied { read } for pid=3239 comm="evolution-alarm" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906060.689:199): arch=40000003 syscall=5 success=yes exit=10 a0=87b3700 a1=18800 a2=daafc0 a3=87b3700 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.689:200): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906060.689:200): arch=40000003 syscall=195 success=yes exit=0 a0=87d1250 a1=bf922680 a2=2dbff4 a3=3 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.689:200): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1162906060.689:201): avc: denied { setattr } for pid=3239 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906060.689:201): arch=40000003 syscall=30 success=yes exit=0 a0=87d0230 a1=bf9226d4 a2=4e570f80 a3=1f4 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.689:202): avc: denied { read } for pid=3239 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906060.689:202): arch=40000003 syscall=5 success=yes exit=10 a0=4def9880 a1=8000 a2=1b6 a3=87d02a8 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.689:203): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906060.689:203): arch=40000003 syscall=197 success=yes exit=0 a0=a a1=bf92265c a2=2dbff4 a3=87d02a8 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.689:203): path="/dev/urandom"
+type=AVC msg=audit(1162906060.689:204): avc: denied { ioctl } for pid=3239 comm="evolution-alarm" name="urandom" dev=tmpfs ino=2054 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162906060.689:204): arch=40000003 syscall=54 success=no exit=-22 a0=a a1=5401 a2=bf9225bc a3=bf9225fc items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.689:204): path="/dev/urandom"
+type=AVC msg=audit(1162906060.693:205): avc: denied { read } for pid=3239 comm="evolution-alarm" name="modules" dev=dm-0 ino=9331073 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906060.693:205): arch=40000003 syscall=5 success=yes exit=10 a0=87d1618 a1=18800 a2=4dea3d07 a3=87d1618 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.693:206): avc: denied { search } for pid=3239 comm="evolution-alarm" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906060.693:206): avc: denied { write } for pid=3239 comm="evolution-alarm" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1162906060.693:206): avc: denied { connectto } for pid=3239 comm="evolution-alarm" name="2965" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162906060.693:206): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf9220d0 a2=4dc5d770 a3=15 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.693:206): path="/tmp/.ICE-unix/2965"
+type=AVC msg=audit(1162906060.693:207): avc: denied { read } for pid=3239 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.693:207): arch=40000003 syscall=33 success=yes exit=0 a0=87d3fa0 a1=4 a2=4dc5d770 a3=87d3fa0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.693:208): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.693:208): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bf92216c a2=2dbff4 a3=87d4880 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.693:208): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162906060.697:209): avc: denied { search } for pid=3239 comm="evolution-alarm" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906060.697:209): avc: denied { read } for pid=3239 comm="evolution-alarm" name="ior" dev=dm-0 ino=15648171 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.697:209): arch=40000003 syscall=5 success=yes exit=11 a0=87d7728 a1=0 a2=1b6 a3=87d7770 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.697:210): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="ior" dev=dm-0 ino=15648171 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906060.697:210): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bf921c88 a2=2dbff4 a3=87d7770 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.697:210): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1162906060.697:211): avc: denied { write } for pid=3239 comm="evolution-alarm" name="linc-bd0-0-6f75742e134f6" dev=dm-0 ino=14567714 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906060.697:211): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf9223a0 a2=4e570f80 a3=0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.697:212): avc: denied { write } for pid=3239 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906060.697:212): avc: denied { add_name } for pid=3239 comm="evolution-alarm" name="linc-ca7-0-6fcffd09ab5a6" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906060.697:212): avc: denied { create } for pid=3239 comm="evolution-alarm" name="linc-ca7-0-6fcffd09ab5a6" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162906060.697:212): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf9223e0 a2=4e570f80 a3=b7f8d8ac items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906060.697:213): avc: denied { connectto } for pid=3024 comm="gconfd-2" name="linc-ca7-0-6fcffd09ab5a6" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162906060.697:213): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf902a90 a2=4e570f80 a3=0 items=0 ppid=1 pid=3024 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906060.697:213): path="/tmp/orbit-kmacmill/linc-ca7-0-6fcffd09ab5a6"
+type=AVC msg=audit(1162906061.066:214): avc: denied { read } for pid=3239 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906061.066:214): arch=40000003 syscall=5 success=yes exit=18 a0=2c399a a1=0 a2=1b6 a3=87efe98 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906061.066:215): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906061.066:215): arch=40000003 syscall=197 success=yes exit=0 a0=12 a1=bf91defc a2=2dbff4 a3=87efe98 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906061.066:215): path="/proc/meminfo"
+type=AVC msg=audit(1162906061.066:216): avc: denied { connectto } for pid=3239 comm="evolution-alarm" path=002F746D702F646275732D6E6948324A5970414645 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162906061.066:216): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf922200 a2=a04494 a3=0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906061.078:217): avc: denied { write } for pid=3239 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=14567725 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906061.078:217): arch=40000003 syscall=5 success=yes exit=19 a0=87fdba0 a1=42 a2=1c0 a3=87fdba0 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1162906061.078:218): avc: denied { lock } for pid=3239 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=14567725 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906061.078:218): arch=40000003 syscall=221 success=yes exit=0 a0=13 a1=7 a2=bf9222ac a3=bf9222ac items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906061.078:218): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1162906061.122:219): avc: denied { signal } for pid=3243 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906061.122:219): arch=40000003 syscall=270 success=yes exit=0 a0=c8e a1=c8f a2=21 a3=b7d84bd0 items=0 ppid=1 pid=3243 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162906061.126:220): avc: denied { getattr } for pid=3239 comm="evolution-alarm" name="[13479]" dev=pipefs ino=13479 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162906061.126:220): arch=40000003 syscall=197 success=yes exit=0 a0=1e a1=bf922674 a2=2dbff4 a3=8806300 items=0 ppid=1 pid=3239 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906061.126:220): path="pipe:[13479]"
+type=AVC msg=audit(1162906080.663:221): avc: denied { execheap } for pid=3276 comm="beagled" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1162906080.663:221): avc: denied { execmem } for pid=3276 comm="beagled" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162906080.663:221): arch=40000003 syscall=125 success=yes exit=0 a0=9bba000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=3276 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162906121.825:222): avc: denied { execute } for pid=3302 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906121.825:222): avc: denied { execute_no_trans } for pid=3302 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906121.825:222): avc: denied { read } for pid=3302 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906121.825:222): arch=40000003 syscall=11 success=yes exit=0 a0=81a18b8 a1=81a3928 a2=81a4120 a3=81a3928 items=0 ppid=1 pid=3302 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906121.825:222): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1162906121.825:222): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162906121.837:223): avc: denied { getattr } for pid=3302 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906121.837:223): arch=40000003 syscall=196 success=yes exit=0 a0=bfdf2d18 a1=bfdf280c a2=248ff4 a3=bfdf4a05 items=0 ppid=1 pid=3302 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906121.837:223): path="/usr/lib/firefox-2.0/firefox-bin"
+type=USER_ACCT msg=audit(1162906202.054:224): user pid=3313 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162906202.054:225): login pid=3313 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162906202.054:226): user pid=3313 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162906202.054:227): user pid=3313 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162906202.058:228): avc: denied { execute } for pid=3314 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162906202.058:228): avc: denied { execute_no_trans } for pid=3314 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.058:228): arch=40000003 syscall=11 success=yes exit=0 a0=87a11b0 a1=87a1358 a2=87a1290 a3=87a1008 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906202.058:228): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162906202.086:229): avc: denied { execute } for pid=3314 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906202.086:229): avc: denied { execute_no_trans } for pid=3314 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906202.086:229): avc: denied { read } for pid=3314 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.086:229): arch=40000003 syscall=11 success=yes exit=0 a0=8f54d48 a1=8f54740 a2=8f54d60 a3=8f54740 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906202.086:229): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162906202.086:229): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162906202.090:230): avc: denied { search } for pid=3314 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162906202.090:230): avc: denied { read } for pid=3314 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:230): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8eaf800 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906202.090:231): avc: denied { getattr } for pid=3314 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:231): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8b91e8 a2=248ff4 a3=8eaf800 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906202.090:231): path="/proc/net/dev"
+type=AVC msg=audit(1162906202.090:232): avc: denied { search } for pid=3314 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906202.090:232): arch=40000003 syscall=33 success=yes exit=0 a0=bf8b9594 a1=0 a2=bf8b9488 a3=bf8b9490 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906202.090:233): avc: denied { read append } for pid=3314 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:233): arch=40000003 syscall=5 success=yes exit=3 a0=bf8b9594 a1=402 a2=bf8b9758 a3=bf8b9490 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906202.090:234): avc: denied { search } for pid=3314 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162906202.090:234): avc: denied { read } for pid=3314 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:234): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8eafdf0 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906202.090:235): avc: denied { getattr } for pid=3314 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:235): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf8b9044 a2=248ff4 a3=8eafdf0 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906202.090:235): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162906202.090:236): avc: denied { search } for pid=3314 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906202.090:236): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8eafdf0 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162906202.090:237): avc: denied { lock } for pid=3314 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906202.090:237): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf8b9490 a3=3 items=0 ppid=3313 pid=3314 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906202.090:237): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162906202.122:238): user pid=3313 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162906202.122:239): user pid=3313 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162906204.526:240): avc: denied { getattr } for pid=2322 comm="setroubleshootd" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906204.526:240): arch=40000003 syscall=195 success=yes exit=0 a0=b7a69150 a1=b7a69194 a2=f18ff4 a3=b7a69159 items=0 ppid=1 pid=2322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162906204.526:240): path="/proc/net"
+type=USER_ACCT msg=audit(1162906801.188:241): user pid=3389 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162906801.188:242): login pid=3389 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162906801.188:243): user pid=3389 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162906801.188:244): user pid=3389 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162906801.192:245): avc: denied { execute } for pid=3390 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906801.192:245): avc: denied { execute_no_trans } for pid=3390 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162906801.192:245): avc: denied { read } for pid=3390 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906801.192:245): arch=40000003 syscall=11 success=yes exit=0 a0=8948d48 a1=8948740 a2=8948d60 a3=8948740 items=0 ppid=3389 pid=3390 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162906801.192:245): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162906801.192:245): path="/usr/lib/sa/sadc"
+type=CRED_DISP msg=audit(1162906801.204:246): user pid=3389 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162906801.204:247): user pid=3389 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162906994.496:248): avc: denied { search } for pid=3434 comm="gpg" name="home" dev=dm-0 ino=6547201 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1162906994.496:248): avc: denied { search } for pid=3434 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162906994.496:248): arch=40000003 syscall=33 success=no exit=-2 a0=96c69f8 a1=4 a2=814bbc a3=96c69c8 items=0 ppid=3205 pid=3434 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162906994.700:249): avc: denied { search } for pid=3434 comm="gpg" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162906994.700:249): avc: denied { read } for pid=3434 comm="gpg" name="evolution-pgp.M0FTIT" dev=dm-0 ino=14469396 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_evolution_orbit_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162906994.700:249): arch=40000003 syscall=5 success=yes exit=3 a0=bf9efb1a a1=8000 a2=0 a3=8000 items=0 ppid=3205 pid=3434 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162907008.873:250): avc: denied { search } for pid=3439 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162907008.873:250): avc: denied { write } for pid=3439 comm="evolution-data-" name="linc-c85-0-25367ec497172" dev=dm-0 ino=14567744 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162907008.873:250): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b5f3fe70 a2=4e570f80 a3=0 items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907009.201:251): avc: denied { create } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162907009.201:251): arch=40000003 syscall=102 success=yes exit=26 a0=1 a1=b5f3fb04 a2=6b9ff4 a3=b5f3fd91 items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907009.201:252): avc: denied { bind } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162907009.201:252): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b5f3fb04 a2=6b9ff4 a3=1a items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907009.201:253): avc: denied { getattr } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162907009.201:253): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b5f3fb04 a2=6b9ff4 a3=1a items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907009.201:254): avc: denied { write } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162907009.201:254): avc: denied { nlmsg_read } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162907009.201:254): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b5f3ea44 a2=6b9ff4 a3=0 items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907009.201:255): avc: denied { read } for pid=3439 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162907009.201:255): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b5f3ea44 a2=6b9ff4 a3=0 items=0 ppid=1 pid=3439 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162907012.161:256): avc: denied { execute } for pid=3444 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162907012.161:256): avc: denied { execute_no_trans } for pid=3444 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162907012.161:256): avc: denied { read } for pid=3444 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162907012.161:256): arch=40000003 syscall=11 success=yes exit=0 a0=9ca3898 a1=9ca5908 a2=9ca6100 a3=9ca5908 items=0 ppid=1 pid=3444 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162907012.161:256): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1162907012.161:256): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162907012.169:257): avc: denied { getattr } for pid=3444 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=10379744 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162907012.169:257): arch=40000003 syscall=196 success=yes exit=0 a0=bfc35b68 a1=bfc3565c a2=248ff4 a3=bfc36a12 items=0 ppid=1 pid=3444 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162907012.169:257): path="/usr/lib/firefox-2.0/firefox-bin"
+type=USER_ACCT msg=audit(1162907401.269:258): user pid=3519 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162907401.273:259): login pid=3519 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162907401.273:260): user pid=3519 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162907401.273:261): user pid=3519 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162907401.277:262): avc: denied { search } for pid=3520 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162907401.277:262): arch=40000003 syscall=33 success=yes exit=0 a0=bfd85254 a1=0 a2=bfd85148 a3=bfd85150 items=0 ppid=3519 pid=3520 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162907401.277:263): avc: denied { read append } for pid=3520 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162907401.277:263): arch=40000003 syscall=5 success=yes exit=3 a0=bfd85254 a1=402 a2=bfd85418 a3=bfd85150 items=0 ppid=3519 pid=3520 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162907401.281:264): avc: denied { lock } for pid=3520 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162907401.281:264): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfd85150 a3=3 items=0 ppid=3519 pid=3520 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162907401.281:264): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162907401.289:265): user pid=3519 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162907401.289:266): user pid=3519 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162907975.585:267): avc: denied { getattr } for pid=3193 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162907975.585:267): arch=40000003 syscall=196 success=yes exit=0 a0=bffaf564 a1=bffaf4c8 a2=f64ff4 a3=a15d798 items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162907975.585:267): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=USER_ACCT msg=audit(1162908001.359:268): user pid=3556 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162908001.359:269): login pid=3556 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162908001.359:270): user pid=3556 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162908001.359:271): user pid=3556 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162908001.375:272): user pid=3556 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162908001.375:273): user pid=3556 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162908061.387:274): user pid=3561 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162908061.387:275): login pid=3561 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162908061.387:276): user pid=3561 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162908061.387:277): user pid=3561 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162908061.391:278): avc: denied { getattr } for pid=3562 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.391:278): arch=40000003 syscall=195 success=yes exit=0 a0=9ff8120 a1=bfc3b4f0 a2=92eff4 a3=9ff8120 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.391:278): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162908061.423:279): avc: denied { execute } for pid=3562 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.423:279): arch=40000003 syscall=33 success=yes exit=0 a0=9ff8120 a1=1 a2=11 a3=9ff8120 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162908061.423:280): avc: denied { read } for pid=3562 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.423:280): arch=40000003 syscall=33 success=yes exit=0 a0=9ff8120 a1=4 a2=ffffffff a3=9ff8120 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162908061.423:281): avc: denied { execute_no_trans } for pid=3562 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.423:281): arch=40000003 syscall=11 success=yes exit=0 a0=9ff8120 a1=9ff83d8 a2=9ff82f8 a3=9ff7f98 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.423:281): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162908061.427:282): avc: denied { ioctl } for pid=3562 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.427:282): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfc6df48 a3=bfc6df88 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.427:282): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162908061.443:283): avc: denied { execute } for pid=3562 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.443:283): arch=40000003 syscall=33 success=yes exit=0 a0=9158990 a1=1 a2=1 a3=9158c98 items=0 ppid=3561 pid=3562 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162908061.443:284): avc: denied { execute_no_trans } for pid=3563 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.443:284): arch=40000003 syscall=11 success=yes exit=0 a0=9158a10 a1=9158ad8 a2=9158ae8 a3=9158758 items=0 ppid=3562 pid=3563 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.443:284): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162908061.455:285): avc: denied { execute } for pid=3565 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162908061.455:285): avc: denied { execute_no_trans } for pid=3565 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162908061.455:285): avc: denied { read } for pid=3565 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.455:285): arch=40000003 syscall=11 success=yes exit=0 a0=9846678 a1=9846808 a2=9846720 a3=9846508 items=0 ppid=3563 pid=3565 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.455:285): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162908061.455:285): path="/sbin/chkconfig"
+type=AVC msg=audit(1162908061.483:286): avc: denied { read } for pid=3565 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.483:286): arch=40000003 syscall=5 success=yes exit=3 a0=bf9eccb0 a1=0 a2=ffffffff a3=8bf5038 items=0 ppid=3563 pid=3565 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162908061.483:287): avc: denied { getattr } for pid=3565 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908061.483:287): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf9ecc20 a2=fc6ff4 a3=3 items=0 ppid=3563 pid=3565 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162908061.483:287): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162908061.543:288): user pid=3561 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162908061.543:289): user pid=3561 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162908185.322:290): avc: denied { search } for pid=3575 comm="evolution" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162908185.322:290): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf95f7e0 a2=4dc5d770 a3=15 items=0 ppid=1 pid=3575 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.322:291): avc: denied { read } for pid=3575 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908185.322:291): arch=40000003 syscall=33 success=yes exit=0 a0=9ac0218 a1=4 a2=4dc5d770 a3=9ac0218 items=0 ppid=1 pid=3575 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.322:292): avc: denied { getattr } for pid=3575 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908185.322:292): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bf95f87c a2=4c0ff4 a3=9ac0af8 items=0 ppid=1 pid=3575 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162908185.322:292): path="/home/kmacmill/.ICEauthority"
+type=USER_AVC msg=audit(1162908185.586:293): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=3575 tpid=2771 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1162908185.590:294): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=2771 tpid=3575 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1162908185.638:295): avc: denied { create } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162908185.638:295): arch=40000003 syscall=102 success=yes exit=35 a0=1 a1=b0d9d274 a2=4c0ff4 a3=802d7f items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.638:296): avc: denied { bind } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162908185.638:296): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b0d9d274 a2=4c0ff4 a3=23 items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.638:297): avc: denied { getattr } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162908185.638:297): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b0d9d274 a2=4c0ff4 a3=23 items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.638:298): avc: denied { write } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162908185.638:298): avc: denied { nlmsg_read } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162908185.638:298): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b0d9c1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.638:299): avc: denied { read } for pid=3584 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162908185.638:299): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b0d9c1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908185.642:300): avc: denied { search } for pid=3584 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162908185.642:300): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=b0d9ce74 a2=4c0ff4 a3=0 items=0 ppid=1 pid=3584 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162908377.786:301): avc: denied { read } for pid=3193 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908377.786:301): arch=40000003 syscall=5 success=yes exit=60 a0=a315b68 a1=0 a2=4d765048 a3=a315b68 items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162908377.806:302): avc: denied { execute } for pid=3193 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908377.806:302): arch=40000003 syscall=192 success=yes exit=24014848 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162908377.806:302): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162908378.158:303): avc: denied { read } for pid=3193 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908378.158:303): arch=40000003 syscall=33 success=yes exit=0 a0=bffb3fcb a1=4 a2=4db18a64 a3=bffb3fcb items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162908378.158:304): avc: denied { getattr } for pid=3193 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162908378.158:304): arch=40000003 syscall=197 success=yes exit=0 a0=3d a1=bffaea8c a2=f64ff4 a3=9d2b038 items=0 ppid=1 pid=3193 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162908378.158:304): path="/tmp/.gdmF70UIT"
+type=USER_ACCT msg=audit(1162908601.608:305): user pid=3618 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162908601.608:306): login pid=3618 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162908601.608:307): user pid=3618 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162908601.608:308): user pid=3618 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162908601.612:309): avc: denied { search } for pid=3619 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162908601.612:309): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8803800 items=0 ppid=3618 pid=3619 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162908601.624:310): user pid=3618 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162908601.624:311): user pid=3618 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162909201.686:312): user pid=3656 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162909201.686:313): login pid=3656 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162909201.686:314): user pid=3656 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162909201.686:315): user pid=3656 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162909201.706:316): user pid=3656 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162909201.706:317): user pid=3656 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162909801.775:318): user pid=3774 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162909801.775:319): login pid=3774 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162909801.775:320): user pid=3774 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162909801.775:321): user pid=3774 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162909801.791:322): user pid=3774 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162909801.791:323): user pid=3774 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162909864.491:324): avc: denied { read } for pid=3783 comm="gnome-terminal" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909864.491:324): arch=40000003 syscall=33 success=yes exit=0 a0=bff99df5 a1=4 a2=4db18a64 a3=bff99df5 items=0 ppid=1 pid=3783 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162909864.503:325): avc: denied { write } for pid=3783 comm="gnome-terminal" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162909864.503:325): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff97ff0 a2=4dc5d770 a3=15 items=0 ppid=1 pid=3783 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162909871.660:326): avc: denied { getattr } for pid=3811 comm="0logwatch" name="root" dev=dm-0 ino=13127137 scontext=system_u:system_r:logwatch_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909871.660:326): arch=40000003 syscall=195 success=yes exit=0 a0=92f43e0 a1=92a50c8 a2=24cff4 a3=92f43e0 items=0 ppid=3808 pid=3811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162909871.660:326): path="/root"
+type=AVC msg=audit(1162909871.660:327): avc: denied { search } for pid=3811 comm="0logwatch" name="root" dev=dm-0 ino=13127137 scontext=system_u:system_r:logwatch_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909871.660:327): arch=40000003 syscall=195 success=no exit=-2 a0=92f43e0 a1=92a50c8 a2=24cff4 a3=92f43e0 items=0 ppid=3808 pid=3811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0 key=(null)
+type=AVC msg=audit(1162909881.284:328): avc: denied { search } for pid=4239 comm="procmail" name="root" dev=dm-0 ino=13127137 scontext=system_u:system_r:procmail_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909881.284:328): arch=40000003 syscall=5 success=no exit=-2 a0=8717d90 a1=8000 a2=0 a3=8000 items=0 ppid=4238 pid=4239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
+type=AVC msg=audit(1162909881.356:329): avc: denied { create } for pid=4242 comm="mktemp" name=".beagleindexwapi.WBuTxi4242" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909881.356:329): arch=40000003 syscall=39 success=yes exit=0 a0=95be008 a1=1c0 a2=95be00c a3=95be008 items=0 ppid=4240 pid=4242 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mktemp" exe="/bin/mktemp" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.356:330): avc: denied { setattr } for pid=4243 comm="chown" name=".beagleindexwapi.WBuTxi4242" dev=dm-0 ino=14567747 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909881.356:330): arch=40000003 syscall=212 success=yes exit=0 a0=a0545c8 a1=3a a2=ffffffff a3=0 items=0 ppid=4240 pid=4243 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chown" exe="/bin/chown" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.420:331): avc: denied { search } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=key
+type=SYSCALL msg=audit(1162909881.420:331): arch=40000003 syscall=288 success=yes exit=644961874 a0=0 a1=fffffffd a2=0 a3=3a items=0 ppid=4240 pid=4252 auid=4294967295 uid=58 gid=58 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.448:332): avc: denied { write } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=key
+type=AVC msg=audit(1162909881.448:332): avc: denied { link } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=key
+type=SYSCALL msg=audit(1162909881.448:332): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=3a items=0 ppid=4240 pid=4252 auid=4294967295 uid=58 gid=58 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.448:333): avc: denied { create } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1162909881.448:333): arch=40000003 syscall=102 success=yes exit=4 a0=1 a1=bfb31c50 a2=4d8cdff4 a3=0 items=0 ppid=4240 pid=4252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.448:334): avc: denied { write } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1162909881.448:334): avc: denied { nlmsg_relay } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1162909881.448:334): avc: denied { audit_write } for pid=4252 comm="runuser" capability=29 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=capability
+type=USER_START msg=audit(1162909881.448:335): user pid=4252 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: session open acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=SYSCALL msg=audit(1162909881.448:334): arch=40000003 syscall=102 success=yes exit=116 a0=b a1=bfb26ed0 a2=4d8cdff4 a3=bfb2d910 items=0 ppid=4240 pid=4252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.448:336): avc: denied { read } for pid=4252 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1162909881.448:336): arch=40000003 syscall=102 success=yes exit=36 a0=c a1=bfb26e80 a2=4d8cdff4 a3=bfb2924c items=0 ppid=4240 pid=4252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=CRED_ACQ msg=audit(1162909881.448:337): user pid=4252 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1162909881.692:338): avc: denied { execute } for pid=4253 comm="beagle-build-in" name="mono" dev=dm-0 ino=10323612 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909881.692:338): arch=40000003 syscall=33 success=yes exit=0 a0=845d5b0 a1=1 a2=11 a3=845d5b0 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.692:339): avc: denied { read } for pid=4253 comm="beagle-build-in" name="mono" dev=dm-0 ino=10323612 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909881.692:339): arch=40000003 syscall=33 success=yes exit=0 a0=845d5b0 a1=4 a2=ffffffff a3=845d5b0 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.692:340): avc: denied { execute_no_trans } for pid=4253 comm="beagle-build-in" name="mono" dev=dm-0 ino=10323612 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909881.692:340): arch=40000003 syscall=11 success=yes exit=0 a0=845d000 a1=845cbd8 a2=845d798 a3=845cbd8 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162909881.692:340): path="/usr/bin/mono"
+type=AVC msg=audit(1162909881.696:341): avc: denied { execheap } for pid=4253 comm="mono" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=process
+type=AVC msg=audit(1162909881.696:341): avc: denied { execmem } for pid=4253 comm="mono" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=process
+type=SYSCALL msg=audit(1162909881.696:341): arch=40000003 syscall=125 success=yes exit=0 a0=8575000 a1=1000 a2=7 a3=1 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.696:342): avc: denied { getsched } for pid=4253 comm="mono" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=process
+type=SYSCALL msg=audit(1162909881.696:342): arch=40000003 syscall=155 success=yes exit=0 a0=109d a1=b7f828dc a2=496ff4 a3=b7f826d0 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.708:343): avc: denied { create } for pid=4253 comm="mono" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162909881.708:343): arch=40000003 syscall=117 success=yes exit=32769 a0=2 a1=4d004945 a2=8 a3=780 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.708:344): avc: denied { unix_write } for pid=4253 comm="mono" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=AVC msg=audit(1162909881.708:344): avc: denied { write } for pid=4253 comm="mono" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162909881.708:344): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=8001 a2=0 a3=111 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.708:345): avc: denied { read } for pid=4253 comm="mono" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162909881.708:345): arch=40000003 syscall=117 success=yes exit=0 a0=1 a1=8001 a2=1 a3=0 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.916:346): avc: denied { write } for pid=4253 comm="beagle-build-in" name="applications" dev=dm-0 ino=14504728 scontext=system_u:system_r:system_crond_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162909881.916:346): avc: denied { remove_name } for pid=4253 comm="beagle-build-in" name="Locks" dev=dm-0 ino=14504729 scontext=system_u:system_r:system_crond_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162909881.916:346): avc: denied { rmdir } for pid=4253 comm="beagle-build-in" name="Locks" dev=dm-0 ino=14504729 scontext=system_u:system_r:system_crond_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909881.916:346): arch=40000003 syscall=40 success=yes exit=0 a0=8644198 a1=45 a2=8208528 a3=8644198 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.932:347): avc: denied { unlink } for pid=4253 comm="beagle-build-in" name="_228.cfs" dev=dm-0 ino=14535829 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909881.932:347): arch=40000003 syscall=10 success=yes exit=0 a0=864a890 a1=45 a2=8208528 a3=864a890 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909881.972:348): avc: denied { unlink } for pid=4253 comm="beagle-build-in" name="segments" dev=dm-0 ino=14504743 scontext=system_u:system_r:system_crond_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909881.972:348): arch=40000003 syscall=10 success=yes exit=0 a0=8681000 a1=45 a2=8208528 a3=8681000 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909882.040:349): avc: denied { write } for pid=4253 comm="beagle-build-in" name="indexes" dev=dm-0 ino=14437230 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162909882.040:349): avc: denied { remove_name } for pid=4253 comm="beagle-build-in" name="applications" dev=dm-0 ino=14504728 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909882.040:349): arch=40000003 syscall=40 success=yes exit=0 a0=8653f58 a1=45 a2=8208528 a3=8653f58 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909882.044:350): avc: denied { add_name } for pid=4253 comm="beagle-build-in" name="applications" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162909882.044:350): avc: denied { create } for pid=4253 comm="beagle-build-in" name="applications" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909882.044:350): arch=40000003 syscall=39 success=yes exit=0 a0=86488f8 a1=1ff a2=8208528 a3=86488f8 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909882.288:351): avc: denied { create } for pid=4253 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-write.lock" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909882.288:351): arch=40000003 syscall=5 success=yes exit=12 a0=871b158 a1=80c2 a2=100 a3=80c2 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909882.296:352): avc: denied { write } for pid=4253 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-write.lock" dev=dm-0 ino=14567754 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909882.296:352): arch=40000003 syscall=4 success=yes exit=5 a0=c a1=87227b8 a2=5 a3=81c30 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162909882.296:352): path="/var/cache/beagle/indexes/applications/Locks/lucene-387e9e5278e1cbfa1ca3bb850a474745-write.lock"
+type=AVC msg=audit(1162909882.304:353): avc: denied { rename } for pid=4253 comm="beagle-build-in" name="segments.new" dev=dm-0 ino=14567756 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909882.304:353): arch=40000003 syscall=38 success=yes exit=0 a0=8721790 a1=8720bc0 a2=8208528 a3=8721790 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909925.087:354): avc: denied { unix_read } for pid=4253 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162909925.087:354): arch=40000003 syscall=117 success=yes exit=2 a0=3 a1=8001 a2=7 a3=10c items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909925.087:355): avc: denied { destroy } for pid=4253 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162909925.087:355): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=8001 a2=0 a3=100 items=0 ppid=4252 pid=4253 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162909925.091:356): avc: denied { audit_write } for pid=4252 comm="runuser" capability=29 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=capability
+type=CRED_DISP msg=audit(1162909925.091:357): user pid=4252 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=SYSCALL msg=audit(1162909925.091:356): arch=40000003 syscall=102 success=yes exit=112 a0=b a1=bfb26ed0 a2=4d8cdff4 a3=bfb2d910 items=0 ppid=4240 pid=4252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=USER_END msg=audit(1162909925.091:358): user pid=4252 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: session close acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_START msg=audit(1162909925.139:359): user pid=4291 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: session open acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=CRED_ACQ msg=audit(1162909925.139:360): user pid=4291 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_AUTH msg=audit(1162909926.015:361): user pid=4282 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1162909926.015:362): user pid=4282 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1162909926.043:363): avc: denied { search } for pid=4282 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909926.043:363): arch=40000003 syscall=5 success=no exit=-2 a0=bfccd0f8 a1=8000 a2=1b6 a3=971d9a8 items=0 ppid=4262 pid=4282 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162909926.079:364): avc: denied { write } for pid=4298 comm="xauth" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.079:364): arch=40000003 syscall=33 success=yes exit=0 a0=bfd4991c a1=2 a2=bfd484f0 a3=0 items=0 ppid=4282 pid=4298 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.079:365): avc: denied { read } for pid=4298 comm="xauth" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.079:365): arch=40000003 syscall=5 success=yes exit=2 a0=bfd4991c a1=0 a2=1b6 a3=8423008 items=0 ppid=4282 pid=4298 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.079:366): avc: denied { getattr } for pid=4298 comm="xauth" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.079:366): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfd4823c a2=907ff4 a3=8423008 items=0 ppid=4282 pid=4298 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162909926.079:366): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162909926.083:367): avc: denied { write } for pid=4282 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162909926.083:367): avc: denied { add_name } for pid=4282 comm="su" name=".xauth7KBaGA" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162909926.083:367): avc: denied { create } for pid=4282 comm="su" name=".xauth7KBaGA" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:367): arch=40000003 syscall=5 success=yes exit=4 a0=971dacb a1=80c2 a2=180 a3=80c2 items=0 ppid=4262 pid=4282 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:368): avc: denied { setattr } for pid=4282 comm="su" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:368): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=42a69f items=0 ppid=4262 pid=4282 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:369): avc: denied { search } for pid=4299 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162909926.083:369): arch=40000003 syscall=195 success=no exit=-2 a0=bf9ac427 a1=bf9abf40 a2=c97ff4 a3=3 items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:370): avc: denied { write } for pid=4299 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162909926.083:370): avc: denied { add_name } for pid=4299 comm="xauth" name=".xauth7KBaGA-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162909926.083:370): avc: denied { create } for pid=4299 comm="xauth" name=".xauth7KBaGA-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:370): arch=40000003 syscall=5 success=yes exit=2 a0=bf9ac427 a1=c1 a2=180 a3=ffffffff items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:371): avc: denied { link } for pid=4299 comm="xauth" name=".xauth7KBaGA-c" dev=dm-0 ino=13127377 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:371): arch=40000003 syscall=9 success=yes exit=0 a0=bf9ac427 a1=bf9ac026 a2=4db18a64 a3=2 items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:372): avc: denied { write } for pid=4299 comm="xauth" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:372): arch=40000003 syscall=33 success=yes exit=0 a0=bf9ae918 a1=2 a2=bf9ac950 a3=0 items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:373): avc: denied { read } for pid=4299 comm="xauth" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:373): arch=40000003 syscall=5 success=yes exit=2 a0=bf9ae918 a1=0 a2=1b6 a3=90c5008 items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1162909926.083:374): avc: denied { getattr } for pid=4299 comm="xauth" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:374): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf9ac69c a2=c97ff4 a3=90c5008 items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162909926.083:374): path="/root/.xauth7KBaGA"
+type=AVC msg=audit(1162909926.083:375): avc: denied { remove_name } for pid=4299 comm="xauth" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1162909926.083:375): avc: denied { unlink } for pid=4299 comm="xauth" name=".xauth7KBaGA" dev=dm-0 ino=13127376 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.083:375): arch=40000003 syscall=10 success=yes exit=0 a0=90c5008 a1=1000 a2=0 a3=90c508a items=0 ppid=4282 pid=4299 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1162909926.083:376): user pid=4282 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=CRED_ACQ msg=audit(1162909926.083:377): user pid=4282 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1162909926.087:378): avc: denied { dac_override } for pid=4300 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1162909926.087:378): arch=40000003 syscall=195 success=yes exit=0 a0=9a7be38 a1=bfd8a290 a2=673ff4 a3=bfd8a290 items=0 ppid=4282 pid=4300 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162909926.087:379): avc: denied { read } for pid=4300 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.087:379): arch=40000003 syscall=5 success=yes exit=3 a0=9a7db58 a1=8000 a2=0 a3=8000 items=0 ppid=4282 pid=4300 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162909926.175:380): avc: denied { read } for pid=4300 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162909926.175:380): arch=40000003 syscall=5 success=yes exit=3 a0=9a7dd38 a1=8000 a2=0 a3=8000 items=0 ppid=4282 pid=4300 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1162909932.419:381): user pid=4321 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1162909932.419:382): user pid=4321 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ROLE_CHANGE msg=audit(1162909932.423:383): user pid=4324 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='newrole: old-context=staff_u:staff_r:staff_t new-context=staff_u:sysadm_r:sysadm_t: exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=/dev/pts/2 res=success)'
+type=AVC msg=audit(1162910331.648:384): avc: denied { read } for pid=4374 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910331.648:384): arch=40000003 syscall=33 success=yes exit=0 a0=bfc4cf92 a1=4 a2=4db18a64 a3=bfc4cf92 items=0 ppid=4373 pid=4374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162910331.684:385): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910331.684:385): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162910331.684:386): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910331.684:386): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf973d1c a2=36aff4 a3=85d3140 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910331.684:386): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162910331.836:387): avc: denied { unix_write } for pid=4292 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=AVC msg=audit(1162910331.836:387): avc: denied { read write } for pid=4292 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162910331.836:387): arch=40000003 syscall=117 success=yes exit=0 a0=1 a1=10001 a2=1 a3=0 items=0 ppid=4291 pid=4292 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910339.621:388): avc: denied { getattr } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910339.621:388): arch=40000003 syscall=196 success=yes exit=0 a0=bf9716e4 a1=bf971648 a2=36aff4 a3=8dbb4c8 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910339.621:388): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162910340.461:389): avc: denied { read } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910340.461:389): arch=40000003 syscall=5 success=yes exit=46 a0=ae84b060 a1=0 a2=0 a3=ae84b060 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162910340.461:390): avc: denied { execute } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910340.461:390): arch=40000003 syscall=192 success=yes exit=102780928 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910340.461:390): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162910353.258:391): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910353.258:391): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162910353.258:392): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910353.258:392): arch=40000003 syscall=197 success=yes exit=0 a0=28 a1=bf970c5c a2=36aff4 a3=ae82ff58 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910353.258:392): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162910371.007:393): avc: denied { execute } for pid=4371 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910371.007:393): arch=40000003 syscall=192 success=yes exit=33730560 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910371.007:393): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162910371.063:394): avc: denied { execstack } for pid=4371 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1162910371.063:394): avc: denied { execmem } for pid=4371 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162910371.063:394): arch=40000003 syscall=125 success=yes exit=0 a0=bf974000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162910371.115:395): avc: denied { execmod } for pid=4371 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910371.115:395): arch=40000003 syscall=125 success=yes exit=0 a0=202b000 a1=26f000 a2=5 a3=bf971620 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910371.115:395): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162910376.651:396): avc: denied { search } for pid=4371 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162910376.651:396): arch=40000003 syscall=54 success=yes exit=0 a0=42 a1=c0045002 a2=bf973f14 a3=abd446b4 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162910376.699:397): avc: denied { write } for pid=4296 comm="beagle-build-in" name="PrimaryIndex" dev=dm-0 ino=14534976 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162910376.699:397): avc: denied { add_name } for pid=4296 comm="beagle-build-in" name="_9hc.fnm" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162910376.699:397): arch=40000003 syscall=5 success=yes exit=14 a0=b6556648 a1=8041 a2=1a4 a3=8041 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910376.723:398): avc: denied { remove_name } for pid=4296 comm="beagle-build-in" name="segments" dev=dm-0 ino=14535064 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162910376.723:398): arch=40000003 syscall=10 success=yes exit=0 a0=b6556600 a1=45 a2=8208528 a3=b6556600 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910401.857:399): avc: denied { unlink } for pid=4296 comm="beagle-build-in" name="FileAttributesStore.db-journal" dev=dm-0 ino=14534984 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.857:399): arch=40000003 syscall=10 success=yes exit=0 a0=9d21242 a1=1 a2=4d3cee2c a3=9d21100 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910401.857:400): avc: denied { create } for pid=4296 comm="beagle-build-in" name="FileAttributesStore.db-journal" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.857:400): arch=40000003 syscall=5 success=yes exit=14 a0=9d21242 a1=80c2 a2=1a4 a3=80c2 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910401.857:401): avc: denied { write } for pid=4296 comm="beagle-build-in" name="FileAttributesStore.db-journal" dev=dm-0 ino=14534984 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.857:401): arch=40000003 syscall=4 success=yes exit=24 a0=e a1=b6bcda64 a2=18 a3=18 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910401.857:401): path="/var/cache/beagle/indexes/documentation/FileAttributesStore.db-journal"
+type=USER_ACCT msg=audit(1162910401.857:402): user pid=4418 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162910401.857:403): login pid=4418 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162910401.861:404): user pid=4418 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162910401.861:405): user pid=4418 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162910401.861:406): avc: denied { execute } for pid=4419 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162910401.861:406): avc: denied { execute_no_trans } for pid=4419 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.861:406): arch=40000003 syscall=11 success=yes exit=0 a0=92291b0 a1=9229358 a2=9229290 a3=9229008 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162910401.861:406): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162910401.865:407): avc: denied { execute } for pid=4419 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162910401.865:407): avc: denied { execute_no_trans } for pid=4419 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162910401.865:407): avc: denied { read } for pid=4419 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:407): arch=40000003 syscall=11 success=yes exit=0 a0=9229d48 a1=9229740 a2=9229d60 a3=9229740 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162910401.865:407): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162910401.865:407): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162910401.865:408): avc: denied { search } for pid=4419 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162910401.865:408): avc: denied { read } for pid=4419 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:408): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9756800 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162910401.865:409): avc: denied { getattr } for pid=4419 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:409): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bffbf0e8 a2=9d1ff4 a3=9756800 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162910401.865:409): path="/proc/net/dev"
+type=AVC msg=audit(1162910401.865:410): avc: denied { search } for pid=4419 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162910401.865:410): arch=40000003 syscall=33 success=yes exit=0 a0=bffbf494 a1=0 a2=bffbf388 a3=bffbf390 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162910401.865:411): avc: denied { read append } for pid=4419 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:411): arch=40000003 syscall=5 success=yes exit=3 a0=bffbf494 a1=402 a2=bffbf658 a3=bffbf390 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162910401.865:412): avc: denied { search } for pid=4419 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162910401.865:412): avc: denied { read } for pid=4419 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:412): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9756df0 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162910401.865:413): avc: denied { getattr } for pid=4419 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.865:413): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bffbef44 a2=9d1ff4 a3=9756df0 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162910401.865:413): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162910401.865:414): avc: denied { search } for pid=4419 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162910401.865:414): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9756df0 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162910401.869:415): avc: denied { lock } for pid=4419 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910401.869:415): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bffbf390 a3=3 items=0 ppid=4418 pid=4419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162910401.869:415): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162910401.885:416): user pid=4418 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162910401.885:417): user pid=4418 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162910402.229:418): avc: denied { rename } for pid=4296 comm="beagle-build-in" name="segments.new" dev=dm-0 ino=14535044 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910402.229:418): arch=40000003 syscall=38 success=yes exit=0 a0=b6533ee0 a1=b6533b58 a2=8208528 a3=b6533ee0 items=0 ppid=4291 pid=4296 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162910855.309:419): avc: denied { execute } for pid=4324 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910855.309:419): arch=40000003 syscall=33 success=yes exit=0 a0=9c26268 a1=1 a2=11 a3=9c26268 items=0 ppid=4321 pid=4324 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC msg=audit(1162910857.045:420): avc: denied { execute_no_trans } for pid=4498 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162910857.045:420): arch=40000003 syscall=11 success=yes exit=0 a0=9c27358 a1=9c24610 a2=9c23ec0 a3=9c24340 items=0 ppid=4324 pid=4498 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162910857.045:420): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=USER_ACCT msg=audit(1162911001.962:421): user pid=4529 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162911001.962:422): login pid=4529 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162911001.962:423): user pid=4529 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162911001.962:424): user pid=4529 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162911001.970:425): avc: denied { execute } for pid=4530 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162911001.970:425): avc: denied { execute_no_trans } for pid=4530 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162911001.970:425): avc: denied { read } for pid=4530 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911001.970:425): arch=40000003 syscall=11 success=yes exit=0 a0=962dd48 a1=962d740 a2=962dd60 a3=962d740 items=0 ppid=4529 pid=4530 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911001.970:425): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162911001.970:425): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162911001.970:426): avc: denied { search } for pid=4530 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911001.970:426): arch=40000003 syscall=33 success=yes exit=0 a0=bfc9f974 a1=0 a2=bfc9f868 a3=bfc9f870 items=0 ppid=4529 pid=4530 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911001.970:427): avc: denied { read append } for pid=4530 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911001.970:427): arch=40000003 syscall=5 success=yes exit=3 a0=bfc9f974 a1=402 a2=bfc9fb38 a3=bfc9f870 items=0 ppid=4529 pid=4530 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911001.970:428): avc: denied { lock } for pid=4530 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911001.970:428): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfc9f870 a3=3 items=0 ppid=4529 pid=4530 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911001.970:428): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162911002.118:429): user pid=4529 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162911002.118:430): user pid=4529 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162911228.792:431): avc: denied { unix_read } for pid=4292 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162911228.792:431): arch=40000003 syscall=117 success=yes exit=2 a0=3 a1=10001 a2=7 a3=10c items=0 ppid=4291 pid=4292 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911228.792:432): avc: denied { destroy } for pid=4292 comm="beagle-build-in" key=1291864389 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=sem
+type=SYSCALL msg=audit(1162911228.792:432): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=10001 a2=0 a3=100 items=0 ppid=4291 pid=4292 auid=4294967295 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911228.796:433): avc: denied { create } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1162911228.796:433): arch=40000003 syscall=102 success=yes exit=4 a0=1 a1=bfdc6e80 a2=4d8cdff4 a3=8004 items=0 ppid=4240 pid=4291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911228.796:434): avc: denied { write } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1162911228.796:434): avc: denied { nlmsg_relay } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1162911228.796:434): avc: denied { audit_write } for pid=4291 comm="runuser" capability=29 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=capability
+type=CRED_DISP msg=audit(1162911228.796:435): user pid=4291 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=SYSCALL msg=audit(1162911228.796:434): arch=40000003 syscall=102 success=yes exit=112 a0=b a1=bfdbc100 a2=4d8cdff4 a3=bfdc2b40 items=0 ppid=4240 pid=4291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911228.796:436): avc: denied { read } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1162911228.796:436): arch=40000003 syscall=102 success=yes exit=36 a0=c a1=bfdbc0b0 a2=4d8cdff4 a3=bfdbe47c items=0 ppid=4240 pid=4291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911228.796:437): avc: denied { search } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=key
+type=AVC msg=audit(1162911228.796:437): avc: denied { write } for pid=4291 comm="runuser" scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=key
+type=SYSCALL msg=audit(1162911228.796:437): arch=40000003 syscall=288 success=yes exit=0 a0=3 a1=1dd81146 a2=0 a3=3a items=0 ppid=4240 pid=4291 auid=4294967295 uid=0 gid=0 euid=58 suid=58 fsuid=58 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=USER_END msg=audit(1162911228.796:438): user pid=4291 uid=0 auid=4294967295 subj=system_u:system_r:system_crond_t:s0 msg='PAM: session close acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1162911228.932:439): avc: denied { rmdir } for pid=4570 comm="rm" name=".wapi" dev=dm-0 ino=14567748 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911228.932:439): arch=40000003 syscall=40 success=yes exit=0 a0=9c61960 a1=bfbb20d4 a2=805277c a3=2 items=0 ppid=4240 pid=4570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911229.901:440): avc: denied { read } for pid=4576 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911229.901:440): arch=40000003 syscall=5 success=yes exit=3 a0=bfa96cd0 a1=0 a2=ffffffff a3=8995858 items=0 ppid=4574 pid=4576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162911334.707:441): avc: denied { getattr } for pid=11055 comm="updatedb" name="/" dev=rpc_pipefs ino=8009 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911334.707:441): arch=40000003 syscall=196 success=yes exit=0 a0=bfe324b8 a1=bfe32288 a2=faaff4 a3=98cea6c items=0 ppid=11050 pid=11055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162911334.707:441): path="/var/lib/nfs/rpc_pipefs"
+type=AVC msg=audit(1162911334.707:442): avc: denied { getattr } for pid=11055 comm="updatedb" name="/" dev=hdc ino=3008 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911334.707:442): arch=40000003 syscall=196 success=yes exit=0 a0=bfe324b8 a1=bfe32288 a2=faaff4 a3=98cea68 items=0 ppid=11050 pid=11055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162911334.707:442): path=2F6D656469612F5761726372616674204949495F
+type=AVC msg=audit(1162911473.860:443): avc: denied { search } for pid=4371 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911473.860:443): arch=40000003 syscall=54 success=yes exit=0 a0=29 a1=c0045002 a2=bf973f14 a3=abd446b4 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162911513.254:444): avc: denied { getattr } for pid=11055 comm="updatedb" name="/" dev=rpc_pipefs ino=8009 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911513.254:444): arch=40000003 syscall=196 success=yes exit=0 a0=bfe324b8 a1=bfe32288 a2=faaff4 a3=98cea6c items=0 ppid=11050 pid=11055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162911513.254:444): path="/var/lib/nfs/rpc_pipefs"
+type=AVC msg=audit(1162911514.670:445): avc: denied { read } for pid=11055 comm="updatedb" name="/" dev=selinuxfs ino=344 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911514.670:445): arch=40000003 syscall=5 success=yes exit=7 a0=804dc02 a1=18800 a2=bfe3229c a3=98cc928 items=0 ppid=11050 pid=11055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
+type=AVC msg=audit(1162911582.255:446): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911582.255:446): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162911582.255:447): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911582.255:447): arch=40000003 syscall=197 success=yes exit=0 a0=3f a1=bf97398c a2=36aff4 a3=ab1b79f8 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162911582.255:447): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162911582.555:448): avc: denied { write } for pid=11102 comm="prelink" name="prelink.quick" dev=dm-0 ino=14438319 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911582.555:448): arch=40000003 syscall=5 success=yes exit=3 a0=82b3708 a1=8241 a2=1b6 a3=8241 items=0 ppid=11094 pid=11102 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/bin/bash" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162911601.424:449): user pid=11104 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162911601.424:450): login pid=11104 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162911601.432:451): user pid=11104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162911601.432:452): user pid=11104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162911601.436:453): avc: denied { execute } for pid=11105 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162911601.436:453): avc: denied { execute_no_trans } for pid=11105 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.436:453): arch=40000003 syscall=11 success=yes exit=0 a0=9a591b0 a1=9a59358 a2=9a59290 a3=9a59008 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911601.436:453): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162911601.536:454): avc: denied { execute } for pid=11105 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162911601.536:454): avc: denied { execute_no_trans } for pid=11105 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162911601.536:454): avc: denied { read } for pid=11105 comm="sa1" name="sadc" dev=dm-0 ino=11981386 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.536:454): arch=40000003 syscall=11 success=yes exit=0 a0=833ad48 a1=833a740 a2=833ad60 a3=833a740 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911601.536:454): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162911601.536:454): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162911601.540:455): avc: denied { search } for pid=11105 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162911601.540:455): avc: denied { read } for pid=11105 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.540:455): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8295800 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911601.540:456): avc: denied { getattr } for pid=11105 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.540:456): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe60788 a2=2c3ff4 a3=8295800 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911601.540:456): path="/proc/net/dev"
+type=AVC msg=audit(1162911601.540:457): avc: denied { search } for pid=11105 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911601.540:457): arch=40000003 syscall=33 success=yes exit=0 a0=bfe60b34 a1=0 a2=bfe60a28 a3=bfe60a30 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911601.540:458): avc: denied { read append } for pid=11105 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.540:458): arch=40000003 syscall=5 success=yes exit=3 a0=bfe60b34 a1=402 a2=bfe60cf8 a3=bfe60a30 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911601.596:459): avc: denied { search } for pid=11105 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162911601.596:459): avc: denied { read } for pid=11105 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.596:459): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8295df0 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911601.596:460): avc: denied { getattr } for pid=11105 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.596:460): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfe605e4 a2=2c3ff4 a3=8295df0 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911601.596:460): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162911601.596:461): avc: denied { search } for pid=11105 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911601.596:461): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8295df0 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911601.600:462): avc: denied { lock } for pid=11105 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911601.600:462): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfe60a30 a3=3 items=0 ppid=11104 pid=11105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911601.600:462): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162911601.704:463): user pid=11104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162911601.704:464): user pid=11104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162911661.712:465): user pid=12754 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162911661.712:466): login pid=12754 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162911661.712:467): user pid=12754 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162911661.716:468): user pid=12754 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162911661.716:469): avc: denied { getattr } for pid=12755 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.716:469): arch=40000003 syscall=195 success=yes exit=0 a0=9e38120 a1=bfee4fa0 a2=dbcff4 a3=9e38120 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.716:469): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162911661.716:470): avc: denied { execute } for pid=12755 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.716:470): arch=40000003 syscall=33 success=yes exit=0 a0=9e38120 a1=1 a2=11 a3=9e38120 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911661.716:471): avc: denied { read } for pid=12755 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.716:471): arch=40000003 syscall=33 success=yes exit=0 a0=9e38120 a1=4 a2=ffffffff a3=9e38120 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911661.716:472): avc: denied { execute_no_trans } for pid=12755 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.716:472): arch=40000003 syscall=11 success=yes exit=0 a0=9e38120 a1=9e383d8 a2=9e382f8 a3=9e37f98 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.716:472): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162911661.756:473): avc: denied { ioctl } for pid=12755 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.756:473): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd16ff8 a3=bfd17038 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.756:473): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162911661.780:474): avc: denied { execute } for pid=12755 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.780:474): arch=40000003 syscall=33 success=yes exit=0 a0=93ee990 a1=1 a2=1 a3=93eec98 items=0 ppid=12754 pid=12755 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911661.780:475): avc: denied { execute_no_trans } for pid=12758 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.780:475): arch=40000003 syscall=11 success=yes exit=0 a0=93eea10 a1=93eead8 a2=93eeae8 a3=93ee758 items=0 ppid=12755 pid=12758 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.780:475): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162911661.832:476): avc: denied { execute } for pid=12760 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162911661.832:476): avc: denied { execute_no_trans } for pid=12760 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162911661.832:476): avc: denied { read } for pid=12760 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=2848378 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.832:476): arch=40000003 syscall=11 success=yes exit=0 a0=8f9b678 a1=8f9b808 a2=8f9b720 a3=8f9b508 items=0 ppid=12758 pid=12760 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.832:476): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162911661.832:476): path="/sbin/chkconfig"
+type=AVC msg=audit(1162911661.928:477): avc: denied { read } for pid=12760 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.928:477): arch=40000003 syscall=5 success=yes exit=3 a0=bfb2edf0 a1=0 a2=ffffffff a3=87d4038 items=0 ppid=12758 pid=12760 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162911661.928:478): avc: denied { getattr } for pid=12760 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162911661.928:478): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfb2ed60 a2=63cff4 a3=3 items=0 ppid=12758 pid=12760 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162911661.928:478): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162911661.972:479): user pid=12754 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162911661.976:480): user pid=12754 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162911943.065:481): avc: denied { search } for pid=4371 comm="firefox-bin" name="usbdev4.2_ep01" dev=sysfs ino=247897 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162911943.065:481): arch=40000003 syscall=6 success=yes exit=0 a0=29 a1=0 a2=229b790 a3=ab187a88 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162912027.014:482): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912027.014:482): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162912027.014:483): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912027.014:483): arch=40000003 syscall=197 success=yes exit=0 a0=3e a1=bf97398c a2=36aff4 a3=b2c6b110 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162912027.014:483): path="/tmp/.gdmF70UIT"
+type=USER_ACCT msg=audit(1162912201.225:484): user pid=17460 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162912201.225:485): login pid=17460 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162912201.257:486): user pid=17460 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162912201.257:487): user pid=17460 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162912201.289:488): avc: denied { execute } for pid=17461 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162912201.289:488): avc: denied { execute_no_trans } for pid=17461 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912201.289:488): arch=40000003 syscall=11 success=yes exit=0 a0=98881b0 a1=9888358 a2=9888290 a3=9888008 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912201.289:488): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162912201.389:489): avc: denied { search } for pid=17461 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162912201.389:489): avc: denied { read } for pid=17461 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912201.389:489): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8261800 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162912201.393:490): avc: denied { getattr } for pid=17461 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912201.393:490): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfb8edb8 a2=239ff4 a3=8261800 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912201.393:490): path="/proc/net/dev"
+type=AVC msg=audit(1162912201.501:491): avc: denied { search } for pid=17461 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162912201.501:491): avc: denied { read } for pid=17461 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912201.501:491): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8261df0 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162912201.501:492): avc: denied { getattr } for pid=17461 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912201.501:492): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfb8ec14 a2=239ff4 a3=8261df0 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912201.501:492): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162912201.501:493): avc: denied { search } for pid=17461 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162912201.501:493): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8261df0 items=0 ppid=17460 pid=17461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162912201.633:494): user pid=17460 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162912201.637:495): user pid=17460 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162912454.541:496): avc: denied { read } for pid=18789 comm="ldd" name="init" dev=dm-0 ino=9984490 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912454.541:496): arch=40000003 syscall=33 success=yes exit=0 a0=8f33888 a1=4 a2=1 a3=8f33920 items=0 ppid=18788 pid=18789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ldd" exe="/bin/bash" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162912454.541:497): avc: denied { execute } for pid=18789 comm="ldd" name="init" dev=dm-0 ino=9984490 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912454.541:497): arch=40000003 syscall=33 success=yes exit=0 a0=8f2f680 a1=1 a2=1 a3=8f33ce8 items=0 ppid=18788 pid=18789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ldd" exe="/bin/bash" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162912454.545:498): avc: denied { execute_no_trans } for pid=18793 comm="ldd" name="init" dev=dm-0 ino=9984490 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912454.545:498): arch=40000003 syscall=11 success=yes exit=0 a0=8f2de50 a1=8f33ed8 a2=8f2e230 a3=8f2dcd8 items=0 ppid=18792 pid=18793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="init" exe="/sbin/init" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162912454.545:498): path="/sbin/init"
+type=AVC msg=audit(1162912459.649:499): avc: denied { execute } for pid=18802 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=AVC msg=audit(1162912459.649:499): avc: denied { execute_no_trans } for pid=18802 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912459.649:499): arch=40000003 syscall=11 success=yes exit=0 a0=9c209e8 a1=9c27370 a2=9c23ec0 a3=9c20a30 items=0 ppid=4324 pid=18802 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162912459.649:499): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=AVC msg=audit(1162912482.851:500): avc: denied { write } for pid=2599 comm="anacron" name="run" dev=dm-0 ino=14436616 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1162912482.851:500): avc: denied { remove_name } for pid=2599 comm="anacron" name="anacron.pid" dev=dm-0 ino=14437020 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1162912482.851:500): avc: denied { unlink } for pid=2599 comm="anacron" name="anacron.pid" dev=dm-0 ino=14437020 scontext=system_u:system_r:system_crond_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912482.851:500): arch=40000003 syscall=10 success=yes exit=0 a0=804c925 a1=fe8c98 a2=fe7ff4 a3=1 items=0 ppid=1 pid=2599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:system_crond_t:s0 key=(null)
+type=AVC msg=audit(1162912619.407:501): avc: denied { search } for pid=4371 comm="firefox-bin" name="usbdev4.2_ep01" dev=sysfs ino=277031 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162912619.407:501): arch=40000003 syscall=6 success=yes exit=0 a0=29 a1=0 a2=229b790 a3=aab165c0 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162912801.707:502): user pid=18887 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162912801.707:503): login pid=18887 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162912801.707:504): user pid=18887 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162912801.707:505): user pid=18887 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162912801.711:506): avc: denied { execute } for pid=18888 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162912801.711:506): avc: denied { execute_no_trans } for pid=18888 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162912801.711:506): avc: denied { read } for pid=18888 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912801.711:506): arch=40000003 syscall=11 success=yes exit=0 a0=8c1cd48 a1=8c1c740 a2=8c1cd60 a3=8c1c740 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912801.711:506): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162912801.711:506): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162912801.711:507): avc: denied { search } for pid=18888 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162912801.711:507): avc: denied { read } for pid=18888 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912801.711:507): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8b77800 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162912801.711:508): avc: denied { getattr } for pid=18888 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912801.711:508): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf809138 a2=239ff4 a3=8b77800 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912801.711:508): path="/proc/net/dev"
+type=AVC msg=audit(1162912801.711:509): avc: denied { search } for pid=18888 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162912801.711:509): arch=40000003 syscall=33 success=yes exit=0 a0=bf8094e4 a1=0 a2=bf8093d8 a3=bf8093e0 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162912801.715:510): avc: denied { read append } for pid=18888 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912801.715:510): arch=40000003 syscall=5 success=yes exit=3 a0=bf8094e4 a1=402 a2=bf8096a8 a3=bf8093e0 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162912801.715:511): avc: denied { lock } for pid=18888 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162912801.715:511): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf8093e0 a3=3 items=0 ppid=18887 pid=18888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162912801.715:511): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162912801.739:512): user pid=18887 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162912801.739:513): user pid=18887 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162913401.808:514): user pid=18990 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162913401.808:515): login pid=18990 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162913401.808:516): user pid=18990 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162913401.808:517): user pid=18990 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162913401.812:518): avc: denied { execute } for pid=18991 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162913401.812:518): avc: denied { execute_no_trans } for pid=18991 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913401.812:518): arch=40000003 syscall=11 success=yes exit=0 a0=90d71b0 a1=90d7358 a2=90d7290 a3=90d7008 items=0 ppid=18990 pid=18991 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162913401.812:518): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162913401.816:519): avc: denied { search } for pid=18991 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162913401.816:519): avc: denied { read } for pid=18991 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913401.816:519): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=86b7df0 items=0 ppid=18990 pid=18991 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162913401.816:520): avc: denied { getattr } for pid=18991 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913401.816:520): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbe0364 a2=239ff4 a3=86b7df0 items=0 ppid=18990 pid=18991 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162913401.816:520): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162913401.816:521): avc: denied { search } for pid=18991 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162913401.816:521): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=86b7df0 items=0 ppid=18990 pid=18991 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162913401.828:522): user pid=18990 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162913401.828:523): user pid=18990 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162913401.888:524): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913401.888:524): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162913401.888:525): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913401.888:525): arch=40000003 syscall=197 success=yes exit=0 a0=32 a1=bf97398c a2=36aff4 a3=aa4a0518 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913401.888:525): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162913576.187:526): avc: denied { read } for pid=19023 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913576.187:526): arch=40000003 syscall=33 success=yes exit=0 a0=bfca3f92 a1=4 a2=de7a64 a3=bfca3f92 items=0 ppid=19022 pid=19023 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162913584.800:527): avc: denied { execmem } for pid=4371 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162913584.800:527): arch=40000003 syscall=192 success=yes exit=93360128 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162913723.828:528): avc: denied { read } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913723.828:528): arch=40000003 syscall=5 success=yes exit=63 a0=aa0964f0 a1=0 a2=aa0964e8 a3=aa0964f0 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162913723.828:529): avc: denied { getattr } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913723.828:529): arch=40000003 syscall=197 success=yes exit=0 a0=3f a1=bf9711d0 a2=230fc0 a3=40 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913723.828:529): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162913723.828:530): avc: denied { execute } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913723.828:530): arch=40000003 syscall=192 success=yes exit=26157056 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913723.828:530): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162913771.903:531): avc: denied { search } for pid=19088 comm="gpg" name="home" dev=dm-0 ino=6547201 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1162913771.903:531): avc: denied { search } for pid=19088 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162913771.903:531): arch=40000003 syscall=33 success=no exit=-2 a0=98cf9f8 a1=4 a2=dfabbc a3=98cf9c8 items=0 ppid=3575 pid=19088 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162913772.127:532): avc: denied { search } for pid=19088 comm="gpg" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162913772.127:532): avc: denied { read } for pid=19088 comm="gpg" name="evolution-pgp.Y1R1IT" dev=dm-0 ino=14469396 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_evolution_orbit_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913772.127:532): arch=40000003 syscall=5 success=yes exit=3 a0=bfceeb1a a1=8000 a2=0 a3=8000 items=0 ppid=3575 pid=19088 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162913785.060:533): avc: denied { read } for pid=19094 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913785.060:533): arch=40000003 syscall=33 success=yes exit=0 a0=bf974f92 a1=4 a2=de7a64 a3=bf974f92 items=0 ppid=19093 pid=19094 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913785.060:534): avc: denied { getattr } for pid=19094 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913785.060:534): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf9739bc a2=47aff4 a3=8b39ab0 items=0 ppid=19093 pid=19094 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913785.060:534): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162913785.096:535): avc: denied { execute } for pid=19091 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162913785.096:535): avc: denied { execute_no_trans } for pid=19091 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162913785.096:535): avc: denied { read } for pid=19091 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913785.096:535): arch=40000003 syscall=11 success=yes exit=0 a0=86bb8b8 a1=86bd928 a2=86be120 a3=86bd928 items=0 ppid=1 pid=19091 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913785.096:535): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1162913785.096:535): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162913785.332:536): avc: denied { getattr } for pid=19091 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162913785.332:536): arch=40000003 syscall=196 success=yes exit=0 a0=bfc25b48 a1=bfc2563c a2=239ff4 a3=bfc26a05 items=0 ppid=1 pid=19091 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162913785.332:536): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162913785.740:537): avc: denied { search } for pid=19091 comm="firefox-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162913785.740:537): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfc259b8 a2=239ff4 a3=3 items=0 ppid=1 pid=19091 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913787.352:538): avc: denied { search } for pid=19101 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162913787.352:538): avc: denied { search } for pid=19101 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162913787.352:538): avc: denied { write } for pid=19101 comm="evolution-data-" name="linc-df7-0-776fae0850c0c" dev=dm-0 ino=14567744 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162913787.352:538): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b5f3fe70 a2=4e570f80 a3=0 items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.840:539): avc: denied { write } for pid=19101 comm="evolution-data-" name="linc-c8e-0-2f6d638e7c118" dev=dm-0 ino=14567745 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162913787.840:539): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b5f3fcd0 a2=4e570f80 a3=0 items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.908:540): avc: denied { create } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913787.908:540): arch=40000003 syscall=102 success=yes exit=27 a0=1 a1=b5f3fb04 a2=6b9ff4 a3=b5f3fd91 items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.908:541): avc: denied { bind } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913787.908:541): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b5f3fb04 a2=6b9ff4 a3=1b items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.908:542): avc: denied { getattr } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913787.908:542): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b5f3fb04 a2=6b9ff4 a3=1b items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.908:543): avc: denied { write } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162913787.908:543): avc: denied { nlmsg_read } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913787.908:543): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b5f3ea44 a2=6b9ff4 a3=0 items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913787.908:544): avc: denied { read } for pid=19101 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913787.908:544): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b5f3ea44 a2=6b9ff4 a3=0 items=0 ppid=1 pid=19101 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe=2F7573722F6C6962657865632F65766F6C7574696F6E2D646174612D7365727665722D312E31302E237072656C696E6B232E663161413778202864656C6574656429 subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1162913789.312:545): avc: denied { search } for pid=19105 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162913789.312:545): arch=40000003 syscall=33 success=no exit=-2 a0=865d9f8 a1=4 a2=a92bbc a3=865d9c8 items=0 ppid=3575 pid=19105 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162913794.937:546): avc: denied { create } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913794.937:546): arch=40000003 syscall=102 success=yes exit=48 a0=1 a1=b179e274 a2=4c0ff4 a3=0 items=0 ppid=1 pid=19111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913794.937:547): avc: denied { bind } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913794.937:547): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b179e274 a2=4c0ff4 a3=30 items=0 ppid=1 pid=19111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913794.937:548): avc: denied { getattr } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913794.937:548): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b179e274 a2=4c0ff4 a3=30 items=0 ppid=1 pid=19111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913794.937:549): avc: denied { write } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162913794.937:549): avc: denied { nlmsg_read } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913794.937:549): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b179d1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=19111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162913794.937:550): avc: denied { read } for pid=19111 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162913794.937:550): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b179d1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=19111 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162914001.894:551): user pid=19157 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162914001.894:552): login pid=19157 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162914001.894:553): user pid=19157 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162914001.894:554): user pid=19157 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162914001.898:555): avc: denied { execute } for pid=19158 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162914001.898:555): avc: denied { execute_no_trans } for pid=19158 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162914001.898:555): avc: denied { read } for pid=19158 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162914001.898:555): arch=40000003 syscall=11 success=yes exit=0 a0=84b1d48 a1=84b1740 a2=84b1d60 a3=84b1740 items=0 ppid=19157 pid=19158 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162914001.898:555): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162914001.898:555): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162914001.898:556): avc: denied { search } for pid=19158 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162914001.898:556): arch=40000003 syscall=33 success=yes exit=0 a0=bfea2374 a1=0 a2=bfea2268 a3=bfea2270 items=0 ppid=19157 pid=19158 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162914001.898:557): avc: denied { read append } for pid=19158 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162914001.898:557): arch=40000003 syscall=5 success=yes exit=3 a0=bfea2374 a1=402 a2=bfea2538 a3=bfea2270 items=0 ppid=19157 pid=19158 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162914001.898:558): avc: denied { lock } for pid=19158 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162914001.898:558): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfea2270 a3=3 items=0 ppid=19157 pid=19158 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162914001.898:558): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162914001.910:559): user pid=19157 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162914001.910:560): user pid=19157 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162914100.280:561): avc: denied { execute } for pid=19185 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=AVC msg=audit(1162914100.280:561): avc: denied { execute_no_trans } for pid=19185 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162914100.280:561): arch=40000003 syscall=11 success=yes exit=0 a0=9c25f18 a1=9c34a20 a2=9c23ec0 a3=9c34ca8 items=0 ppid=4324 pid=19185 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162914100.280:561): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=USER_ACCT msg=audit(1162914601.967:562): user pid=19284 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162914601.967:563): login pid=19284 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162914601.967:564): user pid=19284 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162914601.967:565): user pid=19284 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162914601.999:566): user pid=19284 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162914601.999:567): user pid=19284 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162915201.317:568): user pid=19490 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162915201.317:569): login pid=19490 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162915201.317:570): user pid=19490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162915201.317:571): user pid=19490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162915201.329:572): user pid=19490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162915201.329:573): user pid=19490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162915217.242:574): avc: denied { search } for pid=19500 comm="firefox-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162915217.242:574): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfb168b8 a2=239ff4 a3=3 items=0 ppid=1 pid=19500 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162915261.340:575): user pid=19525 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162915261.340:576): login pid=19525 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162915261.340:577): user pid=19525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162915261.340:578): user pid=19525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162915261.344:579): avc: denied { getattr } for pid=19526 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.344:579): arch=40000003 syscall=195 success=yes exit=0 a0=9344120 a1=bff1efe0 a2=239ff4 a3=9344120 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.344:579): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162915261.344:580): avc: denied { execute } for pid=19526 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.344:580): arch=40000003 syscall=33 success=yes exit=0 a0=9344120 a1=1 a2=11 a3=9344120 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915261.344:581): avc: denied { read } for pid=19526 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.344:581): arch=40000003 syscall=33 success=yes exit=0 a0=9344120 a1=4 a2=ffffffff a3=9344120 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915261.344:582): avc: denied { execute_no_trans } for pid=19526 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.344:582): arch=40000003 syscall=11 success=yes exit=0 a0=9344120 a1=93443d8 a2=93442f8 a3=9343f98 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.344:582): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162915261.344:583): avc: denied { ioctl } for pid=19526 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.344:583): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfaf35d8 a3=bfaf3618 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.344:583): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162915261.408:584): avc: denied { execute } for pid=19526 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.408:584): arch=40000003 syscall=33 success=yes exit=0 a0=9b9d990 a1=1 a2=1 a3=9b9dc98 items=0 ppid=19525 pid=19526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915261.408:585): avc: denied { execute_no_trans } for pid=19527 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.408:585): arch=40000003 syscall=11 success=yes exit=0 a0=9b9da10 a1=9b9dad8 a2=9b9dae8 a3=9b9d758 items=0 ppid=19526 pid=19527 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.408:585): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162915261.452:586): avc: denied { execute } for pid=19529 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162915261.452:586): avc: denied { execute_no_trans } for pid=19529 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162915261.452:586): avc: denied { read } for pid=19529 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.452:586): arch=40000003 syscall=11 success=yes exit=0 a0=85b5678 a1=85b5808 a2=85b5720 a3=85b5508 items=0 ppid=19527 pid=19529 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.452:586): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162915261.452:586): path="/sbin/chkconfig"
+type=AVC msg=audit(1162915261.476:587): avc: denied { read } for pid=19529 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.476:587): arch=40000003 syscall=5 success=yes exit=3 a0=bff191e0 a1=0 a2=ffffffff a3=8e7b038 items=0 ppid=19527 pid=19529 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915261.509:588): avc: denied { getattr } for pid=19529 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915261.509:588): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff19150 a2=239ff4 a3=3 items=0 ppid=19527 pid=19529 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915261.509:588): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162915261.537:589): user pid=19525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162915261.537:590): user pid=19525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162915365.643:591): avc: denied { write } for pid=4371 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162915365.643:591): avc: denied { add_name } for pid=4371 comm="firefox-bin" name="xz46pk56" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162915365.643:591): avc: denied { create } for pid=4371 comm="firefox-bin" name="xz46pk56" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915365.643:591): arch=40000003 syscall=5 success=yes exit=69 a0=ac402920 a1=82c1 a2=180 a3=82c1 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915365.643:592): avc: denied { write } for pid=4371 comm="firefox-bin" name="xz46pk56" dev=dm-0 ino=14469396 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915365.643:592): arch=40000003 syscall=5 success=yes exit=69 a0=ac402920 a1=8041 a2=180 a3=8041 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915370.767:593): avc: denied { getattr } for pid=4371 comm="firefox-bin" name="Fortress-WP.pdf" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915370.767:593): arch=40000003 syscall=195 success=yes exit=0 a0=ac7c1c28 a1=bf973794 a2=36aff4 a3=3 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915370.767:593): path="/tmp/Fortress-WP.pdf"
+type=AVC msg=audit(1162915370.767:594): avc: denied { remove_name } for pid=4371 comm="firefox-bin" name="Fortress-WP.pdf" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162915370.767:594): avc: denied { unlink } for pid=4371 comm="firefox-bin" name="Fortress-WP.pdf" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915370.767:594): arch=40000003 syscall=10 success=yes exit=0 a0=ac7c1c28 a1=0 a2=4d765304 a3=0 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915370.767:595): avc: denied { rename } for pid=4371 comm="firefox-bin" name="xz46pk56" dev=dm-0 ino=14469396 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915370.767:595): arch=40000003 syscall=38 success=yes exit=0 a0=ac402920 a1=bf97385c a2=4d765304 a3=0 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915371.587:596): avc: denied { search } for pid=19567 comm="evince" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162915371.587:596): avc: denied { write } for pid=19567 comm="evince" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162915371.587:596): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfbcb260 a2=39b770 a3=15 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915371.591:597): avc: denied { read } for pid=19567 comm="evince" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915371.591:597): arch=40000003 syscall=33 success=yes exit=0 a0=8f74950 a1=4 a2=39b770 a3=8f74950 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915371.627:598): avc: denied { getattr } for pid=19567 comm="evince" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915371.627:598): arch=40000003 syscall=197 success=yes exit=0 a0=2d a1=bfbcb2fc a2=25dff4 a3=8f75230 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915371.627:598): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162915371.967:599): avc: denied { connectto } for pid=19567 comm="evince" path=002F746D702F646275732D6E6948324A5970414645 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1162915371.967:599): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfbcb7d0 a2=7dcf494 a3=15 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915374.488:600): avc: denied { read } for pid=19570 comm="gam_server" name="inotify" dev=inotifyfs ino=339 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162915374.488:600): arch=40000003 syscall=3 success=yes exit=48 a0=3 a1=913f4f8 a2=400 a3=400 items=0 ppid=1 pid=19570 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gam_server" exe="/usr/libexec/gam_server" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915374.488:600): path="inotify"
+type=AVC msg=audit(1162915374.512:601): avc: denied { read } for pid=19568 comm="evince" name="Fortress-WP.pdf" dev=dm-0 ino=14469396 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915374.512:601): arch=40000003 syscall=5 success=yes exit=55 a0=90bfc70 a1=8000 a2=1b6 a3=90c5708 items=0 ppid=4371 pid=19568 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915374.756:602): avc: denied { create } for pid=19567 comm="evince" name=".recently-used.xbel.CED2IT" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915374.756:602): arch=40000003 syscall=5 success=yes exit=61 a0=9105920 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915374.756:603): avc: denied { getattr } for pid=19567 comm="evince" name=".recently-used.xbel.CED2IT" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915374.756:603): arch=40000003 syscall=197 success=yes exit=0 a0=3d a1=bfbcac14 a2=25dff4 a3=911ec28 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915374.756:603): path="/home/kmacmill/.recently-used.xbel.CED2IT"
+type=AVC msg=audit(1162915374.756:604): avc: denied { write } for pid=19567 comm="evince" name=".recently-used.xbel.CED2IT" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915374.756:604): arch=40000003 syscall=4 success=yes exit=90112 a0=3d a1=912cd50 a2=16000 a3=16000 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915374.756:604): path="/home/kmacmill/.recently-used.xbel.CED2IT"
+type=AVC msg=audit(1162915374.756:605): avc: denied { rename } for pid=19567 comm="evince" name=".recently-used.xbel.CED2IT" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915374.756:605): arch=40000003 syscall=38 success=yes exit=0 a0=90dcb48 a1=8fc5968 a2=76c0708 a3=b7f3e8cc items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915375.592:606): avc: denied { read } for pid=19567 comm="evince" name=".recently-used.xbel" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915375.592:606): arch=40000003 syscall=5 success=yes exit=61 a0=8fc5968 a1=8000 a2=0 a3=8000 items=0 ppid=4371 pid=19567 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915575.868:607): avc: denied { search } for pid=19568 comm="evince" name="usbdev4.2_ep01" dev=sysfs ino=328509 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=AVC msg=audit(1162915608.822:608): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915608.822:608): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915608.822:609): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915608.822:609): arch=40000003 syscall=197 success=yes exit=0 a0=3e a1=bf9732ec a2=36aff4 a3=a5b1c038 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915608.822:609): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162915756.967:610): avc: denied { execmem } for pid=4378 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162915756.967:610): arch=40000003 syscall=192 success=yes exit=116039680 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=1 pid=4378 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162915801.590:611): user pid=19625 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162915801.590:612): login pid=19625 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162915801.590:613): user pid=19625 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162915801.590:614): user pid=19625 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162915801.598:615): avc: denied { search } for pid=19626 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162915801.598:615): avc: denied { read } for pid=19626 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915801.598:615): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9305800 items=0 ppid=19625 pid=19626 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915801.598:616): avc: denied { getattr } for pid=19626 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915801.598:616): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe3ca28 a2=239ff4 a3=9305800 items=0 ppid=19625 pid=19626 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915801.598:616): path="/proc/net/dev"
+type=AVC msg=audit(1162915801.598:617): avc: denied { search } for pid=19626 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162915801.598:617): avc: denied { read } for pid=19626 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915801.598:617): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9305df0 items=0 ppid=19625 pid=19626 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162915801.598:618): avc: denied { getattr } for pid=19626 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915801.598:618): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfe3c884 a2=239ff4 a3=9305df0 items=0 ppid=19625 pid=19626 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162915801.598:618): path="/proc/sys/fs/dentry-state"
+type=CRED_DISP msg=audit(1162915801.610:619): user pid=19625 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162915801.610:620): user pid=19625 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162915974.193:621): avc: denied { read } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915974.193:621): arch=40000003 syscall=5 success=yes exit=75 a0=aa089078 a1=0 a2=b5e00040 a3=aa089078 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162915974.193:622): avc: denied { getattr } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915974.193:622): arch=40000003 syscall=197 success=yes exit=0 a0=4b a1=bf970ad4 a2=230fc0 a3=4c items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915974.193:622): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162915974.193:623): avc: denied { execute } for pid=4371 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162915974.193:623): arch=40000003 syscall=192 success=yes exit=104456192 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162915974.193:623): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=USER_ACCT msg=audit(1162916401.676:624): user pid=19751 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162916401.676:625): login pid=19751 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162916401.676:626): user pid=19751 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162916401.676:627): user pid=19751 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162916401.680:628): avc: denied { execute } for pid=19752 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162916401.680:628): avc: denied { execute_no_trans } for pid=19752 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162916401.680:628): avc: denied { read } for pid=19752 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162916401.680:628): arch=40000003 syscall=11 success=yes exit=0 a0=8aa3d48 a1=8aa3740 a2=8aa3d60 a3=8aa3740 items=0 ppid=19751 pid=19752 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162916401.680:628): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162916401.680:628): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162916401.684:629): avc: denied { search } for pid=19752 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162916401.684:629): arch=40000003 syscall=33 success=yes exit=0 a0=bfd40214 a1=0 a2=bfd40108 a3=bfd40110 items=0 ppid=19751 pid=19752 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162916401.696:630): user pid=19751 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162916401.696:631): user pid=19751 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162916996.341:632): avc: denied { search } for pid=19878 comm="gpg" name="home" dev=dm-0 ino=6547201 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1162916996.341:632): avc: denied { search } for pid=19878 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162916996.341:632): arch=40000003 syscall=33 success=no exit=-2 a0=9da69f8 a1=4 a2=ca7bbc a3=9da69c8 items=0 ppid=3575 pid=19878 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162916996.341:633): avc: denied { search } for pid=19878 comm="gpg" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162916996.341:633): avc: denied { read } for pid=19878 comm="gpg" name="evolution-pgp.SGNUIT" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_evolution_orbit_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162916996.341:633): arch=40000003 syscall=5 success=yes exit=3 a0=bf8b4b1a a1=8000 a2=0 a3=8000 items=0 ppid=3575 pid=19878 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162917001.757:634): user pid=19879 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162917001.757:635): login pid=19879 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162917001.761:636): user pid=19879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162917001.761:637): user pid=19879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162917001.765:638): avc: denied { read append } for pid=19880 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917001.765:638): arch=40000003 syscall=5 success=yes exit=3 a0=bfe0bae4 a1=402 a2=bfe0bca8 a3=bfe0b9e0 items=0 ppid=19879 pid=19880 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162917001.765:639): avc: denied { lock } for pid=19880 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917001.765:639): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfe0b9e0 a3=3 items=0 ppid=19879 pid=19880 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162917001.765:639): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162917001.793:640): user pid=19879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162917001.793:641): user pid=19879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162917038.508:642): avc: denied { read } for pid=19888 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917038.508:642): arch=40000003 syscall=33 success=yes exit=0 a0=bfccff92 a1=4 a2=de7a64 a3=bfccff92 items=0 ppid=19887 pid=19888 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162917232.176:643): avc: denied { write } for pid=19916 comm="gnome-terminal" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162917232.176:643): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfeaf5b0 a2=39b770 a3=15 items=0 ppid=1 pid=19916 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162917240.052:644): avc: denied { getattr } for pid=19922 comm="bash" name="unix" dev=proc ino=-268434925 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_net_unix_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162917240.052:644): arch=40000003 syscall=195 success=yes exit=0 a0=9999ea8 a1=bfcb9848 a2=239ff4 a3=9999ea8 items=0 ppid=3783 pid=19922 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162917240.052:644): path="/proc/sys/net/unix"
+type=AVC msg=audit(1162917242.712:645): avc: denied { read } for pid=19922 comm="bash" name="unix" dev=proc ino=-268434925 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_net_unix_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162917242.712:645): arch=40000003 syscall=5 success=yes exit=3 a0=9999728 a1=18800 a2=0 a3=999970a items=0 ppid=3783 pid=19922 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162917242.712:646): avc: denied { search } for pid=19922 comm="bash" name="unix" dev=proc ino=-268434925 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_net_unix_t:s0 tclass=dir
+type=AVC msg=audit(1162917242.712:646): avc: denied { getattr } for pid=19922 comm="bash" name="max_dgram_qlen" dev=proc ino=-268434924 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_net_unix_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917242.712:646): arch=40000003 syscall=195 success=yes exit=0 a0=9999740 a1=bfcb9934 a2=239ff4 a3=2 items=0 ppid=3783 pid=19922 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162917242.712:646): path="/proc/sys/net/unix/max_dgram_qlen"
+type=AVC msg=audit(1162917340.570:647): avc: denied { execute } for pid=4324 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917340.570:647): arch=40000003 syscall=33 success=yes exit=0 a0=9c29130 a1=1 a2=11 a3=9c29130 items=0 ppid=4321 pid=4324 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC msg=audit(1162917341.046:648): avc: denied { execute_no_trans } for pid=19949 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162917341.046:648): arch=40000003 syscall=11 success=yes exit=0 a0=9c22688 a1=9c22620 a2=9c23ec0 a3=9c28c28 items=0 ppid=4324 pid=19949 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162917341.046:648): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=USER_ACCT msg=audit(1162917601.863:649): user pid=19977 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162917601.863:650): login pid=19977 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162917601.863:651): user pid=19977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162917601.863:652): user pid=19977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162917601.927:653): user pid=19977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162917601.927:654): user pid=19977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162918201.988:655): user pid=20054 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162918201.988:656): login pid=20054 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162918201.988:657): user pid=20054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162918201.988:658): user pid=20054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162918202.008:659): user pid=20054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162918202.008:660): user pid=20054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162918801.066:661): user pid=20120 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162918801.066:662): login pid=20120 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162918801.066:663): user pid=20120 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162918801.066:664): user pid=20120 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162918801.082:665): user pid=20120 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162918801.082:666): user pid=20120 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162918861.093:667): user pid=20125 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162918861.093:668): login pid=20125 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162918861.093:669): user pid=20125 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162918861.093:670): user pid=20125 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162918861.097:671): avc: denied { getattr } for pid=20126 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.097:671): arch=40000003 syscall=195 success=yes exit=0 a0=8efa120 a1=bff70830 a2=375ff4 a3=8efa120 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.097:671): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162918861.097:672): avc: denied { execute } for pid=20126 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.097:672): arch=40000003 syscall=33 success=yes exit=0 a0=8efa120 a1=1 a2=11 a3=8efa120 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162918861.097:673): avc: denied { read } for pid=20126 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.097:673): arch=40000003 syscall=33 success=yes exit=0 a0=8efa120 a1=4 a2=ffffffff a3=8efa120 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162918861.097:674): avc: denied { execute_no_trans } for pid=20126 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.097:674): arch=40000003 syscall=11 success=yes exit=0 a0=8efa120 a1=8efa3d8 a2=8efa2f8 a3=8ef9f98 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.097:674): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162918861.101:675): avc: denied { ioctl } for pid=20126 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.101:675): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd46828 a3=bfd46868 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.101:675): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162918861.101:676): avc: denied { execute } for pid=20126 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.101:676): arch=40000003 syscall=33 success=yes exit=0 a0=9b3a990 a1=1 a2=1 a3=9b3ac98 items=0 ppid=20125 pid=20126 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162918861.101:677): avc: denied { execute_no_trans } for pid=20127 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.101:677): arch=40000003 syscall=11 success=yes exit=0 a0=9b3aa10 a1=9b3aad8 a2=9b3aae8 a3=9b3a758 items=0 ppid=20126 pid=20127 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.101:677): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162918861.105:678): avc: denied { execute } for pid=20128 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162918861.105:678): avc: denied { execute_no_trans } for pid=20128 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162918861.105:678): avc: denied { read } for pid=20128 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.105:678): arch=40000003 syscall=11 success=yes exit=0 a0=95f8678 a1=95f8808 a2=95f8720 a3=95f8508 items=0 ppid=20127 pid=20128 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.105:678): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162918861.105:678): path="/sbin/chkconfig"
+type=AVC msg=audit(1162918861.105:679): avc: denied { read } for pid=20128 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.105:679): arch=40000003 syscall=5 success=yes exit=3 a0=bff4da10 a1=0 a2=ffffffff a3=8768038 items=0 ppid=20127 pid=20128 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162918861.105:680): avc: denied { getattr } for pid=20128 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162918861.105:680): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff4d980 a2=2eeff4 a3=3 items=0 ppid=20127 pid=20128 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162918861.105:680): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162918861.113:681): user pid=20125 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162918861.113:682): user pid=20125 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162919401.167:683): user pid=20179 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162919401.167:684): login pid=20179 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162919401.167:685): user pid=20179 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162919401.167:686): user pid=20179 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162919401.175:687): avc: denied { search } for pid=20180 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162919401.175:687): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9b31800 items=0 ppid=20179 pid=20180 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162919401.187:688): user pid=20179 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162919401.187:689): user pid=20179 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162920001.245:690): user pid=20253 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162920001.245:691): login pid=20253 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162920001.245:692): user pid=20253 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162920001.245:693): user pid=20253 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162920001.261:694): user pid=20253 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162920001.261:695): user pid=20253 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162920013.069:696): avc: denied { read } for pid=20277 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920013.069:696): arch=40000003 syscall=33 success=yes exit=0 a0=bf950f92 a1=4 a2=de7a64 a3=bf950f92 items=0 ppid=20276 pid=20277 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162920030.163:697): avc: denied { execmem } for pid=4371 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162920030.163:697): arch=40000003 syscall=192 success=yes exit=96612352 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920048.188:698): avc: denied { read } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920048.188:698): arch=40000003 syscall=33 success=yes exit=0 a0=bf976fcb a1=4 a2=4db18a64 a3=bf976fcb items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920048.188:699): avc: denied { getattr } for pid=4371 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920048.188:699): arch=40000003 syscall=197 success=yes exit=0 a0=47 a1=bf9739e8 a2=36aff4 a3=ac901250 items=0 ppid=1 pid=4371 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920048.188:699): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162920137.525:700): avc: denied { execute } for pid=20295 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920137.525:700): arch=40000003 syscall=192 success=yes exit=70774784 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920137.525:700): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162920137.537:701): avc: denied { execstack } for pid=20295 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162920137.537:701): arch=40000003 syscall=125 success=yes exit=0 a0=bf924000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920137.573:702): avc: denied { execmod } for pid=20295 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920137.573:702): arch=40000003 syscall=125 success=yes exit=0 a0=437f000 a1=26f000 a2=5 a3=bf920a50 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920137.573:702): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162920142.458:703): avc: denied { ioctl } for pid=20328 comm="ps" name="[379798]" dev=pipefs ino=379798 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1162920142.458:703): arch=40000003 syscall=54 success=no exit=-22 a0=1 a1=5413 a2=bff1a184 a3=bff1a1c8 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.458:703): path="pipe:[379798]"
+type=AVC msg=audit(1162920142.482:704): avc: denied { getattr } for pid=20328 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.482:704): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.482:704): path="/proc/1"
+type=AVC msg=audit(1162920142.482:705): avc: denied { search } for pid=20328 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.482:705): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=65549 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.482:705): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.482:706): avc: denied { getattr } for pid=20328 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.482:706): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.482:706): path="/proc/2"
+type=AVC msg=audit(1162920142.482:707): avc: denied { search } for pid=20328 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.482:707): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=131085 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.482:707): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:708): avc: denied { getattr } for pid=20328 comm="ps" name="455" dev=proc ino=29818882 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:708): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:708): path="/proc/455"
+type=AVC msg=audit(1162920142.486:709): avc: denied { search } for pid=20328 comm="ps" name="455" dev=proc ino=29818882 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.486:709): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=29818893 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.486:709): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:710): avc: denied { getattr } for pid=20328 comm="ps" name="2154" dev=proc ino=141164546 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:710): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:710): path="/proc/2154"
+type=AVC msg=audit(1162920142.486:711): avc: denied { search } for pid=20328 comm="ps" name="2154" dev=proc ino=141164546 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.486:711): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=141164557 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.486:711): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:712): avc: denied { getattr } for pid=20328 comm="ps" name="2166" dev=proc ino=141950978 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:712): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:712): path="/proc/2166"
+type=AVC msg=audit(1162920142.486:713): avc: denied { search } for pid=20328 comm="ps" name="2166" dev=proc ino=141950978 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.486:713): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=141950989 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.486:713): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:714): avc: denied { getattr } for pid=20328 comm="ps" name="2182" dev=proc ino=142999554 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:714): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:714): path="/proc/2182"
+type=AVC msg=audit(1162920142.486:715): avc: denied { search } for pid=20328 comm="ps" name="2182" dev=proc ino=142999554 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.486:715): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=142999565 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.486:715): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:716): avc: denied { getattr } for pid=20328 comm="ps" name="2185" dev=proc ino=143196162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:716): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:716): path="/proc/2185"
+type=AVC msg=audit(1162920142.486:717): avc: denied { search } for pid=20328 comm="ps" name="2185" dev=proc ino=143196162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.486:717): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=143196173 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.486:717): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:718): avc: denied { getattr } for pid=20328 comm="ps" name="2197" dev=proc ino=143982594 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:718): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:718): path="/proc/2197"
+type=AVC msg=audit(1162920142.486:719): avc: denied { search } for pid=20328 comm="ps" name="2197" dev=proc ino=143982594 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.486:719): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=143982605 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.486:719): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.486:720): avc: denied { getattr } for pid=20328 comm="ps" name="2213" dev=proc ino=145031170 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.486:720): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.486:720): path="/proc/2213"
+type=AVC msg=audit(1162920142.486:721): avc: denied { search } for pid=20328 comm="ps" name="2213" dev=proc ino=145031170 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.486:721): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=145031181 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.486:721): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:722): avc: denied { getattr } for pid=20328 comm="ps" name="2226" dev=proc ino=145883138 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:722): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:722): path="/proc/2226"
+type=AVC msg=audit(1162920142.490:723): avc: denied { search } for pid=20328 comm="ps" name="2226" dev=proc ino=145883138 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:723): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=145883149 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:723): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:724): avc: denied { getattr } for pid=20328 comm="ps" name="2260" dev=proc ino=148111362 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:724): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:724): path="/proc/2260"
+type=AVC msg=audit(1162920142.490:725): avc: denied { search } for pid=20328 comm="ps" name="2260" dev=proc ino=148111362 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:725): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=148111373 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:725): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:726): avc: denied { getattr } for pid=20328 comm="ps" name="2324" dev=proc ino=152305666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:726): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:726): path="/proc/2324"
+type=AVC msg=audit(1162920142.490:727): avc: denied { search } for pid=20328 comm="ps" name="2324" dev=proc ino=152305666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:727): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=152305677 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:727): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:728): avc: denied { getattr } for pid=20328 comm="ps" name="2336" dev=proc ino=153092098 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:728): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:728): path="/proc/2336"
+type=AVC msg=audit(1162920142.490:729): avc: denied { search } for pid=20328 comm="ps" name="2336" dev=proc ino=153092098 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:729): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=153092109 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:729): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:730): avc: denied { getattr } for pid=20328 comm="ps" name="2426" dev=proc ino=158990338 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:730): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:730): path="/proc/2426"
+type=AVC msg=audit(1162920142.490:731): avc: denied { search } for pid=20328 comm="ps" name="2426" dev=proc ino=158990338 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:731): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=158990349 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:731): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:732): avc: denied { getattr } for pid=20328 comm="ps" name="2445" dev=proc ino=160235522 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:732): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:732): path="/proc/2445"
+type=AVC msg=audit(1162920142.490:733): avc: denied { search } for pid=20328 comm="ps" name="2445" dev=proc ino=160235522 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:733): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=160235533 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:733): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:734): avc: denied { getattr } for pid=20328 comm="ps" name="2456" dev=proc ino=160956418 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:734): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:734): path="/proc/2456"
+type=AVC msg=audit(1162920142.490:735): avc: denied { search } for pid=20328 comm="ps" name="2456" dev=proc ino=160956418 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:735): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=160956429 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:735): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:736): avc: denied { getattr } for pid=20328 comm="ps" name="2473" dev=proc ino=162070530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:736): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:736): path="/proc/2473"
+type=AVC msg=audit(1162920142.490:737): avc: denied { search } for pid=20328 comm="ps" name="2473" dev=proc ino=162070530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.490:737): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=162070541 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.490:737): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:738): avc: denied { getattr } for pid=20328 comm="ps" name="2487" dev=proc ino=162988034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:738): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:738): path="/proc/2487"
+type=AVC msg=audit(1162920142.490:739): avc: denied { search } for pid=20328 comm="ps" name="2487" dev=proc ino=162988034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.490:739): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=162988045 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.490:739): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:740): avc: denied { getattr } for pid=20328 comm="ps" name="2499" dev=proc ino=163774466 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:740): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:740): path="/proc/2499"
+type=AVC msg=audit(1162920142.490:741): avc: denied { search } for pid=20328 comm="ps" name="2499" dev=proc ino=163774466 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:741): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=163774477 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:741): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:742): avc: denied { getattr } for pid=20328 comm="ps" name="2519" dev=proc ino=165085186 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:742): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:742): path="/proc/2519"
+type=AVC msg=audit(1162920142.490:743): avc: denied { search } for pid=20328 comm="ps" name="2519" dev=proc ino=165085186 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:743): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=165085197 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:743): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:744): avc: denied { getattr } for pid=20328 comm="ps" name="2540" dev=proc ino=166461442 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:744): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:744): path="/proc/2540"
+type=AVC msg=audit(1162920142.490:745): avc: denied { search } for pid=20328 comm="ps" name="2540" dev=proc ino=166461442 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.490:745): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=166461453 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.490:745): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.490:746): avc: denied { getattr } for pid=20328 comm="ps" name="2551" dev=proc ino=167182338 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.490:746): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.490:746): path="/proc/2551"
+type=AVC msg=audit(1162920142.494:747): avc: denied { search } for pid=20328 comm="ps" name="2551" dev=proc ino=167182338 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.494:747): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=167182349 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.494:747): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:748): avc: denied { getattr } for pid=20328 comm="ps" name="2588" dev=proc ino=169607170 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:748): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:748): path="/proc/2588"
+type=AVC msg=audit(1162920142.494:749): avc: denied { search } for pid=20328 comm="ps" name="2588" dev=proc ino=169607170 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:749): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=169607181 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:749): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:750): avc: denied { getattr } for pid=20328 comm="ps" name="2681" dev=proc ino=175702018 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:750): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:750): path="/proc/2681"
+type=AVC msg=audit(1162920142.494:751): avc: denied { search } for pid=20328 comm="ps" name="2681" dev=proc ino=175702018 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:751): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=175702029 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:751): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:752): avc: denied { getattr } for pid=20328 comm="ps" name="2693" dev=proc ino=176488450 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:752): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:752): path="/proc/2693"
+type=AVC msg=audit(1162920142.494:753): avc: denied { search } for pid=20328 comm="ps" name="2693" dev=proc ino=176488450 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:753): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=176488461 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:753): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:754): avc: denied { getattr } for pid=20328 comm="ps" name="2706" dev=proc ino=177340418 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:754): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:754): path="/proc/2706"
+type=AVC msg=audit(1162920142.494:755): avc: denied { search } for pid=20328 comm="ps" name="2706" dev=proc ino=177340418 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:755): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=177340429 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:755): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:756): avc: denied { getattr } for pid=20328 comm="ps" name="2771" dev=proc ino=181600258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:756): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:756): path="/proc/2771"
+type=AVC msg=audit(1162920142.494:757): avc: denied { search } for pid=20328 comm="ps" name="2771" dev=proc ino=181600258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:757): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=181600269 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:757): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:758): avc: denied { getattr } for pid=20328 comm="ps" name="2798" dev=proc ino=183369730 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:758): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:758): path="/proc/2798"
+type=AVC msg=audit(1162920142.494:759): avc: denied { search } for pid=20328 comm="ps" name="2798" dev=proc ino=183369730 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:759): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=183369741 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:759): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:760): avc: denied { getattr } for pid=20328 comm="ps" name="2813" dev=proc ino=184352770 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:760): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:760): path="/proc/2813"
+type=AVC msg=audit(1162920142.494:761): avc: denied { search } for pid=20328 comm="ps" name="2813" dev=proc ino=184352770 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.494:761): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=184352781 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.494:761): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:762): avc: denied { getattr } for pid=20328 comm="ps" name="2827" dev=proc ino=185270274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:762): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:762): path="/proc/2827"
+type=AVC msg=audit(1162920142.494:763): avc: denied { search } for pid=20328 comm="ps" name="2827" dev=proc ino=185270274 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.494:763): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=185270285 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.494:763): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.494:764): avc: denied { getattr } for pid=20328 comm="ps" name="2936" dev=proc ino=192413698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1162920142.494:764): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.494:764): path="/proc/2936"
+type=AVC msg=audit(1162920142.494:765): avc: denied { search } for pid=20328 comm="ps" name="2936" dev=proc ino=192413698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1162920142.494:765): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=192413709 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1162920142.494:765): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.498:766): avc: denied { getattr } for pid=20328 comm="ps" name="2965" dev=proc ino=194314242 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.498:766): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.498:766): path="/proc/2965"
+type=AVC msg=audit(1162920142.498:767): avc: denied { search } for pid=20328 comm="ps" name="2965" dev=proc ino=194314242 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.498:767): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=194314253 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.498:767): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.498:768): avc: denied { getattr } for pid=20328 comm="ps" name="3017" dev=proc ino=197722114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.498:768): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.498:768): path="/proc/3017"
+type=AVC msg=audit(1162920142.498:769): avc: denied { search } for pid=20328 comm="ps" name="3017" dev=proc ino=197722114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.498:769): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=197722125 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.498:769): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.498:770): avc: denied { getattr } for pid=20328 comm="ps" name="3021" dev=proc ino=197984258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.498:770): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.498:770): path="/proc/3021"
+type=AVC msg=audit(1162920142.498:771): avc: denied { search } for pid=20328 comm="ps" name="3021" dev=proc ino=197984258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.498:771): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=197984269 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.498:771): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.498:772): avc: denied { getattr } for pid=20328 comm="ps" name="3112" dev=proc ino=203948034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.498:772): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.498:772): path="/proc/3112"
+type=AVC msg=audit(1162920142.498:773): avc: denied { search } for pid=20328 comm="ps" name="3112" dev=proc ino=203948034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.498:773): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=203948045 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.498:773): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:774): avc: denied { getattr } for pid=20328 comm="ps" name="3214" dev=proc ino=210632706 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:774): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:774): path="/proc/3214"
+type=AVC msg=audit(1162920142.502:775): avc: denied { search } for pid=20328 comm="ps" name="3214" dev=proc ino=210632706 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:775): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=210632717 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:775): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:776): avc: denied { getattr } for pid=20328 comm="ps" name="3239" dev=proc ino=212271106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:776): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:776): path="/proc/3239"
+type=AVC msg=audit(1162920142.502:777): avc: denied { search } for pid=20328 comm="ps" name="3239" dev=proc ino=212271106 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:777): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=212271117 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:777): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:778): avc: denied { getattr } for pid=20328 comm="ps" name="3575" dev=proc ino=234291202 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:778): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:778): path="/proc/3575"
+type=AVC msg=audit(1162920142.502:779): avc: denied { search } for pid=20328 comm="ps" name="3575" dev=proc ino=234291202 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:779): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=234291213 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:779): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:780): avc: denied { getattr } for pid=20328 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:780): arch=40000003 syscall=195 success=yes exit=0 a0=4bb840 a1=bff178f0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:780): path="/dev/pts"
+type=AVC msg=audit(1162920142.502:781): avc: denied { read } for pid=20328 comm="ps" name="2" dev=proc ino=248152066 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=lnk_file
+type=AVC msg=audit(1162920142.502:781): avc: denied { ptrace } for pid=20328 comm="ps" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162920142.502:781): arch=40000003 syscall=85 success=yes exit=10 a0=bff17928 a1=4bb840 a2=7f a3=bff17928 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:782): avc: denied { search } for pid=20328 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:782): avc: denied { getattr } for pid=20328 comm="ps" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162920142.502:782): arch=40000003 syscall=195 success=yes exit=0 a0=4bb840 a1=bff17830 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:782): path="/dev/pts/1"
+type=AVC msg=audit(1162920142.502:783): avc: denied { getattr } for pid=20328 comm="ps" name="2" dev=devpts ino=4 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162920142.502:783): arch=40000003 syscall=195 success=yes exit=0 a0=4bb840 a1=bff17830 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:783): path="/dev/pts/2"
+type=AVC msg=audit(1162920142.502:784): avc: denied { getattr } for pid=20328 comm="ps" name="4282" dev=proc ino=280625154 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:784): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:784): path="/proc/4282"
+type=AVC msg=audit(1162920142.502:785): avc: denied { search } for pid=20328 comm="ps" name="4282" dev=proc ino=280625154 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:785): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=280625165 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:785): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:786): avc: denied { getattr } for pid=20328 comm="ps" name="4321" dev=proc ino=283181058 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:786): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:786): path="/proc/4321"
+type=AVC msg=audit(1162920142.502:787): avc: denied { search } for pid=20328 comm="ps" name="4321" dev=proc ino=283181058 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:787): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=283181069 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:787): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920142.502:788): avc: denied { getattr } for pid=20328 comm="ps" name="4324" dev=proc ino=283377666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920142.502:788): arch=40000003 syscall=195 success=yes exit=0 a0=996897c a1=bff1a0e0 a2=239ff4 a3=3 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920142.502:788): path="/proc/4324"
+type=AVC msg=audit(1162920142.502:789): avc: denied { search } for pid=20328 comm="ps" name="4324" dev=proc ino=283377666 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=AVC msg=audit(1162920142.502:789): avc: denied { read } for pid=20328 comm="ps" name="stat" dev=proc ino=283377677 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920142.502:789): arch=40000003 syscall=5 success=yes exit=18 a0=4bd780 a1=0 a2=0 a3=4bd780 items=0 ppid=20327 pid=20328 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920144.582:790): avc: denied { write } for pid=20295 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162920144.582:790): avc: denied { add_name } for pid=20295 comm="firefox-bin" name="Flash6fMJkH" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162920144.582:790): avc: denied { create } for pid=20295 comm="firefox-bin" name="Flash6fMJkH" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920144.582:790): arch=40000003 syscall=5 success=yes exit=50 a0=bf923acb a1=c2 a2=180 a3=293500 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920144.582:791): avc: denied { read write } for pid=20295 comm="firefox-bin" name="Flash6fMJkH" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920144.582:791): arch=40000003 syscall=5 success=yes exit=50 a0=a6d65080 a1=242 a2=1b6 a3=90edaa0 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920144.582:792): avc: denied { getattr } for pid=20295 comm="firefox-bin" name="Flash6fMJkH" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920144.582:792): arch=40000003 syscall=197 success=yes exit=0 a0=32 a1=bf923948 a2=239ff4 a3=90edaa0 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920144.582:792): path="/tmp/Flash6fMJkH"
+type=AVC msg=audit(1162920363.911:793): avc: denied { search } for pid=20295 comm="firefox-bin" name="pcm" dev=dm-0 ino=9330155 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1162920363.911:793): avc: denied { read } for pid=20295 comm="firefox-bin" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920363.911:793): arch=40000003 syscall=5 success=yes exit=53 a0=8c301e0 a1=0 a2=1b6 a3=982b840 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920363.927:794): avc: denied { getattr } for pid=20295 comm="firefox-bin" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920363.927:794): arch=40000003 syscall=197 success=yes exit=0 a0=35 a1=bf923770 a2=239ff4 a3=982b840 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162920363.927:794): path="/etc/alsa/pcm/default.conf"
+type=AVC msg=audit(1162920363.951:795): avc: denied { search } for pid=20295 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920363.951:795): arch=40000003 syscall=54 success=yes exit=0 a0=35 a1=c25c4111 a2=bf9234ac a3=bf9234ac items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920398.374:796): avc: denied { remove_name } for pid=20295 comm="firefox-bin" name="7j7px5ah.bin" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162920398.374:796): avc: denied { unlink } for pid=20295 comm="firefox-bin" name="7j7px5ah.bin" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920398.374:796): arch=40000003 syscall=10 success=yes exit=0 a0=960cca8 a1=0 a2=6e44304 a3=0 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162920425.635:797): avc: denied { create } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162920425.635:797): arch=40000003 syscall=102 success=yes exit=49 a0=1 a1=b410d274 a2=4c0ff4 a3=802d7f items=0 ppid=1 pid=20374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162920425.635:798): avc: denied { bind } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162920425.635:798): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b410d274 a2=4c0ff4 a3=31 items=0 ppid=1 pid=20374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162920425.635:799): avc: denied { getattr } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162920425.635:799): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b410d274 a2=4c0ff4 a3=31 items=0 ppid=1 pid=20374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162920425.635:800): avc: denied { write } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162920425.635:800): avc: denied { nlmsg_read } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162920425.635:800): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b410c1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=20374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162920425.635:801): avc: denied { read } for pid=20374 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162920425.635:801): arch=40000003 syscall=102 success=yes exit=128 a0=11 a1=b410c1b4 a2=4c0ff4 a3=0 items=0 ppid=1 pid=20374 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162920601.326:802): user pid=20440 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162920601.326:803): login pid=20440 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162920601.326:804): user pid=20440 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162920601.326:805): user pid=20440 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162920601.330:806): avc: denied { execute } for pid=20441 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162920601.330:806): avc: denied { execute_no_trans } for pid=20441 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.330:806): arch=40000003 syscall=11 success=yes exit=0 a0=8f781b0 a1=8f78358 a2=8f78290 a3=8f78008 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162920601.330:806): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162920601.330:807): avc: denied { execute } for pid=20441 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162920601.330:807): avc: denied { execute_no_trans } for pid=20441 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162920601.330:807): avc: denied { read } for pid=20441 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.330:807): arch=40000003 syscall=11 success=yes exit=0 a0=99c1d48 a1=99c1740 a2=99c1d60 a3=99c1740 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162920601.330:807): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162920601.330:807): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162920601.330:808): avc: denied { search } for pid=20441 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162920601.330:808): avc: denied { read } for pid=20441 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.330:808): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=991c800 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162920601.334:809): avc: denied { getattr } for pid=20441 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.334:809): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf913238 a2=239ff4 a3=991c800 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162920601.334:809): path="/proc/net/dev"
+type=AVC msg=audit(1162920601.334:810): avc: denied { search } for pid=20441 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920601.334:810): arch=40000003 syscall=33 success=yes exit=0 a0=bf9135e4 a1=0 a2=bf9134d8 a3=bf9134e0 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162920601.334:811): avc: denied { read append } for pid=20441 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.334:811): arch=40000003 syscall=5 success=yes exit=3 a0=bf9135e4 a1=402 a2=bf9137a8 a3=bf9134e0 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162920601.334:812): avc: denied { search } for pid=20441 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920601.334:812): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=991cd60 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162920601.334:813): avc: denied { search } for pid=20441 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920601.334:813): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=991cd60 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162920601.334:814): avc: denied { lock } for pid=20441 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162920601.334:814): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf9134e0 a3=3 items=0 ppid=20440 pid=20441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162920601.334:814): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162920601.350:815): user pid=20440 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162920601.350:816): user pid=20440 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162920787.822:817): avc: denied { search } for pid=20497 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162920787.822:817): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=b219efd8 a2=4c0ff4 a3=0 items=0 ppid=1 pid=20497 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162921052.278:818): avc: denied { search } for pid=20295 comm="firefox-bin" name="usbdev4.2_ep01" dev=sysfs ino=380744 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162921052.278:818): arch=40000003 syscall=91 success=yes exit=0 a0=b7fcc000 a1=1000 a2=7ea9ebc a3=9be1028 items=0 ppid=1 pid=20295 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162921060.375:819): avc: denied { read } for pid=20537 comm="nm-vpnc-auth-di" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921060.375:819): arch=40000003 syscall=33 success=yes exit=0 a0=bfd3ee46 a1=4 a2=de7a64 a3=bfd3ee46 items=0 ppid=3098 pid=20537 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162921102.986:820): avc: denied { read } for pid=20574 comm="xchat" name="resolv.conf" dev=dm-0 ino=9334542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921102.986:820): arch=40000003 syscall=5 success=yes exit=9 a0=432d13 a1=0 a2=1b6 a3=9a0fcf8 items=0 ppid=3203 pid=20574 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xchat" exe="/usr/bin/xchat" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162921201.420:821): user pid=20607 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162921201.424:822): login pid=20607 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162921201.424:823): user pid=20607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162921201.424:824): user pid=20607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162921201.424:825): avc: denied { execute } for pid=20608 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162921201.424:825): avc: denied { execute_no_trans } for pid=20608 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.424:825): arch=40000003 syscall=11 success=yes exit=0 a0=9d971b0 a1=9d97358 a2=9d97290 a3=9d97008 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162921201.424:825): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162921201.428:826): avc: denied { execute } for pid=20608 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162921201.428:826): avc: denied { execute_no_trans } for pid=20608 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162921201.428:826): avc: denied { read } for pid=20608 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.428:826): arch=40000003 syscall=11 success=yes exit=0 a0=8f92d48 a1=8f92740 a2=8f92d60 a3=8f92740 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162921201.428:826): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162921201.428:826): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162921201.428:827): avc: denied { search } for pid=20608 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162921201.428:827): arch=40000003 syscall=33 success=yes exit=0 a0=bfa8a764 a1=0 a2=bfa8a658 a3=bfa8a660 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162921201.428:828): avc: denied { read append } for pid=20608 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.428:828): arch=40000003 syscall=5 success=yes exit=3 a0=bfa8a764 a1=402 a2=bfa8a928 a3=bfa8a660 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162921201.428:829): avc: denied { search } for pid=20608 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162921201.428:829): avc: denied { read } for pid=20608 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.428:829): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8eeddf0 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162921201.432:830): avc: denied { getattr } for pid=20608 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.432:830): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfa8a214 a2=239ff4 a3=8eeddf0 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162921201.432:830): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162921201.432:831): avc: denied { search } for pid=20608 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162921201.432:831): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8eeddf0 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162921201.432:832): avc: denied { lock } for pid=20608 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162921201.432:832): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfa8a660 a3=3 items=0 ppid=20607 pid=20608 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162921201.432:832): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162921201.444:833): user pid=20607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162921201.444:834): user pid=20607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162921791.973:835): avc: denied { execmem } for pid=20631 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162921791.973:835): arch=40000003 syscall=192 success=yes exit=133574656 a0=7f63000 a1=1a000 a2=7 a3=812 items=0 ppid=3158 pid=20631 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162921791.973:836): avc: denied { execstack } for pid=20631 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162921791.973:836): arch=40000003 syscall=125 success=yes exit=0 a0=bffc3000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=3158 pid=20631 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162921792.041:837): avc: denied { execute } for pid=20631 comm="gnome-screensav" name="zero" dev=tmpfs ino=1524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162921792.041:837): arch=40000003 syscall=192 success=yes exit=10104832 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=3158 pid=20631 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162921792.041:837): path="/dev/zero"
+type=USER_ACCT msg=audit(1162921801.505:838): user pid=20632 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162921801.505:839): login pid=20632 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162921801.505:840): user pid=20632 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162921801.505:841): user pid=20632 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162921801.517:842): user pid=20632 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162921801.521:843): user pid=20632 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162922401.579:844): user pid=20655 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162922401.583:845): login pid=20655 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162922401.583:846): user pid=20655 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162922401.583:847): user pid=20655 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162922401.595:848): user pid=20655 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162922401.595:849): user pid=20655 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162922461.602:850): user pid=20659 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162922461.602:851): login pid=20659 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162922461.606:852): user pid=20659 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162922461.606:853): user pid=20659 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162922461.610:854): avc: denied { getattr } for pid=20660 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:854): arch=40000003 syscall=195 success=yes exit=0 a0=8881120 a1=bfd71e30 a2=239ff4 a3=8881120 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.610:854): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162922461.610:855): avc: denied { execute } for pid=20660 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:855): arch=40000003 syscall=33 success=yes exit=0 a0=8881120 a1=1 a2=11 a3=8881120 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162922461.610:856): avc: denied { read } for pid=20660 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:856): arch=40000003 syscall=33 success=yes exit=0 a0=8881120 a1=4 a2=ffffffff a3=8881120 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162922461.610:857): avc: denied { execute_no_trans } for pid=20660 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:857): arch=40000003 syscall=11 success=yes exit=0 a0=8881120 a1=88813d8 a2=88812f8 a3=8880f98 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.610:857): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162922461.610:858): avc: denied { ioctl } for pid=20660 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:858): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfe32118 a3=bfe32158 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.610:858): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162922461.610:859): avc: denied { execute } for pid=20660 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:859): arch=40000003 syscall=33 success=yes exit=0 a0=9947990 a1=1 a2=1 a3=9947c98 items=0 ppid=20659 pid=20660 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162922461.610:860): avc: denied { execute_no_trans } for pid=20661 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.610:860): arch=40000003 syscall=11 success=yes exit=0 a0=9947a10 a1=9947ad8 a2=9947ae8 a3=9947758 items=0 ppid=20660 pid=20661 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.610:860): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162922461.614:861): avc: denied { execute } for pid=20662 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162922461.614:861): avc: denied { execute_no_trans } for pid=20662 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162922461.614:861): avc: denied { read } for pid=20662 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.614:861): arch=40000003 syscall=11 success=yes exit=0 a0=946e678 a1=946e808 a2=946e720 a3=946e508 items=0 ppid=20661 pid=20662 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.614:861): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162922461.614:861): path="/sbin/chkconfig"
+type=AVC msg=audit(1162922461.614:862): avc: denied { read } for pid=20662 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.614:862): arch=40000003 syscall=5 success=yes exit=3 a0=bf918be0 a1=0 a2=ffffffff a3=824f038 items=0 ppid=20661 pid=20662 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162922461.614:863): avc: denied { getattr } for pid=20662 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162922461.614:863): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf918b50 a2=239ff4 a3=3 items=0 ppid=20661 pid=20662 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162922461.614:863): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162922461.626:864): user pid=20659 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162922461.626:865): user pid=20659 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162923001.688:866): user pid=20720 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162923001.688:867): login pid=20720 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162923001.688:868): user pid=20720 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162923001.688:869): user pid=20720 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162923001.704:870): user pid=20720 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162923001.704:871): user pid=20720 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162923595.241:872): avc: denied { execute } for pid=20743 comm="gnome-screensav" name="zero" dev=tmpfs ino=1524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162923595.241:872): arch=40000003 syscall=192 success=yes exit=4689920 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=3158 pid=20743 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162923595.241:872): path="/dev/zero"
+type=USER_ACCT msg=audit(1162923601.770:873): user pid=20744 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162923601.770:874): login pid=20744 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162923601.770:875): user pid=20744 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162923601.770:876): user pid=20744 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162923601.778:877): user pid=20744 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162923601.778:878): user pid=20744 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162924201.839:879): user pid=20771 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162924201.839:880): login pid=20771 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162924201.839:881): user pid=20771 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162924201.839:882): user pid=20771 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162924201.855:883): user pid=20771 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162924201.855:884): user pid=20771 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162924801.917:885): user pid=20796 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162924801.917:886): login pid=20796 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162924801.917:887): user pid=20796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162924801.917:888): user pid=20796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162924801.933:889): user pid=20796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162924801.933:890): user pid=20796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162925401.990:891): user pid=20821 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162925401.990:892): login pid=20821 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162925401.990:893): user pid=20821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162925401.990:894): user pid=20821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162925402.002:895): user pid=20821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162925402.002:896): user pid=20821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162926001.064:897): user pid=20846 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162926001.064:898): login pid=20846 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162926001.064:899): user pid=20846 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162926001.064:900): user pid=20846 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162926001.080:901): user pid=20846 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162926001.080:902): user pid=20846 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162926061.087:903): user pid=20850 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162926061.087:904): login pid=20850 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162926061.087:905): user pid=20850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162926061.087:906): user pid=20850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162926061.103:907): user pid=20850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162926061.107:908): user pid=20850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162926601.157:909): user pid=20879 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162926601.157:910): login pid=20879 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162926601.157:911): user pid=20879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162926601.161:912): user pid=20879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162926601.173:913): user pid=20879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162926601.173:914): user pid=20879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162927201.247:915): user pid=20903 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162927201.247:916): login pid=20903 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162927201.247:917): user pid=20903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162927201.247:918): user pid=20903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162927201.263:919): user pid=20903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162927201.263:920): user pid=20903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162927801.324:921): user pid=20930 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162927801.328:922): login pid=20930 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162927801.328:923): user pid=20930 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162927801.328:924): user pid=20930 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162927801.340:925): user pid=20930 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162927801.340:926): user pid=20930 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162928401.410:927): user pid=20953 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162928401.410:928): login pid=20953 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162928401.410:929): user pid=20953 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162928401.410:930): user pid=20953 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162928401.426:931): user pid=20953 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162928401.426:932): user pid=20953 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162929001.487:933): user pid=20976 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162929001.487:934): login pid=20976 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162929001.487:935): user pid=20976 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162929001.487:936): user pid=20976 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162929001.495:937): user pid=20976 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162929001.495:938): user pid=20976 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162929601.561:939): user pid=21000 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162929601.561:940): login pid=21000 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162929601.561:941): user pid=21000 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162929601.561:942): user pid=21000 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162929601.577:943): user pid=21000 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162929601.577:944): user pid=21000 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162929661.588:945): user pid=21004 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162929661.588:946): login pid=21004 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162929661.588:947): user pid=21004 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162929661.588:948): user pid=21004 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162929661.608:949): user pid=21004 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162929661.608:950): user pid=21004 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162930201.670:951): user pid=21033 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162930201.670:952): login pid=21033 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162930201.670:953): user pid=21033 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162930201.670:954): user pid=21033 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162930201.686:955): user pid=21033 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162930201.686:956): user pid=21033 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162930801.744:957): user pid=21056 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162930801.744:958): login pid=21056 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162930801.744:959): user pid=21056 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162930801.744:960): user pid=21056 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162930801.760:961): user pid=21056 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162930801.760:962): user pid=21056 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162931401.825:963): user pid=21081 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162931401.825:964): login pid=21081 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162931401.825:965): user pid=21081 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162931401.825:966): user pid=21081 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162931401.841:967): user pid=21081 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162931401.841:968): user pid=21081 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162932001.895:969): user pid=21104 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162932001.895:970): login pid=21104 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162932001.899:971): user pid=21104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162932001.899:972): user pid=21104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162932001.911:973): user pid=21104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162932001.911:974): user pid=21104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162932601.984:975): user pid=21129 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162932601.984:976): login pid=21129 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162932601.984:977): user pid=21129 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162932601.984:978): user pid=21129 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162932602.000:979): user pid=21129 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162932602.000:980): user pid=21129 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162933201.062:981): user pid=21152 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162933201.066:982): login pid=21152 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162933201.066:983): user pid=21152 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162933201.066:984): user pid=21152 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162933201.078:985): user pid=21152 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162933201.078:986): user pid=21152 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162933261.085:987): user pid=21156 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162933261.085:988): login pid=21156 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162933261.085:989): user pid=21156 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162933261.085:990): user pid=21156 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162933261.105:991): user pid=21156 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162933261.105:992): user pid=21156 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162933801.167:993): user pid=21184 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162933801.167:994): login pid=21184 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162933801.167:995): user pid=21184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162933801.167:996): user pid=21184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162933801.183:997): user pid=21184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162933801.183:998): user pid=21184 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162934401.249:999): user pid=21210 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162934401.249:1000): login pid=21210 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162934401.249:1001): user pid=21210 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162934401.249:1002): user pid=21210 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162934401.285:1003): user pid=21210 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162934401.285:1004): user pid=21210 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162935001.354:1005): user pid=21237 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162935001.354:1006): login pid=21237 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162935001.354:1007): user pid=21237 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162935001.354:1008): user pid=21237 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162935001.370:1009): user pid=21237 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162935001.370:1010): user pid=21237 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162935601.440:1011): user pid=21260 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162935601.440:1012): login pid=21260 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162935601.440:1013): user pid=21260 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162935601.440:1014): user pid=21260 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162935601.456:1015): user pid=21260 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162935601.456:1016): user pid=21260 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162936201.517:1017): user pid=21285 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162936201.517:1018): login pid=21285 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162936201.517:1019): user pid=21285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162936201.517:1020): user pid=21285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162936201.533:1021): user pid=21285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162936201.533:1022): user pid=21285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162936801.603:1023): user pid=21308 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162936801.603:1024): login pid=21308 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162936801.603:1025): user pid=21308 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162936801.603:1026): user pid=21308 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162936801.619:1027): user pid=21308 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162936801.619:1028): user pid=21308 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162936861.626:1029): user pid=21312 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162936861.626:1030): login pid=21312 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162936861.626:1031): user pid=21312 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162936861.626:1032): user pid=21312 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162936861.646:1033): user pid=21312 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162936861.646:1034): user pid=21312 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162937184.851:1035): avc: denied { read } for pid=21353 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937184.851:1035): arch=40000003 syscall=33 success=yes exit=0 a0=bfa81f92 a1=4 a2=de7a64 a3=bfa81f92 items=0 ppid=21352 pid=21353 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937184.851:1036): avc: denied { getattr } for pid=21353 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937184.851:1036): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfa80acc a2=239ff4 a3=817bab0 items=0 ppid=21352 pid=21353 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937184.851:1036): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162937184.879:1037): avc: denied { execute } for pid=21350 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162937184.879:1037): avc: denied { execute_no_trans } for pid=21350 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162937184.879:1037): avc: denied { read } for pid=21350 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937184.879:1037): arch=40000003 syscall=11 success=yes exit=0 a0=881f8b8 a1=8821920 a2=8822118 a3=8821920 items=0 ppid=1 pid=21350 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937184.879:1037): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1162937184.879:1037): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162937184.891:1038): avc: denied { getattr } for pid=21350 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937184.891:1038): arch=40000003 syscall=196 success=yes exit=0 a0=bfbce2f8 a1=bfbcddec a2=47aff4 a3=bfbcfa06 items=0 ppid=1 pid=21350 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937184.891:1038): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162937189.635:1039): avc: denied { read } for pid=21358 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937189.635:1039): arch=40000003 syscall=33 success=yes exit=0 a0=bf94cfcb a1=4 a2=de7a64 a3=bf94cfcb items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937189.635:1040): avc: denied { getattr } for pid=21358 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937189.635:1040): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf94acec a2=239ff4 a3=9838140 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937189.635:1040): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162937312.079:1041): avc: denied { search } for pid=21414 comm="firefox-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937312.079:1041): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bff6ccd8 a2=239ff4 a3=3 items=0 ppid=1 pid=21414 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937330.052:1042): avc: denied { execute } for pid=21358 comm="firefox-bin" name="realplay" dev=dm-0 ino=12212539 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937330.052:1042): arch=40000003 syscall=33 success=yes exit=0 a0=a12f7fc a1=1 a2=76c0708 a3=8 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937330.084:1043): avc: denied { write } for pid=21358 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162937330.084:1043): avc: denied { add_name } for pid=21358 comm="firefox-bin" name="o1smfxjx" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162937330.084:1043): avc: denied { create } for pid=21358 comm="firefox-bin" name="o1smfxjx" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937330.084:1043): arch=40000003 syscall=5 success=yes exit=39 a0=a1336b0 a1=82c1 a2=180 a3=82c1 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937330.084:1044): avc: denied { write } for pid=21358 comm="firefox-bin" name="o1smfxjx" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937330.084:1044): arch=40000003 syscall=5 success=yes exit=39 a0=a1336b0 a1=8041 a2=180 a3=8041 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937340.076:1045): avc: denied { getattr } for pid=21358 comm="firefox-bin" name="part3.ogg" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937340.076:1045): arch=40000003 syscall=195 success=yes exit=0 a0=9f14fc8 a1=bf949384 a2=239ff4 a3=3 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937340.076:1045): path="/tmp/part3.ogg"
+type=AVC msg=audit(1162937340.076:1046): avc: denied { remove_name } for pid=21358 comm="firefox-bin" name="part3.ogg" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162937340.076:1046): avc: denied { unlink } for pid=21358 comm="firefox-bin" name="part3.ogg" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937340.076:1046): arch=40000003 syscall=10 success=yes exit=0 a0=9f14fc8 a1=0 a2=6e44304 a3=0 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937340.076:1047): avc: denied { rename } for pid=21358 comm="firefox-bin" name="o1smfxjx" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937340.076:1047): arch=40000003 syscall=38 success=yes exit=0 a0=a1336b0 a1=bf94944c a2=6e44304 a3=0 items=0 ppid=1 pid=21358 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937340.080:1048): avc: denied { execute_no_trans } for pid=21437 comm="firefox-bin" name="realplay" dev=dm-0 ino=12212539 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937340.080:1048): arch=40000003 syscall=11 success=yes exit=0 a0=a5cadf8 a1=9fa1660 a2=9ac6e40 a3=0 items=0 ppid=21358 pid=21437 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="realplay" exe="/bin/bash" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937340.080:1048): path="/usr/local/RealPlayer/realplay"
+type=AVC msg=audit(1162937340.632:1049): avc: denied { execmem } for pid=21442 comm="realplay.bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162937340.632:1049): arch=40000003 syscall=192 per=400000 success=yes exit=16302080 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=21437 pid=21442 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="realplay.bin" exe="/usr/local/RealPlayer/realplay.bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937341.152:1050): avc: denied { search } for pid=21442 comm="realplay.bin" name="usbdev4.2_ep01" dev=sysfs ino=384384 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937341.152:1050): arch=40000003 syscall=6 per=400000 success=yes exit=0 a0=1f a1=0 a2=3852ed4 a3=9478dd0 items=0 ppid=21437 pid=21442 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="realplay.bin" exe="/usr/local/RealPlayer/realplay.bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937341.216:1051): avc: denied { read } for pid=21442 comm="realplay.bin" name="part3.ogg" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937341.216:1051): arch=40000003 syscall=5 per=400000 success=yes exit=31 a0=94a7f38 a1=0 a2=180 a3=94a8008 items=0 ppid=21437 pid=21442 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="realplay.bin" exe="/usr/local/RealPlayer/realplay.bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937365.042:1052): avc: denied { search } for pid=21459 comm="gpg" name="home" dev=dm-0 ino=6547201 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1162937365.042:1052): avc: denied { search } for pid=21459 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937365.042:1052): arch=40000003 syscall=33 success=no exit=-2 a0=9c449f8 a1=4 a2=f19bbc a3=9c449c8 items=0 ppid=3575 pid=21459 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162937365.042:1053): avc: denied { search } for pid=21459 comm="gpg" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162937365.042:1053): avc: denied { read } for pid=21459 comm="gpg" name="evolution-pgp.X7ROIT" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_evolution_orbit_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937365.042:1053): arch=40000003 syscall=5 success=yes exit=3 a0=bfbf0b1a a1=8000 a2=0 a3=8000 items=0 ppid=3575 pid=21459 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162937401.704:1054): user pid=21469 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162937401.704:1055): login pid=21469 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162937401.708:1056): user pid=21469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162937401.708:1057): user pid=21469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162937401.712:1058): avc: denied { search } for pid=21470 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162937401.712:1058): avc: denied { read } for pid=21470 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937401.712:1058): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=84b9800 items=0 ppid=21469 pid=21470 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162937401.712:1059): avc: denied { getattr } for pid=21470 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937401.712:1059): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf808138 a2=239ff4 a3=84b9800 items=0 ppid=21469 pid=21470 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162937401.712:1059): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1162937401.720:1060): user pid=21469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162937401.720:1061): user pid=21469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162937572.283:1062): avc: denied { search } for pid=21498 comm="bug-buddy" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162937572.283:1062): avc: denied { write } for pid=21498 comm="bug-buddy" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162937572.283:1062): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf969ec0 a2=39b770 a3=15 items=0 ppid=21497 pid=21498 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bug-buddy" exe="/usr/bin/bug-buddy" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937572.283:1063): avc: denied { read } for pid=21498 comm="bug-buddy" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937572.283:1063): arch=40000003 syscall=33 success=yes exit=0 a0=89a4258 a1=4 a2=39b770 a3=89a4258 items=0 ppid=21497 pid=21498 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bug-buddy" exe="/usr/bin/bug-buddy" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937572.283:1064): avc: denied { getattr } for pid=21498 comm="bug-buddy" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937572.283:1064): arch=40000003 syscall=197 success=yes exit=0 a0=29 a1=bf969f5c a2=2ddff4 a3=89a4b38 items=0 ppid=21497 pid=21498 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bug-buddy" exe="/usr/bin/bug-buddy" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937572.283:1064): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162937572.851:1065): avc: denied { getattr } for pid=21500 comm="gam_server" name="inotify" dev=inotifyfs ino=339 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937572.851:1065): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfa629ac a2=239ff4 a3=3 items=0 ppid=1 pid=21500 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gam_server" exe="/usr/libexec/gam_server" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937572.851:1065): path="inotify"
+type=AVC msg=audit(1162937572.907:1066): avc: denied { getattr } for pid=21500 comm="gam_server" name="mtab" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937572.907:1066): arch=40000003 syscall=195 success=yes exit=0 a0=805a6a8 a1=bfa62798 a2=239ff4 a3=8b018d8 items=0 ppid=1 pid=21500 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gam_server" exe="/usr/libexec/gam_server" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937572.907:1066): path="/etc/mtab"
+type=AVC msg=audit(1162937572.907:1067): avc: denied { read } for pid=21500 comm="gam_server" name="mtab" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937572.907:1067): arch=40000003 syscall=5 success=yes exit=8 a0=805a6a8 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=21500 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gam_server" exe="/usr/libexec/gam_server" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937577.503:1068): avc: denied { read } for pid=21500 comm="gam_server" name="inotify" dev=inotifyfs ino=339 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937577.503:1068): arch=40000003 syscall=3 success=yes exit=16 a0=3 a1=8b08678 a2=400 a3=400 items=0 ppid=1 pid=21500 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gam_server" exe="/usr/libexec/gam_server" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937577.503:1068): path="inotify"
+type=AVC msg=audit(1162937581.079:1069): avc: denied { getattr } for pid=21498 comm="bug-buddy" name="/" dev=sysfs ino=1 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162937581.079:1069): arch=40000003 syscall=195 success=yes exit=0 a0=b79218 a1=bf96423c a2=2ddff4 a3=4 items=0 ppid=21497 pid=21498 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bug-buddy" exe="/usr/bin/bug-buddy" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937581.079:1069): path="/sys"
+type=AVC msg=audit(1162937581.375:1070): avc: denied { ptrace } for pid=21506 comm="gdb" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=process
+type=SYSCALL msg=audit(1162937581.375:1070): arch=40000003 syscall=26 success=yes exit=0 a0=10 a1=df7 a2=0 a3=0 items=0 ppid=1 pid=21506 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gdb" exe="/usr/bin/gdb" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937581.375:1071): avc: denied { sigstop } for pid=21507 comm="gdb" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=process
+type=SYSCALL msg=audit(1162937581.375:1071): arch=40000003 syscall=37 success=yes exit=0 a0=5403 a1=13 a2=df7 a3=0 items=0 ppid=21506 pid=21507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gdb" exe="/usr/bin/gdb" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162937591.840:1072): avc: denied { read } for pid=21529 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937591.840:1072): arch=40000003 syscall=33 success=yes exit=0 a0=bf879f92 a1=4 a2=de7a64 a3=bf879f92 items=0 ppid=21528 pid=21529 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162937591.864:1073): avc: denied { read } for pid=21526 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937591.864:1073): arch=40000003 syscall=33 success=yes exit=0 a0=bf944fcb a1=4 a2=de7a64 a3=bf944fcb items=0 ppid=1 pid=21526 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162937591.864:1074): avc: denied { getattr } for pid=21526 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162937591.864:1074): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf942cdc a2=239ff4 a3=9186140 items=0 ppid=1 pid=21526 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162937591.864:1074): path="/tmp/.gdmF70UIT"
+type=USER_ACCT msg=audit(1162938001.790:1075): user pid=21555 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162938001.790:1076): login pid=21555 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162938001.790:1077): user pid=21555 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162938001.790:1078): user pid=21555 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162938001.794:1079): avc: denied { execute } for pid=21556 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162938001.794:1079): avc: denied { execute_no_trans } for pid=21556 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.794:1079): arch=40000003 syscall=11 success=yes exit=0 a0=9b301b0 a1=9b30358 a2=9b30290 a3=9b30008 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162938001.794:1079): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162938001.798:1080): avc: denied { execute } for pid=21556 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162938001.798:1080): avc: denied { execute_no_trans } for pid=21556 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162938001.798:1080): avc: denied { read } for pid=21556 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.798:1080): arch=40000003 syscall=11 success=yes exit=0 a0=9b30d48 a1=9b30740 a2=9b30d60 a3=9b30740 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162938001.798:1080): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162938001.798:1080): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162938001.798:1081): avc: denied { search } for pid=21556 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162938001.798:1081): arch=40000003 syscall=33 success=yes exit=0 a0=bf7fdcd4 a1=0 a2=bf7fdbc8 a3=bf7fdbd0 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162938001.798:1082): avc: denied { read append } for pid=21556 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.798:1082): arch=40000003 syscall=5 success=yes exit=3 a0=bf7fdcd4 a1=402 a2=bf7fde98 a3=bf7fdbd0 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162938001.798:1083): avc: denied { search } for pid=21556 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162938001.798:1083): avc: denied { read } for pid=21556 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.798:1083): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9201d60 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162938001.798:1084): avc: denied { getattr } for pid=21556 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.798:1084): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf7fd784 a2=239ff4 a3=9201d60 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162938001.798:1084): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162938001.798:1085): avc: denied { search } for pid=21556 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162938001.798:1085): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9201d60 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162938001.802:1086): avc: denied { lock } for pid=21556 comm="sadc" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162938001.802:1086): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf7fdbd0 a3=3 items=0 ppid=21555 pid=21556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162938001.802:1086): path="/var/log/sa/sa07"
+type=CRED_DISP msg=audit(1162938001.810:1087): user pid=21555 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162938001.810:1088): user pid=21555 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162938205.102:1089): avc: denied { execmem } for pid=21563 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162938205.102:1089): arch=40000003 syscall=192 success=yes exit=133574656 a0=7f63000 a1=1a000 a2=7 a3=812 items=0 ppid=3158 pid=21563 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162938205.102:1090): avc: denied { execstack } for pid=21563 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1162938205.102:1090): arch=40000003 syscall=125 success=yes exit=0 a0=bfe47000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=3158 pid=21563 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162938205.126:1091): avc: denied { execute } for pid=21563 comm="gnome-screensav" name="zero" dev=tmpfs ino=1524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1162938205.126:1091): arch=40000003 syscall=192 success=yes exit=10162176 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=3158 pid=21563 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162938205.126:1091): path="/dev/zero"
+type=USER_ACCT msg=audit(1162938601.875:1092): user pid=21576 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162938601.879:1093): login pid=21576 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162938601.879:1094): user pid=21576 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162938601.879:1095): user pid=21576 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162938601.891:1096): user pid=21576 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162938601.891:1097): user pid=21576 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162939201.961:1098): user pid=21594 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162939201.961:1099): login pid=21594 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162939201.961:1100): user pid=21594 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162939201.961:1101): user pid=21594 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162939201.977:1102): user pid=21594 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162939201.977:1103): user pid=21594 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162939801.046:1104): user pid=21612 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162939801.046:1105): login pid=21612 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162939801.046:1106): user pid=21612 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162939801.046:1107): user pid=21612 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162939801.058:1108): user pid=21612 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162939801.058:1109): user pid=21612 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162940401.128:1110): user pid=21630 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162940401.128:1111): login pid=21630 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162940401.128:1112): user pid=21630 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162940401.128:1113): user pid=21630 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162940401.148:1114): user pid=21630 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162940401.148:1115): user pid=21630 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162940461.159:1116): user pid=21634 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162940461.159:1117): login pid=21634 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162940461.159:1118): user pid=21634 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162940461.159:1119): user pid=21634 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162940461.163:1120): avc: denied { getattr } for pid=21635 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.163:1120): arch=40000003 syscall=195 success=yes exit=0 a0=9ed2120 a1=bfe57f10 a2=239ff4 a3=9ed2120 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162940461.163:1120): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162940461.163:1121): avc: denied { execute } for pid=21635 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.163:1121): arch=40000003 syscall=33 success=yes exit=0 a0=9ed2120 a1=1 a2=11 a3=9ed2120 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162940461.163:1122): avc: denied { read } for pid=21635 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.163:1122): arch=40000003 syscall=33 success=yes exit=0 a0=9ed2120 a1=4 a2=ffffffff a3=9ed2120 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162940461.163:1123): avc: denied { execute_no_trans } for pid=21635 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.163:1123): arch=40000003 syscall=11 success=yes exit=0 a0=9ed2120 a1=9ed23d8 a2=9ed22f8 a3=9ed1f98 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162940461.163:1123): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162940461.167:1124): avc: denied { ioctl } for pid=21635 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.167:1124): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd36818 a3=bfd36858 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162940461.167:1124): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162940461.167:1125): avc: denied { execute } for pid=21635 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.167:1125): arch=40000003 syscall=33 success=yes exit=0 a0=93c6990 a1=1 a2=1 a3=93c6c98 items=0 ppid=21634 pid=21635 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162940461.167:1126): avc: denied { execute_no_trans } for pid=21636 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.167:1126): arch=40000003 syscall=11 success=yes exit=0 a0=93c6a10 a1=93c6ad8 a2=93c6ae8 a3=93c6758 items=0 ppid=21635 pid=21636 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162940461.167:1126): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1162940461.171:1127): avc: denied { read } for pid=21637 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.171:1127): arch=40000003 syscall=5 success=yes exit=3 a0=bfb45610 a1=0 a2=ffffffff a3=9338038 items=0 ppid=21636 pid=21637 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162940461.171:1128): avc: denied { getattr } for pid=21637 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162940461.171:1128): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfb45580 a2=239ff4 a3=3 items=0 ppid=21636 pid=21637 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162940461.171:1128): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162940461.183:1129): user pid=21634 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162940461.183:1130): user pid=21634 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162941001.245:1131): user pid=21658 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162941001.245:1132): login pid=21658 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162941001.245:1133): user pid=21658 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162941001.245:1134): user pid=21658 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162941001.257:1135): user pid=21658 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162941001.261:1136): user pid=21658 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162941601.315:1137): user pid=21676 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162941601.315:1138): login pid=21676 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162941601.319:1139): user pid=21676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162941601.319:1140): user pid=21676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162941601.351:1141): user pid=21676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162941601.351:1142): user pid=21676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162942201.420:1143): user pid=21701 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162942201.420:1144): login pid=21701 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162942201.420:1145): user pid=21701 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162942201.420:1146): user pid=21701 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162942201.432:1147): user pid=21701 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162942201.432:1148): user pid=21701 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162942801.490:1149): user pid=21719 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162942801.490:1150): login pid=21719 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162942801.494:1151): user pid=21719 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162942801.494:1152): user pid=21719 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162942801.502:1153): user pid=21719 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162942801.502:1154): user pid=21719 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162943401.563:1155): user pid=21737 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162943401.563:1156): login pid=21737 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162943401.563:1157): user pid=21737 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162943401.563:1158): user pid=21737 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162943401.579:1159): user pid=21737 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162943401.579:1160): user pid=21737 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162944001.633:1161): user pid=21755 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162944001.637:1162): login pid=21755 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162944001.637:1163): user pid=21755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162944001.637:1164): user pid=21755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162944001.649:1165): user pid=21755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162944001.649:1166): user pid=21755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162944061.656:1167): user pid=21759 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162944061.656:1168): login pid=21759 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162944061.660:1169): user pid=21759 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162944061.660:1170): user pid=21759 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162944061.676:1171): user pid=21759 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162944061.676:1172): user pid=21759 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162944601.734:1173): user pid=21783 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162944601.734:1174): login pid=21783 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162944601.734:1175): user pid=21783 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162944601.734:1176): user pid=21783 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162944601.750:1177): user pid=21783 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162944601.750:1178): user pid=21783 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162945201.816:1179): user pid=21801 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162945201.816:1180): login pid=21801 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162945201.816:1181): user pid=21801 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162945201.816:1182): user pid=21801 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162945201.828:1183): user pid=21801 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162945201.828:1184): user pid=21801 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162945801.889:1185): user pid=21821 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162945801.889:1186): login pid=21821 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162945801.889:1187): user pid=21821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162945801.889:1188): user pid=21821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162945801.905:1189): user pid=21821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162945801.905:1190): user pid=21821 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162946401.967:1191): user pid=21839 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162946401.967:1192): login pid=21839 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162946401.967:1193): user pid=21839 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162946401.967:1194): user pid=21839 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162946401.983:1195): user pid=21839 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162946401.983:1196): user pid=21839 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162947001.036:1197): user pid=21857 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162947001.036:1198): login pid=21857 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162947001.036:1199): user pid=21857 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162947001.036:1200): user pid=21857 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162947001.048:1201): user pid=21857 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162947001.048:1202): user pid=21857 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162947601.118:1203): user pid=21875 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162947601.118:1204): login pid=21875 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162947601.118:1205): user pid=21875 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162947601.118:1206): user pid=21875 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162947601.130:1207): user pid=21875 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162947601.130:1208): user pid=21875 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162947661.141:1209): user pid=21879 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162947661.141:1210): login pid=21879 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162947661.141:1211): user pid=21879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162947661.141:1212): user pid=21879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162947661.161:1213): user pid=21879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162947661.161:1214): user pid=21879 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162948201.211:1215): user pid=21903 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162948201.211:1216): login pid=21903 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162948201.215:1217): user pid=21903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162948201.215:1218): user pid=21903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162948201.231:1219): user pid=21903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162948201.235:1220): user pid=21903 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162948801.293:1221): user pid=21921 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162948801.293:1222): login pid=21921 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162948801.293:1223): user pid=21921 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162948801.293:1224): user pid=21921 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162948801.305:1225): user pid=21921 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162948801.309:1226): user pid=21921 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162949401.366:1227): user pid=21941 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162949401.370:1228): login pid=21941 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162949401.370:1229): user pid=21941 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162949401.370:1230): user pid=21941 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162949401.382:1231): user pid=21941 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162949401.382:1232): user pid=21941 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162950001.444:1233): user pid=21959 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162950001.444:1234): login pid=21959 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162950001.444:1235): user pid=21959 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162950001.444:1236): user pid=21959 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162950001.460:1237): user pid=21959 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162950001.460:1238): user pid=21959 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162950601.525:1239): user pid=21977 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162950601.525:1240): login pid=21977 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162950601.525:1241): user pid=21977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162950601.525:1242): user pid=21977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162950601.537:1243): user pid=21977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162950601.537:1244): user pid=21977 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162951201.599:1245): user pid=21995 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162951201.599:1246): login pid=21995 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162951201.599:1247): user pid=21995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162951201.599:1248): user pid=21995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162951201.615:1249): user pid=21995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162951201.615:1250): user pid=21995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162951261.626:1251): user pid=21999 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162951261.626:1252): login pid=21999 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162951261.626:1253): user pid=21999 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162951261.626:1254): user pid=21999 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162951261.646:1255): user pid=21999 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162951261.646:1256): user pid=21999 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162951801.708:1257): user pid=22023 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162951801.708:1258): login pid=22023 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162951801.708:1259): user pid=22023 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162951801.708:1260): user pid=22023 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162951801.720:1261): user pid=22023 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162951801.720:1262): user pid=22023 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162952401.782:1263): user pid=22041 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162952401.782:1264): login pid=22041 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162952401.782:1265): user pid=22041 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162952401.782:1266): user pid=22041 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162952401.794:1267): user pid=22041 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162952401.794:1268): user pid=22041 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162953001.863:1269): user pid=22061 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162953001.863:1270): login pid=22061 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162953001.863:1271): user pid=22061 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162953001.863:1272): user pid=22061 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162953001.875:1273): user pid=22061 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162953001.879:1274): user pid=22061 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162953601.933:1275): user pid=22079 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162953601.933:1276): login pid=22079 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162953601.937:1277): user pid=22079 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162953601.937:1278): user pid=22079 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162953601.949:1279): user pid=22079 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162953601.949:1280): user pid=22079 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162954201.014:1281): user pid=22097 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162954201.014:1282): login pid=22097 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162954201.014:1283): user pid=22097 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162954201.014:1284): user pid=22097 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162954201.026:1285): user pid=22097 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162954201.030:1286): user pid=22097 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162954801.092:1287): user pid=22115 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162954801.092:1288): login pid=22115 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162954801.092:1289): user pid=22115 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162954801.092:1290): user pid=22115 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162954801.104:1291): user pid=22115 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162954801.104:1292): user pid=22115 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162954861.111:1293): user pid=22119 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162954861.111:1294): login pid=22119 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162954861.115:1295): user pid=22119 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162954861.115:1296): user pid=22119 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162954861.131:1297): user pid=22119 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162954861.131:1298): user pid=22119 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162955401.189:1299): user pid=22143 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162955401.189:1300): login pid=22143 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162955401.189:1301): user pid=22143 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162955401.189:1302): user pid=22143 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162955401.205:1303): user pid=22143 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162955401.205:1304): user pid=22143 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162956001.267:1305): user pid=22162 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162956001.267:1306): login pid=22162 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162956001.267:1307): user pid=22162 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162956001.267:1308): user pid=22162 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162956001.279:1309): user pid=22162 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162956001.279:1310): user pid=22162 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162956601.348:1311): user pid=22182 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162956601.348:1312): login pid=22182 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162956601.348:1313): user pid=22182 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162956601.348:1314): user pid=22182 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162956601.364:1315): user pid=22182 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162956601.364:1316): user pid=22182 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162957201.438:1317): user pid=22200 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162957201.438:1318): login pid=22200 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162957201.438:1319): user pid=22200 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162957201.438:1320): user pid=22200 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162957201.450:1321): user pid=22200 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162957201.450:1322): user pid=22200 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162957801.511:1323): user pid=22218 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162957801.511:1324): login pid=22218 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162957801.511:1325): user pid=22218 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162957801.511:1326): user pid=22218 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162957801.527:1327): user pid=22218 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162957801.527:1328): user pid=22218 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162958401.597:1329): user pid=22236 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162958401.597:1330): login pid=22236 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162958401.597:1331): user pid=22236 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162958401.597:1332): user pid=22236 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162958401.609:1333): user pid=22236 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162958401.609:1334): user pid=22236 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162958461.620:1335): user pid=22239 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162958461.620:1336): login pid=22239 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162958461.620:1337): user pid=22239 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162958461.620:1338): user pid=22239 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162958461.636:1339): user pid=22239 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162958461.636:1340): user pid=22239 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162959001.690:1341): user pid=22264 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162959001.690:1342): login pid=22264 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162959001.694:1343): user pid=22264 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162959001.694:1344): user pid=22264 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162959001.706:1345): user pid=22264 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162959001.706:1346): user pid=22264 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162959601.776:1347): user pid=22282 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162959601.776:1348): login pid=22282 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162959601.776:1349): user pid=22282 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162959601.776:1350): user pid=22282 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162959601.788:1351): user pid=22282 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162959601.792:1352): user pid=22282 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162960201.853:1353): user pid=22302 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162960201.853:1354): login pid=22302 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162960201.853:1355): user pid=22302 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162960201.853:1356): user pid=22302 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162960201.865:1357): user pid=22302 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162960201.869:1358): user pid=22302 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162960801.927:1359): user pid=22320 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162960801.927:1360): login pid=22320 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162960801.927:1361): user pid=22320 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162960801.927:1362): user pid=22320 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162960801.971:1363): user pid=22320 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162960801.971:1364): user pid=22320 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162961401.040:1365): user pid=22338 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162961401.040:1366): login pid=22338 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162961401.040:1367): user pid=22338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162961401.040:1368): user pid=22338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162961401.052:1369): user pid=22338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162961401.052:1370): user pid=22338 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162961581.067:1371): user pid=22344 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162961581.067:1372): login pid=22344 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162961581.067:1373): user pid=22344 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162961581.067:1374): user pid=22344 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162961581.115:1375): avc: denied { getattr } for pid=22345 comm="sa2" name="sa07" dev=dm-0 ino=14600351 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162961581.115:1375): arch=40000003 syscall=195 success=yes exit=0 a0=93090b0 a1=bfe26d58 a2=239ff4 a3=9309080 items=0 ppid=22344 pid=22345 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa2" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162961581.115:1375): path="/var/log/sa/sa07"
+type=AVC msg=audit(1162961581.115:1376): avc: denied { write } for pid=22347 comm="sa2" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=AVC msg=audit(1162961581.115:1376): avc: denied { add_name } for pid=22347 comm="sa2" name="sar07" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=AVC msg=audit(1162961581.115:1376): avc: denied { create } for pid=22347 comm="sa2" name="sar07" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162961581.115:1376): arch=40000003 syscall=5 success=yes exit=3 a0=9307a00 a1=8241 a2=1b6 a3=8241 items=0 ppid=22345 pid=22347 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa2" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162961581.199:1377): avc: denied { write } for pid=22347 comm="sar" name="sar07" dev=dm-0 ino=14600270 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162961581.199:1377): arch=40000003 syscall=4 success=yes exit=0 a0=1 a1=8051aa5 a2=0 a3=0 items=0 ppid=22345 pid=22347 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sar" exe="/usr/bin/sar" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162961581.199:1377): path="/var/log/sa/sar07"
+type=AVC msg=audit(1162961581.307:1378): avc: denied { getattr } for pid=22348 comm="find" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162961581.307:1378): arch=40000003 syscall=196 success=yes exit=0 a0=bfcbff2b a1=bfcbe708 a2=239ff4 a3=bfcbff2b items=0 ppid=22345 pid=22348 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162961581.307:1378): path="/var/log/sa"
+type=AVC msg=audit(1162961581.311:1379): avc: denied { read } for pid=22348 comm="find" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162961581.311:1379): arch=40000003 syscall=5 success=yes exit=4 a0=bfcbff2b a1=18800 a2=bfcbe5b8 a3=ffffffff items=0 ppid=22345 pid=22348 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162961581.359:1380): avc: denied { remove_name } for pid=22349 comm="rm" name="sar29" dev=dm-0 ino=14600293 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=AVC msg=audit(1162961581.359:1380): avc: denied { unlink } for pid=22349 comm="rm" name="sar29" dev=dm-0 ino=14600293 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162961581.359:1380): arch=40000003 syscall=10 success=yes exit=0 a0=bfa91f5b a1=0 a2=805277c a3=bfa91844 items=0 ppid=22348 pid=22349 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162961581.547:1381): user pid=22344 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162961581.547:1382): user pid=22344 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162962001.598:1383): user pid=22367 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162962001.598:1384): login pid=22367 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162962001.598:1385): user pid=22367 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162962001.602:1386): user pid=22367 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162962001.618:1387): user pid=22367 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162962001.618:1388): user pid=22367 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162962061.629:1389): user pid=22370 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162962061.629:1390): login pid=22370 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162962061.629:1391): user pid=22370 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162962061.629:1392): user pid=22370 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162962061.649:1393): user pid=22370 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162962061.649:1394): user pid=22370 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162962601.711:1395): user pid=22395 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162962601.711:1396): login pid=22395 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162962601.711:1397): user pid=22395 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162962601.711:1398): user pid=22395 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162962601.723:1399): user pid=22395 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162962601.723:1400): user pid=22395 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162963201.785:1401): user pid=22413 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162963201.785:1402): login pid=22413 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162963201.785:1403): user pid=22413 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162963201.785:1404): user pid=22413 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162963201.801:1405): user pid=22413 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162963201.801:1406): user pid=22413 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162963801.870:1407): user pid=22433 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162963801.870:1408): login pid=22433 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162963801.870:1409): user pid=22433 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162963801.870:1410): user pid=22433 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162963801.882:1411): user pid=22433 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162963801.882:1412): user pid=22433 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162964401.948:1413): user pid=22451 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162964401.948:1414): login pid=22451 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162964401.952:1415): user pid=22451 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162964401.952:1416): user pid=22451 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162964401.964:1417): user pid=22451 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162964401.964:1418): user pid=22451 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162965001.033:1419): user pid=22469 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162965001.033:1420): login pid=22469 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162965001.033:1421): user pid=22469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162965001.033:1422): user pid=22469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162965001.049:1423): user pid=22469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162965001.049:1424): user pid=22469 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162965601.115:1425): user pid=22487 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162965601.115:1426): login pid=22487 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162965601.115:1427): user pid=22487 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162965601.115:1428): user pid=22487 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162965601.127:1429): user pid=22487 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162965601.127:1430): user pid=22487 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162965661.134:1431): user pid=22490 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162965661.134:1432): login pid=22490 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162965661.138:1433): user pid=22490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162965661.138:1434): user pid=22490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162965661.154:1435): user pid=22490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162965661.154:1436): user pid=22490 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162966201.212:1437): user pid=22515 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162966201.212:1438): login pid=22515 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162966201.212:1439): user pid=22515 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162966201.216:1440): user pid=22515 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162966201.236:1441): user pid=22515 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162966201.236:1442): user pid=22515 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162966801.310:1443): user pid=22533 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162966801.310:1444): login pid=22533 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162966801.310:1445): user pid=22533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162966801.310:1446): user pid=22533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162966801.326:1447): user pid=22533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162966801.326:1448): user pid=22533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162967401.387:1449): user pid=22553 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162967401.387:1450): login pid=22553 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162967401.387:1451): user pid=22553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162967401.387:1452): user pid=22553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162967401.399:1453): user pid=22553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162967401.399:1454): user pid=22553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162968001.473:1455): user pid=22571 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162968001.473:1456): login pid=22571 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162968001.473:1457): user pid=22571 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162968001.473:1458): user pid=22571 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162968001.485:1459): user pid=22571 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162968001.485:1460): user pid=22571 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162968601.546:1461): user pid=22589 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162968601.546:1462): login pid=22589 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162968601.546:1463): user pid=22589 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162968601.546:1464): user pid=22589 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162968601.562:1465): user pid=22589 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162968601.562:1466): user pid=22589 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162969201.640:1467): user pid=22607 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162969201.640:1468): login pid=22607 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162969201.640:1469): user pid=22607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162969201.640:1470): user pid=22607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162969201.672:1471): user pid=22607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162969201.672:1472): user pid=22607 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162969261.683:1473): user pid=22610 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162969261.683:1474): login pid=22610 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162969261.683:1475): user pid=22610 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162969261.683:1476): user pid=22610 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162969261.699:1477): user pid=22610 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162969261.703:1478): user pid=22610 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162969801.761:1479): user pid=22635 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162969801.765:1480): login pid=22635 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162969801.765:1481): user pid=22635 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162969801.765:1482): user pid=22635 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162969801.777:1483): user pid=22635 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162969801.777:1484): user pid=22635 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162970401.847:1485): user pid=22653 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162970401.847:1486): login pid=22653 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162970401.847:1487): user pid=22653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162970401.847:1488): user pid=22653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162970401.883:1489): user pid=22653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162970401.883:1490): user pid=22653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162971001.948:1491): user pid=22673 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162971001.948:1492): login pid=22673 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162971001.948:1493): user pid=22673 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162971001.948:1494): user pid=22673 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162971001.960:1495): user pid=22673 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162971001.960:1496): user pid=22673 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162971601.026:1497): user pid=22691 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162971601.026:1498): login pid=22691 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162971601.026:1499): user pid=22691 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162971601.026:1500): user pid=22691 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162971601.042:1501): user pid=22691 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162971601.042:1502): user pid=22691 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162972201.107:1503): user pid=22709 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162972201.107:1504): login pid=22709 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162972201.107:1505): user pid=22709 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162972201.107:1506): user pid=22709 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162972201.143:1507): user pid=22709 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162972201.143:1508): user pid=22709 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162972801.197:1509): user pid=22727 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162972801.197:1510): login pid=22727 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162972801.201:1511): user pid=22727 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162972801.201:1512): user pid=22727 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162972801.213:1513): user pid=22727 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162972801.213:1514): user pid=22727 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162972861.224:1515): user pid=22730 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162972861.224:1516): login pid=22730 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162972861.224:1517): user pid=22730 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162972861.228:1518): user pid=22730 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162972861.244:1519): user pid=22730 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162972861.248:1520): user pid=22730 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162973401.298:1521): user pid=22755 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162973401.298:1522): login pid=22755 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162973401.298:1523): user pid=22755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162973401.298:1524): user pid=22755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162973401.314:1525): user pid=22755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162973401.314:1526): user pid=22755 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162974001.376:1527): user pid=22773 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162974001.376:1528): login pid=22773 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162974001.376:1529): user pid=22773 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162974001.380:1530): user pid=22773 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162974001.392:1531): user pid=22773 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162974001.392:1532): user pid=22773 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162974601.461:1533): user pid=22793 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162974601.461:1534): login pid=22793 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162974601.461:1535): user pid=22793 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162974601.461:1536): user pid=22793 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162974601.473:1537): user pid=22793 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162974601.473:1538): user pid=22793 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162975201.531:1539): user pid=22811 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162975201.531:1540): login pid=22811 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162975201.535:1541): user pid=22811 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162975201.535:1542): user pid=22811 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162975201.547:1543): user pid=22811 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162975201.547:1544): user pid=22811 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162975801.608:1545): user pid=22829 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162975801.608:1546): login pid=22829 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162975801.608:1547): user pid=22829 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162975801.608:1548): user pid=22829 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162975801.624:1549): user pid=22829 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162975801.624:1550): user pid=22829 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162976401.690:1551): user pid=22847 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162976401.690:1552): login pid=22847 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162976401.690:1553): user pid=22847 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162976401.690:1554): user pid=22847 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162976401.702:1555): user pid=22847 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162976401.702:1556): user pid=22847 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162976461.709:1557): user pid=22850 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162976461.709:1558): login pid=22850 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162976461.713:1559): user pid=22850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162976461.713:1560): user pid=22850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162976461.729:1561): user pid=22850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162976461.729:1562): user pid=22850 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162976521.737:1563): user pid=22862 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162976521.737:1564): login pid=22862 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162976521.737:1565): user pid=22862 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162976521.737:1566): user pid=22862 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162976521.793:1567): avc: denied { getattr } for pid=22864 comm="0anacron" name="anacron" dev=dm-0 ino=10320623 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:anacron_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.793:1567): arch=40000003 syscall=195 success=yes exit=0 a0=92ba8b0 a1=bf96f830 a2=2e7ff4 a3=92ba8b0 items=0 ppid=22863 pid=22864 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0anacron" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976521.793:1567): path="/usr/sbin/anacron"
+type=AVC msg=audit(1162976521.793:1568): avc: denied { execute } for pid=22864 comm="0anacron" name="anacron" dev=dm-0 ino=10320623 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:anacron_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.793:1568): arch=40000003 syscall=33 success=yes exit=0 a0=92ba8b0 a1=1 a2=11 a3=92ba8b0 items=0 ppid=22863 pid=22864 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0anacron" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.793:1569): avc: denied { read } for pid=22864 comm="0anacron" name="anacron" dev=dm-0 ino=10320623 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:anacron_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.793:1569): arch=40000003 syscall=33 success=yes exit=0 a0=92ba8b0 a1=4 a2=ffffffff a3=92ba8b0 items=0 ppid=22863 pid=22864 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0anacron" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.793:1570): avc: denied { execute_no_trans } for pid=22866 comm="0anacron" name="anacron" dev=dm-0 ino=10320623 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:anacron_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.793:1570): arch=40000003 syscall=11 success=yes exit=0 a0=92ba8b0 a1=92bac30 a2=92bab48 a3=92ba6e0 items=0 ppid=22864 pid=22866 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976521.793:1570): path="/usr/sbin/anacron"
+type=AVC msg=audit(1162976521.809:1571): avc: denied { search } for pid=22866 comm="anacron" name="lock" dev=dm-0 ino=14436610 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976521.809:1571): arch=40000003 syscall=10 success=no exit=-2 a0=804c93a a1=ffffffcc a2=bf916f04 a3=1 items=0 ppid=22864 pid=22866 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.813:1572): avc: denied { write } for pid=22867 comm="anacron" name="subsys" dev=dm-0 ino=14436611 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976521.813:1572): avc: denied { add_name } for pid=22867 comm="anacron" name="anacron" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976521.813:1572): avc: denied { create } for pid=22867 comm="anacron" name="anacron" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.813:1572): arch=40000003 syscall=5 success=yes exit=3 a0=804c93a a1=c1 a2=180 a3=1 items=0 ppid=1 pid=22867 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.833:1573): avc: denied { write } for pid=22867 comm="anacron" name="cron.daily" dev=dm-0 ino=14437389 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.833:1573): arch=40000003 syscall=5 success=yes exit=3 a0=92c2858 a1=42 a2=180 a3=92c2820 items=0 ppid=1 pid=22867 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.833:1574): avc: denied { setattr } for pid=22867 comm="anacron" name="cron.daily" dev=dm-0 ino=14437389 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.833:1574): arch=40000003 syscall=207 success=yes exit=0 a0=3 a1=0 a2=0 a3=92c2820 items=0 ppid=1 pid=22867 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.813:1575): avc: denied { getattr } for pid=22863 comm="run-parts" name="logwatch.pl" dev=dm-0 ino=10741010 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.813:1575): arch=40000003 syscall=195 success=yes exit=0 a0=94a18b0 a1=bf9d7bd8 a2=239ff4 a3=94a21e8 items=0 ppid=22862 pid=22863 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976521.813:1575): path="/usr/share/logwatch/scripts/logwatch.pl"
+type=AVC msg=audit(1162976521.861:1576): avc: denied { execute } for pid=22863 comm="run-parts" name="logwatch.pl" dev=dm-0 ino=10741010 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.861:1576): arch=40000003 syscall=33 success=yes exit=0 a0=94a18b0 a1=1 a2=1 a3=94a1c88 items=0 ppid=22862 pid=22863 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976521.861:1577): avc: denied { execute_no_trans } for pid=22868 comm="run-parts" name="logwatch.pl" dev=dm-0 ino=10741010 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976521.861:1577): avc: denied { read } for pid=22868 comm="run-parts" name="logwatch.pl" dev=dm-0 ino=10741010 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976521.865:1578): avc: denied { remove_name } for pid=22867 comm="anacron" name="anacron" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976521.865:1578): avc: denied { unlink } for pid=22867 comm="anacron" name="anacron" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976521.865:1578): arch=40000003 syscall=10 success=yes exit=0 a0=804c93a a1=23ac98 a2=239ff4 a3=1 items=0 ppid=1 pid=22867 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="anacron" exe="/usr/sbin/anacron" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=SYSCALL msg=audit(1162976521.861:1577): arch=40000003 syscall=11 success=yes exit=0 a0=94a18f0 a1=94a1f88 a2=94a2098 a3=94a1fc0 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976521.861:1577): path="/usr/share/logwatch/scripts/logwatch.pl"
+type=AVC_PATH msg=audit(1162976521.861:1577): path="/usr/share/logwatch/scripts/logwatch.pl"
+type=AVC msg=audit(1162976522.029:1579): avc: denied { ioctl } for pid=22868 comm="0logwatch" name="logwatch.pl" dev=dm-0 ino=10741010 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976522.029:1579): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfbd6da8 a3=bfbd6de8 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976522.029:1579): path="/usr/share/logwatch/scripts/logwatch.pl"
+type=AVC msg=audit(1162976522.821:1580): avc: denied { getattr } for pid=22868 comm="0logwatch" name="Logwatch.pm" dev=dm-0 ino=10740999 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976522.821:1580): arch=40000003 syscall=195 success=yes exit=0 a0=8a74a20 a1=bfbd694c a2=239ff4 a3=8a74a20 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976522.821:1580): path="/usr/share/logwatch/lib/Logwatch.pm"
+type=AVC msg=audit(1162976522.821:1581): avc: denied { read } for pid=22868 comm="0logwatch" name="Logwatch.pm" dev=dm-0 ino=10740999 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976522.821:1581): arch=40000003 syscall=5 success=yes exit=3 a0=8a756e8 a1=8000 a2=0 a3=8000 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976522.821:1582): avc: denied { ioctl } for pid=22868 comm="0logwatch" name="Logwatch.pm" dev=dm-0 ino=10740999 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976522.821:1582): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfbd6748 a3=bfbd6788 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976522.821:1582): path="/usr/share/logwatch/lib/Logwatch.pm"
+type=AVC msg=audit(1162976523.141:1583): avc: denied { read } for pid=22868 comm="0logwatch" name="httpd" dev=dm-0 ino=14436676 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.141:1583): arch=40000003 syscall=5 success=yes exit=3 a0=bfbcce78 a1=18800 a2=bfbccd3c a3=bfbd0f1c items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.185:1584): avc: denied { getattr } for pid=22868 comm="0logwatch" name="httpd" dev=dm-0 ino=14436676 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.185:1584): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfbccd3c a2=239ff4 a3=3 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.185:1584): path="/var/log/httpd"
+type=AVC msg=audit(1162976523.205:1585): avc: denied { search } for pid=22868 comm="0logwatch" name="httpd" dev=dm-0 ino=14436676 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_log_t:s0 tclass=dir
+type=AVC msg=audit(1162976523.205:1585): avc: denied { getattr } for pid=22868 comm="0logwatch" name="access_log" dev=dm-0 ino=14437011 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.205:1585): arch=40000003 syscall=196 success=yes exit=0 a0=bfbcbd98 a1=bfbcad38 a2=239ff4 a3=bfbcad38 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.205:1585): path="/var/log/httpd/access_log"
+type=AVC msg=audit(1162976523.213:1586): avc: denied { getattr } for pid=22868 comm="0logwatch" name="maillog" dev=dm-0 ino=14438079 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.213:1586): arch=40000003 syscall=196 success=yes exit=0 a0=bfbcde78 a1=bfbcce18 a2=239ff4 a3=bfbcce18 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.213:1586): path="/var/log/maillog"
+type=AVC msg=audit(1162976523.249:1587): avc: denied { read } for pid=22868 comm="0logwatch" name="samba" dev=dm-0 ino=14436668 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.249:1587): arch=40000003 syscall=5 success=yes exit=3 a0=bfbcce78 a1=18800 a2=bfbccd3c a3=bfbd0f08 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.261:1588): avc: denied { getattr } for pid=22868 comm="0logwatch" name="samba" dev=dm-0 ino=14436668 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.261:1588): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfbccd3c a2=239ff4 a3=3 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.261:1588): path="/var/log/samba"
+type=AVC msg=audit(1162976523.265:1589): avc: denied { search } for pid=22868 comm="0logwatch" name="samba" dev=dm-0 ino=14436668 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_log_t:s0 tclass=dir
+type=AVC msg=audit(1162976523.265:1589): avc: denied { getattr } for pid=22868 comm="0logwatch" name="smbd.log.3" dev=dm-0 ino=14437190 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.265:1589): arch=40000003 syscall=196 success=yes exit=0 a0=bfbcbd98 a1=bfbcad38 a2=239ff4 a3=bfbcad38 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.265:1589): path="/var/log/samba/smbd.log.3"
+type=AVC msg=audit(1162976523.317:1590): avc: denied { read } for pid=22868 comm="0logwatch" name="logwatch" dev=dm-0 ino=14437047 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.317:1590): arch=40000003 syscall=5 success=yes exit=3 a0=8a91338 a1=18800 a2=870006 a3=8a3ec70 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.317:1591): avc: denied { getattr } for pid=22868 comm="0logwatch" name="logwatch" dev=dm-0 ino=14437047 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.317:1591): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfbd6fcc a2=239ff4 a3=3 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.317:1591): path="/var/cache/logwatch"
+type=AVC msg=audit(1162976523.337:1592): avc: denied { search } for pid=22868 comm="0logwatch" name="logwatch" dev=dm-0 ino=14437047 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=AVC msg=audit(1162976523.337:1592): avc: denied { write } for pid=22868 comm="0logwatch" name="logwatch" dev=dm-0 ino=14437047 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=AVC msg=audit(1162976523.337:1592): avc: denied { add_name } for pid=22868 comm="0logwatch" name="logwatch.ueRIpGof" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=AVC msg=audit(1162976523.337:1592): avc: denied { create } for pid=22868 comm="0logwatch" name="logwatch.ueRIpGof" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976523.337:1592): arch=40000003 syscall=39 success=yes exit=0 a0=8ac9900 a1=1c0 a2=a095cc a3=8ac9900 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.557:1593): avc: denied { create } for pid=22881 comm="sh" name="maillog-archive" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.557:1593): arch=40000003 syscall=5 success=yes exit=3 a0=8320c48 a1=8441 a2=1b6 a3=8441 items=0 ppid=22880 pid=22881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.557:1594): avc: denied { getattr } for pid=22881 comm="cat" name="maillog-archive" dev=dm-0 ino=14796674 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.557:1594): arch=40000003 syscall=197 success=yes exit=0 a0=1 a1=bf9545a4 a2=35eff4 a3=804bb4b items=0 ppid=22880 pid=22881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.557:1594): path="/var/cache/logwatch/logwatch.ueRIpGof/maillog-archive"
+type=AVC msg=audit(1162976523.561:1595): avc: denied { read } for pid=22881 comm="cat" name="maillog.1" dev=dm-0 ino=14437116 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.561:1595): arch=40000003 syscall=5 success=yes exit=3 a0=bf954e5f a1=8000 a2=0 a3=8000 items=0 ppid=22880 pid=22881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.589:1596): avc: denied { append } for pid=22881 comm="cat" name="maillog-archive" dev=dm-0 ino=14796674 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.589:1596): arch=40000003 syscall=4 success=yes exit=4096 a0=1 a1=8c1e000 a2=1000 a3=1000 items=0 ppid=22880 pid=22881 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.589:1596): path="/var/cache/logwatch/logwatch.ueRIpGof/maillog-archive"
+type=AVC msg=audit(1162976523.605:1597): avc: denied { read } for pid=22883 comm="cat" name="maillog-archive" dev=dm-0 ino=14796674 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.605:1597): arch=40000003 syscall=5 success=yes exit=3 a0=bfe14e2b a1=8000 a2=0 a3=8000 items=0 ppid=22882 pid=22883 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976523.613:1598): avc: denied { ioctl } for pid=22886 comm="perl" name="maillog" dev=dm-0 ino=14796675 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.613:1598): arch=40000003 syscall=54 success=no exit=-25 a0=1 a1=5401 a2=bfd93568 a3=bfd935a8 items=0 ppid=22882 pid=22886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.613:1598): path="/var/cache/logwatch/logwatch.ueRIpGof/maillog"
+type=AVC msg=audit(1162976523.813:1599): avc: denied { write } for pid=22886 comm="perl" name="maillog" dev=dm-0 ino=14796675 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976523.813:1599): arch=40000003 syscall=4 success=yes exit=1255 a0=1 a1=855af88 a2=4e7 a3=855af88 items=0 ppid=22882 pid=22886 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976523.813:1599): path="/var/cache/logwatch/logwatch.ueRIpGof/maillog"
+type=AVC msg=audit(1162976524.497:1600): avc: denied { read } for pid=22935 comm="cat" name="smbd.log.3" dev=dm-0 ino=14437190 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976524.497:1600): arch=40000003 syscall=5 success=yes exit=3 a0=bfbfcda6 a1=8000 a2=0 a3=8000 items=0 ppid=22934 pid=22935 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976525.013:1601): avc: denied { read } for pid=22966 comm="cat" name="access_log" dev=dm-0 ino=14437011 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976525.013:1601): arch=40000003 syscall=5 success=yes exit=3 a0=bf835e58 a1=8000 a2=0 a3=8000 items=0 ppid=22965 pid=22966 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976526.709:1602): avc: denied { read } for pid=23215 comm="perl" name="mail" dev=dm-0 ino=14437156 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=lnk_file
+type=AVC msg=audit(1162976526.709:1602): avc: denied { getattr } for pid=23215 comm="perl" name="mail" dev=dm-0 ino=14436619 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976526.709:1602): arch=40000003 syscall=195 success=yes exit=0 a0=8b10d60 a1=8ac30c8 a2=239ff4 a3=8b10d60 items=0 ppid=22868 pid=23215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976526.709:1602): path="/var/spool/mail"
+type=AVC msg=audit(1162976526.709:1603): avc: denied { read } for pid=23215 comm="perl" name="mail" dev=dm-0 ino=14436619 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976526.709:1603): arch=40000003 syscall=5 success=yes exit=3 a0=8ad89c8 a1=18800 a2=8ac3008 a3=8b9c8d0 items=0 ppid=22868 pid=23215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976526.709:1604): avc: denied { search } for pid=23215 comm="perl" name="mail" dev=dm-0 ino=14436619 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=dir
+type=AVC msg=audit(1162976526.709:1604): avc: denied { getattr } for pid=23215 comm="perl" name="kmacmill" dev=dm-0 ino=14437393 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976526.709:1604): arch=40000003 syscall=195 success=yes exit=0 a0=8b10d60 a1=8ac30c8 a2=239ff4 a3=8b3cee8 items=0 ppid=22868 pid=23215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976526.709:1604): path="/var/spool/mail/kmacmill"
+type=AVC msg=audit(1162976526.985:1605): avc: denied { getattr } for pid=23280 comm="perl" name="ntpd" dev=dm-0 ino=10324369 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ntpd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976526.985:1605): arch=40000003 syscall=195 success=yes exit=0 a0=823be80 a1=81e20c8 a2=239ff4 a3=823be80 items=0 ppid=23276 pid=23280 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976526.985:1605): path="/usr/sbin/ntpd"
+type=AVC msg=audit(1162976527.097:1606): avc: denied { read } for pid=23282 comm="df" name="mtab" dev=dm-0 ino=9330919 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976527.097:1606): arch=40000003 syscall=5 success=yes exit=3 a0=80505b1 a1=0 a2=1b6 a3=9c97048 items=0 ppid=23281 pid=23282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="df" exe="/bin/df" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.097:1607): avc: denied { getattr } for pid=23282 comm="df" name="mtab" dev=dm-0 ino=9330919 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976527.097:1607): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd13290 a2=239ff4 a3=9c97048 items=0 ppid=23281 pid=23282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="df" exe="/bin/df" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976527.097:1607): path="/etc/mtab"
+type=AVC msg=audit(1162976527.101:1608): avc: denied { search } for pid=23282 comm="df" name="nfs" dev=dm-0 ino=14437242 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976527.101:1608): arch=40000003 syscall=268 success=yes exit=0 a0=9c98440 a1=54 a2=bfd12f94 a3=bfd12f94 items=0 ppid=23281 pid=23282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="df" exe="/bin/df" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.101:1609): avc: denied { search } for pid=23282 comm="df" name="media" dev=dm-0 ino=6972769 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976527.101:1609): arch=40000003 syscall=268 success=yes exit=0 a0=9c984a0 a1=54 a2=bfd12f94 a3=bfd12f94 items=0 ppid=23281 pid=23282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="df" exe="/bin/df" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.393:1610): avc: denied { setattr } for pid=22868 comm="0logwatch" name="logwatch.ueRIpGof" dev=dm-0 ino=14796673 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976527.393:1610): arch=40000003 syscall=15 success=yes exit=0 a0=8dc72b0 a1=1c0 a2=a095cc a3=8dc72b0 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.393:1611): avc: denied { remove_name } for pid=22868 comm="0logwatch" name="maillog" dev=dm-0 ino=14796675 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=AVC msg=audit(1162976527.393:1611): avc: denied { unlink } for pid=22868 comm="0logwatch" name="maillog" dev=dm-0 ino=14796675 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976527.393:1611): arch=40000003 syscall=10 success=yes exit=0 a0=8abda30 a1=87f0068 a2=a095cc a3=8abda30 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.393:1612): avc: denied { rmdir } for pid=22868 comm="0logwatch" name="logwatch.ueRIpGof" dev=dm-0 ino=14796673 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logwatch_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976527.393:1612): arch=40000003 syscall=40 success=yes exit=0 a0=8dc72b0 a1=885adec a2=a095cc a3=8dc72b0 items=0 ppid=22863 pid=22868 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.461:1613): avc: denied { search } for pid=23290 comm="procmail" name="root" dev=dm-0 ino=13127137 scontext=system_u:system_r:procmail_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976527.461:1613): arch=40000003 syscall=5 success=no exit=-2 a0=9000d90 a1=8000 a2=0 a3=8000 items=0 ppid=23285 pid=23290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
+type=AVC msg=audit(1162976527.493:1614): avc: denied { chown } for pid=23289 comm="chown" capability=0 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=capability
+type=SYSCALL msg=audit(1162976527.493:1614): arch=40000003 syscall=212 success=yes exit=0 a0=8274da8 a1=3a a2=ffffffff a3=0 items=0 ppid=23286 pid=23289 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chown" exe="/bin/chown" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976527.789:1615): avc: denied { link } for pid=23299 comm="runuser" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=key
+type=SYSCALL msg=audit(1162976527.789:1615): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=3a items=0 ppid=23286 pid=23299 auid=0 uid=58 gid=58 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="runuser" exe="/sbin/runuser" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=USER_START msg=audit(1162976528.013:1616): user pid=23299 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=CRED_ACQ msg=audit(1162976528.013:1617): user pid=23299 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1162976528.045:1618): avc: denied { ioctl } for pid=23300 comm="beagle-build-in" name="beagle-build-index" dev=dm-0 ino=10321858 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1618): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bff79158 a3=bff79198 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976528.045:1618): path="/usr/sbin/beagle-build-index"
+type=AVC msg=audit(1162976528.045:1619): avc: denied { getattr } for pid=23300 comm="beagle-build-in" name="beagle-build-index" dev=dm-0 ino=10321858 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1619): arch=40000003 syscall=197 success=yes exit=0 a0=ff a1=bff7924c a2=239ff4 a3=0 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976528.045:1619): path="/usr/sbin/beagle-build-index"
+type=AVC msg=audit(1162976528.045:1620): avc: denied { getattr } for pid=23300 comm="beagle-build-in" name="mono" dev=dm-0 ino=10337402 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1620): arch=40000003 syscall=195 success=yes exit=0 a0=9c32858 a1=bff78e90 a2=239ff4 a3=9c32858 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976528.045:1620): path="/usr/bin/mono"
+type=AVC msg=audit(1162976528.045:1621): avc: denied { execute } for pid=23300 comm="beagle-build-in" name="mono" dev=dm-0 ino=10337402 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1621): arch=40000003 syscall=33 success=yes exit=0 a0=9c32858 a1=1 a2=11 a3=9c32858 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976528.045:1622): avc: denied { read } for pid=23300 comm="beagle-build-in" name="mono" dev=dm-0 ino=10337402 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1622): arch=40000003 syscall=33 success=yes exit=0 a0=9c32858 a1=4 a2=ffffffff a3=9c32858 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976528.045:1623): avc: denied { execute_no_trans } for pid=23300 comm="beagle-build-in" name="mono" dev=dm-0 ino=10337402 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.045:1623): arch=40000003 syscall=11 success=yes exit=0 a0=9c322a8 a1=9c31fb0 a2=9c32a40 a3=9c31fb0 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976528.045:1623): path="/usr/bin/mono"
+type=AVC msg=audit(1162976528.333:1624): avc: denied { execheap } for pid=23300 comm="mono" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=AVC msg=audit(1162976528.333:1624): avc: denied { execmem } for pid=23300 comm="mono" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1162976528.333:1624): arch=40000003 syscall=125 success=yes exit=0 a0=8ea2000 a1=1000 a2=7 a3=1 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976528.709:1625): avc: denied { read } for pid=23300 comm="beagle-build-in" name="applications" dev=dm-0 ino=14567751 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976528.709:1625): arch=40000003 syscall=5 success=yes exit=10 a0=8f001e0 a1=18800 a2=49f60 a3=8f001e0 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976528.789:1626): avc: denied { getattr } for pid=23300 comm="beagle-build-in" name="FileAttributesStore.db" dev=dm-0 ino=14567759 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.789:1626): arch=40000003 syscall=195 success=yes exit=0 a0=8f00b48 a1=bff77c20 a2=239ff4 a3=bff77c20 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976528.789:1626): path="/var/cache/beagle/indexes/applications/FileAttributesStore.db"
+type=AVC msg=audit(1162976528.989:1627): avc: denied { read } for pid=23300 comm="beagle-build-in" name="version" dev=dm-0 ino=14567757 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976528.989:1627): arch=40000003 syscall=5 success=yes exit=11 a0=8fa5200 a1=8000 a2=0 a3=8000 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976529.498:1628): avc: denied { write } for pid=23300 comm="beagle-build-in" name="FileAttributesStore.db" dev=dm-0 ino=14567759 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976529.498:1628): arch=40000003 syscall=5 success=yes exit=12 a0=9035550 a1=8042 a2=1a4 a3=8042 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976529.538:1629): avc: denied { lock } for pid=23300 comm="beagle-build-in" name="FileAttributesStore.db" dev=dm-0 ino=14567759 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976529.538:1629): arch=40000003 syscall=221 success=yes exit=0 a0=c a1=d a2=bff77328 a3=bff77328 items=0 ppid=23299 pid=23300 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976529.538:1629): path="/var/cache/beagle/indexes/applications/FileAttributesStore.db"
+type=AVC msg=audit(1162976529.686:1630): avc: denied { read } for pid=23303 comm="beagle-build-in" name="gimp-2.2.desktop" dev=dm-0 ino=10317656 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1162976529.686:1630): arch=40000003 syscall=195 success=yes exit=0 a0=9052bc0 a1=b6f2af08 a2=239ff4 a3=b6f2af08 items=0 ppid=23299 pid=23303 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976529.686:1631): avc: denied { getattr } for pid=23303 comm="beagle-build-in" name="linux-uninstall.desktop" dev=dm-0 ino=10316106 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976529.686:1631): arch=40000003 syscall=195 success=yes exit=0 a0=9054888 a1=b6f2af08 a2=239ff4 a3=b6f2af08 items=0 ppid=23299 pid=23303 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976529.686:1631): path="/usr/share/applications/linux-uninstall.desktop"
+type=AVC msg=audit(1162976529.710:1632): avc: denied { getattr } for pid=23303 comm="beagle-build-in" name="gimp-2.2.desktop" dev=dm-0 ino=10317656 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1162976529.710:1632): arch=40000003 syscall=196 success=yes exit=0 a0=b6c01c58 a1=b6f2ae74 a2=239ff4 a3=de720 items=0 ppid=23299 pid=23303 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976529.710:1632): path="/usr/share/applications/gimp-2.2.desktop"
+type=AVC msg=audit(1162976530.070:1633): avc: denied { write } for pid=23304 comm="beagle-build-in" name="Locks" dev=dm-0 ino=14567752 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162976530.070:1633): avc: denied { add_name } for pid=23304 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-write.lock" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162976530.070:1633): avc: denied { create } for pid=23304 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-write.lock" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976530.070:1633): arch=40000003 syscall=5 success=yes exit=13 a0=906c600 a1=80c2 a2=100 a3=80c2 items=0 ppid=23299 pid=23304 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976530.134:1634): avc: denied { remove_name } for pid=23304 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-commit.lock" dev=dm-0 ino=14567744 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1162976530.134:1634): avc: denied { unlink } for pid=23304 comm="beagle-build-in" name="lucene-387e9e5278e1cbfa1ca3bb850a474745-commit.lock" dev=dm-0 ino=14567744 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976530.134:1634): arch=40000003 syscall=10 success=yes exit=0 a0=9027b28 a1=45 a2=8208528 a3=9027b28 items=0 ppid=23299 pid=23304 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162976532.774:1635): user pid=23299 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_END msg=audit(1162976532.774:1636): user pid=23299 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_START msg=audit(1162976532.834:1637): user pid=23314 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=CRED_ACQ msg=audit(1162976532.834:1638): user pid=23314 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1162976544.858:1639): avc: denied { getattr } for pid=23318 comm="beagle-build-in" name="README.txt" dev=dm-0 ino=10379427 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976544.858:1639): arch=40000003 syscall=195 success=yes exit=0 a0=941d790 a1=b6ef3f08 a2=239ff4 a3=b6ef3f08 items=0 ppid=23314 pid=23318 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976544.858:1639): path="/usr/share/doc/NVIDIA_GLX-1.0/README.txt"
+type=AVC msg=audit(1162976556.151:1640): avc: denied { read } for pid=23318 comm="beagle-build-in" name="log4j" dev=dm-0 ino=10446960 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1162976556.151:1640): arch=40000003 syscall=195 success=yes exit=0 a0=9406288 a1=b6ef3f08 a2=239ff4 a3=b6ef3f08 items=0 ppid=23314 pid=23318 auid=0 uid=58 gid=58 euid=58 suid=58 fsuid=58 egid=58 sgid=58 fsgid=58 tty=(none) comm="beagle-build-in" exe="/usr/bin/mono" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162976592.245:1641): user pid=23314 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_END msg=audit(1162976592.249:1642): user pid=23314 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=beaglidx : exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1162976592.313:1643): avc: denied { search } for pid=23324 comm="cups" name="cups" dev=dm-0 ino=14437056 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.313:1643): avc: denied { getattr } for pid=23324 comm="cups" name="tmp" dev=dm-0 ino=14437057 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.313:1643): arch=40000003 syscall=195 success=yes exit=0 a0=97d4908 a1=bfbb98b8 a2=239ff4 a3=97d58f8 items=0 ppid=22863 pid=23324 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cups" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.313:1643): path="/var/spool/cups/tmp"
+type=AVC msg=audit(1162976592.341:1644): avc: denied { execute } for pid=23326 comm="cups" name="tmpwatch" dev=dm-0 ino=10323837 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpreaper_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976592.341:1644): avc: denied { execute_no_trans } for pid=23326 comm="cups" name="tmpwatch" dev=dm-0 ino=10323837 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpreaper_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976592.341:1644): avc: denied { read } for pid=23326 comm="cups" name="tmpwatch" dev=dm-0 ino=10323837 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpreaper_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.341:1644): arch=40000003 syscall=11 success=yes exit=0 a0=97d5b90 a1=97d4b60 a2=97d5bd8 a3=97d57e0 items=0 ppid=23324 pid=23326 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.341:1644): path="/usr/sbin/tmpwatch"
+type=AVC_PATH msg=audit(1162976592.341:1644): path="/usr/sbin/tmpwatch"
+type=AVC msg=audit(1162976592.341:1645): avc: denied { read } for pid=23326 comm="tmpwatch" name="tmp" dev=dm-0 ino=14437057 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.341:1645): arch=40000003 syscall=5 success=yes exit=4 a0=804abea a1=18800 a2=fd00 a3=0 items=0 ppid=23324 pid=23326 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.349:1646): avc: denied { setattr } for pid=23326 comm="tmpwatch" name="tmp" dev=dm-0 ino=14437057 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.349:1646): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfbf20c0 a2=0 a3=0 items=0 ppid=23324 pid=23326 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.389:1647): avc: denied { execute } for pid=23333 comm="logrotate" name="logrotate" dev=dm-0 ino=10319445 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976592.389:1647): avc: denied { execute_no_trans } for pid=23333 comm="logrotate" name="logrotate" dev=dm-0 ino=10319445 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976592.389:1647): avc: denied { read } for pid=23333 comm="logrotate" name="logrotate" dev=dm-0 ino=10319445 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.389:1647): arch=40000003 syscall=11 success=yes exit=0 a0=98ec540 a1=98ec6c8 a2=98ec5f8 a3=98ec3c0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.389:1647): path="/usr/sbin/logrotate"
+type=AVC_PATH msg=audit(1162976592.389:1647): path="/usr/sbin/logrotate"
+type=AVC msg=audit(1162976592.421:1648): avc: denied { getattr } for pid=23333 comm="logrotate" name="acpid" dev=dm-0 ino=14437362 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:apmd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.421:1648): arch=40000003 syscall=196 success=yes exit=0 a0=88526c0 a1=bfbe4a90 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.421:1648): path="/var/log/acpid"
+type=AVC msg=audit(1162976592.429:1649): avc: denied { read } for pid=23333 comm="logrotate" name="cups" dev=dm-0 ino=14437052 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.429:1649): arch=40000003 syscall=5 success=yes exit=4 a0=bfbe4730 a1=18800 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.429:1650): avc: denied { getattr } for pid=23333 comm="logrotate" name="cups" dev=dm-0 ino=14437052 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.429:1650): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbe445c a2=239ff4 a3=4 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.429:1650): path="/var/log/cups"
+type=AVC msg=audit(1162976592.429:1651): avc: denied { search } for pid=23333 comm="logrotate" name="cups" dev=dm-0 ino=14437052 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.429:1651): avc: denied { getattr } for pid=23333 comm="logrotate" name="access_log" dev=dm-0 ino=14437876 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.429:1651): arch=40000003 syscall=196 success=yes exit=0 a0=8852860 a1=bfbe4a90 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.429:1651): path="/var/log/cups/access_log"
+type=AVC msg=audit(1162976592.557:1652): avc: denied { search } for pid=23333 comm="logrotate" name="account" dev=dm-0 ino=14437046 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:acct_data_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.557:1652): avc: denied { getattr } for pid=23333 comm="logrotate" name="pacct" dev=dm-0 ino=14437048 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:acct_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.557:1652): arch=40000003 syscall=196 success=yes exit=0 a0=8853648 a1=bfbe4a90 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.557:1652): path="/var/account/pacct"
+type=AVC msg=audit(1162976592.609:1653): avc: denied { read } for pid=23333 comm="logrotate" name="setroubleshoot" dev=dm-0 ino=14469339 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setroubleshoot_var_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.609:1653): arch=40000003 syscall=5 success=yes exit=4 a0=bfbe4750 a1=18800 a2=18a5c0 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.625:1654): avc: denied { getattr } for pid=23333 comm="logrotate" name="setroubleshoot" dev=dm-0 ino=14469339 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setroubleshoot_var_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.625:1654): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbe447c a2=239ff4 a3=4 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.625:1654): path="/var/log/setroubleshoot"
+type=AVC msg=audit(1162976592.633:1655): avc: denied { search } for pid=23333 comm="logrotate" name="setroubleshoot" dev=dm-0 ino=14469339 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setroubleshoot_var_log_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.633:1655): avc: denied { getattr } for pid=23333 comm="logrotate" name="setroubleshootd.log" dev=dm-0 ino=14469341 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:setroubleshoot_var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.633:1655): arch=40000003 syscall=196 success=yes exit=0 a0=88546f0 a1=bfbe4a90 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.633:1655): path="/var/log/setroubleshoot/setroubleshootd.log"
+type=AVC msg=audit(1162976592.665:1656): avc: denied { getattr } for pid=23333 comm="logrotate" name="catalina.out" dev=dm-0 ino=14731349 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.665:1656): arch=40000003 syscall=196 success=yes exit=0 a0=88534c8 a1=bfbe4a90 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.665:1656): path="/var/log/tomcat5/catalina.out"
+type=AVC msg=audit(1162976592.705:1657): avc: denied { getattr } for pid=23333 comm="logrotate" name="wtmp" dev=dm-0 ino=6422812 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:wtmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.705:1657): arch=40000003 syscall=196 success=yes exit=0 a0=8853678 a1=bfbe5080 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.705:1657): path="/var/log/wtmp"
+type=AVC msg=audit(1162976592.705:1658): avc: denied { getattr } for pid=23333 comm="logrotate" name="logrotate.status" dev=dm-0 ino=14436936 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.705:1658): arch=40000003 syscall=195 success=yes exit=0 a0=805083f a1=bfbe5514 a2=239ff4 a3=88523e0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.705:1658): path="/var/lib/logrotate.status"
+type=AVC msg=audit(1162976592.733:1659): avc: denied { read } for pid=23333 comm="logrotate" name="logrotate.status" dev=dm-0 ino=14436936 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.733:1659): arch=40000003 syscall=5 success=yes exit=3 a0=805083f a1=8000 a2=1b6 a3=88523e0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.737:1660): avc: denied { getattr } for pid=23333 comm="logrotate" name="acpid" dev=dm-0 ino=14437362 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:apmd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.737:1660): arch=40000003 syscall=195 success=yes exit=0 a0=8852718 a1=bfbe52e0 a2=239ff4 a3=0 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.737:1660): path="/var/log/acpid"
+type=AVC msg=audit(1162976592.737:1661): avc: denied { write } for pid=23333 comm="logrotate" name="logrotate.status" dev=dm-0 ino=14436936 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:logrotate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.737:1661): arch=40000003 syscall=5 success=yes exit=3 a0=805083f a1=8241 a2=1b6 a3=8855368 items=0 ppid=23331 pid=23333 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.777:1662): avc: denied { search } for pid=23334 comm="makewhatis.cron" name="lock" dev=dm-0 ino=14436610 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.777:1662): arch=40000003 syscall=195 success=no exit=-2 a0=827ba80 a1=bfac29a8 a2=239ff4 a3=827b548 items=0 ppid=22863 pid=23334 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis.cron" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.817:1663): avc: denied { write } for pid=23339 comm="touch" name="lock" dev=dm-0 ino=14436610 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.817:1663): avc: denied { add_name } for pid=23339 comm="touch" name="makewhatis.lock" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976592.817:1663): avc: denied { create } for pid=23339 comm="touch" name="makewhatis.lock" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.817:1663): arch=40000003 syscall=5 success=yes exit=0 a0=bfa62f5f a1=8941 a2=1b6 a3=8941 items=0 ppid=23334 pid=23339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="touch" exe="/bin/touch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.817:1664): avc: denied { write } for pid=23339 comm="touch" name="makewhatis.lock" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.817:1664): arch=40000003 syscall=271 success=yes exit=0 a0=bfa60ec4 a1=0 a2=239ff4 a3=0 items=0 ppid=23334 pid=23339 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="touch" exe="/bin/touch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.877:1665): avc: denied { getattr } for pid=23340 comm="makewhatis" name="man" dev=dm-0 ino=10311888 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.877:1665): arch=40000003 syscall=195 success=yes exit=0 a0=8ac0de0 a1=bfcae198 a2=239ff4 a3=8ac0e60 items=0 ppid=23334 pid=23340 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.877:1665): path="/usr/share/man"
+type=AVC msg=audit(1162976592.881:1666): avc: denied { search } for pid=23340 comm="makewhatis" name="man" dev=dm-0 ino=10311888 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.881:1666): arch=40000003 syscall=195 success=no exit=-2 a0=8ac1088 a1=bfcae198 a2=239ff4 a3=8ac11d8 items=0 ppid=23334 pid=23340 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.897:1667): avc: denied { read } for pid=23354 comm="find" name="man1" dev=dm-0 ino=10311889 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976592.897:1667): arch=40000003 syscall=5 success=yes exit=3 a0=80648ce a1=8000 a2=0 a3=8000 items=0 ppid=23340 pid=23354 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976592.901:1668): avc: denied { getattr } for pid=23354 comm="find" name="pamtofits.1.gz" dev=dm-0 ino=10330525 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976592.901:1668): arch=40000003 syscall=196 success=yes exit=0 a0=95562e4 a1=bfb81478 a2=239ff4 a3=bfb81478 items=0 ppid=23340 pid=23354 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976592.901:1668): path="/usr/share/man/man1/pamtofits.1.gz"
+type=AVC msg=audit(1162976668.826:1669): avc: denied { read } for pid=23378 comm="cat" name="whatis" dev=dm-0 ino=14437978 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976668.826:1669): arch=40000003 syscall=5 success=yes exit=3 a0=bfb87f20 a1=8000 a2=0 a3=8000 items=0 ppid=23340 pid=23378 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cat" exe="/bin/cat" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976668.950:1670): avc: denied { write } for pid=23380 comm="makewhatis" name="whatis" dev=dm-0 ino=14437978 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976668.950:1670): arch=40000003 syscall=5 success=yes exit=3 a0=8aca928 a1=8241 a2=1b6 a3=8241 items=0 ppid=23340 pid=23380 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.010:1671): avc: denied { setattr } for pid=23381 comm="chmod" name="whatis" dev=dm-0 ino=14437978 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.010:1671): arch=40000003 syscall=15 success=yes exit=0 a0=88ca090 a1=1a4 a2=8051594 a3=0 items=0 ppid=23340 pid=23381 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chmod" exe="/bin/chmod" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.166:1672): avc: denied { getattr } for pid=23383 comm="find" name="rubber.1" dev=dm-0 ino=11425301 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.166:1672): arch=40000003 syscall=196 success=yes exit=0 a0=816bc44 a1=bfe2e728 a2=239ff4 a3=bfe2e728 items=0 ppid=23340 pid=23383 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.166:1672): path="/usr/local/man/man1/rubber.1"
+type=AVC msg=audit(1162976669.166:1673): avc: denied { getattr } for pid=23340 comm="makewhatis" name="man8" dev=dm-0 ino=14535139 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.166:1673): arch=40000003 syscall=195 success=yes exit=0 a0=8acb2a8 a1=bfcacdb8 a2=239ff4 a3=8acb1b8 items=0 ppid=23334 pid=23340 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.166:1673): path="/usr/local/man/man8"
+type=AVC msg=audit(1162976669.206:1674): avc: denied { search } for pid=23340 comm="makewhatis" name="man8" dev=dm-0 ino=14535139 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.206:1674): arch=40000003 syscall=12 success=yes exit=0 a0=8acafd8 a1=1 a2=0 a3=8acafd8 items=0 ppid=23334 pid=23340 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="makewhatis" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.206:1675): avc: denied { read } for pid=23384 comm="find" name="man8" dev=dm-0 ino=14535139 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.206:1675): arch=40000003 syscall=5 success=yes exit=3 a0=80648ce a1=8000 a2=0 a3=8000 items=0 ppid=23340 pid=23384 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.674:1676): avc: denied { remove_name } for pid=23430 comm="rm" name="makewhatis.lock" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1162976669.674:1676): avc: denied { unlink } for pid=23430 comm="rm" name="makewhatis.lock" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.674:1676): arch=40000003 syscall=10 success=yes exit=0 a0=bffe4f65 a1=0 a2=805277c a3=bffe35a4 items=0 ppid=23334 pid=23430 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.710:1677): avc: denied { execute } for pid=23436 comm="mlocate.cron" name="updatedb" dev=dm-0 ino=10334536 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976669.710:1677): avc: denied { execute_no_trans } for pid=23436 comm="mlocate.cron" name="updatedb" dev=dm-0 ino=10334536 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976669.710:1677): avc: denied { read } for pid=23436 comm="mlocate.cron" name="updatedb" dev=dm-0 ino=10334536 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.710:1677): arch=40000003 syscall=11 success=yes exit=0 a0=97cb4a8 a1=97cb490 a2=97cbd98 a3=97cba48 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.710:1677): path="/usr/bin/updatedb"
+type=AVC_PATH msg=audit(1162976669.710:1677): path="/usr/bin/updatedb"
+type=AVC msg=audit(1162976669.754:1678): avc: denied { search } for pid=23436 comm="updatedb" name="mlocate" dev=dm-0 ino=14437049 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162976669.754:1678): avc: denied { read } for pid=23436 comm="updatedb" name="mlocate.db" dev=dm-0 ino=14438247 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.754:1678): arch=40000003 syscall=5 success=yes exit=3 a0=804d345 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.786:1679): avc: denied { write } for pid=23436 comm="updatedb" name="mlocate" dev=dm-0 ino=14437049 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162976669.786:1679): avc: denied { add_name } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162976669.786:1679): avc: denied { create } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.786:1679): arch=40000003 syscall=5 success=yes exit=4 a0=8ff0fa0 a1=80c2 a2=180 a3=80c2 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.786:1680): avc: denied { getattr } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.786:1680): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfbb7de4 a2=239ff4 a3=8ff0fc8 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1680): path="/var/lib/mlocate/mlocate.db.DwVvuL"
+type=AVC msg=audit(1162976669.786:1681): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=sda1 ino=2 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:boot_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1681): arch=40000003 syscall=196 success=yes exit=0 a0=8ff116d a1=bfbb3ca4 a2=239ff4 a3=bfbb3ca4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1681): path="/boot"
+type=AVC msg=audit(1162976669.786:1682): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=tmpfs ino=6550 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1682): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5243 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1682): path="/dev/shm"
+type=AVC msg=audit(1162976669.786:1683): avc: denied { getattr } for pid=23436 comm="updatedb" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1683): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5247 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1683): path="/proc/sys/fs"
+type=AVC msg=audit(1162976669.786:1684): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=binfmt_misc ino=6641 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:binfmt_misc_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1684): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff524a items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1684): path="/proc/sys/fs/binfmt_misc"
+type=AVC msg=audit(1162976669.786:1685): avc: denied { getattr } for pid=23436 comm="updatedb" name="nfs" dev=dm-0 ino=14437242 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1685): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1685): path="/var/lib/nfs"
+type=AVC msg=audit(1162976669.786:1686): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=rpc_pipefs ino=8009 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1686): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff524c items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1686): path="/var/lib/nfs/rpc_pipefs"
+type=AVC msg=audit(1162976669.786:1687): avc: denied { getattr } for pid=23436 comm="updatedb" name="media" dev=dm-0 ino=6972769 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1687): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5242 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1687): path="/media"
+type=AVC msg=audit(1162976669.786:1688): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=hdc ino=3008 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.786:1688): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.786:1688): path=2F6D656469612F5761726372616674204949495F
+type=AVC msg=audit(1162976669.790:1689): avc: denied { search } for pid=23436 comm="updatedb" name="/" dev=sda1 ino=2 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:boot_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.790:1689): arch=40000003 syscall=12 success=yes exit=0 a0=8ff116d a1=bfbb3ca4 a2=bfbb5f50 a3=8ff116d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976669.886:1690): avc: denied { getattr } for pid=23436 comm="updatedb" name="lost+found" dev=sda1 ino=11 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lost_found_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976669.886:1690): arch=40000003 syscall=196 success=yes exit=0 a0=8ff15d1 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.886:1690): path="/boot/lost+found"
+type=AVC msg=audit(1162976669.898:1691): avc: denied { write } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976669.898:1691): arch=40000003 syscall=4 success=yes exit=4096 a0=4 a1=b7f67000 a2=1000 a3=1000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976669.898:1691): path="/var/lib/mlocate/mlocate.db.DwVvuL"
+type=AVC msg=audit(1162976670.038:1692): avc: denied { getattr } for pid=23436 comm="updatedb" name="printconf" dev=dm-0 ino=9331054 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.038:1692): arch=40000003 syscall=196 success=yes exit=0 a0=8ff665d a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.038:1692): path="/etc/alchemist/namespace/printconf"
+type=AVC msg=audit(1162976670.054:1693): avc: denied { getattr } for pid=23436 comm="updatedb" name="pcm" dev=dm-0 ino=9330155 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.054:1693): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6655 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.054:1693): path="/etc/alsa/pcm"
+type=AVC msg=audit(1162976670.054:1694): avc: denied { getattr } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=11425219 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.054:1694): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6409 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.054:1694): path="/etc/amanda"
+type=AVC msg=audit(1162976670.066:1695): avc: denied { search } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=11425219 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.066:1695): arch=40000003 syscall=12 success=yes exit=0 a0=8ff6409 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff6409 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.090:1696): avc: denied { getattr } for pid=23436 comm="updatedb" name="audit" dev=dm-0 ino=11494585 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.090:1696): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13e1 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.090:1696): path="/etc/audit"
+type=AVC msg=audit(1162976670.090:1697): avc: denied { getattr } for pid=23436 comm="updatedb" name="blkid" dev=dm-0 ino=9330183 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.090:1697): arch=40000003 syscall=196 success=yes exit=0 a0=8ff14d5 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.090:1697): path="/etc/blkid"
+type=AVC msg=audit(1162976670.102:1698): avc: denied { getattr } for pid=23436 comm="updatedb" name="bluetooth" dev=dm-0 ino=9330923 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bluetooth_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.102:1698): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6281 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.102:1698): path="/etc/bluetooth"
+type=AVC msg=audit(1162976670.102:1699): avc: denied { getattr } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=9330715 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.102:1699): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1589 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.102:1699): path="/etc/cups"
+type=AVC msg=audit(1162976670.110:1700): avc: denied { search } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=9330715 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.110:1700): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1589 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1589 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.118:1701): avc: denied { getattr } for pid=23436 comm="updatedb" name="dbus-1" dev=dm-0 ino=9329778 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.118:1701): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1c19 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.118:1701): path="/etc/dbus-1"
+type=AVC msg=audit(1162976670.118:1702): avc: denied { search } for pid=23436 comm="updatedb" name="dbus-1" dev=dm-0 ino=9329778 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.118:1702): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1c19 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1c19 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.226:1703): avc: denied { getattr } for pid=23436 comm="updatedb" name="hp" dev=dm-0 ino=9330526 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.226:1703): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1c89 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.226:1703): path="/etc/hp"
+type=AVC msg=audit(1162976670.230:1704): avc: denied { getattr } for pid=23436 comm="updatedb" name="htdig" dev=dm-0 ino=9362555 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.230:1704): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1e9d a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.230:1704): path="/etc/htdig"
+type=AVC msg=audit(1162976670.250:1705): avc: denied { getattr } for pid=23436 comm="updatedb" name="httpd" dev=dm-0 ino=9330261 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.250:1705): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13b9 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.250:1705): path="/etc/httpd"
+type=AVC msg=audit(1162976670.274:1706): avc: denied { search } for pid=23436 comm="updatedb" name="httpd" dev=dm-0 ino=9330261 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.274:1706): arch=40000003 syscall=12 success=yes exit=0 a0=8ff13b9 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff13b9 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.334:1707): avc: denied { getattr } for pid=23436 comm="updatedb" name="lvm" dev=dm-0 ino=9329762 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.334:1707): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1951 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.334:1707): path="/etc/lvm"
+type=AVC msg=audit(1162976670.342:1708): avc: denied { search } for pid=23436 comm="updatedb" name="lvm" dev=dm-0 ino=9329762 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.342:1708): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1951 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1951 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.342:1709): avc: denied { getattr } for pid=23436 comm="updatedb" name="archive" dev=dm-0 ino=9330266 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_metadata_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.342:1709): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6645 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.342:1709): path="/etc/lvm/archive"
+type=AVC msg=audit(1162976670.346:1710): avc: denied { getattr } for pid=23436 comm="updatedb" name="mail" dev=dm-0 ino=9330776 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.346:1710): arch=40000003 syscall=196 success=yes exit=0 a0=8ff19c5 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.346:1710): path="/etc/mail"
+type=AVC msg=audit(1162976670.346:1711): avc: denied { search } for pid=23436 comm="updatedb" name="mail" dev=dm-0 ino=9330776 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_mail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.346:1711): arch=40000003 syscall=12 success=yes exit=0 a0=8ff19c5 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff19c5 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.358:1712): avc: denied { getattr } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=11981501 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.358:1712): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1339 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.358:1712): path="/etc/news"
+type=AVC msg=audit(1162976670.454:1713): avc: denied { getattr } for pid=23436 comm="updatedb" name="ppp" dev=dm-0 ino=9330491 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.454:1713): arch=40000003 syscall=196 success=yes exit=0 a0=8ff2071 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.454:1713): path="/etc/ppp"
+type=AVC msg=audit(1162976670.454:1714): avc: denied { search } for pid=23436 comm="updatedb" name="ppp" dev=dm-0 ino=9330491 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.454:1714): arch=40000003 syscall=12 success=yes exit=0 a0=8ff2071 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff2071 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.454:1715): avc: denied { getattr } for pid=23436 comm="updatedb" name="peers" dev=dm-0 ino=9330497 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.454:1715): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6719 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.454:1715): path="/etc/ppp/peers"
+type=AVC msg=audit(1162976670.466:1716): avc: denied { read } for pid=23436 comm="updatedb" name="ppp" dev=dm-0 ino=9330491 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.466:1716): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.466:1717): avc: denied { search } for pid=23436 comm="updatedb" name="peers" dev=dm-0 ino=9330497 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.466:1717): arch=40000003 syscall=12 success=yes exit=0 a0=8ff6719 a1=8000 a2=bfbb1bb0 a3=8ff6719 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.482:1718): avc: denied { getattr } for pid=23436 comm="updatedb" name="racoon" dev=dm-0 ino=9330979 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.482:1718): arch=40000003 syscall=196 success=yes exit=0 a0=8ff15b1 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.482:1718): path="/etc/racoon"
+type=AVC msg=audit(1162976670.486:1719): avc: denied { search } for pid=23436 comm="updatedb" name="racoon" dev=dm-0 ino=9330979 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.486:1719): arch=40000003 syscall=12 success=yes exit=0 a0=8ff15b1 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff15b1 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.486:1720): avc: denied { getattr } for pid=23436 comm="updatedb" name="certs" dev=dm-0 ino=9330980 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.486:1720): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6639 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.486:1720): path="/etc/racoon/certs"
+type=AVC msg=audit(1162976670.522:1721): avc: denied { getattr } for pid=23436 comm="updatedb" name="samba" dev=dm-0 ino=9330307 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.522:1721): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1765 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.522:1721): path="/etc/samba"
+type=AVC msg=audit(1162976670.522:1722): avc: denied { getattr } for pid=23436 comm="updatedb" name="console.apps" dev=dm-0 ino=9330284 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.522:1722): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6661 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.522:1722): path="/etc/security/console.apps"
+type=AVC msg=audit(1162976670.538:1723): avc: denied { getattr } for pid=23436 comm="updatedb" name="files" dev=dm-0 ino=9334527 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.538:1723): arch=40000003 syscall=196 success=yes exit=0 a0=8ff674d a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.538:1723): path="/etc/selinux/strict/contexts/files"
+type=AVC msg=audit(1162976670.554:1724): avc: denied { getattr } for pid=23436 comm="updatedb" name="active" dev=dm-0 ino=9334708 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.554:1724): arch=40000003 syscall=196 success=yes exit=0 a0=8ff66dd a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.554:1724): path="/etc/selinux/strict/modules/active"
+type=AVC msg=audit(1162976670.566:1725): avc: denied { search } for pid=23436 comm="updatedb" name="active" dev=dm-0 ino=9334708 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.566:1725): arch=40000003 syscall=12 success=yes exit=0 a0=8ff66dd a1=8000 a2=bfbad810 a3=8ff66dd items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.586:1726): avc: denied { getattr } for pid=23436 comm="updatedb" name="policy" dev=dm-0 ino=9334538 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.586:1726): arch=40000003 syscall=196 success=yes exit=0 a0=8ff66ad a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.586:1726): path="/etc/selinux/strict/policy"
+type=AVC msg=audit(1162976670.658:1727): avc: denied { getattr } for pid=23436 comm="updatedb" name="active" dev=dm-0 ino=9331999 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.658:1727): arch=40000003 syscall=196 success=yes exit=0 a0=8ff66f9 a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.658:1727): path="/etc/selinux/targeted/modules/active"
+type=AVC msg=audit(1162976670.678:1728): avc: denied { search } for pid=23436 comm="updatedb" name="active" dev=dm-0 ino=9331999 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.678:1728): arch=40000003 syscall=12 success=yes exit=0 a0=8ff66f9 a1=8000 a2=bfbad810 a3=8ff66f9 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.686:1729): avc: denied { getattr } for pid=23436 comm="updatedb" name="previous" dev=dm-0 ino=9331688 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.686:1729): arch=40000003 syscall=196 success=yes exit=0 a0=8ff6705 a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.686:1729): path="/etc/selinux/targeted/modules/previous"
+type=AVC msg=audit(1162976670.698:1730): avc: denied { search } for pid=23436 comm="updatedb" name="previous" dev=dm-0 ino=9331688 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.698:1730): arch=40000003 syscall=12 success=yes exit=0 a0=8ff6705 a1=bfbab564 a2=bfbad810 a3=8ff6705 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.722:1731): avc: denied { getattr } for pid=23436 comm="updatedb" name="stunnel" dev=dm-0 ino=9330593 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:stunnel_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.722:1731): arch=40000003 syscall=196 success=yes exit=0 a0=8ff65d9 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.722:1731): path="/etc/stunnel"
+type=AVC msg=audit(1162976670.926:1732): avc: denied { getattr } for pid=23436 comm="updatedb" name=".kde" dev=dm-0 ino=14640795 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.926:1732): arch=40000003 syscall=196 success=yes exit=0 a0=8ff12d5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.926:1732): path="/home/foo/.kde"
+type=AVC msg=audit(1162976670.966:1733): avc: denied { search } for pid=23436 comm="updatedb" name=".kde" dev=dm-0 ino=14640795 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.966:1733): arch=40000003 syscall=12 success=yes exit=0 a0=8ff12d5 a1=8000 a2=bfbb1bb0 a3=8ff12d5 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.966:1734): avc: denied { getattr } for pid=23436 comm="updatedb" name=".AbiSuite" dev=dm-0 ino=6579948 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.966:1734): arch=40000003 syscall=196 success=yes exit=0 a0=8ff196d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976670.966:1734): path="/home/kmacmill/.AbiSuite"
+type=AVC msg=audit(1162976670.990:1735): avc: denied { search } for pid=23436 comm="updatedb" name=".Trash" dev=dm-0 ino=6547233 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.990:1735): arch=40000003 syscall=12 success=yes exit=0 a0=8ff17fd a1=8000 a2=bfbb1bb0 a3=8ff17fd items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976670.990:1736): avc: denied { read } for pid=23436 comm="updatedb" name=".Trash" dev=dm-0 ino=6547233 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976670.990:1736): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976672.098:1737): avc: denied { getattr } for pid=23436 comm="updatedb" name=".camel_certs" dev=dm-0 ino=6809377 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976672.098:1737): arch=40000003 syscall=196 success=yes exit=0 a0=8ff158d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976672.098:1737): path="/home/kmacmill/.camel_certs"
+type=AVC msg=audit(1162976673.006:1738): avc: denied { search } for pid=23436 comm="updatedb" name=".evolution" dev=dm-0 ino=6776355 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976673.006:1738): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1389 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1389 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976673.006:1739): avc: denied { read } for pid=23436 comm="updatedb" name=".evolution" dev=dm-0 ino=6776355 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976673.006:1739): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=18800 a2=bfbaf7cc a3=8ff6248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976673.491:1740): avc: denied { getattr } for pid=23436 comm="updatedb" name=".fonts" dev=dm-0 ino=6612820 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_fonts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976673.491:1740): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1301 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976673.491:1740): path="/home/kmacmill/.fonts"
+type=AVC msg=audit(1162976675.011:1741): avc: denied { getattr } for pid=23436 comm="updatedb" name=".gnupg" dev=dm-0 ino=6814310 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_gpg_secret_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976675.011:1741): arch=40000003 syscall=196 success=yes exit=0 a0=8ff18a5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976675.011:1741): path="/home/kmacmill/.gnupg"
+type=AVC msg=audit(1162976675.467:1742): avc: denied { getattr } for pid=23436 comm="updatedb" name=".java" dev=dm-0 ino=6781792 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976675.467:1742): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1999 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976675.467:1742): path="/home/kmacmill/.java"
+type=AVC msg=audit(1162976675.467:1743): avc: denied { search } for pid=23436 comm="updatedb" name=".java" dev=dm-0 ino=6781792 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976675.467:1743): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1999 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1999 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976675.467:1744): avc: denied { read } for pid=23436 comm="updatedb" name=".java" dev=dm-0 ino=6781792 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976675.467:1744): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976676.563:1745): avc: denied { getattr } for pid=23436 comm="updatedb" name=".mplayer" dev=dm-0 ino=6843133 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_mplayer_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976676.563:1745): arch=40000003 syscall=196 success=yes exit=0 a0=8ff18bd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976676.563:1745): path="/home/kmacmill/.mplayer"
+type=AVC msg=audit(1162976676.751:1746): avc: denied { getattr } for pid=23436 comm="updatedb" name=".spamassassin" dev=dm-0 ino=6810443 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_spamassassin_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976676.751:1746): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1705 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976676.751:1746): path="/home/kmacmill/.spamassassin"
+type=AVC msg=audit(1162976676.775:1747): avc: denied { getattr } for pid=23436 comm="updatedb" name=".ssh" dev=dm-0 ino=6579939 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_ssh_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976676.775:1747): arch=40000003 syscall=196 success=yes exit=0 a0=8ff130d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976676.775:1747): path="/home/kmacmill/.ssh"
+type=AVC msg=audit(1162976677.067:1748): avc: denied { getattr } for pid=23436 comm="updatedb" name=".thunderbird" dev=dm-0 ino=6783128 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_thunderbird_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976677.067:1748): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1505 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976677.067:1748): path="/home/kmacmill/.thunderbird"
+type=AVC msg=audit(1162976677.067:1749): avc: denied { search } for pid=23436 comm="updatedb" name=".thunderbird" dev=dm-0 ino=6783128 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_thunderbird_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976677.067:1749): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1505 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1505 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976677.067:1750): avc: denied { read } for pid=23436 comm="updatedb" name=".thunderbird" dev=dm-0 ino=6783128 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_thunderbird_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976677.067:1750): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976778.857:1751): avc: denied { getattr } for pid=23436 comm="updatedb" name="modules" dev=dm-0 ino=13716388 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976778.857:1751): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1b39 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976778.857:1751): path="/lib/modules"
+type=AVC msg=audit(1162976778.857:1752): avc: denied { search } for pid=23436 comm="updatedb" name="modules" dev=dm-0 ino=13716388 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976778.857:1752): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1b39 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1b39 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976778.857:1753): avc: denied { read } for pid=23436 comm="updatedb" name="modules" dev=dm-0 ino=13716388 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976778.857:1753): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976779.557:1754): avc: denied { getattr } for pid=23436 comm="updatedb" name="misc" dev=dm-0 ino=13750632 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976779.557:1754): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1fe9 a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976779.557:1754): path="/lib/modules/2.6.17-1.2145_FC5smp/misc"
+type=AVC msg=audit(1162976783.645:1755): avc: denied { search } for pid=23436 comm="updatedb" name="drivers" dev=dm-0 ino=13716394 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.645:1755): arch=40000003 syscall=12 success=yes exit=0 a0=8ff7249 a1=8000 a2=bfbad810 a3=8ff7249 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976783.669:1756): avc: denied { read } for pid=23436 comm="updatedb" name="drivers" dev=dm-0 ino=13716394 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.669:1756): arch=40000003 syscall=5 success=yes exit=11 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976783.729:1757): avc: denied { getattr } for pid=23436 comm="updatedb" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.729:1757): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5247 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976783.729:1757): path="/proc/sys/fs"
+type=AVC msg=audit(1162976783.729:1758): avc: denied { search } for pid=23436 comm="updatedb" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.729:1758): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff524a items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976783.729:1759): avc: denied { getattr } for pid=23436 comm="updatedb" name="nfs" dev=dm-0 ino=14437242 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.729:1759): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff5248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976783.729:1759): path="/var/lib/nfs"
+type=AVC msg=audit(1162976783.729:1760): avc: denied { search } for pid=23436 comm="updatedb" name="nfs" dev=dm-0 ino=14437242 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
+type=AVC msg=audit(1162976783.729:1760): avc: denied { getattr } for pid=23436 comm="updatedb" name="/" dev=rpc_pipefs ino=8009 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.729:1760): arch=40000003 syscall=196 success=yes exit=0 a0=bfbb3d88 a1=bfbb3b58 a2=239ff4 a3=8ff524c items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976783.729:1760): path="/var/lib/nfs/rpc_pipefs"
+type=AVC msg=audit(1162976783.729:1761): avc: denied { getattr } for pid=23436 comm="updatedb" name="windows" dev=dm-0 ino=12178745 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:mnt_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.729:1761): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1275 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976783.729:1761): path="/mnt/windows"
+type=AVC msg=audit(1162976783.865:1762): avc: denied { getattr } for pid=23436 comm="updatedb" name=".Trash" dev=dm-0 ino=13159950 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.865:1762): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1289 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976783.865:1762): path="/root/.Trash"
+type=AVC msg=audit(1162976783.933:1763): avc: denied { read } for pid=23436 comm="updatedb" name=".ccache" dev=dm-0 ino=13127266 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976783.933:1763): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.553:1764): avc: denied { getattr } for pid=23436 comm="updatedb" name=".gconf" dev=dm-0 ino=13127147 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.553:1764): arch=40000003 syscall=196 success=yes exit=0 a0=8ff133d a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976784.553:1764): path="/root/.gconf"
+type=AVC msg=audit(1162976784.553:1765): avc: denied { search } for pid=23436 comm="updatedb" name=".gconf" dev=dm-0 ino=13127147 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.553:1765): arch=40000003 syscall=12 success=yes exit=0 a0=8ff133d a1=bfbb1ad4 a2=bfbb3d80 a3=8ff133d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.553:1766): avc: denied { read } for pid=23436 comm="updatedb" name=".gconf" dev=dm-0 ino=13127147 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.553:1766): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.649:1767): avc: denied { search } for pid=23436 comm="updatedb" name="panel" dev=dm-0 ino=13159964 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.649:1767): arch=40000003 syscall=12 success=yes exit=0 a0=8ff190d a1=bfbad734 a2=bfbaf9e0 a3=8ff190d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.653:1768): avc: denied { read } for pid=23436 comm="updatedb" name="panel" dev=dm-0 ino=13159964 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.653:1768): arch=40000003 syscall=5 success=yes exit=10 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.801:1769): avc: denied { getattr } for pid=23436 comm="updatedb" name=".mozilla" dev=dm-0 ino=13127150 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:user_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.801:1769): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1415 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976784.801:1769): path="/root/.mozilla"
+type=AVC msg=audit(1162976784.813:1770): avc: denied { getattr } for pid=23436 comm="updatedb" name=".ssh" dev=dm-0 ino=13127265 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_ssh_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.813:1770): arch=40000003 syscall=196 success=yes exit=0 a0=8ff148d a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976784.813:1770): path="/root/.ssh"
+type=AVC msg=audit(1162976784.845:1771): avc: denied { getattr } for pid=23436 comm="updatedb" name="tftpboot" dev=dm-0 ino=14763937 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tftpdir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.845:1771): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1241 a1=bfbb3ca4 a2=239ff4 a3=bfbb3ca4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976784.845:1771): path="/tftpboot"
+type=AVC msg=audit(1162976784.873:1772): avc: denied { search } for pid=23436 comm="updatedb" name="tftpboot" dev=dm-0 ino=14763937 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tftpdir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.873:1772): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1241 a1=bfbb3ca4 a2=bfbb5f50 a3=8ff1241 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976784.873:1773): avc: denied { getattr } for pid=23436 comm="updatedb" name="pxelinux.cfg" dev=dm-0 ino=14763989 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:tftpdir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976784.873:1773): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1295 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976784.873:1773): path="/tftpboot/pxelinux.cfg"
+type=AVC msg=audit(1162976788.046:1774): avc: denied { getattr } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=11425231 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_usr_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976788.046:1774): arch=40000003 syscall=196 success=yes exit=0 a0=9009c95 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976788.046:1774): path="/usr/lib/amanda"
+type=AVC msg=audit(1162976788.474:1775): avc: denied { getattr } for pid=23436 comm="updatedb" name="games" dev=dm-0 ino=10311856 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:games_exec_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976788.474:1775): arch=40000003 syscall=196 success=yes exit=0 a0=8fff39d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976788.474:1775): path="/usr/lib/games"
+type=AVC msg=audit(1162976789.082:1776): avc: denied { getattr } for pid=23436 comm="updatedb" name="httpd" dev=dm-0 ino=10640259 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976789.082:1776): arch=40000003 syscall=196 success=yes exit=0 a0=8ff7cf5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976789.082:1776): path="/usr/lib/httpd"
+type=AVC msg=audit(1162976789.082:1777): avc: denied { search } for pid=23436 comm="updatedb" name="httpd" dev=dm-0 ino=10640259 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976789.082:1777): arch=40000003 syscall=12 success=yes exit=0 a0=8ff7cf5 a1=bfbaf904 a2=bfbb1bb0 a3=8ff7cf5 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976802.927:1778): avc: denied { getattr } for pid=23436 comm="updatedb" name="settings" dev=dm-0 ino=10575168 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976802.927:1778): arch=40000003 syscall=196 success=yes exit=0 a0=900b2f5 a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976802.927:1778): path="/usr/lib/qt-3.3/etc/settings"
+type=AVC msg=audit(1162976805.899:1779): avc: denied { getattr } for pid=23436 comm="updatedb" name="fonts" dev=dm-0 ino=12407306 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976805.899:1779): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1429 a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976805.899:1779): path="/usr/local/share/fonts"
+type=AVC msg=audit(1162976805.899:1780): avc: denied { search } for pid=23436 comm="updatedb" name="fonts" dev=dm-0 ino=12407306 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976805.899:1780): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1429 a1=bfbad734 a2=bfbaf9e0 a3=8ff1429 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976805.947:1781): avc: denied { getattr } for pid=23436 comm="updatedb" name="src" dev=dm-0 ino=10311882 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976805.947:1781): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13e5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976805.947:1781): path="/usr/local/src"
+type=AVC msg=audit(1162976809.203:1782): avc: denied { getattr } for pid=23436 comm="updatedb" name="cracklib" dev=dm-0 ino=10442892 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crack_db_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976809.203:1782): arch=40000003 syscall=196 success=yes exit=0 a0=8ff166d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976809.203:1782): path="/usr/share/cracklib"
+type=AVC msg=audit(1162976809.307:1783): avc: denied { read } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=10738055 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976809.307:1783): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976809.995:1784): avc: denied { read } for pid=23436 comm="updatedb" name="fonts" dev=dm-0 ino=10541654 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976809.995:1784): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976811.091:1785): avc: denied { getattr } for pid=23436 comm="updatedb" name="hwdata" dev=dm-0 ino=10607875 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976811.091:1785): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1d01 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976811.091:1785): path="/usr/share/hwdata"
+type=AVC msg=audit(1162976811.095:1786): avc: denied { search } for pid=23436 comm="updatedb" name="hwdata" dev=dm-0 ino=10607875 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976811.095:1786): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1d01 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1d01 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976823.180:1787): avc: denied { search } for pid=23436 comm="updatedb" name="src" dev=dm-0 ino=10311902 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976823.180:1787): arch=40000003 syscall=12 success=yes exit=0 a0=8ff131d a1=bfbb1ad4 a2=bfbb3d80 a3=8ff131d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976823.180:1788): avc: denied { getattr } for pid=23436 comm="updatedb" name="kernels" dev=dm-0 ino=11655090 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976823.180:1788): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1335 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976823.180:1788): path="/usr/src/kernels"
+type=AVC msg=audit(1162976823.180:1789): avc: denied { read } for pid=23436 comm="updatedb" name="src" dev=dm-0 ino=10311902 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976823.180:1789): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976823.180:1790): avc: denied { search } for pid=23436 comm="updatedb" name="kernels" dev=dm-0 ino=11655090 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976823.180:1790): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1335 a1=8000 a2=bfbb1bb0 a3=8ff1335 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976823.180:1791): avc: denied { read } for pid=23436 comm="updatedb" name="kernels" dev=dm-0 ino=11655090 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:src_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976823.180:1791): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.540:1792): avc: denied { getattr } for pid=23436 comm="updatedb" name="account" dev=dm-0 ino=14437046 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:acct_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.540:1792): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1275 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.540:1792): path="/var/account"
+type=AVC msg=audit(1162976832.560:1793): avc: denied { search } for pid=23436 comm="updatedb" name="printconf.local" dev=dm-0 ino=14436630 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.560:1793): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1431 a1=8000 a2=bfbaf9e0 a3=8ff1431 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.564:1794): avc: denied { getattr } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=14534811 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.564:1794): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13b1 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.564:1794): path="/var/cache/cups"
+type=AVC msg=audit(1162976832.820:1795): avc: denied { getattr } for pid=23436 comm="updatedb" name="cvs" dev=dm-0 ino=14731350 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cvs_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.820:1795): arch=40000003 syscall=196 success=yes exit=0 a0=8ff129d a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.820:1795): path="/var/cvs"
+type=AVC msg=audit(1162976832.868:1796): avc: denied { getattr } for pid=23436 comm="updatedb" name="gdm" dev=dm-0 ino=14437234 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.868:1796): arch=40000003 syscall=196 success=yes exit=0 a0=8ff12c9 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.868:1796): path="/var/gdm"
+type=AVC msg=audit(1162976832.868:1797): avc: denied { search } for pid=23436 comm="updatedb" name="gdm" dev=dm-0 ino=14437234 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.868:1797): arch=40000003 syscall=12 success=yes exit=0 a0=8ff12c9 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff12c9 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.888:1798): avc: denied { getattr } for pid=23436 comm="updatedb" name="alternatives" dev=dm-0 ino=14436621 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.888:1798): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1395 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.888:1798): path="/var/lib/alternatives"
+type=AVC msg=audit(1162976832.888:1799): avc: denied { getattr } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=14534972 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.888:1799): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13a9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.888:1799): path="/var/lib/amanda"
+type=AVC msg=audit(1162976832.892:1800): avc: denied { read } for pid=23436 comm="updatedb" name="lib" dev=dm-0 ino=14436578 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.892:1800): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.892:1801): avc: denied { search } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=14534972 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.892:1801): arch=40000003 syscall=12 success=yes exit=0 a0=8ff13a9 a1=8000 a2=bfbb1bb0 a3=8ff13a9 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.892:1802): avc: denied { getattr } for pid=23436 comm="updatedb" name="DailySet1" dev=dm-0 ino=14534978 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.892:1802): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1545 a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.892:1802): path="/var/lib/amanda/DailySet1"
+type=AVC msg=audit(1162976832.904:1803): avc: denied { read } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=14534972 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.904:1803): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.904:1804): avc: denied { search } for pid=23436 comm="updatedb" name="DailySet1" dev=dm-0 ino=14534978 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.904:1804): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1545 a1=8000 a2=bfbaf9e0 a3=8ff1545 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.908:1805): avc: denied { getattr } for pid=23436 comm="updatedb" name="gnutar-lists" dev=dm-0 ino=14534980 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_gnutarlists_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.908:1805): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1555 a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.908:1805): path="/var/lib/amanda/gnutar-lists"
+type=AVC msg=audit(1162976832.908:1806): avc: denied { getattr } for pid=23436 comm="updatedb" name="bluetooth" dev=dm-0 ino=15648230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bluetooth_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.908:1806): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13b5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.908:1806): path="/var/lib/bluetooth"
+type=AVC msg=audit(1162976832.924:1807): avc: denied { search } for pid=23436 comm="updatedb" name="bluetooth" dev=dm-0 ino=15648230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bluetooth_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.924:1807): arch=40000003 syscall=12 success=yes exit=0 a0=8ff13b5 a1=bfbaf904 a2=bfbb1bb0 a3=8ff13b5 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976832.936:1808): avc: denied { getattr } for pid=23436 comm="updatedb" name="dav" dev=dm-0 ino=14436675 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.936:1808): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13cd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.936:1808): path="/var/lib/dav"
+type=AVC msg=audit(1162976832.980:1809): avc: denied { getattr } for pid=23436 comm="updatedb" name="dhclient" dev=dm-0 ino=14437064 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.980:1809): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13d9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.980:1809): path="/var/lib/dhclient"
+type=AVC msg=audit(1162976832.980:1810): avc: denied { getattr } for pid=23436 comm="updatedb" name="dhcpd" dev=dm-0 ino=14607569 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dhcpd_state_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.980:1810): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13e9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976832.980:1810): path="/var/lib/dhcpd"
+type=AVC msg=audit(1162976832.988:1811): avc: denied { read } for pid=23436 comm="updatedb" name="nvidia" dev=dm-0 ino=14437025 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976832.988:1811): arch=40000003 syscall=5 success=yes exit=10 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.032:1812): avc: denied { getattr } for pid=23436 comm="updatedb" name="games" dev=dm-0 ino=14436607 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.032:1812): arch=40000003 syscall=196 success=yes exit=0 a0=8ff140d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.032:1812): path="/var/lib/games"
+type=AVC msg=audit(1162976833.044:1813): avc: denied { search } for pid=23436 comm="updatedb" name="games" dev=dm-0 ino=14436607 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.044:1813): arch=40000003 syscall=12 success=yes exit=0 a0=8ff140d a1=bfbaf904 a2=bfbb1bb0 a3=8ff140d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.072:1814): avc: denied { getattr } for pid=23436 comm="updatedb" name="mlocate" dev=dm-0 ino=14437049 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.072:1814): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1455 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.072:1814): path="/var/lib/mlocate"
+type=AVC msg=audit(1162976833.072:1815): avc: denied { read } for pid=23436 comm="updatedb" name="mlocate" dev=dm-0 ino=14437049 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.072:1815): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=18800 a2=bfbaf7cc a3=8ff6248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.072:1816): avc: denied { getattr } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607564 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.072:1816): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1465 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.072:1816): path="/var/lib/news"
+type=AVC msg=audit(1162976833.084:1817): avc: denied { search } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607564 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.084:1817): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1465 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1465 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.112:1818): avc: denied { read } for pid=23436 comm="updatedb" name="nfs" dev=dm-0 ino=14437242 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.112:1818): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.132:1819): avc: denied { getattr } for pid=23436 comm="updatedb" name="ntp" dev=dm-0 ino=14436930 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ntp_drift_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.132:1819): arch=40000003 syscall=196 success=yes exit=0 a0=8ff147d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.132:1819): path="/var/lib/ntp"
+type=AVC msg=audit(1162976833.164:1820): avc: denied { getattr } for pid=23436 comm="updatedb" name="setroubleshoot" dev=dm-0 ino=15287756 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setroubleshoot_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.164:1820): arch=40000003 syscall=196 success=yes exit=0 a0=8ff14c9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.164:1820): path="/var/lib/setroubleshoot"
+type=AVC msg=audit(1162976833.200:1821): avc: denied { getattr } for pid=23436 comm="updatedb" name="texmf" dev=dm-0 ino=14731201 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tetex_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.200:1821): arch=40000003 syscall=196 success=yes exit=0 a0=8ff14ed a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.200:1821): path="/var/lib/texmf"
+type=AVC msg=audit(1162976833.200:1822): avc: denied { search } for pid=23436 comm="updatedb" name="texmf" dev=dm-0 ino=14731201 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tetex_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.200:1822): arch=40000003 syscall=12 success=yes exit=0 a0=8ff14ed a1=bfbaf904 a2=bfbb1bb0 a3=8ff14ed items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.200:1823): avc: denied { read } for pid=23436 comm="updatedb" name="texmf" dev=dm-0 ino=14731201 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tetex_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.200:1823): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=18800 a2=bfbaf7cc a3=8ff6248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.304:1824): avc: denied { getattr } for pid=23436 comm="updatedb" name="xen" dev=dm-0 ino=14534807 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.304:1824): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1509 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.304:1824): path="/var/lib/xen"
+type=AVC msg=audit(1162976833.304:1825): avc: denied { search } for pid=23436 comm="updatedb" name="xen" dev=dm-0 ino=14534807 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.304:1825): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1509 a1=bfbaf904 a2=bfbb1bb0 a3=8ff1509 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.328:1826): avc: denied { read } for pid=23436 comm="updatedb" name="xen" dev=dm-0 ino=14534807 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.328:1826): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.328:1827): avc: denied { getattr } for pid=23436 comm="updatedb" name="xenstored" dev=dm-0 ino=14534834 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xenstored_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.328:1827): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1515 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.328:1827): path="/var/lib/xenstored"
+type=AVC msg=audit(1162976833.328:1828): avc: denied { getattr } for pid=23436 comm="updatedb" name="xkb" dev=dm-0 ino=14437298 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.328:1828): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1525 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.328:1828): path="/var/lib/xkb"
+type=AVC msg=audit(1162976833.336:1829): avc: denied { getattr } for pid=23436 comm="updatedb" name="lock" dev=dm-0 ino=14436610 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.336:1829): arch=40000003 syscall=196 success=yes exit=0 a0=8ff12ed a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.336:1829): path="/var/lock"
+type=AVC msg=audit(1162976833.336:1830): avc: denied { read } for pid=23436 comm="updatedb" name="lock" dev=dm-0 ino=14436610 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.336:1830): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=18800 a2=bfbb199c a3=8ff40f0 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.336:1831): avc: denied { getattr } for pid=23436 comm="updatedb" name="lvm" dev=dm-0 ino=14436627 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.336:1831): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1395 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.336:1831): path="/var/lock/lvm"
+type=AVC msg=audit(1162976833.345:1832): avc: denied { getattr } for pid=23436 comm="updatedb" name="amanda" dev=dm-0 ino=14534977 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:amanda_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.345:1832): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1405 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.345:1832): path="/var/log/amanda"
+type=AVC msg=audit(1162976833.345:1833): avc: denied { getattr } for pid=23436 comm="updatedb" name="audit" dev=dm-0 ino=14469481 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.345:1833): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1451 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.345:1833): path="/var/log/audit"
+type=AVC msg=audit(1162976833.345:1834): avc: denied { getattr } for pid=23436 comm="updatedb" name="mail" dev=dm-0 ino=14437073 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sendmail_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.345:1834): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1535 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.345:1834): path="/var/log/mail"
+type=AVC msg=audit(1162976833.345:1835): avc: denied { getattr } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607586 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.345:1835): arch=40000003 syscall=196 success=yes exit=0 a0=8ff15e1 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.345:1835): path="/var/log/news"
+type=AVC msg=audit(1162976833.349:1836): avc: denied { search } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607586 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.349:1836): arch=40000003 syscall=12 success=yes exit=0 a0=8ff15e1 a1=8000 a2=bfbb1bb0 a3=8ff15e1 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.369:1837): avc: denied { getattr } for pid=23436 comm="updatedb" name="prelink" dev=dm-0 ino=15647814 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.369:1837): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1615 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.369:1837): path="/var/log/prelink"
+type=AVC msg=audit(1162976833.369:1838): avc: denied { getattr } for pid=23436 comm="updatedb" name="xen" dev=dm-0 ino=14567524 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.369:1838): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1799 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.369:1838): path="/var/log/xen"
+type=AVC msg=audit(1162976833.381:1839): avc: denied { getattr } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14437060 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.381:1839): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1311 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.381:1839): path="/var/named"
+type=AVC msg=audit(1162976833.381:1840): avc: denied { search } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14437060 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.381:1840): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1311 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1311 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.381:1841): avc: denied { getattr } for pid=23436 comm="updatedb" name="chroot" dev=dm-0 ino=14534815 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.381:1841): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1395 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.381:1841): path="/var/named/chroot"
+type=AVC msg=audit(1162976833.381:1842): avc: denied { read } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14437060 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.381:1842): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.381:1843): avc: denied { search } for pid=23436 comm="updatedb" name="chroot" dev=dm-0 ino=14534815 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.381:1843): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1395 a1=8000 a2=bfbb1bb0 a3=8ff1395 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.401:1844): avc: denied { read } for pid=23436 comm="updatedb" name="chroot" dev=dm-0 ino=14534815 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.401:1844): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.401:1845): avc: denied { getattr } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14534818 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:named_zone_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.401:1845): arch=40000003 syscall=196 success=yes exit=0 a0=8ff146d a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.401:1845): path="/var/named/chroot/var/named"
+type=AVC msg=audit(1162976833.417:1846): avc: denied { search } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14534818 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:named_zone_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.417:1846): arch=40000003 syscall=12 success=yes exit=0 a0=8ff146d a1=8000 a2=bfbad810 a3=8ff146d items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.417:1847): avc: denied { getattr } for pid=23436 comm="updatedb" name="data" dev=dm-0 ino=14534823 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_cache_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.417:1847): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1485 a1=bfba9394 a2=239ff4 a3=bfba9394 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.417:1847): path="/var/named/chroot/var/named/data"
+type=AVC msg=audit(1162976833.441:1848): avc: denied { getattr } for pid=23436 comm="updatedb" name="named" dev=dm-0 ino=14534821 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:named_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.441:1848): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1485 a1=bfba9394 a2=239ff4 a3=bfba9394 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.441:1848): path="/var/named/chroot/var/run/named"
+type=AVC msg=audit(1162976833.461:1849): avc: denied { getattr } for pid=23436 comm="updatedb" name="racoon" dev=dm-0 ino=14437084 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipsec_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.461:1849): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1345 a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.461:1849): path="/var/racoon"
+type=AVC msg=audit(1162976833.465:1850): avc: denied { getattr } for pid=23436 comm="updatedb" name="NetworkManager" dev=dm-0 ino=14437087 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.465:1850): arch=40000003 syscall=196 success=yes exit=0 a0=8ff15fd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.465:1850): path="/var/run/NetworkManager"
+type=AVC msg=audit(1162976833.473:1851): avc: denied { getattr } for pid=23436 comm="updatedb" name="avahi-daemon" dev=dm-0 ino=14437058 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:avahi_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.473:1851): arch=40000003 syscall=196 success=yes exit=0 a0=8ff16bd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.473:1851): path="/var/run/avahi-daemon"
+type=AVC msg=audit(1162976833.473:1852): avc: denied { getattr } for pid=23436 comm="updatedb" name="console" dev=dm-0 ino=14436665 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pam_var_console_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.473:1852): arch=40000003 syscall=196 success=yes exit=0 a0=8ff16e9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.473:1852): path="/var/run/console"
+type=AVC msg=audit(1162976833.473:1853): avc: denied { getattr } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=14534808 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.473:1853): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1439 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.473:1853): path="/var/run/cups"
+type=AVC msg=audit(1162976833.485:1854): avc: denied { search } for pid=23436 comm="updatedb" name="cups" dev=dm-0 ino=14534808 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.485:1854): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1439 a1=8000 a2=bfbb1bb0 a3=8ff1439 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.485:1855): avc: denied { getattr } for pid=23436 comm="updatedb" name="dbus" dev=dm-0 ino=14436623 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.485:1855): arch=40000003 syscall=196 success=yes exit=0 a0=8ff142d a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.485:1855): path="/var/run/dbus"
+type=AVC msg=audit(1162976833.485:1856): avc: denied { getattr } for pid=23436 comm="updatedb" name="mdadm" dev=dm-0 ino=14437081 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mdadm_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.485:1856): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1659 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.485:1856): path="/var/run/mdadm"
+type=AVC msg=audit(1162976833.505:1857): avc: denied { getattr } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607588 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:innd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.505:1857): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13cd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.505:1857): path="/var/run/news"
+type=AVC msg=audit(1162976833.509:1858): avc: denied { getattr } for pid=23436 comm="updatedb" name="ppp" dev=dm-0 ino=14437042 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pppd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.509:1858): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1679 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.509:1858): path="/var/run/ppp"
+type=AVC msg=audit(1162976833.513:1859): avc: denied { getattr } for pid=23436 comm="updatedb" name="saslauthd" dev=dm-0 ino=14437072 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:saslauthd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.513:1859): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1611 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.513:1859): path="/var/run/saslauthd"
+type=AVC msg=audit(1162976833.513:1860): avc: denied { getattr } for pid=23436 comm="updatedb" name="setroubleshoot" dev=dm-0 ino=14469478 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setroubleshoot_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.513:1860): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13a5 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.513:1860): path="/var/run/setroubleshoot"
+type=AVC msg=audit(1162976833.517:1861): avc: denied { getattr } for pid=23436 comm="updatedb" name="sudo" dev=dm-0 ino=14437043 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pam_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.517:1861): arch=40000003 syscall=196 success=yes exit=0 a0=8ff15b9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.517:1861): path="/var/run/sudo"
+type=AVC msg=audit(1162976833.517:1862): avc: denied { search } for pid=23436 comm="updatedb" name="sudo" dev=dm-0 ino=14437043 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pam_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.517:1862): arch=40000003 syscall=12 success=yes exit=0 a0=8ff15b9 a1=bfbaf904 a2=bfbb1bb0 a3=8ff15b9 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.517:1863): avc: denied { getattr } for pid=23436 comm="updatedb" name="kmacmill" dev=dm-0 ino=14437414 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:pam_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.517:1863): arch=40000003 syscall=196 success=yes exit=0 a0=8ff171d a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.517:1863): path="/var/run/sudo/kmacmill"
+type=AVC msg=audit(1162976833.517:1864): avc: denied { search } for pid=23436 comm="updatedb" name="sudo" dev=dm-0 ino=14437043 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:pam_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1162976833.517:1864): avc: denied { getattr } for pid=23436 comm="updatedb" name="root" dev=dm-0 ino=14534873 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:pam_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.517:1864): arch=40000003 syscall=196 success=yes exit=0 a0=8ff172d a1=bfbad734 a2=239ff4 a3=bfbad734 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.517:1864): path="/var/run/sudo/root"
+type=AVC msg=audit(1162976833.545:1865): avc: denied { getattr } for pid=23436 comm="updatedb" name="xend" dev=dm-0 ino=14534871 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.545:1865): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13e9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.545:1865): path="/var/run/xend"
+type=AVC msg=audit(1162976833.557:1866): avc: denied { getattr } for pid=23436 comm="updatedb" name="xenstored" dev=dm-0 ino=14534835 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xenstored_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.557:1866): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1569 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.557:1866): path="/var/run/xenstored"
+type=AVC msg=audit(1162976833.581:1867): avc: denied { getattr } for pid=23436 comm="updatedb" name="clientmqueue" dev=dm-0 ino=14437075 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1867): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13ad a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.581:1867): path="/var/spool/clientmqueue"
+type=AVC msg=audit(1162976833.581:1868): avc: denied { search } for pid=23436 comm="updatedb" name="clientmqueue" dev=dm-0 ino=14437075 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1868): arch=40000003 syscall=12 success=yes exit=0 a0=8ff13ad a1=bfbaf904 a2=bfbb1bb0 a3=8ff13ad items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.581:1869): avc: denied { read } for pid=23436 comm="updatedb" name="clientmqueue" dev=dm-0 ino=14437075 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mqueue_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1869): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=18800 a2=bfbaf7cc a3=8ff6248 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.581:1870): avc: denied { getattr } for pid=23436 comm="updatedb" name="lpd" dev=dm-0 ino=14436618 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1870): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13d9 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.581:1870): path="/var/spool/lpd"
+type=AVC msg=audit(1162976833.581:1871): avc: denied { getattr } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607589 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:news_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1871): arch=40000003 syscall=196 success=yes exit=0 a0=8ff13fd a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.581:1871): path="/var/spool/news"
+type=AVC msg=audit(1162976833.581:1872): avc: denied { search } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607589 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:news_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.581:1872): arch=40000003 syscall=12 success=yes exit=0 a0=8ff13fd a1=bfbaf904 a2=bfbb1bb0 a3=8ff13fd items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.605:1873): avc: denied { read } for pid=23436 comm="updatedb" name="news" dev=dm-0 ino=14607589 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:news_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.605:1873): arch=40000003 syscall=5 success=yes exit=9 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.605:1874): avc: denied { getattr } for pid=23436 comm="updatedb" name="c" dev=dm-0 ino=14607609 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:news_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.605:1874): arch=40000003 syscall=196 success=yes exit=0 a0=8ff14a5 a1=bfbab564 a2=239ff4 a3=bfbab564 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.605:1874): path="/var/spool/news/overview/c"
+type=AVC msg=audit(1162976833.605:1875): avc: denied { search } for pid=23436 comm="updatedb" name="c" dev=dm-0 ino=14607609 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:news_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.605:1875): arch=40000003 syscall=12 success=yes exit=0 a0=8ff14a5 a1=8000 a2=bfbad810 a3=8ff14a5 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.621:1876): avc: denied { search } for pid=23436 comm="updatedb" name="www" dev=dm-0 ino=14436677 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.621:1876): arch=40000003 syscall=12 success=yes exit=0 a0=8ff1375 a1=bfbb1ad4 a2=bfbb3d80 a3=8ff1375 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.621:1877): avc: denied { getattr } for pid=23436 comm="updatedb" name="cgi-bin" dev=dm-0 ino=14436678 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.621:1877): arch=40000003 syscall=196 success=yes exit=0 a0=8ff1395 a1=bfbaf904 a2=239ff4 a3=bfbaf904 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.621:1877): path="/var/www/cgi-bin"
+type=AVC msg=audit(1162976833.641:1878): avc: denied { read } for pid=23436 comm="updatedb" name="www" dev=dm-0 ino=14436677 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.641:1878): arch=40000003 syscall=5 success=yes exit=8 a0=804dc02 a1=8000 a2=0 a3=8000 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.685:1879): avc: denied { getattr } for pid=23436 comm="updatedb" name="yp" dev=dm-0 ino=14436620 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976833.685:1879): arch=40000003 syscall=196 success=yes exit=0 a0=8ff138d a1=bfbb1ad4 a2=239ff4 a3=bfbb1ad4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.685:1879): path="/var/yp"
+type=AVC msg=audit(1162976833.713:1880): avc: denied { setattr } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.713:1880): arch=40000003 syscall=212 success=yes exit=0 a0=8ff0fa0 a1=ffffffff a2=15 a3=23b8f4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.713:1881): avc: denied { fsetid } for pid=23436 comm="updatedb" capability=4 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=capability
+type=SYSCALL msg=audit(1162976833.713:1881): arch=40000003 syscall=15 success=yes exit=0 a0=8ff0fa0 a1=1a0 a2=804f699 a3=23b8f4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.713:1882): avc: denied { remove_name } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162976833.713:1882): avc: denied { rename } for pid=23436 comm="updatedb" name="mlocate.db.DwVvuL" dev=dm-0 ino=14437015 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=AVC msg=audit(1162976833.713:1882): avc: denied { unlink } for pid=23436 comm="updatedb" name="mlocate.db" dev=dm-0 ino=14438247 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locate_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.713:1882): arch=40000003 syscall=38 success=yes exit=0 a0=8ff0fa0 a1=804d345 a2=804f699 a3=23b8f4 items=0 ppid=23431 pid=23436 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.725:1883): avc: denied { execute } for pid=22863 comm="run-parts" name="prelink" dev=dm-0 ino=9330616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.725:1883): arch=40000003 syscall=33 success=yes exit=0 a0=94a18b0 a1=1 a2=1 a3=94a1c30 items=0 ppid=22862 pid=22863 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.725:1884): avc: denied { getattr } for pid=23442 comm="run-parts" name="gawk" dev=dm-0 ino=13683707 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.725:1884): arch=40000003 syscall=195 success=yes exit=0 a0=94a23b8 a1=bf9d8330 a2=239ff4 a3=94a23b8 items=0 ppid=22863 pid=23442 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.725:1884): path="/bin/gawk"
+type=AVC msg=audit(1162976833.725:1885): avc: denied { execute } for pid=23442 comm="run-parts" name="gawk" dev=dm-0 ino=13683707 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.725:1885): arch=40000003 syscall=33 success=yes exit=0 a0=94a23b8 a1=1 a2=11 a3=94a23b8 items=0 ppid=22863 pid=23442 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.725:1886): avc: denied { read } for pid=23442 comm="run-parts" name="gawk" dev=dm-0 ino=13683707 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.725:1886): arch=40000003 syscall=33 success=yes exit=0 a0=94a23b8 a1=4 a2=ffffffff a3=94a23b8 items=0 ppid=22863 pid=23442 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.725:1887): avc: denied { execute_no_trans } for pid=23442 comm="run-parts" name="gawk" dev=dm-0 ino=13683707 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1162976833.725:1888): avc: denied { execute_no_trans } for pid=23441 comm="run-parts" name="prelink" dev=dm-0 ino=9330616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.725:1887): arch=40000003 syscall=11 success=yes exit=0 a0=94a23b8 a1=94a1d40 a2=94a2098 a3=94a1be0 items=0 ppid=22863 pid=23442 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.725:1887): path="/bin/gawk"
+type=SYSCALL msg=audit(1162976833.725:1888): arch=40000003 syscall=11 success=yes exit=0 a0=94a18f0 a1=94a2238 a2=94a2098 a3=94a0838 items=0 ppid=22863 pid=23441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.725:1888): path="/etc/cron.daily/prelink"
+type=AVC msg=audit(1162976833.757:1889): avc: denied { getattr } for pid=23441 comm="prelink" name="prelink.cache" dev=dm-0 ino=9330746 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.757:1889): arch=40000003 syscall=195 success=yes exit=0 a0=95fc7d0 a1=bfe51338 a2=239ff4 a3=95fc880 items=0 ppid=22863 pid=23441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.757:1889): path="/etc/prelink.cache"
+type=AVC msg=audit(1162976833.777:1890): avc: denied { read } for pid=23444 comm="grep" name="prelink.cache" dev=dm-0 ino=9330746 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.777:1890): arch=40000003 syscall=5 success=yes exit=3 a0=bfeedf68 a1=8000 a2=0 a3=8000 items=0 ppid=23441 pid=23444 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="grep" exe="/bin/grep" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976833.889:1891): avc: denied { getattr } for pid=23446 comm="find" name="prelink.full" dev=dm-0 ino=14437327 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.889:1891): arch=40000003 syscall=196 success=yes exit=0 a0=bf898f5b a1=bf896b48 a2=2e8ff4 a3=bf898f5b items=0 ppid=23445 pid=23446 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="find" exe="/usr/bin/find" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.889:1891): path="/var/lib/misc/prelink.full"
+type=AVC msg=audit(1162976833.909:1892): avc: denied { search } for pid=23441 comm="prelink" name="rpm" dev=dm-0 ino=14436579 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1162976833.909:1892): avc: denied { getattr } for pid=23441 comm="prelink" name="Packages" dev=dm-0 ino=14437071 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.909:1892): arch=40000003 syscall=195 success=yes exit=0 a0=95fc9a8 a1=bfe50de8 a2=239ff4 a3=95fcc50 items=0 ppid=22863 pid=23441 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="prelink" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.909:1892): path="/var/lib/rpm/Packages"
+type=AVC msg=audit(1162976833.909:1893): avc: denied { execute } for pid=23451 comm="rpm" name="rpm" dev=dm-0 ino=13683834 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976833.909:1893): avc: denied { execute_no_trans } for pid=23451 comm="rpm" name="rpm" dev=dm-0 ino=13683834 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=AVC msg=audit(1162976833.909:1893): avc: denied { read } for pid=23451 comm="rpm" name="rpm" dev=dm-0 ino=13683834 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976833.909:1893): arch=40000003 syscall=11 success=yes exit=0 a0=986a9a8 a1=986aa08 a2=986a720 a3=986a598 items=0 ppid=23449 pid=23451 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpm" exe="/bin/rpm" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976833.909:1893): path="/bin/rpm"
+type=AVC_PATH msg=audit(1162976833.909:1893): path="/bin/rpm"
+type=AVC msg=audit(1162976834.145:1894): avc: denied { write } for pid=23451 comm="rpmq" name="rpm" dev=dm-0 ino=14436579 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976834.145:1894): arch=40000003 syscall=33 success=yes exit=0 a0=8c24810 a1=2 a2=9deb44 a3=0 items=0 ppid=23449 pid=23451 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpmq" exe="/usr/lib/rpm/rpmq" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976834.149:1895): avc: denied { read write } for pid=23451 comm="rpmq" name="__db.001" dev=dm-0 ino=14436585 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976834.149:1895): arch=40000003 syscall=5 success=yes exit=3 a0=8c24b50 a1=8002 a2=0 a3=8002 items=0 ppid=23449 pid=23451 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpmq" exe="/usr/lib/rpm/rpmq" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976834.149:1896): avc: denied { lock } for pid=23451 comm="rpmq" name="Packages" dev=dm-0 ino=14437071 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976834.149:1896): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=d a2=bfb2a58c a3=bfb2a58c items=0 ppid=23449 pid=23451 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpmq" exe="/usr/lib/rpm/rpmq" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976834.149:1896): path="/var/lib/rpm/Packages"
+type=AVC msg=audit(1162976851.122:1897): avc: denied { getattr } for pid=23456 comm="tmpwatch" name="ls-R" dev=dm-0 ino=14731502 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tetex_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.122:1897): arch=40000003 syscall=196 success=yes exit=0 a0=949304f a1=bfc98630 a2=34eff4 a3=0 items=0 ppid=23454 pid=23456 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.122:1897): path="/var/lib/texmf/ls-R"
+type=AVC msg=audit(1162976851.150:1898): avc: denied { setattr } for pid=23456 comm="tmpwatch" name="ec" dev=dm-0 ino=14731255 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tetex_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.150:1898): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfc98300 a2=0 a3=0 items=0 ppid=23454 pid=23456 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.174:1899): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".X11-unix" dev=dm-0 ino=14567593 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.174:1899): arch=40000003 syscall=196 success=yes exit=0 a0=bfb4a7a7 a1=bfb4a6f8 a2=239ff4 a3=bfb4bf0c items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.174:1899): path="/tmp/.X11-unix"
+type=AVC msg=audit(1162976851.174:1900): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".font-unix" dev=dm-0 ino=14567591 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xfs_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.174:1900): arch=40000003 syscall=196 success=yes exit=0 a0=bfb4a7a7 a1=bfb4a6f8 a2=239ff4 a3=bfb4bf30 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.174:1900): path="/tmp/.font-unix"
+type=AVC msg=audit(1162976851.174:1901): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.174:1901): arch=40000003 syscall=196 success=yes exit=0 a0=bfb4a7a7 a1=bfb4a6f8 a2=239ff4 a3=bfb4bf43 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.174:1901): path="/tmp/.ICE-unix"
+type=AVC msg=audit(1162976851.174:1902): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="mapping-kmacmill" dev=dm-0 ino=14469334 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162976851.174:1902): arch=40000003 syscall=196 success=yes exit=0 a0=9ce415f a1=bfb4b740 a2=239ff4 a3=9ce4058 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.174:1902): path="/tmp/mapping-kmacmill"
+type=AVC msg=audit(1162976851.174:1903): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="sealert.log" dev=dm-0 ino=14469458 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.174:1903): arch=40000003 syscall=196 success=yes exit=0 a0=9ce4187 a1=bfb4b740 a2=239ff4 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.174:1903): path="/tmp/sealert.log"
+type=AVC msg=audit(1162976851.178:1904): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".gdm_socket" dev=dm-0 ino=14469317 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162976851.178:1904): arch=40000003 syscall=196 success=yes exit=0 a0=9ce41a7 a1=bfb4b740 a2=239ff4 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.178:1904): path="/tmp/.gdm_socket"
+type=AVC msg=audit(1162976851.178:1905): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.178:1905): arch=40000003 syscall=196 success=yes exit=0 a0=9ce41c7 a1=bfb4b740 a2=239ff4 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.178:1905): path="/tmp/gconfd-kmacmill"
+type=AVC msg=audit(1162976851.178:1906): avc: denied { search } for pid=23459 comm="tmpwatch" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.178:1906): arch=40000003 syscall=12 success=yes exit=0 a0=9ce41c7 a1=bfb4b4e8 a2=fd00 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.178:1907): avc: denied { read } for pid=23459 comm="tmpwatch" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.178:1907): arch=40000003 syscall=5 success=yes exit=6 a0=804abea a1=18800 a2=fd00 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.218:1908): avc: denied { setattr } for pid=23459 comm="tmpwatch" name="lock" dev=dm-0 ino=15648168 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162976851.218:1908): avc: denied { fowner } for pid=23459 comm="tmpwatch" capability=3 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=capability
+type=SYSCALL msg=audit(1162976851.218:1908): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfb4b540 a2=0 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.218:1909): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.218:1909): arch=40000003 syscall=196 success=yes exit=0 a0=9ce422f a1=bfb4b740 a2=239ff4 a3=9ce4080 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.218:1909): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162976851.218:1910): avc: denied { getattr } for pid=23459 comm="tmpwatch" name=".X0-lock" dev=dm-0 ino=14469318 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_xserver_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.218:1910): arch=40000003 syscall=196 success=yes exit=0 a0=9ce424f a1=bfb4b740 a2=239ff4 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.218:1910): path="/tmp/.X0-lock"
+type=AVC msg=audit(1162976851.238:1911): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="Fortress-WP.pdf" dev=dm-0 ino=14469396 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.238:1911): arch=40000003 syscall=196 success=yes exit=0 a0=9ce4287 a1=bfb4b740 a2=239ff4 a3=9ce5178 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.238:1911): path="/tmp/Fortress-WP.pdf"
+type=AVC msg=audit(1162976851.238:1912): avc: denied { rmdir } for pid=23459 comm="tmpwatch" name="orbit-kmacmill" dev=dm-0 ino=14567713 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.238:1912): arch=40000003 syscall=40 success=no exit=-39 a0=9ce42af a1=9ce40d0 a2=bfb4b780 a3=9ce5158 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.246:1913): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="ssh-OhlJzg2965" dev=dm-0 ino=14567711 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_ssh_agent_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.246:1913): arch=40000003 syscall=196 success=yes exit=0 a0=9ce42ff a1=bfb4b740 a2=239ff4 a3=9ce5178 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.246:1913): path="/tmp/ssh-OhlJzg2965"
+type=AVC msg=audit(1162976851.246:1914): avc: denied { search } for pid=23459 comm="tmpwatch" name="ssh-OhlJzg2965" dev=dm-0 ino=14567711 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_ssh_agent_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.246:1914): arch=40000003 syscall=12 success=yes exit=0 a0=9ce42ff a1=bfb4b4e8 a2=fd00 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.246:1915): avc: denied { read } for pid=23459 comm="tmpwatch" name="ssh-OhlJzg2965" dev=dm-0 ino=14567711 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_ssh_agent_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.246:1915): arch=40000003 syscall=5 success=yes exit=6 a0=804abea a1=18800 a2=fd00 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.250:1916): avc: denied { getattr } for pid=23459 comm="tmpwatch" name="agent.2965" dev=dm-0 ino=14567712 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_ssh_agent_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162976851.250:1916): arch=40000003 syscall=196 success=yes exit=0 a0=9ce57af a1=bfb4b610 a2=239ff4 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.250:1916): path="/tmp/ssh-OhlJzg2965/agent.2965"
+type=AVC msg=audit(1162976851.250:1917): avc: denied { setattr } for pid=23459 comm="tmpwatch" name="ssh-OhlJzg2965" dev=dm-0 ino=14567711 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_ssh_agent_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.250:1917): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfb4b670 a2=0 a3=0 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.258:1918): avc: denied { setattr } for pid=23459 comm="tmpwatch" name="tmp" dev=dm-0 ino=14469313 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.258:1918): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfb4b7a0 a2=0 a3=9ce5190 items=0 ppid=23457 pid=23459 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.274:1919): avc: denied { setattr } for pid=23460 comm="tmpwatch" name="favicons" dev=dm-0 ino=14699100 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.274:1919): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfa87500 a2=0 a3=0 items=0 ppid=23457 pid=23460 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162976851.274:1920): avc: denied { getattr } for pid=23460 comm="tmpwatch" name="ksycocastamp" dev=dm-0 ino=14469416 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=user_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162976851.274:1920): arch=40000003 syscall=196 success=yes exit=0 a0=84df6d7 a1=bfa875d0 a2=292ff4 a3=84df0b0 items=0 ppid=23457 pid=23460 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162976851.274:1920): path="/var/tmp/kdecache-kmacmill/ksycocastamp"
+type=AVC msg=audit(1162976851.538:1921): avc: denied { setattr } for pid=23461 comm="tmpwatch" name="cat1" dev=dm-0 ino=14436644 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162976851.538:1921): arch=40000003 syscall=30 success=yes exit=0 a0=804abea a1=bfc9f960 a2=0 a3=0 items=0 ppid=23457 pid=23461 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162976851.570:1922): user pid=22862 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162976851.570:1923): user pid=22862 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162977001.591:1924): user pid=23495 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162977001.591:1925): login pid=23495 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162977001.591:1926): user pid=23495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162977001.591:1927): user pid=23495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162977001.595:1928): avc: denied { execute } for pid=23496 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162977001.595:1928): avc: denied { execute_no_trans } for pid=23496 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162977001.595:1928): arch=40000003 syscall=11 success=yes exit=0 a0=89241b0 a1=8924358 a2=8924290 a3=8924008 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162977001.595:1928): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162977001.599:1929): avc: denied { search } for pid=23496 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162977001.599:1929): avc: denied { read } for pid=23496 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162977001.599:1929): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9c46800 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162977001.599:1930): avc: denied { getattr } for pid=23496 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162977001.599:1930): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8799a8 a2=278ff4 a3=9c46800 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162977001.599:1930): path="/proc/net/dev"
+type=AVC msg=audit(1162977001.599:1931): avc: denied { read } for pid=23496 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162977001.599:1931): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9c46d60 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162977001.599:1932): avc: denied { getattr } for pid=23496 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162977001.599:1932): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf879804 a2=278ff4 a3=9c46d60 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162977001.599:1932): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162977001.599:1933): avc: denied { search } for pid=23496 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162977001.599:1933): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9c46d60 items=0 ppid=23495 pid=23496 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162977001.623:1934): user pid=23495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162977001.623:1935): user pid=23495 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162977601.689:1936): user pid=23513 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162977601.689:1937): login pid=23513 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162977601.689:1938): user pid=23513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162977601.689:1939): user pid=23513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162977601.701:1940): user pid=23513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162977601.701:1941): user pid=23513 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162978201.754:1942): user pid=23533 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162978201.754:1943): login pid=23533 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162978201.754:1944): user pid=23533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162978201.754:1945): user pid=23533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162978201.770:1946): user pid=23533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162978201.770:1947): user pid=23533 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162978801.836:1948): user pid=23551 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162978801.836:1949): login pid=23551 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162978801.836:1950): user pid=23551 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162978801.836:1951): user pid=23551 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162978801.840:1952): avc: denied { execute } for pid=23552 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162978801.840:1952): avc: denied { execute_no_trans } for pid=23552 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162978801.840:1952): avc: denied { read } for pid=23552 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162978801.840:1952): arch=40000003 syscall=11 success=yes exit=0 a0=90d1d48 a1=90d1740 a2=90d1d60 a3=90d1740 items=0 ppid=23551 pid=23552 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162978801.840:1952): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162978801.840:1952): path="/usr/lib/sa/sadc"
+type=CRED_DISP msg=audit(1162978801.876:1953): user pid=23551 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162978801.876:1954): user pid=23551 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162979401.933:1955): user pid=23569 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162979401.933:1956): login pid=23569 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162979401.937:1957): user pid=23569 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162979401.937:1958): user pid=23569 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162979401.949:1959): user pid=23569 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162979401.949:1960): user pid=23569 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162980001.018:1961): user pid=23587 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162980001.018:1962): login pid=23587 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162980001.018:1963): user pid=23587 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162980001.018:1964): user pid=23587 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162980001.030:1965): user pid=23587 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162980001.030:1966): user pid=23587 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162980061.046:1967): user pid=23590 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162980061.046:1968): login pid=23590 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162980061.046:1969): user pid=23590 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162980061.046:1970): user pid=23590 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162980061.050:1971): avc: denied { ioctl } for pid=23591 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162980061.050:1971): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfe5b938 a3=bfe5b978 items=0 ppid=23590 pid=23591 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162980061.050:1971): path="/usr/bin/run-parts"
+type=AVC msg=audit(1162980061.054:1972): avc: denied { execute } for pid=23594 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162980061.054:1972): avc: denied { execute_no_trans } for pid=23594 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162980061.054:1972): avc: denied { read } for pid=23594 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162980061.054:1972): arch=40000003 syscall=11 success=yes exit=0 a0=9765678 a1=9765808 a2=9765720 a3=9765508 items=0 ppid=23592 pid=23594 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162980061.054:1972): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162980061.054:1972): path="/sbin/chkconfig"
+type=CRED_DISP msg=audit(1162980061.066:1973): user pid=23590 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162980061.066:1974): user pid=23590 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162980601.120:1975): user pid=23615 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162980601.120:1976): login pid=23615 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162980601.124:1977): user pid=23615 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162980601.124:1978): user pid=23615 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162980601.136:1979): user pid=23615 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162980601.136:1980): user pid=23615 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162981201.205:1981): user pid=23633 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162981201.205:1982): login pid=23633 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162981201.205:1983): user pid=23633 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162981201.205:1984): user pid=23633 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162981201.221:1985): user pid=23633 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162981201.221:1986): user pid=23633 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162981801.291:1987): user pid=23653 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162981801.291:1988): login pid=23653 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162981801.291:1989): user pid=23653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162981801.291:1990): user pid=23653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162981801.303:1991): user pid=23653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162981801.303:1992): user pid=23653 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162982401.364:1993): user pid=23676 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162982401.364:1994): login pid=23676 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162982401.364:1995): user pid=23676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162982401.364:1996): user pid=23676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162982401.372:1997): avc: denied { read append } for pid=23677 comm="sadc" name="sa08" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162982401.372:1997): arch=40000003 syscall=5 success=yes exit=3 a0=bfa55f24 a1=402 a2=bfa560e8 a3=bfa55e20 items=0 ppid=23676 pid=23677 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162982401.372:1998): avc: denied { lock } for pid=23677 comm="sadc" name="sa08" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162982401.372:1998): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfa55e20 a3=3 items=0 ppid=23676 pid=23677 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162982401.372:1998): path="/var/log/sa/sa08"
+type=CRED_DISP msg=audit(1162982401.396:1999): user pid=23676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162982401.396:2000): user pid=23676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162983001.462:2001): user pid=23694 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162983001.462:2002): login pid=23694 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162983001.462:2003): user pid=23694 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162983001.462:2004): user pid=23694 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162983001.474:2005): user pid=23694 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162983001.474:2006): user pid=23694 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162983601.531:2007): user pid=23712 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162983601.531:2008): login pid=23712 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162983601.531:2009): user pid=23712 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162983601.531:2010): user pid=23712 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162983601.547:2011): user pid=23712 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162983601.547:2012): user pid=23712 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162983661.559:2013): user pid=23715 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162983661.559:2014): login pid=23715 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162983661.559:2015): user pid=23715 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162983661.559:2016): user pid=23715 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162983661.579:2017): user pid=23715 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162983661.579:2018): user pid=23715 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162984201.641:2019): user pid=23740 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162984201.641:2020): login pid=23740 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162984201.641:2021): user pid=23740 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162984201.641:2022): user pid=23740 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162984201.669:2023): user pid=23740 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162984201.669:2024): user pid=23740 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162984801.726:2025): user pid=23758 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162984801.726:2026): login pid=23758 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162984801.730:2027): user pid=23758 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162984801.730:2028): user pid=23758 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162984801.746:2029): user pid=23758 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162984801.746:2030): user pid=23758 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162985401.812:2031): user pid=23778 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162985401.812:2032): login pid=23778 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162985401.812:2033): user pid=23778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162985401.812:2034): user pid=23778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162985401.824:2035): user pid=23778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162985401.828:2036): user pid=23778 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162986001.889:2037): user pid=23796 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162986001.893:2038): login pid=23796 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162986001.893:2039): user pid=23796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162986001.893:2040): user pid=23796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162986001.905:2041): user pid=23796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162986001.905:2042): user pid=23796 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162986601.975:2043): user pid=23814 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162986601.975:2044): login pid=23814 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162986601.975:2045): user pid=23814 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162986601.975:2046): user pid=23814 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162986602.023:2047): user pid=23814 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162986602.023:2048): user pid=23814 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162987201.096:2049): user pid=23832 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162987201.096:2050): login pid=23832 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162987201.096:2051): user pid=23832 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162987201.096:2052): user pid=23832 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162987201.108:2053): user pid=23832 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162987201.112:2054): user pid=23832 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162987261.120:2055): user pid=23835 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162987261.124:2056): login pid=23835 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162987261.124:2057): user pid=23835 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162987261.124:2058): user pid=23835 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162987261.140:2059): user pid=23835 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162987261.140:2060): user pid=23835 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162987801.198:2061): user pid=23860 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162987801.198:2062): login pid=23860 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162987801.198:2063): user pid=23860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162987801.198:2064): user pid=23860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162987801.214:2065): user pid=23860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162987801.214:2066): user pid=23860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162988401.283:2067): user pid=23878 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162988401.283:2068): login pid=23878 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162988401.283:2069): user pid=23878 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162988401.283:2070): user pid=23878 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162988401.303:2071): user pid=23878 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162988401.303:2072): user pid=23878 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162989001.365:2073): user pid=23898 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162989001.365:2074): login pid=23898 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162989001.365:2075): user pid=23898 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162989001.365:2076): user pid=23898 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162989001.381:2077): user pid=23898 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162989001.381:2078): user pid=23898 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162989601.454:2079): user pid=23916 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162989601.454:2080): login pid=23916 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162989601.454:2081): user pid=23916 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162989601.454:2082): user pid=23916 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162989601.478:2083): user pid=23916 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162989601.478:2084): user pid=23916 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162990201.536:2085): user pid=23934 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162990201.536:2086): login pid=23934 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162990201.540:2087): user pid=23934 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162990201.540:2088): user pid=23934 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162990201.552:2089): user pid=23934 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162990201.552:2090): user pid=23934 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162990801.613:2091): user pid=23952 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162990801.613:2092): login pid=23952 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162990801.613:2093): user pid=23952 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162990801.613:2094): user pid=23952 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162990801.625:2095): user pid=23952 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162990801.625:2096): user pid=23952 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162990861.641:2097): user pid=23955 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162990861.641:2098): login pid=23955 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162990861.641:2099): user pid=23955 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162990861.641:2100): user pid=23955 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162990861.661:2101): user pid=23955 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162990861.661:2102): user pid=23955 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162991401.715:2103): user pid=23980 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162991401.719:2104): login pid=23980 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162991401.719:2105): user pid=23980 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162991401.719:2106): user pid=23980 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162991401.735:2107): user pid=23980 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162991401.735:2108): user pid=23980 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162992001.804:2109): user pid=23998 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162992001.804:2110): login pid=23998 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162992001.804:2111): user pid=23998 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162992001.804:2112): user pid=23998 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162992001.820:2113): user pid=23998 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162992001.820:2114): user pid=23998 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162992601.890:2115): user pid=24018 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162992601.890:2116): login pid=24018 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162992601.890:2117): user pid=24018 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162992601.890:2118): user pid=24018 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162992601.902:2119): user pid=24018 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162992601.902:2120): user pid=24018 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162993201.963:2121): user pid=24036 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162993201.963:2122): login pid=24036 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162993201.963:2123): user pid=24036 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162993201.963:2124): user pid=24036 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162993201.979:2125): user pid=24036 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162993201.979:2126): user pid=24036 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162993801.053:2127): user pid=24054 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162993801.053:2128): login pid=24054 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162993801.053:2129): user pid=24054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162993801.053:2130): user pid=24054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162993801.065:2131): user pid=24054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162993801.065:2132): user pid=24054 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162994401.130:2133): user pid=24072 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162994401.130:2134): login pid=24072 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162994401.130:2135): user pid=24072 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162994401.130:2136): user pid=24072 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162994401.142:2137): user pid=24072 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162994401.142:2138): user pid=24072 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162994461.154:2139): user pid=24075 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162994461.154:2140): login pid=24075 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162994461.154:2141): user pid=24075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162994461.158:2142): user pid=24075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162994461.174:2143): user pid=24075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162994461.174:2144): user pid=24075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162994955.017:2145): avc: denied { read } for pid=24099 comm="nm-vpnc-auth-di" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994955.017:2145): arch=40000003 syscall=33 success=yes exit=0 a0=bfedde46 a1=4 a2=de7a64 a3=bfedde46 items=0 ppid=3098 pid=24099 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162994955.161:2146): avc: denied { write } for pid=24099 comm="nm-vpnc-auth-di" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162994955.161:2146): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfedc6a0 a2=39b770 a3=15 items=0 ppid=3098 pid=24099 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162994957.397:2147): avc: denied { read write } for pid=24121 comm="notification-da" name="[11958]" dev=sockfs ino=11958 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1162994957.397:2147): arch=40000003 syscall=11 success=yes exit=0 a0=8eeae78 a1=8ef9188 a2=8eee770 a3=14 items=0 ppid=24120 pid=24121 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="notification-da" exe="/usr/libexec/notification-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162994957.397:2147): path="socket:[11958]"
+type=AVC msg=audit(1162994957.481:2148): avc: denied { read } for pid=24121 comm="notification-da" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994957.481:2148): arch=40000003 syscall=33 success=yes exit=0 a0=bfce6e98 a1=4 a2=de7a64 a3=bfce6e98 items=0 ppid=24120 pid=24121 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="notification-da" exe="/usr/libexec/notification-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162994960.305:2149): avc: denied { read } for pid=24124 comm="xchat" name="resolv.conf" dev=dm-0 ino=9334542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994960.305:2149): arch=40000003 syscall=5 success=yes exit=9 a0=221d13 a1=0 a2=1b6 a3=8737c68 items=0 ppid=24123 pid=24124 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xchat" exe="/usr/bin/xchat" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162994962.137:2150): avc: denied { search } for pid=24127 comm="evolution" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162994962.137:2150): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfcb0af8 a2=239ff4 a3=3 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994962.141:2151): avc: denied { read } for pid=24127 comm="evolution" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994962.141:2151): arch=40000003 syscall=33 success=yes exit=0 a0=bfcb2dff a1=4 a2=de7a64 a3=bfcb2dff items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994962.141:2152): avc: denied { getattr } for pid=24127 comm="evolution" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994962.141:2152): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfcb0a2c a2=239ff4 a3=8796730 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162994962.141:2152): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162994962.149:2153): avc: denied { search } for pid=24127 comm="evolution" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162994962.149:2153): avc: denied { write } for pid=24127 comm="evolution" name="2965" dev=dm-0 ino=14567716 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1162994962.149:2153): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcb0b30 a2=39b770 a3=15 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994962.149:2154): avc: denied { read } for pid=24127 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994962.149:2154): arch=40000003 syscall=33 success=yes exit=0 a0=87ac218 a1=4 a2=39b770 a3=87ac218 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994962.149:2155): avc: denied { getattr } for pid=24127 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6570930 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:object_r:staff_iceauth_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162994962.149:2155): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bfcb0bcc a2=239ff4 a3=87acaf8 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162994962.149:2155): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1162994963.042:2156): avc: denied { sigkill } for pid=24127 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=process
+type=SYSCALL msg=audit(1162994963.042:2156): arch=40000003 syscall=37 success=yes exit=0 a0=5e41 a1=9 a2=4b077b8 a3=5e41 items=0 ppid=1 pid=24127 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_AVC msg=audit(1162994964.146:2157): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=24127 tpid=2771 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1162994964.146:2158): user pid=2324 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.34 spid=2771 tpid=24127 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1162994964.190:2159): avc: denied { create } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162994964.190:2159): arch=40000003 syscall=102 success=yes exit=35 a0=1 a1=b219f274 a2=239ff4 a3=5d56d7f items=0 ppid=1 pid=24135 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994964.190:2160): avc: denied { bind } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162994964.190:2160): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b219f274 a2=239ff4 a3=23 items=0 ppid=1 pid=24135 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994964.190:2161): avc: denied { getattr } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162994964.190:2161): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b219f274 a2=239ff4 a3=23 items=0 ppid=1 pid=24135 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994964.190:2162): avc: denied { write } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1162994964.190:2162): avc: denied { nlmsg_read } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162994964.190:2162): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b219e1b4 a2=239ff4 a3=0 items=0 ppid=1 pid=24135 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162994964.190:2163): avc: denied { read } for pid=24135 comm="evolution" scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=staff_u:staff_r:staff_evolution_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1162994964.190:2163): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b219e1b4 a2=239ff4 a3=0 items=0 ppid=1 pid=24135 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162995001.236:2164): user pid=24158 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162995001.236:2165): login pid=24158 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162995001.236:2166): user pid=24158 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162995001.236:2167): user pid=24158 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162995001.240:2168): avc: denied { execute } for pid=24159 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1162995001.240:2168): avc: denied { execute_no_trans } for pid=24159 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995001.240:2168): arch=40000003 syscall=11 success=yes exit=0 a0=8ecb1b0 a1=8ecb358 a2=8ecb290 a3=8ecb008 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162995001.240:2168): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1162995001.244:2169): avc: denied { search } for pid=24159 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1162995001.244:2169): avc: denied { read } for pid=24159 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995001.244:2169): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8e26800 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162995001.244:2170): avc: denied { getattr } for pid=24159 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995001.244:2170): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff14838 a2=239ff4 a3=8e26800 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162995001.244:2170): path="/proc/net/dev"
+type=AVC msg=audit(1162995001.244:2171): avc: denied { search } for pid=24159 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1162995001.244:2171): avc: denied { read } for pid=24159 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995001.244:2171): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8e26df0 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162995001.244:2172): avc: denied { getattr } for pid=24159 comm="sadc" name="dentry-state" dev=proc ino=-268435227 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995001.244:2172): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff14694 a2=239ff4 a3=8e26df0 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162995001.244:2172): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1162995001.244:2173): avc: denied { search } for pid=24159 comm="sadc" name="rpc" dev=proc ino=-268434552 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162995001.244:2173): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8e26df0 items=0 ppid=24158 pid=24159 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162995001.256:2174): user pid=24158 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162995001.256:2175): user pid=24158 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162995036.438:2176): avc: denied { read } for pid=24173 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995036.438:2176): arch=40000003 syscall=33 success=yes exit=0 a0=bfb9af92 a1=4 a2=de7a64 a3=bfb9af92 items=0 ppid=24172 pid=24173 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC msg=audit(1162995036.438:2177): avc: denied { getattr } for pid=24173 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995036.438:2177): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfb993dc a2=239ff4 a3=8769ab0 items=0 ppid=24172 pid=24173 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995036.438:2177): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162995036.470:2178): avc: denied { execute } for pid=24170 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162995036.470:2178): avc: denied { execute_no_trans } for pid=24170 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1162995036.470:2178): avc: denied { read } for pid=24170 comm="firefox" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995036.470:2178): arch=40000003 syscall=11 success=yes exit=0 a0=8cf48b8 a1=8cf6920 a2=8cf7118 a3=8cf6920 items=0 ppid=1 pid=24170 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995036.470:2178): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1162995036.470:2178): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162995036.570:2179): avc: denied { getattr } for pid=24170 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=13552825 scontext=staff_u:staff_r:staff_evolution_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995036.570:2179): arch=40000003 syscall=196 success=yes exit=0 a0=bfd04428 a1=bfd03f1c a2=239ff4 a3=bfd05a05 items=0 ppid=1 pid=24170 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_evolution_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995036.570:2179): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1162995043.603:2180): avc: denied { read } for pid=24178 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995043.603:2180): arch=40000003 syscall=33 success=yes exit=0 a0=bfcf0fcb a1=4 a2=de7a64 a3=bfcf0fcb items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162995043.603:2181): avc: denied { getattr } for pid=24178 comm="firefox-bin" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995043.603:2181): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfcef08c a2=239ff4 a3=84c2140 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995043.603:2181): path="/tmp/.gdmF70UIT"
+type=AVC msg=audit(1162995146.313:2182): avc: denied { getattr } for pid=24178 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995146.313:2182): arch=40000003 syscall=196 success=yes exit=0 a0=bfcecc58 a1=bfcecbbc a2=239ff4 a3=982c840 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995146.313:2182): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1162995147.313:2183): avc: denied { read } for pid=24178 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995147.313:2183): arch=40000003 syscall=5 success=yes exit=52 a0=969da00 a1=0 a2=0 a3=969da00 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162995147.329:2184): avc: denied { execute } for pid=24178 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995147.329:2184): arch=40000003 syscall=192 success=yes exit=26243072 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162995147.329:2184): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=USER_ACCT msg=audit(1162995601.325:2185): user pid=24285 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162995601.329:2186): login pid=24285 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162995601.329:2187): user pid=24285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162995601.329:2188): user pid=24285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162995601.333:2189): avc: denied { execute } for pid=24286 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162995601.333:2189): avc: denied { execute_no_trans } for pid=24286 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1162995601.333:2189): avc: denied { read } for pid=24286 comm="sa1" name="sadc" dev=dm-0 ino=11981390 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995601.333:2189): arch=40000003 syscall=11 success=yes exit=0 a0=9d1ed48 a1=9d1e740 a2=9d1ed60 a3=9d1e740 items=0 ppid=24285 pid=24286 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162995601.333:2189): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1162995601.333:2189): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1162995601.333:2190): avc: denied { search } for pid=24286 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162995601.333:2190): arch=40000003 syscall=33 success=yes exit=0 a0=bf9b1684 a1=0 a2=bf9b1578 a3=bf9b1580 items=0 ppid=24285 pid=24286 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162995601.333:2191): avc: denied { read append } for pid=24286 comm="sadc" name="sa08" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995601.333:2191): arch=40000003 syscall=5 success=yes exit=3 a0=bf9b1684 a1=402 a2=bf9b1848 a3=bf9b1580 items=0 ppid=24285 pid=24286 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162995601.333:2192): avc: denied { lock } for pid=24286 comm="sadc" name="sa08" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995601.333:2192): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf9b1580 a3=3 items=0 ppid=24285 pid=24286 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162995601.333:2192): path="/var/log/sa/sa08"
+type=CRED_DISP msg=audit(1162995601.393:2193): user pid=24285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162995601.393:2194): user pid=24285 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162995783.573:2195): avc: denied { search } for pid=24305 comm="gpg" name="home" dev=dm-0 ino=6547201 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1162995783.573:2195): avc: denied { search } for pid=24305 comm="gpg" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162995783.573:2195): arch=40000003 syscall=33 success=no exit=-2 a0=9b409f8 a1=4 a2=ed4bbc a3=9b409c8 items=0 ppid=24127 pid=24305 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162995783.777:2196): avc: denied { search } for pid=24305 comm="gpg" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162995783.777:2196): avc: denied { read } for pid=24305 comm="gpg" name="evolution-pgp.BLRTIT" dev=dm-0 ino=14469397 scontext=staff_u:staff_r:staff_gpg_t:s0 tcontext=staff_u:object_r:staff_evolution_orbit_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162995783.777:2196): arch=40000003 syscall=5 success=yes exit=3 a0=bfcc8b1a a1=8000 a2=0 a3=8000 items=0 ppid=24127 pid=24305 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gpg" exe="/usr/bin/gpg" subj=staff_u:staff_r:staff_gpg_t:s0 key=(null)
+type=AVC msg=audit(1162996117.142:2197): avc: denied { execute } for pid=24178 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996117.142:2197): arch=40000003 syscall=192 success=yes exit=68603904 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162996117.142:2197): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162996117.154:2198): avc: denied { execstack } for pid=24178 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1162996117.154:2198): avc: denied { execmem } for pid=24178 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1162996117.154:2198): arch=40000003 syscall=125 success=yes exit=0 a0=bfcef000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162996117.198:2199): avc: denied { execmod } for pid=24178 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996117.198:2199): arch=40000003 syscall=125 success=yes exit=0 a0=416d000 a1=26f000 a2=5 a3=bfcec990 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162996117.198:2199): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1162996122.842:2200): avc: denied { search } for pid=24178 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162996122.842:2200): arch=40000003 syscall=54 success=yes exit=0 a0=43 a1=c0045002 a2=bfcef284 a3=a7b716c items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162996201.475:2201): user pid=24375 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162996201.475:2202): login pid=24375 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162996201.475:2203): user pid=24375 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162996201.475:2204): user pid=24375 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162996201.495:2205): user pid=24375 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162996201.495:2206): user pid=24375 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162996346.912:2207): avc: denied { write } for pid=24178 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162996346.912:2207): avc: denied { add_name } for pid=24178 comm="firefox-bin" name="plugtmp" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162996346.912:2207): avc: denied { create } for pid=24178 comm="firefox-bin" name="plugtmp" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162996346.912:2207): arch=40000003 syscall=39 success=yes exit=0 a0=aa846e8 a1=1c0 a2=6e44304 a3=1c0 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162996346.912:2208): avc: denied { write } for pid=24178 comm="firefox-bin" name="plugtmp" dev=dm-0 ino=14796673 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162996346.912:2208): avc: denied { add_name } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162996346.912:2208): avc: denied { create } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996346.912:2208): arch=40000003 syscall=5 success=yes exit=71 a0=9b981e0 a1=82c1 a2=180 a3=82c1 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162996346.912:2209): avc: denied { write } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" dev=dm-0 ino=14796674 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996346.912:2209): arch=40000003 syscall=5 success=yes exit=71 a0=9b981e0 a1=8241 a2=180 a3=8241 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1162996358.917:2210): avc: denied { getattr } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" dev=dm-0 ino=14796674 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996358.917:2210): arch=40000003 syscall=195 success=yes exit=0 a0=9b981e0 a1=bfcee7a0 a2=239ff4 a3=3 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162996358.917:2210): path="/tmp/plugtmp/right.rail.exclude.html"
+type=AVC msg=audit(1162996358.917:2211): avc: denied { remove_name } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" dev=dm-0 ino=14796674 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1162996358.917:2211): avc: denied { unlink } for pid=24178 comm="firefox-bin" name="right.rail.exclude.html" dev=dm-0 ino=14796674 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162996358.917:2211): arch=40000003 syscall=10 success=yes exit=0 a0=9b981e0 a1=0 a2=6e44304 a3=0 items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162996801.568:2212): user pid=24467 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162996801.568:2213): login pid=24467 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162996801.568:2214): user pid=24467 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162996801.568:2215): user pid=24467 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162996801.572:2216): avc: denied { search } for pid=24468 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162996801.572:2216): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9666800 items=0 ppid=24467 pid=24468 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1162996801.580:2217): user pid=24467 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162996801.584:2218): user pid=24467 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162997292.355:2219): avc: denied { read } for pid=24587 comm="mozilla-xremote" name=".gdmF70UIT" dev=dm-0 ino=14469320 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162997292.355:2219): arch=40000003 syscall=33 success=yes exit=0 a0=bfe5bf92 a1=4 a2=de7a64 a3=bfe5bf92 items=0 ppid=24586 pid=24587 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162997401.650:2220): user pid=24603 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162997401.650:2221): login pid=24603 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162997401.650:2222): user pid=24603 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162997401.650:2223): user pid=24603 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1162997401.666:2224): user pid=24603 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162997401.666:2225): user pid=24603 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162997573.365:2226): avc: denied { search } for pid=24178 comm="firefox-bin" name="4-1:1.1" dev=sysfs ino=972 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1162997573.365:2226): arch=40000003 syscall=54 success=yes exit=0 a0=2c a1=c0045002 a2=bfcef284 a3=a7b716c items=0 ppid=1 pid=24178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1162998001.731:2227): user pid=24671 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162998001.731:2228): login pid=24671 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162998001.731:2229): user pid=24671 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162998001.731:2230): user pid=24671 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162998001.735:2231): avc: denied { read } for pid=24672 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998001.735:2231): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=93d2800 items=0 ppid=24671 pid=24672 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162998001.735:2232): avc: denied { getattr } for pid=24672 comm="sadc" name="dev" dev=proc ino=-268435159 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998001.735:2232): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bffa50c8 a2=282ff4 a3=93d2800 items=0 ppid=24671 pid=24672 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162998001.735:2232): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1162998001.747:2233): user pid=24671 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162998001.747:2234): user pid=24671 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1162998061.751:2235): user pid=24676 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1162998061.755:2236): login pid=24676 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1162998061.755:2237): user pid=24676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1162998061.755:2238): user pid=24676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162998061.763:2239): avc: denied { execute } for pid=24680 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162998061.763:2239): avc: denied { execute_no_trans } for pid=24680 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1162998061.763:2239): avc: denied { read } for pid=24680 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984740 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998061.763:2239): arch=40000003 syscall=11 success=yes exit=0 a0=8d42678 a1=8d42808 a2=8d42720 a3=8d42508 items=0 ppid=24678 pid=24680 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162998061.763:2239): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1162998061.763:2239): path="/sbin/chkconfig"
+type=AVC msg=audit(1162998061.763:2240): avc: denied { read } for pid=24680 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998061.763:2240): arch=40000003 syscall=5 success=yes exit=3 a0=bff169e0 a1=0 a2=ffffffff a3=9184038 items=0 ppid=24678 pid=24680 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1162998061.763:2241): avc: denied { getattr } for pid=24680 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998061.763:2241): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff16950 a2=239ff4 a3=3 items=0 ppid=24678 pid=24680 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1162998061.763:2241): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1162998061.771:2242): user pid=24676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1162998061.775:2243): user pid=24676 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1162998302.314:2244): avc: denied { execute } for pid=24729 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=AVC msg=audit(1162998302.314:2244): avc: denied { execute_no_trans } for pid=24729 comm="bash" name="audit2policy" dev=dm-0 ino=13683706 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998302.314:2244): arch=40000003 syscall=11 success=yes exit=0 a0=9c21608 a1=9c26730 a2=9c23ec0 a3=9c21f40 items=0 ppid=4324 pid=24729 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="audit2policy" exe="/usr/bin/python" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162998302.314:2244): path="/home/kmacmill/projects/selinux/madison/audit2policy"
+type=AVC msg=audit(1162998522.584:2245): avc: denied { execute } for pid=4324 comm="bash" name="authconfig.py" dev=dm-0 ino=10607331 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1162998522.584:2245): arch=40000003 syscall=33 success=yes exit=0 a0=9c20ad0 a1=1 a2=11 a3=9c20ad0 items=0 ppid=4321 pid=4324 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
diff --git a/sepolgen/tests/test_data/httpd.log b/sepolgen/tests/test_data/httpd.log
new file mode 100644
index 0000000..4194a92
--- /dev/null
+++ b/sepolgen/tests/test_data/httpd.log
@@ -0,0 +1,10850 @@
+type=USER_AVC msg=audit(1163772866.369:8084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.437:8085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.449:8086): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.449:8087): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.449:8088): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8089): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8090): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8091): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8092): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8093): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.453:8094): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.457:8095): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.461:8096): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.461:8097): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.465:8098): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.469:8099): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.481:8100): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.481:8101): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.481:8102): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.481:8103): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.485:8104): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.485:8105): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.485:8106): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.485:8107): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.485:8108): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.489:8109): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.489:8110): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.493:8111): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.497:8112): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.497:8113): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.509:8114): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.509:8115): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.509:8116): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.513:8117): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.513:8118): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.513:8119): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.517:8120): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.517:8121): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.517:8122): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.517:8123): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.521:8124): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.521:8125): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.525:8126): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.525:8127): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.553:8128): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.553:8129): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.553:8130): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.557:8131): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.557:8132): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.557:8133): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.557:8134): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.561:8135): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.561:8136): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.577:8137): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.577:8138): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.577:8139): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.577:8140): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.581:8141): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.581:8142): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.585:8143): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.585:8144): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.589:8145): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.589:8146): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.589:8147): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.589:8148): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.593:8149): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.593:8150): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.593:8151): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.597:8152): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.597:8153): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.601:8154): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.605:8155): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.621:8156): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8157): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8158): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8159): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8160): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8161): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.625:8162): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.629:8163): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.629:8164): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.629:8165): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.633:8166): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.633:8167): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.633:8168): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.641:8169): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.649:8170): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.649:8171): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.653:8172): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.653:8173): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.653:8174): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.653:8175): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.653:8176): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.657:8177): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.657:8178): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.661:8179): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.661:8180): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.665:8181): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.665:8182): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.669:8183): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.681:8184): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.681:8185): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.681:8186): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.685:8187): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.685:8188): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.685:8189): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.685:8190): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.689:8191): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.689:8192): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.689:8193): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.689:8194): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.693:8195): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.697:8196): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.697:8197): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.705:8198): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.709:8199): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.709:8200): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.713:8201): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.713:8202): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.713:8203): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.713:8204): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.717:8205): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.717:8206): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.717:8207): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.721:8208): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.721:8209): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.725:8210): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.733:8211): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.741:8212): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.745:8213): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.745:8214): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.745:8215): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.745:8216): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.749:8217): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.749:8218): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.749:8219): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.749:8220): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.753:8221): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.753:8222): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.753:8223): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.757:8224): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.761:8225): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.777:8226): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.781:8227): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.781:8228): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.781:8229): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.781:8230): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.785:8231): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.785:8232): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.785:8233): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.789:8234): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.789:8235): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.789:8236): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.789:8237): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.793:8238): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.797:8239): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.809:8240): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.809:8241): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.809:8242): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.813:8243): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.813:8244): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.813:8245): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.813:8246): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.817:8247): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.817:8248): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.817:8249): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.821:8250): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.821:8251): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.825:8252): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.825:8253): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.837:8254): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.841:8255): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.841:8256): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.841:8257): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.841:8258): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.845:8259): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.845:8260): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.845:8261): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.845:8262): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.857:8263): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.857:8264): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.857:8265): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.861:8266): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.869:8267): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.869:8268): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.873:8269): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.873:8270): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.873:8271): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.873:8272): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.877:8273): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.877:8274): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.877:8275): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.877:8276): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.881:8277): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.881:8278): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.889:8279): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.889:8280): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.893:8281): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.893:8282): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.893:8283): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.901:8284): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.901:8285): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.901:8286): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.905:8287): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.905:8288): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.905:8289): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.905:8290): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.905:8291): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.909:8292): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.909:8293): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.913:8294): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.913:8295): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.929:8296): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.929:8297): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.929:8298): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.929:8299): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.929:8300): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.933:8301): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.933:8302): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.933:8303): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.937:8304): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.957:8305): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.957:8306): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.957:8307): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.961:8308): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.961:8309): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.965:8310): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.969:8311): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.969:8312): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.969:8313): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.969:8314): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.973:8315): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.973:8316): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.973:8317): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.973:8318): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.977:8319): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.977:8320): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.977:8321): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.981:8322): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.989:8323): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.997:8324): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772866.997:8325): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.001:8326): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.001:8327): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.001:8328): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.001:8329): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.005:8330): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.005:8331): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.005:8332): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.005:8333): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.005:8334): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.009:8335): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.057:8336): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.061:8337): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.073:8338): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.073:8339): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.073:8340): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8341): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8342): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8343): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8344): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8345): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.077:8346): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.081:8347): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.081:8348): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.085:8349): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.109:8350): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.117:8351): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.133:8352): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.133:8353): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.137:8354): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.137:8355): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.137:8356): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.137:8357): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.137:8358): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.141:8359): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.141:8360): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.141:8361): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.141:8362): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.145:8363): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.145:8364): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.149:8365): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.157:8366): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.157:8367): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.157:8368): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.161:8369): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.161:8370): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.161:8371): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.161:8372): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.161:8373): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.165:8374): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.165:8375): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.169:8376): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.169:8377): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.173:8378): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.173:8379): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.181:8380): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.181:8381): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.185:8382): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.185:8383): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.185:8384): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.185:8385): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.189:8386): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.189:8387): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.189:8388): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.193:8389): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.193:8390): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.197:8391): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.197:8392): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.201:8393): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.217:8394): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.221:8395): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.221:8396): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.221:8397): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.221:8398): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.225:8399): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.225:8400): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.225:8401): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.225:8402): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.225:8403): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.229:8404): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.229:8405): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.233:8406): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.285:8407): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.297:8408): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.297:8409): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.297:8410): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.301:8411): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.301:8412): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.305:8413): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.305:8414): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.305:8415): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.305:8416): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.305:8417): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.309:8418): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.309:8419): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.309:8420): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.313:8421): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.325:8422): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.329:8423): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.329:8424): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.329:8425): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.329:8426): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.333:8427): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.333:8428): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.333:8429): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.333:8430): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.333:8431): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.337:8432): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.337:8433): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.341:8434): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.341:8435): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.357:8436): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.357:8437): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.357:8438): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.357:8439): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.361:8440): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.361:8441): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.361:8442): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.361:8443): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.365:8444): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.385:8445): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.385:8446): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.385:8447): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.389:8448): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.389:8449): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.389:8450): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.393:8451): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.393:8452): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.393:8453): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.397:8454): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.397:8455): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.401:8456): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.405:8457): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.405:8458): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.405:8459): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.413:8460): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.417:8461): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.417:8462): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.421:8463): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.421:8464): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8465): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8466): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8467): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8468): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8469): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8470): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8471): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.425:8472): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.429:8473): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.433:8474): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.433:8475): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.433:8476): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.441:8477): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.457:8478): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.457:8479): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.461:8480): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.461:8481): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.465:8482): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.465:8483): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.465:8484): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.465:8485): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.469:8486): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.489:8487): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.489:8488): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.489:8489): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.489:8490): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.489:8491): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8492): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8493): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8494): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8495): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8496): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.493:8497): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.501:8498): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.505:8499): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.517:8500): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.517:8501): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.517:8502): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.517:8503): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.517:8504): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8505): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8506): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8507): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8508): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8509): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8510): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8511): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.521:8512): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.525:8513): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.525:8514): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.525:8515): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.525:8516): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.529:8517): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.529:8518): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.585:8519): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.605:8520): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.605:8521): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.605:8522): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.609:8523): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.609:8524): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.609:8525): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.613:8526): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.613:8527): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.613:8528): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.633:8529): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.637:8530): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.637:8531): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.637:8532): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.641:8533): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.641:8534): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.645:8535): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.645:8536): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.645:8537): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.645:8538): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.649:8539): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.649:8540): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.649:8541): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.653:8542): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.673:8543): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.673:8544): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.673:8545): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.673:8546): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8547): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8548): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8549): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8550): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8551): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8552): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.677:8553): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.681:8554): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.681:8555): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.681:8556): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.681:8557): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.685:8558): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.685:8559): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.689:8560): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.701:8561): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.701:8562): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.705:8563): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.705:8564): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.705:8565): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.705:8566): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.709:8567): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.709:8568): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.709:8569): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.709:8570): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.709:8571): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.713:8572): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.713:8573): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.717:8574): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.725:8575): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.733:8576): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.733:8577): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.737:8578): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.737:8579): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.741:8580): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.741:8581): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.741:8582): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.741:8583): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.745:8584): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.745:8585): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.745:8586): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.749:8587): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.753:8588): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.757:8589): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.769:8590): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.769:8591): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.769:8592): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.769:8593): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.769:8594): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.773:8595): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.773:8596): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.773:8597): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.777:8598): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.777:8599): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.782:8600): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.782:8601): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.782:8602): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.782:8603): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.798:8604): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.802:8605): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.802:8606): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.802:8607): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.802:8608): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.802:8609): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.806:8610): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.806:8611): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.806:8612): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.806:8613): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.810:8614): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.810:8615): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.814:8616): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.830:8617): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.830:8618): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.830:8619): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.830:8620): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.834:8621): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.834:8622): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.834:8623): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.834:8624): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.838:8625): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.838:8626): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.858:8627): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.858:8628): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.858:8629): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.858:8630): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.862:8631): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.862:8632): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.866:8633): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8634): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8635): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8636): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8637): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8638): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8639): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8640): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.870:8641): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.874:8642): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.878:8643): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.878:8644): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.882:8645): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.894:8646): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.898:8647): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.898:8648): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.898:8649): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.898:8650): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8651): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8652): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8653): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8654): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8655): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.902:8656): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.910:8657): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.910:8658): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.914:8659): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.922:8660): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.922:8661): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.922:8662): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.922:8663): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.926:8664): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.926:8665): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.926:8666): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.930:8667): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.930:8668): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.930:8669): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.930:8670): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.930:8671): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.934:8672): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.942:8673): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.950:8674): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8675): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8676): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8677): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8678): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8679): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8680): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8681): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.954:8682): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.962:8683): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.962:8684): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.966:8685): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.966:8686): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.966:8687): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.986:8688): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.986:8689): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.990:8690): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.990:8691): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.990:8692): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.994:8693): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.994:8694): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.994:8695): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772867.994:8696): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.006:8697): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.006:8698): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.006:8699): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.010:8700): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.010:8701): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.018:8702): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.018:8703): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.018:8704): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.018:8705): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.018:8706): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.022:8707): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.022:8708): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.022:8709): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.022:8710): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.022:8711): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.026:8712): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.030:8713): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.030:8714): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.030:8715): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.034:8716): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.034:8717): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.058:8718): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.058:8719): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.058:8720): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.062:8721): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.062:8722): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.062:8723): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.066:8724): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.066:8725): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.066:8726): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.106:8727): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.146:8728): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.154:8729): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.174:8730): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.178:8731): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.178:8732): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.178:8733): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.178:8734): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.182:8735): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.182:8736): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.182:8737): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.182:8738): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.186:8739): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.186:8740): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.190:8741): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.190:8742): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.226:8743): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8744): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8745): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8746): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8747): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8748): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8749): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.242:8750): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.246:8751): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.246:8752): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.246:8753): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.250:8754): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.250:8755): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.266:8756): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.270:8757): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.274:8758): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.282:8759): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.282:8760): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.282:8761): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.286:8762): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.286:8763): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.286:8764): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.286:8765): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.290:8766): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.290:8767): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.290:8768): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.294:8769): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.294:8770): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.302:8771): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.310:8772): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.310:8773): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.310:8774): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.314:8775): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.314:8776): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.318:8777): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.318:8778): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.318:8779): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.322:8780): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.322:8781): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.322:8782): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.326:8783): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.326:8784): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.330:8785): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.334:8786): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.334:8787): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.334:8788): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.346:8789): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.346:8790): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.350:8791): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.350:8792): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.350:8793): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.350:8794): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.350:8795): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.354:8796): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.358:8797): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.362:8798): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.362:8799): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.370:8800): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.370:8801): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.370:8802): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.370:8803): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.370:8804): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.374:8805): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.374:8806): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.378:8807): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.378:8808): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.378:8809): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.382:8810): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.386:8811): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.386:8812): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.390:8813): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.402:8814): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.402:8815): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.402:8816): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.406:8817): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.406:8818): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.406:8819): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.406:8820): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.410:8821): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.410:8822): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.414:8823): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.414:8824): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.414:8825): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.418:8826): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.430:8827): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.446:8828): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.446:8829): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.446:8830): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.446:8831): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8832): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8833): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8834): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8835): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8836): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.450:8837): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.454:8838): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.458:8839): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.462:8840): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.474:8841): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.474:8842): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.474:8843): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8844): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8845): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8846): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8847): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8848): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8849): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8850): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.478:8851): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.482:8852): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.482:8853): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.486:8854): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.502:8855): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.518:8856): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.518:8857): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.518:8858): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.518:8859): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.522:8860): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.522:8861): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.526:8862): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.526:8863): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.526:8864): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.526:8865): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.530:8866): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.546:8867): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.546:8868): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.546:8869): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.550:8870): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.550:8871): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.550:8872): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.550:8873): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.554:8874): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.554:8875): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.554:8876): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.558:8877): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.566:8878): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.566:8879): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.570:8880): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.570:8881): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.574:8882): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.574:8883): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8884): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8885): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8886): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8887): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8888): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8889): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8890): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.578:8891): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.582:8892): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.582:8893): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.586:8894): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.586:8895): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.590:8896): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.590:8897): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.606:8898): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.606:8899): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.610:8900): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.610:8901): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.610:8902): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.614:8903): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.614:8904): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.614:8905): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.614:8906): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.614:8907): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.618:8908): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.618:8909): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.618:8910): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.622:8911): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.634:8912): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8913): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8914): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8915): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8916): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8917): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8918): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.638:8919): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.642:8920): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.642:8921): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.646:8922): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.646:8923): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.690:8924): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.702:8925): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.726:8926): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.726:8927): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.726:8928): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.726:8929): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.730:8930): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.730:8931): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.730:8932): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.734:8933): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.734:8934): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.734:8935): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.734:8936): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.746:8937): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.750:8938): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.750:8939): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.750:8940): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.754:8941): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.758:8942): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.758:8943): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.758:8944): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.762:8945): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.762:8946): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.762:8947): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.762:8948): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.766:8949): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.766:8950): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.766:8951): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.770:8952): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.774:8953): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.786:8954): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.790:8955): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.790:8956): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.790:8957): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.790:8958): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.794:8959): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.794:8960): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.794:8961): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.794:8962): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.798:8963): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.798:8964): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.802:8965): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.806:8966): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.826:8967): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8968): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8969): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8970): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8971): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8972): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8973): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8974): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.830:8975): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.834:8976): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.834:8977): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.834:8978): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.838:8979): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.838:8980): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.850:8981): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.854:8982): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.862:8983): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.862:8984): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8985): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8986): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8987): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8988): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8989): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8990): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.866:8991): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.870:8992): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.874:8993): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.874:8994): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.874:8995): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.894:8996): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.894:8997): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.894:8998): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.898:8999): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.898:9000): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.902:9001): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.902:9002): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.902:9003): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.902:9004): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.906:9005): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.906:9006): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.930:9007): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.930:9008): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.930:9009): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.934:9010): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.934:9011): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.934:9012): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.938:9013): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.938:9014): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.938:9015): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.938:9016): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.938:9017): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.942:9018): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.942:9019): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.942:9020): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.946:9021): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.946:9022): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.958:9023): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.974:9024): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.974:9025): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.974:9026): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9027): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9028): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9029): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9030): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9031): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.978:9032): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.982:9033): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.982:9034): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.986:9035): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.990:9036): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.998:9037): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.998:9038): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772868.998:9039): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.002:9040): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.002:9041): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.002:9042): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.002:9043): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.006:9044): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.006:9045): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.006:9046): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.006:9047): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.010:9048): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.010:9049): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.010:9050): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.046:9051): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.062:9052): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.062:9053): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.066:9054): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.066:9055): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.066:9056): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.066:9057): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.070:9058): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.070:9059): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.070:9060): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.074:9061): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.074:9062): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.086:9063): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.086:9064): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.086:9065): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9066): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9067): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9068): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9069): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9070): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9071): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9072): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9073): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.090:9074): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.094:9075): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.098:9076): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.098:9077): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.102:9078): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.106:9079): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.118:9080): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.118:9081): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.118:9082): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9083): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9086): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9087): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.122:9088): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.126:9089): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.126:9090): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.130:9091): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.130:9092): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.134:9093): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.150:9094): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.150:9095): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.150:9096): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.154:9097): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.154:9098): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.154:9099): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.154:9100): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.154:9101): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.158:9102): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.158:9103): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.158:9104): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.162:9105): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.162:9106): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.166:9107): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.194:9108): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.194:9109): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.198:9110): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.198:9111): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.198:9112): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.198:9113): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.202:9114): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.202:9115): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.206:9116): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.206:9117): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.206:9118): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.206:9119): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.210:9120): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.214:9121): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.226:9122): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.226:9123): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.226:9124): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.230:9125): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.230:9126): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.230:9127): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.230:9128): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.234:9129): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.234:9130): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.234:9131): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.246:9132): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.246:9133): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.246:9134): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9135): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9136): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9137): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9138): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9139): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.254:9140): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.270:9141): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.270:9142): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.270:9143): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.270:9144): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.278:9145): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.278:9146): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.282:9147): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.286:9148): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.290:9149): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.302:9150): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.302:9151): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.302:9152): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.306:9153): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.306:9154): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.306:9155): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.306:9156): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.310:9157): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.310:9158): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.310:9159): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.310:9160): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.314:9161): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.322:9162): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.322:9163): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.334:9164): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.334:9165): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.334:9166): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.334:9167): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.338:9168): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.338:9169): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.338:9170): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.338:9171): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.342:9172): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.342:9173): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.342:9174): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.346:9175): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.350:9176): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.350:9177): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.366:9178): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.366:9179): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.366:9180): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.366:9181): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.370:9182): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.370:9183): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.370:9184): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.370:9185): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.370:9186): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.374:9187): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.374:9188): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.394:9189): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.394:9190): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.394:9191): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.398:9192): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.402:9193): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.402:9194): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.402:9195): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.406:9196): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.406:9197): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.406:9198): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.410:9199): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.410:9200): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.410:9201): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.414:9202): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.414:9203): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.418:9204): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.466:9205): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.494:9206): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.494:9207): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.498:9208): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.498:9209): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.498:9210): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.498:9211): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.502:9212): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.502:9213): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.502:9214): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.514:9215): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.518:9216): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.518:9217): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.518:9218): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.522:9219): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.522:9220): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.526:9221): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.526:9222): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.530:9223): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.530:9224): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.530:9225): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.530:9226): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.534:9227): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.534:9228): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.534:9229): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.538:9230): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.538:9231): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.542:9232): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.582:9233): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.594:9234): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.594:9235): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.594:9236): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.594:9237): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.598:9238): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.598:9239): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.598:9240): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.598:9241): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.602:9242): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.602:9243): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.602:9244): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.606:9245): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.606:9246): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.610:9247): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.626:9248): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.626:9249): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.626:9250): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.630:9251): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.630:9252): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.630:9253): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.630:9254): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.634:9255): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.638:9256): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.638:9257): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.638:9258): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.638:9259): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.638:9260): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.642:9261): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.650:9262): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.654:9263): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.654:9264): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.654:9265): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.654:9266): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.658:9267): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.658:9268): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.658:9269): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.658:9270): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.658:9271): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.662:9272): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.662:9273): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.670:9274): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.670:9275): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.682:9276): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.682:9277): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.682:9278): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.682:9279): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.686:9280): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.686:9281): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.686:9282): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.686:9283): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.690:9284): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.690:9285): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.690:9286): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.694:9287): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.694:9288): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.698:9289): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.714:9290): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.714:9291): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.714:9292): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.718:9293): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.718:9294): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.718:9295): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.718:9296): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.722:9297): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.722:9298): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.738:9299): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.738:9300): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.738:9301): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.742:9302): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.742:9303): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.746:9304): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.750:9305): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.750:9306): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.750:9307): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.750:9308): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.750:9309): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.754:9310): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.754:9311): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.754:9312): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.754:9313): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.758:9314): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.758:9315): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.758:9316): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.770:9317): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.790:9318): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.790:9319): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.790:9320): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.790:9321): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9322): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9323): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9324): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9325): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9326): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.794:9327): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.798:9328): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.802:9329): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.802:9330): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.810:9331): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.826:9332): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.830:9333): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.830:9334): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.830:9335): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.834:9336): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.834:9337): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.834:9338): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.834:9339): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.838:9340): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.838:9341): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.838:9342): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.842:9343): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.846:9344): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.850:9345): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.850:9346): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.854:9347): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.854:9348): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.862:9349): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.862:9350): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.862:9351): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.862:9352): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.874:9353): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.874:9354): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.874:9355): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.878:9356): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.878:9357): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.878:9358): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.910:9359): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.910:9360): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.910:9361): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.914:9362): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.914:9363): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.914:9364): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.914:9365): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.918:9366): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.918:9367): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.918:9368): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.918:9369): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.922:9370): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.922:9371): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.926:9372): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.930:9373): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.990:9374): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.990:9375): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.990:9376): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.994:9377): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.994:9378): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.994:9379): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.998:9380): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.998:9381): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.998:9382): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772869.998:9383): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.010:9384): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.010:9385): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.010:9386): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.014:9387): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.018:9388): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.018:9389): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.018:9390): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.022:9391): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.026:9392): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.026:9393): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.026:9394): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.030:9395): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.030:9396): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.030:9397): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.034:9398): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.038:9399): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.038:9400): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.054:9401): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.054:9402): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.058:9403): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.058:9404): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.058:9405): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.058:9406): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.062:9407): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.062:9408): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.062:9409): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.062:9410): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.062:9411): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.066:9412): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.066:9413): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.070:9414): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.106:9415): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.122:9416): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.122:9417): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.122:9418): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.126:9419): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.126:9420): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.126:9421): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.126:9422): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.130:9423): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.130:9424): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.130:9425): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.134:9426): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.134:9427): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.138:9428): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.138:9429): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.154:9430): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.158:9431): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.158:9432): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.158:9433): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.162:9434): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.162:9435): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.162:9436): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.162:9437): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.162:9438): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.166:9439): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.166:9440): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.166:9441): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.170:9442): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.174:9443): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.186:9444): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.186:9445): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.186:9446): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.186:9447): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.190:9448): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.190:9449): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.190:9450): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.190:9451): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.190:9452): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.194:9453): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.194:9454): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.198:9455): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.202:9456): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.202:9457): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.210:9458): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.210:9459): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.210:9460): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.214:9461): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.214:9462): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.214:9463): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.214:9464): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.218:9465): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.218:9466): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.218:9467): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.222:9468): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.222:9469): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.226:9470): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.226:9471): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9472): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9473): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9474): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9475): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9476): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9477): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.238:9478): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.242:9479): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.242:9480): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.242:9481): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.246:9482): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.246:9483): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.250:9484): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.250:9485): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.266:9486): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.266:9487): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.266:9488): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.266:9489): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.266:9490): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.270:9491): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.274:9492): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.274:9493): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.274:9494): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.274:9495): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.278:9496): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.278:9497): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.282:9498): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.286:9499): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.294:9500): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.298:9501): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.298:9502): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.298:9503): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.298:9504): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.302:9505): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.302:9506): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.302:9507): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.302:9508): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.302:9509): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.306:9510): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.306:9511): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.314:9512): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.314:9513): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.326:9514): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.326:9515): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.326:9516): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.326:9517): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.330:9518): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.330:9519): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.330:9520): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.330:9521): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.334:9522): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.334:9523): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.334:9524): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.338:9525): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.338:9526): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.342:9527): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.354:9528): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.354:9529): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.354:9530): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.358:9531): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.358:9532): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.358:9533): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.358:9534): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.362:9535): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.366:9536): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.366:9537): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.366:9538): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.366:9539): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.370:9540): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.374:9541): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.382:9542): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.382:9543): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.382:9544): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.382:9545): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.386:9546): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.386:9547): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.386:9548): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.386:9549): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.390:9550): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.390:9551): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.394:9552): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.394:9553): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.394:9554): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.398:9555): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.410:9556): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.410:9557): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.410:9558): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.414:9559): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.414:9560): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.414:9561): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.418:9562): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.418:9563): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.418:9564): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9565): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9566): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9567): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9568): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9569): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9570): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.434:9571): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.442:9572): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.442:9573): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.446:9574): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.446:9575): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.446:9576): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.446:9577): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.450:9578): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.450:9579): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.450:9580): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.462:9581): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.462:9582): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.466:9583): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.466:9584): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.470:9585): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.474:9586): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.474:9587): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.474:9588): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.474:9589): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.478:9590): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.478:9591): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.478:9592): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.478:9593): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.482:9594): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.482:9595): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.486:9596): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.494:9597): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.534:9598): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.538:9599): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.538:9600): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.538:9601): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.538:9602): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.542:9603): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.542:9604): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.542:9605): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.542:9606): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.542:9607): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.546:9608): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.546:9609): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.550:9610): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.550:9611): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.566:9612): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.566:9613): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.566:9614): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.566:9615): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.570:9616): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.570:9617): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.570:9618): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.570:9619): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.574:9620): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.574:9621): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.574:9622): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.578:9623): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.578:9624): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.582:9625): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.590:9626): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.590:9627): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.590:9628): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.626:9629): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.626:9630): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.626:9631): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.626:9632): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.630:9633): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.630:9634): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.634:9635): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.634:9636): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.634:9637): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.638:9638): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.642:9639): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.650:9640): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.650:9641): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.650:9642): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.654:9643): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.654:9644): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.654:9645): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.658:9646): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.658:9647): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.658:9648): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.658:9649): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.662:9650): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.666:9651): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.666:9652): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.670:9653): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.686:9654): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.686:9655): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.686:9656): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.686:9657): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.690:9658): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.690:9659): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.690:9660): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.690:9661): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.694:9662): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.694:9663): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.694:9664): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.698:9665): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.698:9666): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.702:9667): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.714:9668): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.718:9669): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.718:9670): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.718:9671): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.718:9672): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.722:9673): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.722:9674): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.722:9675): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.722:9676): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.726:9677): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.726:9678): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.730:9679): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.730:9680): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.742:9681): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.758:9682): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.758:9683): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.758:9684): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9685): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9686): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9687): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9688): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9689): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.762:9690): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.766:9691): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.766:9692): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.770:9693): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.774:9694): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.778:9695): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.786:9696): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.786:9697): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.786:9698): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.794:9699): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.794:9700): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.794:9701): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.794:9702): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.794:9703): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.798:9704): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.798:9705): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.802:9706): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.802:9707): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.826:9708): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.838:9709): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.858:9710): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.858:9711): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.858:9712): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.858:9713): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.858:9714): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.862:9715): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.862:9716): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.862:9717): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.866:9718): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.866:9719): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.866:9720): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.866:9721): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.878:9722): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.886:9723): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.906:9724): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.906:9725): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.906:9726): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9727): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9728): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9729): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9730): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9731): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.910:9732): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.914:9733): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.918:9734): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.918:9735): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.918:9736): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.970:9737): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.982:9738): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.982:9739): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.982:9740): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.982:9741): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.982:9742): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.986:9743): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.986:9744): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.986:9745): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.986:9746): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.990:9747): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.990:9748): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772870.994:9749): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.002:9750): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.014:9751): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.038:9752): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.038:9753): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.038:9754): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.038:9755): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.038:9756): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.042:9757): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.042:9758): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.042:9759): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.042:9760): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.042:9761): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.046:9762): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.050:9763): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.050:9764): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.070:9765): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.070:9766): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.070:9767): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.070:9768): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.074:9769): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.074:9770): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.078:9771): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.078:9772): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.078:9773): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.078:9774): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.078:9775): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.086:9776): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.090:9777): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.094:9778): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.094:9779): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.094:9780): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.098:9781): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.098:9782): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.098:9783): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9784): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9785): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9786): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9787): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9788): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.102:9789): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.106:9790): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.106:9791): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.110:9792): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.114:9793): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.126:9794): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.126:9795): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.130:9796): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.130:9797): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.134:9798): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.134:9799): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.134:9800): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.138:9801): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.138:9802): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.142:9803): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.142:9804): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.146:9805): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.150:9806): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.150:9807): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.154:9808): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.154:9809): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.158:9810): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.158:9811): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.158:9812): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.162:9813): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.162:9814): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.166:9815): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.166:9816): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.166:9817): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.170:9818): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.170:9819): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.178:9820): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.182:9821): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.186:9822): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.186:9823): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.186:9824): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.190:9825): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.190:9826): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.190:9827): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.190:9828): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.190:9829): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.194:9830): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.194:9831): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.198:9832): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.202:9833): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.202:9834): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.206:9835): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.222:9836): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.222:9837): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.222:9838): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.226:9839): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.230:9840): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.230:9841): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.234:9842): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.234:9843): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.234:9844): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.238:9845): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.238:9846): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.242:9847): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.242:9848): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.246:9849): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.250:9850): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.250:9851): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.254:9852): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.254:9853): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.258:9854): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.258:9855): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.258:9856): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.262:9857): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.262:9858): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.266:9859): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.270:9860): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.278:9861): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.278:9862): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.278:9863): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9864): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9865): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9866): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9867): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9868): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9869): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.282:9870): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.286:9871): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.286:9872): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.286:9873): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.290:9874): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.294:9875): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.294:9876): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.298:9877): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.310:9878): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.314:9879): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.314:9880): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.314:9881): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.318:9882): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.318:9883): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.318:9884): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.318:9885): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.322:9886): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.322:9887): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.326:9888): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.326:9889): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.330:9890): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.346:9891): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.346:9892): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.346:9893): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.350:9894): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.350:9895): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.350:9896): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.354:9897): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.354:9898): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.354:9899): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.354:9900): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.358:9901): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.358:9902): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.362:9903): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.362:9904): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.366:9905): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9906): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9907): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9908): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9909): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9910): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9911): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9912): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.374:9913): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.382:9914): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.382:9915): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.386:9916): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.386:9917): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.386:9918): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.394:9919): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.406:9920): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.406:9921): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.406:9922): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.406:9923): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.410:9924): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.410:9925): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.410:9926): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.414:9927): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.414:9928): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.414:9929): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.414:9930): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.434:9931): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.434:9932): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.434:9933): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.434:9934): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.438:9935): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.438:9936): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.438:9937): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.438:9938): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.438:9939): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.442:9940): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.442:9941): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.442:9942): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.454:9943): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.454:9944): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.458:9945): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.458:9946): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.462:9947): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.462:9948): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.466:9949): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.466:9950): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.466:9951): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.470:9952): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.470:9953): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.470:9954): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.470:9955): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.474:9956): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.486:9957): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.486:9958): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.486:9959): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.486:9960): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.490:9961): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.494:9962): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.494:9963): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.494:9964): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.494:9965): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.494:9966): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.498:9967): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.498:9968): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.498:9969): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.498:9970): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.498:9971): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.502:9972): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.502:9973): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.506:9974): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.510:9975): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.514:9976): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.522:9977): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.522:9978): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.522:9979): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.522:9980): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.526:9981): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.526:9982): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.526:9983): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.526:9984): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.530:9985): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.534:9986): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.534:9987): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.538:9988): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.546:9989): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.562:9990): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.562:9991): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.562:9992): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.566:9993): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.566:9994): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.566:9995): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.566:9996): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.570:9997): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.570:9998): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.582:9999): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.586:10000): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.586:10001): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.586:10002): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.590:10003): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.590:10004): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.594:10005): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.594:10006): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.594:10007): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10008): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10009): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10010): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10011): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10012): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.598:10013): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.602:10014): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.602:10015): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.606:10016): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.618:10017): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.630:10018): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.634:10019): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.634:10020): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.634:10021): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.634:10022): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.638:10023): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.638:10024): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.638:10025): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.638:10026): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.638:10027): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.642:10028): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.642:10029): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.646:10030): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.650:10031): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.662:10032): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.662:10033): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.662:10034): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.662:10035): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.666:10036): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.666:10037): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.666:10038): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.670:10039): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.670:10040): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.674:10041): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.674:10042): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.682:10043): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.686:10044): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.686:10045): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.686:10046): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.686:10047): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.686:10048): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.690:10049): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.690:10050): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.690:10051): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.690:10052): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.690:10053): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.694:10054): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.694:10055): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.698:10056): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.698:10057): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.706:10058): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.710:10059): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.726:10060): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10061): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10062): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10063): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10064): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10065): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.730:10066): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.734:10067): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.734:10068): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.734:10069): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.734:10070): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.738:10071): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.738:10072): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.738:10073): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.754:10074): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.754:10075): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.758:10076): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.758:10077): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.758:10078): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.762:10079): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.762:10080): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.762:10081): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.766:10082): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.766:10083): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.770:10084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.770:10085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.770:10086): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.774:10087): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10088): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10089): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10090): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10091): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10092): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10093): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10094): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.794:10095): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.798:10096): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.798:10097): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.802:10098): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.802:10099): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.802:10100): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.814:10101): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10102): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10103): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10104): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10105): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10106): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10107): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.826:10108): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.830:10109): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.830:10110): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.834:10111): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.834:10112): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.834:10113): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.882:10114): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.886:10115): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10116): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10117): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10118): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10119): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10120): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10121): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.902:10122): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.906:10123): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.906:10124): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.910:10125): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.910:10126): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.910:10127): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.922:10128): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.926:10129): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.938:10130): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.942:10131): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.942:10132): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.942:10133): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.946:10134): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.946:10135): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.946:10136): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.946:10137): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.950:10138): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.950:10139): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.950:10140): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.954:10141): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.958:10142): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.966:10143): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.970:10144): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.970:10145): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.970:10146): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10147): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10148): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10149): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10150): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10151): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10152): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.974:10153): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.978:10154): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.982:10155): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.982:10156): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.982:10157): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.998:10158): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.998:10159): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.998:10160): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.998:10161): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772871.998:10162): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.002:10163): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.002:10164): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.002:10165): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.006:10166): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.006:10167): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.006:10168): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.010:10169): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.014:10170): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.014:10171): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.026:10172): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.026:10173): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.030:10174): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.030:10175): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.030:10176): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.030:10177): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.034:10178): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.034:10179): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.034:10180): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.034:10181): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.038:10182): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.042:10183): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.042:10184): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.062:10185): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.062:10186): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.062:10187): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.066:10188): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.066:10189): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.066:10190): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.066:10191): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.070:10192): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.070:10193): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.070:10194): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.070:10195): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.070:10196): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.086:10197): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.086:10198): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.090:10199): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.090:10200): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.090:10201): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.094:10202): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.094:10203): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.094:10204): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10205): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10206): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10207): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10208): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10209): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.098:10210): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.114:10211): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.114:10212): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.114:10213): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.114:10214): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.114:10215): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.122:10216): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.122:10217): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.122:10218): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.122:10219): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.126:10220): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.126:10221): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.126:10222): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.130:10223): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.130:10224): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.134:10225): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.142:10226): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.150:10227): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.162:10228): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.162:10229): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.166:10230): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.166:10231): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.166:10232): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.166:10233): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.170:10234): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.170:10235): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.170:10236): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.174:10237): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.174:10238): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.178:10239): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.202:10240): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.206:10241): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.222:10242): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.226:10243): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.226:10244): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.230:10245): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.230:10246): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.230:10247): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.230:10248): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.234:10249): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.234:10250): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.234:10251): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.238:10252): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.238:10253): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.246:10254): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.254:10255): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.266:10256): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.266:10257): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.266:10258): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.266:10259): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.274:10260): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.274:10261): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.274:10262): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.274:10263): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.274:10264): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.278:10265): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.278:10266): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.278:10267): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.282:10268): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.294:10269): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.306:10270): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.306:10271): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.306:10272): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.306:10273): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.306:10274): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.310:10275): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.310:10276): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.310:10277): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.314:10278): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.314:10279): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.314:10280): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.314:10281): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.326:10282): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.326:10283): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10284): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10285): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10286): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10287): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10288): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10289): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10290): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10291): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.342:10292): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.346:10293): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.350:10294): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.350:10295): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.350:10296): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.358:10297): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.378:10298): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.378:10299): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.378:10300): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.378:10301): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.382:10302): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.382:10303): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.382:10304): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.382:10305): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.386:10306): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.442:10307): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.442:10308): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.442:10309): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.442:10310): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.442:10311): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.446:10312): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.450:10313): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.450:10314): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.450:10315): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.454:10316): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.454:10317): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.454:10318): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.454:10319): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.454:10320): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.462:10321): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.462:10322): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.466:10323): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.466:10324): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.470:10325): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.478:10326): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.478:10327): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.482:10328): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.486:10329): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.486:10330): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.486:10331): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.490:10332): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.490:10333): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.490:10334): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.494:10335): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.494:10336): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.498:10337): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.502:10338): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.502:10339): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.514:10340): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.514:10341): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.518:10342): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.518:10343): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.518:10344): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.522:10345): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.522:10346): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.522:10347): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.522:10348): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.522:10349): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.526:10350): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.526:10351): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.534:10352): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.534:10353): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.534:10354): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.534:10355): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.542:10356): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.542:10357): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.542:10358): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.546:10359): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.546:10360): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.546:10361): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.546:10362): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.546:10363): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.550:10364): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.554:10365): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.586:10366): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.594:10367): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.602:10368): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.606:10369): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.606:10370): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.606:10371): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.606:10372): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.610:10373): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.610:10374): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.610:10375): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.610:10376): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.610:10377): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.614:10378): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.618:10379): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.618:10380): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.626:10381): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.630:10382): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.630:10383): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.630:10384): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.630:10385): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.630:10386): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.638:10387): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.638:10388): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.638:10389): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.642:10390): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.642:10391): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.642:10392): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.694:10393): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.698:10394): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.706:10395): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.722:10396): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.726:10397): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.726:10398): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.726:10399): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.730:10400): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.730:10401): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.730:10402): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.730:10403): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.730:10404): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.734:10405): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.738:10406): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.738:10407): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.738:10408): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.758:10409): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.758:10410): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.758:10411): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.758:10412): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.762:10413): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.762:10414): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.762:10415): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.762:10416): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.766:10417): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.766:10418): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.782:10419): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.782:10420): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.782:10421): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.782:10422): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.786:10423): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.786:10424): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.786:10425): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.786:10426): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.786:10427): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.790:10428): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.790:10429): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.790:10430): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.790:10431): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10432): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10433): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10434): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10435): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10436): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10437): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.850:10438): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.858:10439): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.858:10440): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.858:10441): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.858:10442): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.858:10443): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.866:10444): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.866:10445): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.874:10446): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.874:10447): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.874:10448): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.874:10449): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.874:10450): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.878:10451): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.878:10452): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.878:10453): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.878:10454): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.882:10455): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.886:10456): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.890:10457): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.890:10458): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.890:10459): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.890:10460): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.894:10461): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.910:10462): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.910:10463): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.910:10464): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.914:10465): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.914:10466): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.918:10467): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.918:10468): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.922:10469): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.922:10470): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.922:10471): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.922:10472): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.926:10473): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.926:10474): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.926:10475): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.926:10476): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.926:10477): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.930:10478): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.934:10479): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10480): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10481): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10482): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10483): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10484): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10485): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.946:10486): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10487): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10488): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10489): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10490): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10491): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.954:10492): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.978:10493): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.994:10494): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.994:10495): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.994:10496): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.998:10497): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.998:10498): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772872.998:10499): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.002:10500): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.002:10501): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.002:10502): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.014:10503): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.014:10504): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.018:10505): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.018:10506): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.022:10507): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.022:10508): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.026:10509): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.026:10510): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.026:10511): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.030:10512): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.030:10513): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.030:10514): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.034:10515): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.034:10516): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.034:10517): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.034:10518): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.050:10519): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.050:10520): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.050:10521): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.054:10522): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.054:10523): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.054:10524): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10525): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10526): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10527): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10528): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10529): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.058:10530): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.062:10531): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.062:10532): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.070:10533): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.070:10534): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.082:10535): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.086:10536): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.086:10537): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.086:10538): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.086:10539): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10540): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10541): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10542): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10543): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10544): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.090:10545): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.094:10546): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.094:10547): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.098:10548): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.110:10549): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.114:10550): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.114:10551): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.114:10552): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.114:10553): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.118:10554): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.118:10555): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.118:10556): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.118:10557): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.122:10558): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.122:10559): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.122:10560): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.126:10561): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.126:10562): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.126:10563): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.138:10564): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.138:10565): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.138:10566): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.142:10567): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.142:10568): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.142:10569): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.142:10570): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.146:10571): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.146:10572): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.146:10573): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.150:10574): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.150:10575): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.154:10576): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.154:10577): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.162:10578): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.162:10579): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.166:10580): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.166:10581): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.166:10582): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.170:10583): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.170:10584): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.170:10585): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.170:10586): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.170:10587): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.174:10588): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.174:10589): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.182:10590): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.182:10591): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.194:10592): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.198:10593): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.198:10594): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.198:10595): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.198:10596): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.202:10597): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.202:10598): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.202:10599): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.206:10600): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.206:10601): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.206:10602): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.210:10603): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.210:10604): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.214:10605): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.226:10606): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.226:10607): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.226:10608): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.230:10609): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.230:10610): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.230:10611): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.230:10612): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.234:10613): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.234:10614): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.270:10615): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.270:10616): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.274:10617): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.274:10618): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.274:10619): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.274:10620): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.274:10621): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.282:10622): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.286:10623): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.286:10624): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.286:10625): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.286:10626): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.290:10627): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.290:10628): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.290:10629): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.294:10630): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.294:10631): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.298:10632): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.298:10633): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.358:10634): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.362:10635): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.362:10636): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.362:10637): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.362:10638): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.366:10639): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.366:10640): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.366:10641): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.370:10642): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.382:10643): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.382:10644): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.386:10645): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.386:10646): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.386:10647): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.390:10648): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.394:10649): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.394:10650): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.398:10651): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.398:10652): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.398:10653): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.398:10654): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.402:10655): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.402:10656): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.402:10657): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.406:10658): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.406:10659): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.410:10660): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.418:10661): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.426:10662): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.426:10663): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.426:10664): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.434:10665): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.434:10666): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.434:10667): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.434:10668): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.438:10669): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.438:10670): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.438:10671): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.438:10672): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.446:10673): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.446:10674): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.454:10675): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.470:10676): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.470:10677): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.470:10678): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.474:10679): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.474:10680): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.474:10681): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.474:10682): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.478:10683): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.478:10684): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.478:10685): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.478:10686): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.482:10687): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.482:10688): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.490:10689): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.502:10690): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.502:10691): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.502:10692): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.502:10693): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.506:10694): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.506:10695): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.506:10696): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.506:10697): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.506:10698): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.510:10699): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.510:10700): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.514:10701): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.514:10702): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.518:10703): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.526:10704): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.530:10705): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.530:10706): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.530:10707): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.534:10708): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.534:10709): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.534:10710): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.534:10711): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.534:10712): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.538:10713): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.538:10714): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.542:10715): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.542:10716): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.554:10717): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.566:10718): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.566:10719): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10720): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10721): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10722): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10723): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10724): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10725): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.570:10726): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.574:10727): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.578:10728): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.578:10729): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.582:10730): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.586:10731): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.602:10732): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.602:10733): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.602:10734): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.602:10735): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.606:10736): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.606:10737): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.606:10738): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.606:10739): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.610:10740): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.610:10741): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.610:10742): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.614:10743): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.614:10744): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.638:10745): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.658:10746): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.658:10747): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.658:10748): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.658:10749): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.662:10750): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.662:10751): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.662:10752): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.662:10753): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.666:10754): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.682:10755): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.682:10756): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.682:10757): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.682:10758): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.686:10759): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.686:10760): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.686:10761): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.686:10762): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.686:10763): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.690:10764): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.690:10765): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.690:10766): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.694:10767): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.714:10768): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.714:10769): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.714:10770): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.714:10771): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.714:10772): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10773): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10774): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10775): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10776): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10777): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10778): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.718:10779): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.730:10780): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.730:10781): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.734:10782): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.734:10783): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.738:10784): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.738:10785): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.742:10786): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.742:10787): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.742:10788): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.742:10789): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.742:10790): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.746:10791): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.754:10792): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.754:10793): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.758:10794): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.758:10795): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.758:10796): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.762:10797): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.762:10798): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.770:10799): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.770:10800): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.774:10801): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.794:10802): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.794:10803): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.794:10804): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10805): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10806): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10807): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10808): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10809): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.798:10810): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.802:10811): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.806:10812): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.806:10813): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.806:10814): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.822:10815): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.822:10816): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.822:10817): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.826:10818): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.826:10819): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.826:10820): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.830:10821): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.830:10822): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.830:10823): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.830:10824): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.842:10825): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.842:10826): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.846:10827): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.846:10828): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.846:10829): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.846:10830): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.854:10831): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.854:10832): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.854:10833): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.854:10834): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.854:10835): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.858:10836): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.858:10837): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.858:10838): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.862:10839): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.862:10840): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.862:10841): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.866:10842): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.866:10843): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.878:10844): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.882:10845): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.882:10846): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.882:10847): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.882:10848): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.886:10849): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.886:10850): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.886:10851): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.886:10852): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.890:10853): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.890:10854): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.894:10855): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.894:10856): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.898:10857): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.910:10858): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.910:10859): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.910:10860): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.914:10861): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.914:10862): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.914:10863): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.918:10864): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.918:10865): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.918:10866): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.938:10867): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.942:10868): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.942:10869): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.942:10870): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.946:10871): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.946:10872): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10873): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10874): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10875): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10876): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10877): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.950:10878): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.954:10879): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.954:10880): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.954:10881): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.958:10882): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.958:10883): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.962:10884): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.966:10885): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10886): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10887): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10888): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10889): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10890): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.982:10891): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.986:10892): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.986:10893): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.986:10894): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.986:10895): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.990:10896): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.990:10897): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.994:10898): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772873.994:10899): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.002:10900): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10901): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10902): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10903): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10904): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10905): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.006:10906): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.010:10907): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.010:10908): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.010:10909): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.014:10910): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.014:10911): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.022:10912): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.026:10913): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.058:10914): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.058:10915): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.058:10916): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.062:10917): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.062:10918): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.062:10919): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.066:10920): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.066:10921): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.066:10922): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.070:10923): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.070:10924): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.070:10925): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.070:10926): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.074:10927): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.090:10928): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.090:10929): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.094:10930): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.094:10931): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.094:10932): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.098:10933): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.098:10934): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.098:10935): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.098:10936): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.114:10937): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.114:10938): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.114:10939): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.114:10940): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.118:10941): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.122:10942): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.122:10943): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.122:10944): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10945): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10946): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10947): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10948): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10949): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.126:10950): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.130:10951): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.130:10952): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.134:10953): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.134:10954): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.154:10955): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.174:10956): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.174:10957): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.174:10958): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.174:10959): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.174:10960): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.178:10961): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.178:10962): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.178:10963): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.178:10964): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.178:10965): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.182:10966): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.182:10967): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.186:10968): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.194:10969): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.202:10970): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.202:10971): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.202:10972): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.206:10973): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.206:10974): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.206:10975): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.206:10976): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.206:10977): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.210:10978): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.210:10979): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.214:10980): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.214:10981): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.214:10982): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.214:10983): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.230:10984): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.234:10985): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.234:10986): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.234:10987): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.234:10988): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.238:10989): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.238:10990): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.238:10991): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.238:10992): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.238:10993): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.242:10994): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.242:10995): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.246:10996): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.266:10997): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.278:10998): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.278:10999): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.282:11000): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.282:11001): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.282:11002): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.286:11003): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.286:11004): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.286:11005): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.286:11006): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.290:11007): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.290:11008): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.290:11009): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.294:11010): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.294:11011): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11012): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11013): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11014): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11015): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11016): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.306:11017): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.314:11018): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.314:11019): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.314:11020): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.314:11021): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.318:11022): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.318:11023): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.322:11024): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.322:11025): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.342:11026): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.342:11027): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.342:11028): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.342:11029): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.346:11030): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.346:11031): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.346:11032): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.346:11033): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.350:11034): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.350:11035): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.350:11036): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.354:11037): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.354:11038): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.354:11039): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.366:11040): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.366:11041): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.366:11042): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.370:11043): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.370:11044): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.370:11045): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.370:11046): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.374:11047): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.374:11048): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.374:11049): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.378:11050): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.378:11051): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.382:11052): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.382:11053): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.390:11054): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.390:11055): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.394:11056): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.394:11057): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.394:11058): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.398:11059): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.398:11060): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.398:11061): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.398:11062): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.402:11063): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.402:11064): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.406:11065): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.406:11066): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.410:11067): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.422:11068): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.422:11069): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.422:11070): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.422:11071): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.426:11072): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.426:11073): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.426:11074): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.430:11075): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.430:11076): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.430:11077): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.434:11078): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.434:11079): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.434:11080): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.438:11081): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.446:11082): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.446:11083): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.446:11084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.450:11085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.450:11086): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.454:11087): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.454:11088): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.454:11089): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.454:11090): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.454:11091): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.458:11092): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.462:11093): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.462:11094): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.478:11095): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.490:11096): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.490:11097): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11098): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11099): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11100): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11101): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11102): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.494:11103): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.498:11104): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.498:11105): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.498:11106): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.502:11107): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.502:11108): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.558:11109): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.570:11110): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.574:11111): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.574:11112): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.578:11113): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.578:11114): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.582:11115): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.582:11116): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.586:11117): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.586:11118): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.590:11119): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.590:11120): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.598:11121): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.598:11122): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.602:11123): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.602:11124): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11125): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11126): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11127): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11128): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11129): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.606:11130): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.610:11131): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.610:11132): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.610:11133): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.630:11134): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.634:11135): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.634:11136): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.634:11137): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.638:11138): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.638:11139): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.642:11140): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.642:11141): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11142): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11143): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11144): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11145): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11146): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.646:11147): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.650:11148): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.650:11149): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.650:11150): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.682:11151): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.698:11152): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.702:11153): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.702:11154): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.702:11155): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.702:11156): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.706:11157): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.706:11158): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.710:11159): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.710:11160): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.714:11161): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.714:11162): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11163): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11164): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11165): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11166): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11167): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11168): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11169): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11170): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11171): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11172): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11173): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11174): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.726:11175): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.738:11176): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.738:11177): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.742:11178): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.742:11179): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.758:11180): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.762:11181): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.762:11182): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.762:11183): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.766:11184): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.766:11185): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.766:11186): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.766:11187): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.770:11188): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.770:11189): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.770:11190): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.774:11191): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.782:11192): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.782:11193): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.798:11194): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.798:11195): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.798:11196): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.802:11197): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.806:11198): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.806:11199): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.810:11200): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.810:11201): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.822:11202): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.822:11203): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.822:11204): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.822:11205): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.822:11206): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.834:11207): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.834:11208): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.834:11209): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.834:11210): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.882:11211): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.882:11212): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.882:11213): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.886:11214): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.886:11215): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.886:11216): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.890:11217): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.890:11218): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.894:11219): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.894:11220): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.898:11221): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.914:11222): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.914:11223): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11224): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11225): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11226): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11227): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11228): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.918:11229): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.922:11230): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.922:11231): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.922:11232): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772874.934:11233): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772874.970:11234): avc: denied { execute } for pid=8103 comm="dbus-daemon" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772874.970:11234): avc: denied { execute_no_trans } for pid=8103 comm="dbus-daemon" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772874.970:11234): avc: denied { read } for pid=8103 comm="dbus-daemon" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772874.970:11234): arch=40000003 syscall=11 success=yes exit=0 a0=9222e60 a1=922b8b0 a2=9222138 a3=11 items=0 ppid=8102 pid=8103 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772874.970:11234): path="/sbin/dhcdbd"
+type=AVC_PATH msg=audit(1163772874.970:11234): path="/sbin/dhcdbd"
+type=AVC msg=audit(1163772875.014:11235): avc: denied { write } for pid=8103 comm="dhcdbd" name="system_bus_socket" dev=dm-0 ino=14436971 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file
+type=AVC msg=audit(1163772875.014:11235): avc: denied { connectto } for pid=8103 comm="dhcdbd" name="system_bus_socket" scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163772875.014:11235): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfb65830 a2=4d18494 a3=1f items=0 ppid=8102 pid=8103 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.014:11235): path="/var/run/dbus/system_bus_socket"
+type=USER_AVC msg=audit(1163772875.022:11236): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772875.030:11237): avc: denied { write } for pid=8102 comm="dbus-daemon" name="[31337]" dev=pipefs ino=31337 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163772875.030:11237): arch=40000003 syscall=4 success=yes exit=1 a0=12 a1=bfcd505b a2=1 a3=b7fb1688 items=0 ppid=6659 pid=8102 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.030:11237): path="pipe:[31337]"
+type=AVC msg=audit(1163772875.030:11238): avc: denied { read } for pid=8102 comm="dbus-daemon" name="[31337]" dev=pipefs ino=31337 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163772875.030:11238): arch=40000003 syscall=3 success=yes exit=1 a0=10 a1=bfcd5408 a2=1 a3=13 items=0 ppid=6659 pid=8102 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.030:11238): path="pipe:[31337]"
+type=USER_AVC msg=audit(1163772875.038:11239): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.046:11240): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.050:11241): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.050:11242): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.050:11243): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.054:11244): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.130:11245): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.134:11246): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.134:11247): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.134:11248): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.138:11249): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.146:11250): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.146:11251): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.146:11252): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.146:11253): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772875.170:11254): avc: denied { dac_override } for pid=8094 comm="dhcdbd" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163772875.170:11254): avc: denied { read } for pid=8094 comm="dhcdbd" name="dhcdbd.pid" dev=dm-0 ino=14437127 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772875.170:11254): arch=40000003 syscall=5 success=yes exit=3 a0=830d2a8 a1=8000 a2=0 a3=8000 items=0 ppid=8085 pid=8094 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dhcdbd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772875.170:11255): avc: denied { ioctl } for pid=8094 comm="dhcdbd" name="dhcdbd.pid" dev=dm-0 ino=14437127 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772875.170:11255): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bf7ffd68 a3=bf7ffda8 items=0 ppid=8085 pid=8094 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dhcdbd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.170:11255): path="/var/run/dhcdbd.pid"
+type=USER_AVC msg=audit(1163772875.186:11256): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.186:11257): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.186:11258): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.186:11259): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.194:11260): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.194:11261): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.194:11262): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.194:11263): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.194:11264): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772875.194:11265): avc: denied { execute } for pid=8111 comm="bash" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772875.194:11265): avc: denied { execute_no_trans } for pid=8111 comm="bash" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772875.194:11265): avc: denied { read } for pid=8111 comm="bash" name="dhcdbd" dev=dm-0 ino=9984544 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=USER_AVC msg=audit(1163772875.194:11266): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=SYSCALL msg=audit(1163772875.194:11265): arch=40000003 syscall=11 success=yes exit=0 a0=99b6768 a1=99b6830 a2=99b6ab8 a3=99b6638 items=0 ppid=8108 pid=8111 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.194:11265): path="/sbin/dhcdbd"
+type=AVC_PATH msg=audit(1163772875.194:11265): path="/sbin/dhcdbd"
+type=USER_AVC msg=audit(1163772875.194:11267): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.206:11268): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.214:11269): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772875.214:11270): avc: denied { unlink } for pid=8112 comm="dhcdbd" name="dhcdbd.pid" dev=dm-0 ino=14437127 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772875.214:11270): arch=40000003 syscall=10 success=yes exit=0 a0=8057e86 a1=0 a2=bfb0bbbc a3=9b16fe0 items=0 ppid=1 pid=8112 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772875.214:11271): avc: denied { add_name } for pid=8112 comm="dhcdbd" name="dhcdbd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=USER_AVC msg=audit(1163772875.214:11272): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772875.214:11271): avc: denied { create } for pid=8112 comm="dhcdbd" name="dhcdbd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772875.214:11271): arch=40000003 syscall=5 success=yes exit=5 a0=8057e86 a1=41 a2=0 a3=9b16fe0 items=0 ppid=1 pid=8112 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772875.214:11273): avc: denied { write } for pid=8112 comm="dhcdbd" name="dhcdbd.pid" dev=dm-0 ino=14437120 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772875.214:11273): arch=40000003 syscall=4 success=yes exit=4 a0=5 a1=bfb0bc48 a2=4 a3=9b16fe0 items=0 ppid=1 pid=8112 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772875.214:11273): path="/var/run/dhcdbd.pid"
+type=USER_AVC msg=audit(1163772875.230:11274): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.230:11275): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.234:11276): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationFailed dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.234:11277): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=reason dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.634:11278): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.DBus.Error.UnknownMethod dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.634:11279): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.634:11280): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.638:11281): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.638:11282): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.638:11283): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.638:11284): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivating dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.638:11285): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.642:11286): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.642:11287): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772875.646:11288): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772876.642:11289): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp member=up dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772876.662:11290): avc: denied { signal } for pid=8112 comm="dhcdbd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=process
+type=SYSCALL msg=audit(1163772876.662:11290): arch=40000003 syscall=37 success=yes exit=0 a0=c34 a1=f a2=0 a3=bfb0a5c8 items=0 ppid=1 pid=8112 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhcdbd" exe="/sbin/dhcdbd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163772876.870:11291): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=com.redhat.dhcp.state member=eth0 dest=org.freedesktop.DBus spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772876.870:11292): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp member=up dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772876.874:11293): avc: denied { read } for pid=8116 comm="dhclient" name="dhclient-eth0.leases" dev=dm-0 ino=14437333 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772876.874:11293): arch=40000003 syscall=5 success=yes exit=4 a0=bf926f50 a1=0 a2=ffb700 a3=fef190 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.882:11294): avc: denied { write } for pid=8116 comm="dhclient" name="dhclient-eth0.leases" dev=dm-0 ino=14437333 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772876.882:11294): arch=40000003 syscall=5 success=yes exit=4 a0=bf926f50 a1=241 a2=1b6 a3=9634038 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.918:11295): avc: denied { ioctl } for pid=8117 comm="dhclient-script" name="dhclient-script" dev=dm-0 ino=2848156 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772876.918:11295): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf9d1cf8 a3=bf9d1d38 items=0 ppid=8116 pid=8117 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient-script" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772876.918:11295): path="/sbin/dhclient-script"
+type=USER_AVC msg=audit(1163772876.934:11296): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp member=set dest=com.redhat.dhcp spid=8121 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772876.938:11297): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=com.redhat.dhcp.state member=eth0 dest=org.freedesktop.DBus spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772876.938:11298): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp member=set dest=:1.10 spid=8112 tpid=8121 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772876.942:11299): avc: denied { create } for pid=8116 comm="dhclient" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=AVC msg=audit(1163772876.942:11299): avc: denied { net_raw } for pid=8116 comm="dhclient" capability=13 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163772876.942:11299): arch=40000003 syscall=102 success=yes exit=6 a0=1 a1=bf924280 a2=feeb34 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.942:11300): avc: denied { bind } for pid=8116 comm="dhclient" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772876.942:11300): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf924280 a2=feeb34 a3=bf9242a8 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.974:11301): avc: denied { setopt } for pid=8116 comm="dhclient" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772876.974:11301): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bf9242d0 a2=feeb34 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.974:11302): avc: denied { name_bind } for pid=8116 comm="dhclient" src=68 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcpc_port_t:s0 tclass=udp_socket
+type=AVC msg=audit(1163772876.974:11302): avc: denied { net_bind_service } for pid=8116 comm="dhclient" capability=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163772876.974:11302): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf924260 a2=feeb34 a3=5 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772876.974:11303): avc: denied { write } for pid=8116 comm="dhclient" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772876.974:11303): arch=40000003 syscall=102 success=yes exit=342 a0=b a1=bf924540 a2=feeb34 a3=bf924c14 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772878.022:11304): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772878.022:11304): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772878.022:11304): path="socket:[31406]"
+type=USER_AVC msg=audit(1163772878.038:11305): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp member=set dest=com.redhat.dhcp spid=8126 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.038:11306): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=com.redhat.dhcp.state member=eth0 dest=org.freedesktop.DBus spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.038:11307): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp member=set dest=:1.11 spid=8112 tpid=8126 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.042:11308): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.042:11309): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=ip_address dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.042:11310): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=ip_address dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.046:11311): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=subnet_mask dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.046:11312): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=subnet_mask dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.046:11313): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=broadcast_address dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.046:11314): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=broadcast_address dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.050:11315): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=routers dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.050:11316): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=routers dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.054:11317): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=host_name dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.054:11318): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.DBus.Error.UnknownMethod dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.058:11319): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=domain_name_servers dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.058:11320): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=domain_name_servers dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.058:11321): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=domain_name dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.062:11322): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return interface=com.redhat.dhcp.dbus.get member=domain_name dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.062:11323): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=nis_domain dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.062:11324): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.DBus.Error.UnknownMethod dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.066:11325): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=com.redhat.dhcp.dbus.get member=nis_servers dest=com.redhat.dhcp spid=6687 tpid=8112 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.066:11326): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.DBus.Error.UnknownMethod dest=:1.6 spid=8112 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772878.066:11327): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772879.090:11328): avc: denied { ioctl } for pid=6689 comm="NetworkManager" name="[31434]" dev=sockfs ino=31434 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772879.090:11328): arch=40000003 syscall=54 success=yes exit=0 a0=c a1=890b a2=b7f85194 a3=84fe248 items=0 ppid=1 pid=6689 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772879.090:11328): path="socket:[31434]"
+type=AVC msg=audit(1163772879.102:11329): avc: denied { write } for pid=6689 comm="NetworkManager" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163772879.102:11329): avc: denied { add_name } for pid=6689 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163772879.102:11329): avc: denied { create } for pid=6689 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772879.102:11329): arch=40000003 syscall=5 success=yes exit=12 a0=80892c8 a1=241 a2=1b6 a3=84ff4b8 items=0 ppid=1 pid=6689 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772879.102:11330): avc: denied { write } for pid=6689 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772879.102:11330): arch=40000003 syscall=4 success=yes exit=125 a0=c a1=b7fa1000 a2=7d a3=7d items=0 ppid=1 pid=6689 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772879.102:11330): path="/etc/resolv.conf.tmp"
+type=AVC msg=audit(1163772879.102:11331): avc: denied { remove_name } for pid=6689 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163772879.102:11331): avc: denied { rename } for pid=6689 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163772879.102:11331): avc: denied { unlink } for pid=6689 comm="NetworkManager" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772879.102:11331): arch=40000003 syscall=38 success=yes exit=0 a0=80892c8 a1=8089313 a2=8094374 a3=808930e items=0 ppid=1 pid=6689 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163772879.118:11332): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceActivationStage dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.122:11333): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.122:11334): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager member=DeviceNowActive dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.122:11335): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.126:11336): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.126:11337): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772879.126:11338): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.4 spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772881.978:11339): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772883.738:11340): avc: denied { read } for pid=8133 comm="nm-vpnc-auth-di" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772883.738:11340): arch=40000003 syscall=33 success=yes exit=0 a0=952dcb0 a1=4 a2=df7770 a3=952dcb0 items=0 ppid=3866 pid=8133 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163772883.750:11341): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=activateVPNConnection dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.750:11342): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.750:11343): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionRoutes dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.750:11344): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.754:11345): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionVPNData dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.754:11346): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772883.766:11347): avc: denied { execute } for pid=8136 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772883.766:11347): avc: denied { execute_no_trans } for pid=8136 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772883.766:11347): avc: denied { read } for pid=8136 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772883.766:11347): arch=40000003 syscall=11 success=yes exit=0 a0=99066c0 a1=9906830 a2=9906770 a3=9906548 items=0 ppid=8135 pid=8136 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772883.766:11347): path="/sbin/modprobe"
+type=AVC_PATH msg=audit(1163772883.766:11347): path="/sbin/modprobe"
+type=AVC msg=audit(1163772883.770:11348): avc: denied { read } for pid=8136 comm="modprobe" name="modules.dep" dev=dm-0 ino=13720574 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772883.770:11348): arch=40000003 syscall=5 success=yes exit=5 a0=8bd8118 a1=0 a2=1b6 a3=8bd8300 items=0 ppid=8135 pid=8136 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772883.774:11349): avc: denied { read write } for pid=8136 comm="modprobe" name="tun.ko" dev=dm-0 ino=13719702 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772883.774:11349): arch=40000003 syscall=5 success=yes exit=5 a0=8bd80bc a1=2 a2=0 a3=8bd80bc items=0 ppid=8135 pid=8136 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772883.774:11350): avc: denied { lock } for pid=8136 comm="modprobe" name="tun.ko" dev=dm-0 ino=13719702 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772883.774:11350): arch=40000003 syscall=221 success=yes exit=0 a0=5 a1=7 a2=bfcf47a0 a3=bfcf47a0 items=0 ppid=8135 pid=8136 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772883.774:11350): path="/lib/modules/2.6.18-1.2849.fc6xen/kernel/drivers/net/tun.ko"
+type=USER_AVC msg=audit(1163772883.783:11351): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.967:11352): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.967:11353): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.vpnc member=startConnection dest=org.freedesktop.NetworkManager.vpnc spid=6687 tpid=8135 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772883.967:11354): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772883.987:11355): avc: denied { execute } for pid=8137 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772883.987:11355): avc: denied { execute_no_trans } for pid=8137 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163772883.987:11355): avc: denied { read } for pid=8137 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=USER_AVC msg=audit(1163772884.003:11356): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772884.003:11357): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=SYSCALL msg=audit(1163772883.987:11355): arch=40000003 syscall=11 success=yes exit=0 a0=804b8f3 a1=8bcf518 a2=bf99503c a3=0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772883.987:11355): path="/usr/sbin/vpnc"
+type=AVC_PATH msg=audit(1163772883.987:11355): path="/usr/sbin/vpnc"
+type=AVC msg=audit(1163772884.031:11358): avc: denied { ipc_lock } for pid=8137 comm="vpnc" capability=14 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163772884.031:11358): arch=40000003 syscall=150 success=yes exit=0 a0=b7fc1000 a1=4000 a2=57612c4 a3=b7fc1000 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772884.031:11359): avc: denied { name_bind } for pid=8137 comm="vpnc" src=500 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:isakmp_port_t:s0 tclass=udp_socket
+type=SYSCALL msg=audit(1163772884.031:11359): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfa213a0 a2=805b6e8 a3=3 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772884.047:11360): avc: denied { read write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163772884.047:11360): arch=40000003 syscall=5 success=yes exit=4 a0=8058da4 a1=2 a2=10 a3=805c4c4 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772884.047:11361): avc: denied { ioctl } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163772884.047:11361): arch=40000003 syscall=54 success=yes exit=0 a0=4 a1=400454ca a2=bfa213b8 a3=4 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772884.047:11361): path="/dev/net/tun"
+type=USER_AVC msg=audit(1163772884.735:11362): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.vpnc member=signalIP4Config dest=org.freedesktop.NetworkManager.vpnc spid=8149 tpid=8135 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772884.739:11363): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=IP4Config dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772884.739:11364): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772884.739:11365): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionRoutes dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772884.743:11366): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772884.743:11367): avc: denied { create } for pid=6687 comm="NetworkManager" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772884.743:11367): arch=40000003 syscall=102 success=yes exit=14 a0=1 a1=bfaf32b0 a2=84ff760 a3=2 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772884.743:11368): avc: denied { ioctl } for pid=6687 comm="NetworkManager" name="[31576]" dev=sockfs ino=31576 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163772884.743:11368): arch=40000003 syscall=54 success=yes exit=0 a0=e a1=890b a2=bfaf3364 a3=84ff760 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772884.743:11368): path="socket:[31576]"
+type=USER_AVC msg=audit(1163772885.799:11369): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=LoginBanner dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163772885.799:11370): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163772893.279:11371): avc: denied { append } for pid=8154 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772893.279:11371): arch=40000003 syscall=5 success=yes exit=4 a0=89cde18 a1=8441 a2=1b6 a3=8964208 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772893.291:11372): avc: denied { create } for pid=8154 comm="yum" name="yum.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772893.291:11372): arch=40000003 syscall=5 success=yes exit=5 a0=877ef30 a1=80c1 a2=1a4 a3=80c1 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772893.295:11373): avc: denied { write } for pid=8154 comm="yum" name="yum.pid" dev=dm-0 ino=14437127 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772893.295:11373): arch=40000003 syscall=4 success=yes exit=4 a0=5 a1=89f7934 a2=4 a3=86a71b0 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772893.295:11373): path="/var/run/yum.pid"
+type=AVC msg=audit(1163772893.443:11374): avc: denied { write } for pid=8154 comm="yum" name="repomd.xml" dev=dm-0 ino=15287718 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772893.443:11374): arch=40000003 syscall=5 success=yes exit=6 a0=86fae70 a1=8241 a2=1b6 a3=8a32e78 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772893.459:11375): avc: denied { setattr } for pid=8154 comm="yum" name="repomd.xml" dev=dm-0 ino=15287718 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772893.459:11375): arch=40000003 syscall=271 success=yes exit=0 a0=86fae70 a1=bff0df54 a2=c4eff4 a3=899be8c items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772895.559:11376): avc: denied { write } for pid=8154 comm="yum" name="development" dev=dm-0 ino=15288131 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163772895.559:11376): avc: denied { add_name } for pid=8154 comm="yum" name="primary.xml.gz.sqlite-journal" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163772895.559:11376): avc: denied { create } for pid=8154 comm="yum" name="primary.xml.gz.sqlite-journal" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772895.559:11376): arch=40000003 syscall=5 success=yes exit=10 a0=8735f30 a1=80c2 a2=1a4 a3=80c2 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772895.559:11377): avc: denied { remove_name } for pid=8154 comm="yum" name="primary.xml.gz.sqlite-journal" dev=dm-0 ino=15288159 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163772895.559:11377): avc: denied { unlink } for pid=8154 comm="yum" name="primary.xml.gz.sqlite-journal" dev=dm-0 ino=15288159 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772895.559:11377): arch=40000003 syscall=10 success=yes exit=0 a0=8735f30 a1=1 a2=2c0e2c a3=8735e08 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772959.055:11378): avc: denied { unlink } for pid=8154 comm="yum" name="yum.pid" dev=dm-0 ino=14437127 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772959.055:11378): arch=40000003 syscall=10 success=yes exit=0 a0=cd5b368 a1=0 a2=59d1fe4 a3=86a71b0 items=0 ppid=6537 pid=8154 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163772959.287:11379): avc: denied { getattr } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772959.287:11379): arch=40000003 syscall=196 success=yes exit=0 a0=bfcfcae4 a1=bfcfca48 a2=c4eff4 a3=930e3b0 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772959.287:11379): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163772959.883:11380): avc: denied { read } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772959.883:11380): arch=40000003 syscall=5 success=yes exit=51 a0=9773e28 a1=0 a2=c50150 a3=9773e28 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163772959.899:11381): avc: denied { execute } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772959.899:11381): arch=40000003 syscall=192 success=yes exit=41328640 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772959.899:11381): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163772960.231:11382): avc: denied { read } for pid=6507 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772960.231:11382): arch=40000003 syscall=33 success=yes exit=0 a0=bfd00fcb a1=4 a2=da3a64 a3=bfd00fcb items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163772960.231:11383): avc: denied { getattr } for pid=6507 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163772960.231:11383): arch=40000003 syscall=197 success=yes exit=0 a0=33 a1=bfcf964c a2=c4eff4 a3=97039c8 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163772960.231:11383): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163773001.406:11384): avc: denied { write } for pid=8165 comm="rpm" name="gnome-python2-gnomevfs-2.16.2" dev=dm-0 ino=10412290 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163773001.406:11384): avc: denied { remove_name } for pid=8165 comm="rpm" name="sync-xfer.py" dev=dm-0 ino=10412299 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163773001.406:11384): avc: denied { unlink } for pid=8165 comm="rpm" name="sync-xfer.py" dev=dm-0 ino=10412299 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773001.406:11384): arch=40000003 syscall=10 success=yes exit=0 a0=9975238 a1=2d a2=186040 a3=9975238 items=0 ppid=6537 pid=8165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rpm" exe="/bin/rpm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773001.438:11385): avc: denied { rmdir } for pid=8165 comm="rpm" name="pygvfsmethod" dev=dm-0 ino=10412294 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773001.438:11385): arch=40000003 syscall=40 success=yes exit=0 a0=9975238 a1=2d a2=186040 a3=9975238 items=0 ppid=6537 pid=8165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rpm" exe="/bin/rpm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773045.629:11386): avc: denied { read } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773045.629:11386): arch=40000003 syscall=5 success=yes exit=58 a0=9bbf070 a1=0 a2=9bbf068 a3=9bbf070 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773045.633:11387): avc: denied { getattr } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773045.633:11387): arch=40000003 syscall=197 success=yes exit=0 a0=3a a1=bfcfc5d0 a2=4aafc0 a3=3b items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773045.633:11387): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163773045.633:11388): avc: denied { execute } for pid=6507 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773045.633:11388): arch=40000003 syscall=192 success=yes exit=41328640 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773045.633:11388): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163773049.833:11389): avc: denied { execute } for pid=6507 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773049.833:11389): arch=40000003 syscall=192 success=yes exit=99201024 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773049.833:11389): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163773049.845:11390): avc: denied { execstack } for pid=6507 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1163773049.845:11390): avc: denied { execmem } for pid=6507 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163773049.845:11390): arch=40000003 syscall=125 success=yes exit=0 a0=bfcff000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773049.889:11391): avc: denied { execmod } for pid=6507 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773049.889:11391): arch=40000003 syscall=125 success=yes exit=0 a0=5e9b000 a1=26f000 a2=5 a3=bfcfca20 items=0 ppid=1 pid=6507 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773049.889:11391): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163773057.641:11392): avc: denied { write } for pid=8179 comm="gnome-terminal" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163773057.641:11392): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfab5230 a2=df7770 a3=15 items=0 ppid=1 pid=8179 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773132.042:11393): avc: denied { execute } for pid=8206 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773132.042:11393): arch=40000003 syscall=192 success=yes exit=22396928 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=8206 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773132.042:11393): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163773132.050:11394): avc: denied { execmod } for pid=8206 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773132.050:11394): arch=40000003 syscall=125 success=yes exit=0 a0=155c000 a1=26f000 a2=5 a3=bf942670 items=0 ppid=1 pid=8206 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773132.050:11394): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163773160.768:11395): avc: denied { ioctl } for pid=8264 comm="ps" name="[32611]" dev=pipefs ino=32611 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163773160.768:11395): arch=40000003 syscall=54 success=no exit=-22 a0=1 a1=5413 a2=bfa460f4 a3=bfa46138 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.768:11395): path="pipe:[32611]"
+type=AVC msg=audit(1163773160.768:11396): avc: denied { getattr } for pid=8264 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.768:11396): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.768:11396): path="/proc/1"
+type=AVC msg=audit(1163773160.768:11397): avc: denied { search } for pid=8264 comm="ps" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.768:11397): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=65549 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.768:11397): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.768:11398): avc: denied { getattr } for pid=8264 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.768:11398): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.768:11398): path="/proc/2"
+type=AVC msg=audit(1163773160.768:11399): avc: denied { search } for pid=8264 comm="ps" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.768:11399): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=131085 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.768:11399): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.772:11400): avc: denied { getattr } for pid=8264 comm="ps" name="436" dev=proc ino=28573698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.772:11400): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.772:11400): path="/proc/436"
+type=AVC msg=audit(1163773160.772:11401): avc: denied { search } for pid=8264 comm="ps" name="436" dev=proc ino=28573698 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.772:11401): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=28573709 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.772:11401): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.772:11402): avc: denied { getattr } for pid=8264 comm="ps" name="1853" dev=proc ino=121438210 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.772:11402): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.772:11402): path="/proc/1853"
+type=AVC msg=audit(1163773160.772:11403): avc: denied { search } for pid=8264 comm="ps" name="1853" dev=proc ino=121438210 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.772:11403): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=121438221 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.772:11403): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.772:11404): avc: denied { getattr } for pid=8264 comm="ps" name="1865" dev=proc ino=122224642 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.772:11404): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.772:11404): path="/proc/1865"
+type=AVC msg=audit(1163773160.772:11405): avc: denied { search } for pid=8264 comm="ps" name="1865" dev=proc ino=122224642 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.772:11405): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=122224653 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.772:11405): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11406): avc: denied { getattr } for pid=8264 comm="ps" name="1881" dev=proc ino=123273218 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11406): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11406): path="/proc/1881"
+type=AVC msg=audit(1163773160.776:11407): avc: denied { search } for pid=8264 comm="ps" name="1881" dev=proc ino=123273218 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11407): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=123273229 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11407): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11408): avc: denied { getattr } for pid=8264 comm="ps" name="1884" dev=proc ino=123469826 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11408): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11408): path="/proc/1884"
+type=AVC msg=audit(1163773160.776:11409): avc: denied { search } for pid=8264 comm="ps" name="1884" dev=proc ino=123469826 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11409): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=123469837 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11409): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11410): avc: denied { getattr } for pid=8264 comm="ps" name="1896" dev=proc ino=124256258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11410): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11410): path="/proc/1896"
+type=AVC msg=audit(1163773160.776:11411): avc: denied { search } for pid=8264 comm="ps" name="1896" dev=proc ino=124256258 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11411): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=124256269 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11411): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11412): avc: denied { getattr } for pid=8264 comm="ps" name="1912" dev=proc ino=125304834 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11412): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11412): path="/proc/1912"
+type=AVC msg=audit(1163773160.776:11413): avc: denied { search } for pid=8264 comm="ps" name="1912" dev=proc ino=125304834 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.776:11413): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=125304845 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11413): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11414): avc: denied { getattr } for pid=8264 comm="ps" name="1925" dev=proc ino=126156802 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11414): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11414): path="/proc/1925"
+type=AVC msg=audit(1163773160.776:11415): avc: denied { search } for pid=8264 comm="ps" name="1925" dev=proc ino=126156802 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11415): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=126156813 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11415): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11416): avc: denied { getattr } for pid=8264 comm="ps" name="1959" dev=proc ino=128385026 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11416): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11416): path="/proc/1959"
+type=AVC msg=audit(1163773160.776:11417): avc: denied { search } for pid=8264 comm="ps" name="1959" dev=proc ino=128385026 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11417): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=128385037 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11417): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11418): avc: denied { getattr } for pid=8264 comm="ps" name="2033" dev=proc ino=133234690 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11418): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11418): path="/proc/2033"
+type=AVC msg=audit(1163773160.776:11419): avc: denied { search } for pid=8264 comm="ps" name="2033" dev=proc ino=133234690 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11419): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=133234701 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11419): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11420): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=135135245 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11420): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11421): avc: denied { getattr } for pid=8264 comm="ps" name="2123" dev=proc ino=139132930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11421): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11421): path="/proc/2123"
+type=AVC msg=audit(1163773160.776:11422): avc: denied { search } for pid=8264 comm="ps" name="2123" dev=proc ino=139132930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11422): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=139132941 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11422): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11423): avc: denied { getattr } for pid=8264 comm="ps" name="2142" dev=proc ino=140378114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11423): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11423): path="/proc/2142"
+type=AVC msg=audit(1163773160.776:11424): avc: denied { search } for pid=8264 comm="ps" name="2142" dev=proc ino=140378114 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11424): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=140378125 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11424): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11425): avc: denied { getattr } for pid=8264 comm="ps" name="2153" dev=proc ino=141099010 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11425): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11425): path="/proc/2153"
+type=AVC msg=audit(1163773160.776:11426): avc: denied { search } for pid=8264 comm="ps" name="2153" dev=proc ino=141099010 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11426): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=141099021 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11426): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11427): avc: denied { getattr } for pid=8264 comm="ps" name="2170" dev=proc ino=142213122 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11427): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11427): path="/proc/2170"
+type=AVC msg=audit(1163773160.776:11428): avc: denied { search } for pid=8264 comm="ps" name="2170" dev=proc ino=142213122 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.776:11428): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=142213133 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11428): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11429): avc: denied { getattr } for pid=8264 comm="ps" name="2184" dev=proc ino=143130626 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11429): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11429): path="/proc/2184"
+type=AVC msg=audit(1163773160.776:11430): avc: denied { search } for pid=8264 comm="ps" name="2184" dev=proc ino=143130626 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.776:11430): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=143130637 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11430): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11431): avc: denied { getattr } for pid=8264 comm="ps" name="2196" dev=proc ino=143917058 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11431): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11431): path="/proc/2196"
+type=AVC msg=audit(1163773160.776:11432): avc: denied { search } for pid=8264 comm="ps" name="2196" dev=proc ino=143917058 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11432): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=143917069 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11432): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11433): avc: denied { getattr } for pid=8264 comm="ps" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11433): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11433): path="/proc/2216"
+type=AVC msg=audit(1163773160.776:11434): avc: denied { search } for pid=8264 comm="ps" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.776:11434): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=145227789 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.776:11434): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.776:11435): avc: denied { getattr } for pid=8264 comm="ps" name="2237" dev=proc ino=146604034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.776:11435): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.776:11435): path="/proc/2237"
+type=AVC msg=audit(1163773160.780:11436): avc: denied { search } for pid=8264 comm="ps" name="2237" dev=proc ino=146604034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11436): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=146604045 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11436): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11437): avc: denied { getattr } for pid=8264 comm="ps" name="2248" dev=proc ino=147324930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11437): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11437): path="/proc/2248"
+type=AVC msg=audit(1163773160.780:11438): avc: denied { search } for pid=8264 comm="ps" name="2248" dev=proc ino=147324930 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.780:11438): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=147324941 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11438): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11439): avc: denied { getattr } for pid=8264 comm="ps" name="2285" dev=proc ino=149749762 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11439): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11439): path="/proc/2285"
+type=AVC msg=audit(1163773160.780:11440): avc: denied { search } for pid=8264 comm="ps" name="2285" dev=proc ino=149749762 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11440): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=149749773 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11440): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11441): avc: denied { getattr } for pid=8264 comm="ps" name="2401" dev=proc ino=157351938 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11441): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11441): path="/proc/2401"
+type=AVC msg=audit(1163773160.780:11442): avc: denied { search } for pid=8264 comm="ps" name="2401" dev=proc ino=157351938 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11442): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=157351949 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11442): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11443): avc: denied { getattr } for pid=8264 comm="ps" name="2723" dev=proc ino=178454530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11443): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11443): path="/proc/2723"
+type=AVC msg=audit(1163773160.780:11444): avc: denied { search } for pid=8264 comm="ps" name="2723" dev=proc ino=178454530 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11444): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=178454541 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11444): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11445): avc: denied { getattr } for pid=8264 comm="ps" name="2732" dev=proc ino=179044354 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11445): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11445): path="/proc/2732"
+type=AVC msg=audit(1163773160.780:11446): avc: denied { search } for pid=8264 comm="ps" name="2732" dev=proc ino=179044354 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11446): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=179044365 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11446): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11447): avc: denied { getattr } for pid=8264 comm="ps" name="2735" dev=proc ino=179240962 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11447): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11447): path="/proc/2735"
+type=AVC msg=audit(1163773160.780:11448): avc: denied { search } for pid=8264 comm="ps" name="2735" dev=proc ino=179240962 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11448): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=179240973 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11448): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11449): avc: denied { getattr } for pid=8264 comm="ps" name="3150" dev=proc ino=206438402 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11449): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11449): path="/proc/3150"
+type=AVC msg=audit(1163773160.780:11450): avc: denied { search } for pid=8264 comm="ps" name="3150" dev=proc ino=206438402 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11450): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=206438413 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11450): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11451): avc: denied { getattr } for pid=8264 comm="ps" name="3172" dev=proc ino=207880194 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11451): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11451): path="/proc/3172"
+type=AVC msg=audit(1163773160.780:11452): avc: denied { search } for pid=8264 comm="ps" name="3172" dev=proc ino=207880194 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.780:11452): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=207880205 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11452): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.780:11453): avc: denied { getattr } for pid=8264 comm="ps" name="3201" dev=proc ino=209780738 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.780:11453): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.780:11453): path="/proc/3201"
+type=AVC msg=audit(1163773160.780:11454): avc: denied { search } for pid=8264 comm="ps" name="3201" dev=proc ino=209780738 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.780:11454): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=209780749 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.780:11454): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11455): avc: denied { getattr } for pid=8264 comm="ps" name="3289" dev=proc ino=215547906 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11455): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11455): path="/proc/3289"
+type=AVC msg=audit(1163773160.784:11456): avc: denied { search } for pid=8264 comm="ps" name="3289" dev=proc ino=215547906 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163773160.784:11456): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=215547917 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11456): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11457): avc: denied { getattr } for pid=8264 comm="ps" name="3310" dev=proc ino=216924162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11457): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11457): path="/proc/3310"
+type=AVC msg=audit(1163773160.784:11458): avc: denied { search } for pid=8264 comm="ps" name="3310" dev=proc ino=216924162 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11458): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=216924173 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11458): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11459): avc: denied { getattr } for pid=8264 comm="ps" name="3362" dev=proc ino=220332034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11459): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11459): path="/proc/3362"
+type=AVC msg=audit(1163773160.784:11460): avc: denied { search } for pid=8264 comm="ps" name="3362" dev=proc ino=220332034 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11460): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=220332045 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11460): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11461): avc: denied { getattr } for pid=8264 comm="ps" name="3366" dev=proc ino=220594178 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11461): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11461): path="/proc/3366"
+type=AVC msg=audit(1163773160.784:11462): avc: denied { search } for pid=8264 comm="ps" name="3366" dev=proc ino=220594178 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11462): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=220594189 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11462): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11463): avc: denied { getattr } for pid=8264 comm="ps" name="3875" dev=proc ino=253952002 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11463): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11463): path="/proc/3875"
+type=AVC msg=audit(1163773160.784:11464): avc: denied { search } for pid=8264 comm="ps" name="3875" dev=proc ino=253952002 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11464): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=253952013 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11464): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11465): avc: denied { getattr } for pid=8264 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11465): arch=40000003 syscall=195 success=yes exit=0 a0=c62840 a1=bfa4385c a2=c4eff4 a3=bfa4385c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11465): path="/dev/pts"
+type=AVC msg=audit(1163773160.784:11466): avc: denied { read } for pid=8264 comm="ps" name="2" dev=proc ino=257851394 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163773160.784:11466): avc: denied { ptrace } for pid=8264 comm="ps" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163773160.784:11466): arch=40000003 syscall=85 success=yes exit=10 a0=bfa43898 a1=c62840 a2=7f a3=bfa43898 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773160.784:11467): avc: denied { search } for pid=8264 comm="ps" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11467): avc: denied { getattr } for pid=8264 comm="ps" name="1" dev=devpts ino=3 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773160.784:11467): arch=40000003 syscall=195 success=yes exit=0 a0=c62840 a1=bfa4379c a2=c4eff4 a3=bfa4379c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11467): path="/dev/pts/1"
+type=AVC msg=audit(1163773160.784:11468): avc: denied { getattr } for pid=8264 comm="ps" name="4062" dev=proc ino=266207234 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773160.784:11468): arch=40000003 syscall=195 success=yes exit=0 a0=892097c a1=bfa4604c a2=c4eff4 a3=bfa4604c items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773160.784:11468): path="/proc/4062"
+type=AVC msg=audit(1163773160.784:11469): avc: denied { search } for pid=8264 comm="ps" name="4062" dev=proc ino=266207234 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=AVC msg=audit(1163773160.784:11469): avc: denied { read } for pid=8264 comm="ps" name="stat" dev=proc ino=266207245 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773160.784:11469): arch=40000003 syscall=5 success=yes exit=18 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=8263 pid=8264 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773182.121:11470): avc: denied { dac_override } for pid=8271 comm="yum" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163773182.121:11470): arch=40000003 syscall=33 success=yes exit=0 a0=8dfc308 a1=2 a2=488b44 a3=0 items=0 ppid=6537 pid=8271 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773184.609:11471): avc: denied { write } for pid=8271 comm="yum" name="gnuchess" dev=dm-0 ino=14731267 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=AVC msg=audit(1163773184.609:11471): avc: denied { remove_name } for pid=8271 comm="yum" name="book.dat" dev=dm-0 ino=10738969 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=AVC msg=audit(1163773184.609:11471): avc: denied { unlink } for pid=8271 comm="yum" name="book.dat" dev=dm-0 ino=10738969 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773184.609:11471): arch=40000003 syscall=10 success=yes exit=0 a0=a3e7280 a1=2d a2=d2a040 a3=a3e7280 items=0 ppid=6537 pid=8271 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773184.637:11472): avc: denied { rmdir } for pid=8271 comm="yum" name="gnuchess" dev=dm-0 ino=14731267 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773184.637:11472): arch=40000003 syscall=40 success=yes exit=0 a0=a892d88 a1=2d a2=d2a040 a3=a892d88 items=0 ppid=6537 pid=8271 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773184.697:11473): avc: denied { write } for pid=8271 comm="yum" name="bin" dev=dm-0 ino=10311850 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163773184.697:11473): avc: denied { remove_name } for pid=8271 comm="yum" name="gnuchess" dev=dm-0 ino=10332735 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163773184.697:11473): avc: denied { unlink } for pid=8271 comm="yum" name="gnuchess" dev=dm-0 ino=10332735 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773184.697:11473): arch=40000003 syscall=10 success=yes exit=0 a0=b210580 a1=2d a2=d2a040 a3=b210580 items=0 ppid=6537 pid=8271 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163773201.786:11474): user pid=8275 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163773201.786:11475): login pid=8275 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163773201.786:11476): user pid=8275 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163773201.786:11477): user pid=8275 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163773201.790:11478): avc: denied { execute } for pid=8276 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163773201.790:11478): avc: denied { execute_no_trans } for pid=8276 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.790:11478): arch=40000003 syscall=11 success=yes exit=0 a0=982f1b0 a1=982f358 a2=982f290 a3=982f008 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773201.790:11478): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163773201.794:11479): avc: denied { execute } for pid=8276 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163773201.794:11479): avc: denied { execute_no_trans } for pid=8276 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163773201.794:11479): avc: denied { read } for pid=8276 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.794:11479): arch=40000003 syscall=11 success=yes exit=0 a0=9851d48 a1=9851740 a2=9851d60 a3=9851740 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773201.794:11479): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163773201.794:11479): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163773201.798:11480): avc: denied { search } for pid=8276 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163773201.798:11480): avc: denied { read } for pid=8276 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.798:11480): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=97ac7f8 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773201.798:11481): avc: denied { getattr } for pid=8276 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.798:11481): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfa33b58 a2=c4eff4 a3=97ac7f8 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773201.798:11481): path="/proc/net/dev"
+type=AVC msg=audit(1163773201.798:11482): avc: denied { search } for pid=8276 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773201.798:11482): arch=40000003 syscall=33 success=yes exit=0 a0=bfa33f04 a1=0 a2=bfa33df8 a3=bfa33e00 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773201.798:11483): avc: denied { read append } for pid=8276 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.798:11483): arch=40000003 syscall=5 success=yes exit=3 a0=bfa33f04 a1=402 a2=bfa340c8 a3=bfa33e00 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773201.798:11484): avc: denied { search } for pid=8276 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163773201.798:11484): avc: denied { read } for pid=8276 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.798:11484): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=97ad2f8 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773201.798:11485): avc: denied { getattr } for pid=8276 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.798:11485): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfa339b0 a2=c4eff4 a3=97ad2f8 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773201.798:11485): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163773201.798:11486): avc: denied { search } for pid=8276 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773201.798:11486): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=97ad2f8 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773201.802:11487): avc: denied { lock } for pid=8276 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773201.802:11487): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfa33e00 a3=3 items=0 ppid=8275 pid=8276 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773201.802:11487): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163773201.862:11488): user pid=8275 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163773201.862:11489): user pid=8275 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163773212.595:11490): avc: denied { search } for pid=8278 comm="thunderbird" name="locale" dev=dm-0 ino=10311858 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163773212.595:11490): avc: denied { read } for pid=8278 comm="thunderbird" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11490): arch=40000003 syscall=5 success=yes exit=3 a0=c37d80 a1=8000 a2=1 a3=bfe9f4a0 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.595:11491): avc: denied { getattr } for pid=8278 comm="thunderbird" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11491): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=c4faa0 a2=c4eff4 a3=bfe9f4a0 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773212.595:11491): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1163773212.595:11492): avc: denied { read } for pid=8278 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11492): arch=40000003 syscall=5 success=yes exit=3 a0=c36d1a a1=0 a2=1b6 a3=8852a60 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.595:11493): avc: denied { getattr } for pid=8278 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11493): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe9d618 a2=c4eff4 a3=8852a60 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773212.595:11493): path="/proc/meminfo"
+type=AVC msg=audit(1163773212.595:11494): avc: denied { read } for pid=8278 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11494): arch=40000003 syscall=5 success=yes exit=3 a0=c37d5c a1=0 a2=0 a3=bfe9f700 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.595:11495): avc: denied { getattr } for pid=8278 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.595:11495): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe9f5a8 a2=c4eff4 a3=3 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773212.595:11495): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1163773212.979:11496): avc: denied { read } for pid=8290 comm="thunderbird-bin" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.979:11496): arch=40000003 syscall=5 success=yes exit=3 a0=bfac7f20 a1=0 a2=1b6 a3=9003398 items=0 ppid=8285 pid=8290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.979:11497): avc: denied { getattr } for pid=8290 comm="thunderbird-bin" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.979:11497): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfac7dbc a2=c4eff4 a3=9003398 items=0 ppid=8285 pid=8290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773212.979:11497): path="/usr/share/locale/locale.alias"
+type=AVC msg=audit(1163773212.979:11498): avc: denied { search } for pid=8290 comm="thunderbird-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773212.979:11498): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfac7e90 a2=c4eff4 a3=3 items=0 ppid=8285 pid=8290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.991:11499): avc: denied { read } for pid=8290 comm="thunderbird-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.991:11499): arch=40000003 syscall=33 success=yes exit=0 a0=bfacaf72 a1=4 a2=da3a64 a3=bfacaf72 items=0 ppid=8285 pid=8290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773212.995:11500): avc: denied { getattr } for pid=8290 comm="thunderbird-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773212.995:11500): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfac7c1c a2=c4eff4 a3=8ff7558 items=0 ppid=8285 pid=8290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773212.995:11500): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163773213.179:11501): avc: denied { read } for pid=8278 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.179:11501): arch=40000003 syscall=5 success=yes exit=3 a0=c36d1a a1=0 a2=1b6 a3=9b5fa60 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773213.179:11502): avc: denied { getattr } for pid=8278 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.179:11502): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf80ed68 a2=c4eff4 a3=9b5fa60 items=0 ppid=1 pid=8278 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773213.179:11502): path="/proc/meminfo"
+type=AVC msg=audit(1163773213.359:11503): avc: denied { search } for pid=8301 comm="thunderbird-bin" name=".mozilla" dev=dm-0 ino=6547337 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773213.359:11503): arch=40000003 syscall=33 success=yes exit=0 a0=9903cb8 a1=0 a2=ab3bdc a3=bfe14c4c items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773213.363:11504): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="dom_html.xpt" dev=dm-0 ino=10737706 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.363:11504): arch=40000003 syscall=195 success=yes exit=0 a0=9907400 a1=bfe14b0c a2=c4eff4 a3=bfe14b0c items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773213.363:11504): path="/usr/lib/thunderbird-1.5.0.7/components/dom_html.xpt"
+type=AVC msg=audit(1163773213.367:11505): avc: denied { read } for pid=8301 comm="thunderbird-bin" name="plugins" dev=dm-0 ino=6547805 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773213.367:11505): arch=40000003 syscall=5 success=yes exit=5 a0=9903cb8 a1=18800 a2=bfe14af8 a3=bfe14b60 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773213.367:11506): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="plugins" dev=dm-0 ino=6547805 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773213.367:11506): arch=40000003 syscall=197 success=yes exit=0 a0=5 a1=bfe14acc a2=c4eff4 a3=5 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773213.367:11506): path="/home/kmacmill/.mozilla/plugins"
+type=AVC msg=audit(1163773213.367:11507): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.367:11507): arch=40000003 syscall=195 success=yes exit=0 a0=990ad70 a1=bfe14b0c a2=c4eff4 a3=bfe14b0c items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773213.367:11507): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163773213.367:11508): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.367:11508): arch=40000003 syscall=195 success=yes exit=0 a0=990ad70 a1=bfe14b0c a2=c4eff4 a3=bfe14b0c items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773213.367:11508): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163773213.371:11509): avc: denied { read } for pid=8301 comm="thunderbird-bin" name="msgbase.xpt" dev=dm-0 ino=10737972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.371:11509): arch=40000003 syscall=5 success=yes exit=5 a0=9907cb8 a1=8000 a2=0 a3=8000 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773213.675:11510): avc: denied { read } for pid=8301 comm="thunderbird-bin" name="flashplayer.xpt" dev=dm-0 ino=6547381 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773213.675:11510): arch=40000003 syscall=5 success=yes exit=5 a0=990ad70 a1=8000 a2=0 a3=8000 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773216.487:11511): avc: denied { read } for pid=8301 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773216.487:11511): arch=40000003 syscall=5 success=yes exit=18 a0=3d4880 a1=8000 a2=1b6 a3=9abb478 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773216.487:11512): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773216.487:11512): arch=40000003 syscall=197 success=yes exit=0 a0=12 a1=bfe12f2c a2=c4eff4 a3=9abb478 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773216.487:11512): path="/dev/urandom"
+type=AVC msg=audit(1163773216.487:11513): avc: denied { ioctl } for pid=8301 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773216.487:11513): arch=40000003 syscall=54 success=no exit=-22 a0=12 a1=5401 a2=bfe12e8c a3=bfe12ecc items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773216.487:11513): path="/dev/urandom"
+type=AVC msg=audit(1163773228.744:11514): avc: denied { search } for pid=8301 comm="thunderbird-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773228.744:11514): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bf845c10 a2=c4eff4 a3=3 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773229.948:11515): avc: denied { read } for pid=8301 comm="thunderbird-bin" name="3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2" dev=dm-0 ino=14437317 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773229.948:11515): arch=40000003 syscall=5 success=yes exit=30 a0=a01d410 a1=0 a2=f501c600 a3=a0118b8 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773229.948:11516): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2" dev=dm-0 ino=14437317 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773229.948:11516): arch=40000003 syscall=197 success=yes exit=0 a0=1e a1=bf84460c a2=c4eff4 a3=bf84460c items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773229.948:11516): path="/var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2"
+type=AVC msg=audit(1163773231.640:11517): avc: denied { search } for pid=8312 comm="netstat" name="sys" dev=proc ino=-268435429 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir
+type=AVC msg=audit(1163773231.640:11517): avc: denied { search } for pid=8312 comm="netstat" name="net" dev=proc ino=-268435343 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773231.640:11517): arch=40000003 syscall=33 success=no exit=-2 a0=805f53c a1=4 a2=8064740 a3=8 items=0 ppid=8301 pid=8312 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="netstat" exe="/bin/netstat" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.928:11518): avc: denied { create } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163773231.928:11518): arch=40000003 syscall=102 success=yes exit=40 a0=1 a1=b26fd1d4 a2=c4eff4 a3=0 items=0 ppid=8296 pid=8315 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.928:11519): avc: denied { bind } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163773231.928:11519): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b26fd1d4 a2=c4eff4 a3=28 items=0 ppid=8296 pid=8315 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.928:11520): avc: denied { getattr } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163773231.928:11520): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b26fd1d4 a2=c4eff4 a3=28 items=0 ppid=8296 pid=8315 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.928:11521): avc: denied { write } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163773231.928:11521): avc: denied { nlmsg_read } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163773231.928:11521): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b26fc10c a2=c4eff4 a3=0 items=0 ppid=8296 pid=8315 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.928:11522): avc: denied { read } for pid=8315 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163773231.928:11522): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b26fc10c a2=c4eff4 a3=0 items=0 ppid=8296 pid=8315 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773231.936:11523): avc: denied { read } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773231.936:11523): arch=40000003 syscall=3 success=yes exit=69 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773231.936:11523): path="/dev/net/tun"
+type=AVC msg=audit(1163773231.988:11524): avc: denied { write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163773231.988:11524): arch=40000003 syscall=4 success=yes exit=117 a0=4 a1=805c570 a2=75 a3=bfa20a54 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773231.988:11524): path="/dev/net/tun"
+type=AVC msg=audit(1163773396.727:11525): avc: denied { read } for pid=8326 comm="gnome-font-prop" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773396.727:11525): arch=40000003 syscall=33 success=yes exit=0 a0=bfb43de7 a1=4 a2=da3a64 a3=bfb43de7 items=0 ppid=1 pid=8326 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-font-prop" exe="/usr/bin/gnome-font-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773396.779:11526): avc: denied { read } for pid=8326 comm="gnome-font-prop" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773396.779:11526): arch=40000003 syscall=33 success=yes exit=0 a0=8f0d598 a1=4 a2=df7770 a3=8f0d598 items=0 ppid=1 pid=8326 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-font-prop" exe="/usr/bin/gnome-font-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773397.655:11527): avc: denied { getattr } for pid=8301 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=5466955 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773397.655:11527): arch=40000003 syscall=195 success=yes exit=0 a0=c36800 a1=bf844720 a2=c4eff4 a3=0 items=0 ppid=8296 pid=8301 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773397.655:11527): path="/etc/localtime"
+type=AVC msg=audit(1163773695.057:11528): avc: denied { search } for pid=8345 comm="thunderbird" name="locale" dev=dm-0 ino=10311858 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163773695.057:11528): avc: denied { read } for pid=8345 comm="thunderbird" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773695.057:11528): arch=40000003 syscall=5 success=yes exit=3 a0=c37d80 a1=8000 a2=1 a3=bfbadff0 items=0 ppid=1 pid=8345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773695.057:11529): avc: denied { getattr } for pid=8345 comm="thunderbird" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773695.057:11529): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=c4faa0 a2=c4eff4 a3=bfbadff0 items=0 ppid=1 pid=8345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773695.057:11529): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1163773695.057:11530): avc: denied { read } for pid=8345 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773695.057:11530): arch=40000003 syscall=5 success=yes exit=3 a0=c37d5c a1=0 a2=0 a3=bfbae250 items=0 ppid=1 pid=8345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773695.057:11531): avc: denied { getattr } for pid=8345 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773695.057:11531): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfbae0f8 a2=c4eff4 a3=3 items=0 ppid=1 pid=8345 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773695.057:11531): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1163773695.125:11532): avc: denied { read } for pid=8357 comm="thunderbird-bin" name="locale.alias" dev=dm-0 ino=10314350 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773695.125:11532): arch=40000003 syscall=5 success=yes exit=3 a0=bfbdf030 a1=0 a2=1b6 a3=9ad3398 items=0 ppid=8352 pid=8357 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163773700.438:11533): avc: denied { read } for pid=8303 comm="yum" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773700.438:11533): arch=40000003 syscall=5 success=yes exit=9 a0=c37093 a1=0 a2=1b6 a3=8c40560 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773705.594:11534): avc: denied { write } for pid=8303 comm="yum" name="packages" dev=dm-0 ino=15288142 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163773705.594:11534): avc: denied { add_name } for pid=8303 comm="yum" name="selinux-policy-devel-2.4.4-3.fc7.noarch.rpm" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163773705.594:11534): arch=40000003 syscall=5 success=yes exit=10 a0=c896d70 a1=8241 a2=1b6 a3=8c40560 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773780.783:11535): avc: denied { read } for pid=8387 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773780.783:11535): arch=40000003 syscall=33 success=yes exit=0 a0=bff2cfcb a1=4 a2=da3a64 a3=bff2cfcb items=0 ppid=1 pid=8387 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163773780.783:11536): avc: denied { getattr } for pid=8387 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773780.783:11536): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff2b34c a2=c4eff4 a3=9ca2140 items=0 ppid=1 pid=8387 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773780.783:11536): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163773780.791:11537): avc: denied { write } for pid=8303 comm="yum" name="qt-designer-3.3.7-1.fc7.i386.rpm" dev=dm-0 ino=15288245 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773780.791:11537): arch=40000003 syscall=4 success=yes exit=4096 a0=a a1=b7fa1000 a2=1000 a3=1000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773780.791:11537): path="/var/cache/yum/development/packages/qt-designer-3.3.7-1.fc7.i386.rpm"
+type=AVC msg=audit(1163773782.935:11538): avc: denied { setattr } for pid=8303 comm="yum" name="qt-designer-3.3.7-1.fc7.i386.rpm" dev=dm-0 ino=15288245 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773782.935:11538): arch=40000003 syscall=271 success=yes exit=0 a0=a3ba900 a1=bf87c404 a2=c4eff4 a3=880aaec items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163773783.023:11539): avc: denied { create } for pid=8303 comm="yum" name="openssh-4.3p2-12.fc7.i386.rpm" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773783.023:11539): arch=40000003 syscall=5 success=yes exit=10 a0=95665a8 a1=8241 a2=1b6 a3=8ecbc20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163773801.916:11540): user pid=8412 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163773801.916:11541): login pid=8412 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163773801.916:11542): user pid=8412 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163773801.916:11543): user pid=8412 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163773801.928:11544): avc: denied { search } for pid=8413 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163773801.928:11544): avc: denied { read } for pid=8413 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773801.928:11544): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=97477f8 items=0 ppid=8412 pid=8413 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163773801.928:11545): avc: denied { getattr } for pid=8413 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773801.928:11545): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfc2b558 a2=c4eff4 a3=97477f8 items=0 ppid=8412 pid=8413 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163773801.928:11545): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1163773802.012:11546): user pid=8412 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163773802.016:11547): user pid=8412 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163773872.184:11548): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163773872.184:11548): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773872.184:11548): path="socket:[31406]"
+type=AVC msg=audit(1163773953.097:11549): avc: denied { getattr } for pid=8434 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163773953.097:11549): arch=40000003 syscall=196 success=yes exit=0 a0=bf84f9d4 a1=bf84f938 a2=c4eff4 a3=98d60f8 items=0 ppid=1 pid=8434 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163773953.097:11549): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163774133.877:11550): avc: denied { write } for pid=8465 comm="gnome-terminal" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163774133.877:11550): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd8bd10 a2=df7770 a3=15 items=0 ppid=1 pid=8465 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774169.215:11551): avc: denied { write } for pid=8303 comm="yum" name="packages" dev=dm-0 ino=15288142 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163774169.215:11551): avc: denied { add_name } for pid=8303 comm="yum" name="udev-103-2.i386.rpm" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774169.215:11551): arch=40000003 syscall=5 success=yes exit=10 a0=c675da8 a1=8241 a2=1b6 a3=9fce418 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163774197.053:11552): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163774197.053:11553): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163774197.069:11554): avc: denied { search } for pid=8520 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774197.069:11554): arch=40000003 syscall=5 success=no exit=-2 a0=bfca7178 a1=8000 a2=1b6 a3=96e49a8 items=0 ppid=8500 pid=8520 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163774197.197:11555): avc: denied { write } for pid=8521 comm="xauth" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.197:11555): arch=40000003 syscall=33 success=yes exit=0 a0=bfec99ba a1=2 a2=bfec9720 a3=0 items=0 ppid=8520 pid=8521 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.201:11556): avc: denied { read } for pid=8521 comm="xauth" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.201:11556): arch=40000003 syscall=5 success=yes exit=2 a0=bfec99ba a1=0 a2=1b6 a3=9caa008 items=0 ppid=8520 pid=8521 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.201:11557): avc: denied { getattr } for pid=8521 comm="xauth" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.201:11557): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfec946c a2=c4eff4 a3=9caa008 items=0 ppid=8520 pid=8521 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774197.201:11557): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163774197.201:11558): avc: denied { write } for pid=8520 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774197.201:11558): avc: denied { add_name } for pid=8520 comm="su" name=".xauthb3Z41E" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774197.201:11558): avc: denied { create } for pid=8520 comm="su" name=".xauthb3Z41E" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.201:11558): arch=40000003 syscall=5 success=yes exit=4 a0=96e4acb a1=80c2 a2=180 a3=80c2 items=0 ppid=8500 pid=8520 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163774197.217:11559): avc: denied { setattr } for pid=8520 comm="su" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.217:11559): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=25869f items=0 ppid=8500 pid=8520 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11560): avc: denied { search } for pid=8522 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774197.221:11560): arch=40000003 syscall=195 success=no exit=-2 a0=bfbeff17 a1=bfbefa2c a2=c4eff4 a3=bfbefa2c items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11561): avc: denied { write } for pid=8522 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774197.221:11561): avc: denied { add_name } for pid=8522 comm="xauth" name=".xauthb3Z41E-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774197.221:11561): avc: denied { create } for pid=8522 comm="xauth" name=".xauthb3Z41E-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.221:11561): arch=40000003 syscall=5 success=yes exit=2 a0=bfbeff17 a1=c1 a2=180 a3=ffffffff items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11562): avc: denied { link } for pid=8522 comm="xauth" name=".xauthb3Z41E-c" dev=dm-0 ino=13127385 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.221:11562): arch=40000003 syscall=9 success=yes exit=0 a0=bfbeff17 a1=bfbefb16 a2=da3a64 a3=2 items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11563): avc: denied { write } for pid=8522 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.221:11563): arch=40000003 syscall=33 success=yes exit=0 a0=bfbf19b6 a1=2 a2=bfbf0440 a3=0 items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11564): avc: denied { read } for pid=8522 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.221:11564): arch=40000003 syscall=5 success=yes exit=2 a0=bfbf19b6 a1=0 a2=1b6 a3=9a31008 items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163774197.221:11565): avc: denied { getattr } for pid=8522 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.221:11565): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfbf018c a2=c4eff4 a3=9a31008 items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774197.221:11565): path="/root/.xauthb3Z41E"
+type=AVC msg=audit(1163774197.229:11566): avc: denied { remove_name } for pid=8522 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774197.229:11566): avc: denied { unlink } for pid=8522 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.229:11566): arch=40000003 syscall=10 success=yes exit=0 a0=9a31008 a1=1000 a2=0 a3=9a3108a items=0 ppid=8520 pid=8522 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163774197.229:11567): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=CRED_ACQ msg=audit(1163774197.245:11568): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163774197.257:11569): avc: denied { dac_override } for pid=8523 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163774197.257:11569): arch=40000003 syscall=195 success=yes exit=0 a0=80d2437 a1=bfed1540 a2=c4eff4 a3=bfed15a0 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774197.257:11570): avc: denied { read } for pid=8523 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.257:11570): arch=40000003 syscall=5 success=yes exit=3 a0=86ac760 a1=8000 a2=0 a3=8000 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774197.345:11571): avc: denied { read } for pid=8523 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774197.345:11571): arch=40000003 syscall=5 success=yes exit=3 a0=86ac940 a1=8000 a2=0 a3=8000 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774199.765:11572): avc: denied { read } for pid=8543 comm="consolehelper-g" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.765:11572): arch=40000003 syscall=33 success=yes exit=0 a0=bfda3f9d a1=4 a2=da3a64 a3=bfda3f9d items=0 ppid=8523 pid=8543 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="consolehelper-g" exe="/usr/bin/consolehelper-gtk" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163774199.777:11573): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163774199.777:11573): arch=40000003 syscall=11 success=yes exit=0 a0=804c35f a1=9f87c28 a2=bfda35ec a3=3 items=0 ppid=8543 pid=8544 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163774199.949:11574): user pid=8544 uid=0 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: authentication acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163774199.949:11575): user pid=8544 uid=0 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: accounting acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163774199.949:11576): avc: denied { search } for pid=8544 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774199.949:11576): arch=40000003 syscall=5 success=no exit=-2 a0=bfeeab38 a1=8000 a2=1b6 a3=90963e8 items=0 ppid=8543 pid=8544 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163774199.949:11577): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=AVC msg=audit(1163774199.949:11577): avc: denied { execute_no_trans } for pid=8545 comm="userhelper" name="xauth" dev=dm-0 ino=10326959 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.949:11577): arch=40000003 syscall=11 success=yes exit=0 a0=31c761 a1=bfeebafc a2=9092568 a3=4 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774199.949:11577): path="/usr/bin/xauth"
+type=AVC msg=audit(1163774199.953:11578): avc: denied { write } for pid=8545 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774199.953:11578): avc: denied { add_name } for pid=8545 comm="xauth" name=".xauthb3Z41E-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774199.953:11578): avc: denied { create } for pid=8545 comm="xauth" name=".xauthb3Z41E-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11578): arch=40000003 syscall=5 success=yes exit=2 a0=bfa3d337 a1=c1 a2=180 a3=ffffffff items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163774199.953:11579): avc: denied { link } for pid=8545 comm="xauth" name=".xauthb3Z41E-c" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11579): arch=40000003 syscall=9 success=yes exit=0 a0=bfa3d337 a1=bfa3cf36 a2=da3a64 a3=2 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163774199.953:11580): avc: denied { write } for pid=8545 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11580): arch=40000003 syscall=33 success=yes exit=0 a0=bfa3df09 a1=2 a2=bfa3d860 a3=0 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163774199.953:11581): avc: denied { read } for pid=8545 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11581): arch=40000003 syscall=5 success=yes exit=2 a0=bfa3df09 a1=0 a2=1b6 a3=9312008 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163774199.953:11582): avc: denied { getattr } for pid=8545 comm="xauth" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11582): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfa3d5ac a2=c4eff4 a3=9312008 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774199.953:11582): path="/root/.xauthb3Z41E"
+type=AVC msg=audit(1163774199.953:11583): avc: denied { remove_name } for pid=8545 comm="xauth" name=".xauthb3Z41E-c" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774199.953:11583): avc: denied { unlink } for pid=8545 comm="xauth" name=".xauthb3Z41E-c" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11583): arch=40000003 syscall=10 success=yes exit=0 a0=bfa3cf27 a1=bfa3cb39 a2=da3a64 a3=bfa3cb26 items=0 ppid=8544 pid=8545 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163774199.953:11584): avc: denied { setattr } for pid=8544 comm="userhelper" name=".xauthTAYBaF" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774199.953:11584): arch=40000003 syscall=207 success=yes exit=0 a0=5 a1=0 a2=0 a3=31c69f items=0 ppid=8543 pid=8544 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163774199.953:11585): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163774199.953:11585): arch=40000003 syscall=11 success=yes exit=0 a0=31c761 a1=bfeebafc a2=9092568 a3=4 items=0 ppid=8544 pid=8546 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=USER_START msg=audit(1163774200.085:11586): user pid=8544 uid=0 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session open acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163774201.129:11587): avc: denied { write } for pid=8547 comm="python" name=".virt-manager" dev=dm-0 ino=13127378 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774201.129:11587): arch=40000003 syscall=33 success=yes exit=0 a0=8690ca0 a1=2 a2=59d1fe4 a3=b7ec754c items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774201.129:11588): avc: denied { write } for pid=8547 comm="python" name="virt-manager.log" dev=dm-0 ino=13127380 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774201.129:11588): arch=40000003 syscall=5 success=yes exit=3 a0=869c970 a1=8241 a2=1b6 a3=8699b60 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774202.241:11589): avc: denied { search } for pid=8547 comm="python" name="xen" dev=proc ino=-268434186 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_xen_t:s0 tclass=dir
+type=AVC msg=audit(1163774202.241:11589): avc: denied { read write } for pid=8547 comm="python" name="privcmd" dev=proc ino=-268433970 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774202.241:11589): arch=40000003 syscall=5 success=yes exit=10 a0=90fd8b a1=2 a2=6040e01 a3=bfcc1be7 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774202.241:11590): avc: denied { ioctl } for pid=8547 comm="python" name="privcmd" dev=proc ino=-268433970 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774202.241:11590): arch=40000003 syscall=54 success=yes exit=196608 a0=a a1=305000 a2=bfcc0a1c a3=a items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774202.241:11590): path="/proc/xen/privcmd"
+type=AVC msg=audit(1163774202.241:11591): avc: denied { ipc_lock } for pid=8547 comm="python" capability=14 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163774202.241:11591): arch=40000003 syscall=150 success=yes exit=0 a0=bfcc09c0 a1=44 a2=91324c a3=1 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774203.361:11592): avc: denied { write } for pid=8549 comm="gconfd-2" name=".gconf" dev=dm-0 ino=13127147 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774203.361:11592): avc: denied { add_name } for pid=8549 comm="gconfd-2" name=".testing.writeability" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774203.361:11592): avc: denied { create } for pid=8549 comm="gconfd-2" name=".testing.writeability" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774203.361:11592): arch=40000003 syscall=5 success=yes exit=14 a0=9649fe8 a1=41 a2=1c0 a3=9649fe8 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774203.489:11593): avc: denied { remove_name } for pid=8549 comm="gconfd-2" name=".testing.writeability" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774203.489:11593): avc: denied { unlink } for pid=8549 comm="gconfd-2" name=".testing.writeability" dev=dm-0 ino=13127384 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774203.489:11593): arch=40000003 syscall=10 success=yes exit=0 a0=9649fe8 a1=41 a2=412708 a3=9649fe8 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774203.493:11594): avc: denied { read } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774203.493:11594): arch=40000003 syscall=5 success=yes exit=8 a0=964a460 a1=0 a2=1b6 a3=964a488 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774203.521:11595): avc: denied { append } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774203.521:11595): arch=40000003 syscall=5 success=yes exit=15 a0=964bff8 a1=441 a2=1b6 a3=964c020 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774204.769:11596): avc: denied { write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163774204.769:11596): arch=40000003 syscall=4 success=yes exit=1412 a0=4 a1=805c570 a2=584 a3=bfa20a54 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774204.769:11596): path="/dev/net/tun"
+type=AVC msg=audit(1163774204.769:11597): avc: denied { read } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163774204.769:11597): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774204.769:11597): path="/dev/net/tun"
+type=AVC msg=audit(1163774207.325:11598): avc: denied { write } for pid=8547 comm="python" name="xend-socket" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xend_var_lib_t:s0 tclass=sock_file
+type=AVC msg=audit(1163774207.325:11598): avc: denied { connectto } for pid=8547 comm="python" name="xend-socket" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163774207.325:11598): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcc5630 a2=91324c a3=89da860 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774207.325:11598): path="/var/lib/xend/xend-socket"
+type=AVC msg=audit(1163774207.333:11599): avc: denied { write } for pid=8547 comm="python" name="socket" dev=dm-0 ino=14534849 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xenstored_var_run_t:s0 tclass=sock_file
+type=AVC msg=audit(1163774207.333:11599): avc: denied { connectto } for pid=8547 comm="python" name="socket" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163774207.333:11599): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcc6a10 a2=4c0590 a3=bfcc6a8a items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774207.333:11599): path="/var/run/xenstored/socket"
+type=AVC msg=audit(1163774207.673:11600): avc: denied { read } for pid=8547 comm="python" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774207.673:11600): arch=40000003 syscall=5 success=yes exit=16 a0=c37093 a1=0 a2=1b6 a3=8a3d080 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774211.105:11601): avc: denied { setuid } for pid=8547 comm="python" capability=7 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163774211.105:11601): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=0 a2=ffffffff a3=bfcc740c items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774211.157:11602): avc: denied { read write } for pid=8552 comm="dbus-daemon" name="2" dev=devpts ino=4 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=AVC msg=audit(1163774211.157:11602): avc: denied { write } for pid=8552 comm="dbus-daemon" name="virt-manager.log" dev=dm-0 ino=13127380 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=AVC msg=audit(1163774211.157:11602): avc: denied { read write } for pid=8552 comm="dbus-daemon" name="privcmd" dev=proc ino=-268433970 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774211.157:11602): arch=40000003 syscall=11 success=yes exit=0 a0=804cc28 a1=bf9c48e8 a2=bf9c5fa8 a3=400 items=0 ppid=8551 pid=8552 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774211.157:11602): path="/proc/xen/privcmd"
+type=AVC_PATH msg=audit(1163774211.157:11602): path="/root/.virt-manager/virt-manager.log"
+type=AVC msg=audit(1163774211.217:11603): avc: denied { getattr } for pid=8552 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163774211.217:11603): arch=40000003 syscall=100 success=yes exit=0 a0=7 a1=bfccce5c a2=39cff4 a3=ffffffb8 items=0 ppid=8551 pid=8552 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163774211.545:11604): avc: denied { search } for pid=8552 comm="dbus-daemon" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774211.545:11604): arch=40000003 syscall=5 success=no exit=-2 a0=9aee6b0 a1=18800 a2=9af0b80 a3=bfcccf98 items=0 ppid=8551 pid=8552 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163774211.549:11605): avc: denied { write } for pid=8550 comm="dbus-launch" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774211.549:11605): avc: denied { add_name } for pid=8550 comm="dbus-launch" name=".dbus" scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774211.549:11605): avc: denied { create } for pid=8550 comm="dbus-launch" name=".dbus" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774211.549:11605): arch=40000003 syscall=39 success=yes exit=0 a0=912d400 a1=1c0 a2=804e38c a3=912d400 items=0 ppid=8547 pid=8550 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-launch" exe="/usr/bin/dbus-launch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774211.549:11606): avc: denied { add_name } for pid=8550 comm="dbus-launch" name="session-bus" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774211.549:11606): arch=40000003 syscall=39 success=yes exit=0 a0=912d400 a1=1c0 a2=804e38c a3=912d400 items=0 ppid=8547 pid=8550 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-launch" exe="/usr/bin/dbus-launch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774211.549:11607): avc: denied { create } for pid=8550 comm="dbus-launch" name="9dc35d453761bffef33db47122b61900-0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774211.549:11607): arch=40000003 syscall=5 success=yes exit=7 a0=912d420 a1=241 a2=1b6 a3=912d460 items=0 ppid=8547 pid=8550 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dbus-launch" exe="/usr/bin/dbus-launch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774211.669:11608): avc: denied { read write } for pid=8557 comm="gnome-vfs-daemo" name="[34416]" dev=sockfs ino=34416 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1163774211.669:11608): arch=40000003 syscall=11 success=yes exit=0 a0=9af86f0 a1=9af8670 a2=9af86a8 a3=13 items=0 ppid=8556 pid=8557 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="gnome-vfs-daemo" exe="/usr/libexec/gnome-vfs-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774211.669:11608): path="socket:[34416]"
+type=USER_AVC msg=audit(1163774211.833:11609): user pid=8554 uid=0 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.gnome.GnomeVFS.Daemon member=GetDrives dest=org.gnome.GnomeVFS.Daemon spid=8547 tpid=8557 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=0, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163774212.006:11610): user pid=8554 uid=0 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.0 spid=8557 tpid=8547 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=0, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163774212.006:11611): user pid=8554 uid=0 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.gnome.GnomeVFS.Daemon member=GetVolumes dest=org.gnome.GnomeVFS.Daemon spid=8547 tpid=8557 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=0, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163774212.006:11612): user pid=8554 uid=0 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.0 spid=8557 tpid=8547 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=0, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163774212.210:11613): avc: denied { write } for pid=8547 comm="python" name="xend-socket" dev=dm-0 ino=14567713 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xend_var_lib_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163774212.210:11613): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcc61f0 a2=91324c a3=0 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774212.642:11614): avc: denied { read } for pid=8561 comm="python" name=".mcoprc" dev=dm-0 ino=6574117 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774212.642:11614): arch=40000003 syscall=5 success=yes exit=20 a0=8a890e0 a1=8000 a2=1b6 a3=8a8aca0 items=0 ppid=8544 pid=8561 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774229.731:11615): avc: denied { remove_name } for pid=8547 comm="python" name="gtkfilechooser.B4AWIT" dev=dm-0 ino=13127392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774229.731:11615): avc: denied { rename } for pid=8547 comm="python" name="gtkfilechooser.B4AWIT" dev=dm-0 ino=13127392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774229.731:11615): arch=40000003 syscall=38 success=yes exit=0 a0=8b2b8e8 a1=8b2b9d0 a2=412708 a3=b7f0f68c items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774229.763:11616): avc: denied { search } for pid=8569 comm="python" name="home" dev=dm-0 ino=6547201 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=AVC msg=audit(1163774229.763:11616): avc: denied { search } for pid=8569 comm="python" name="kmacmill" dev=dm-0 ino=6547202 scontext=system_u:system_r:xend_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774229.763:11616): avc: denied { search } for pid=8569 comm="python" name="vm" dev=dm-0 ino=9100619 scontext=system_u:system_r:xend_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774229.763:11616): avc: denied { read } for pid=8569 comm="python" name="rawhide.state" dev=dm-0 ino=6547920 scontext=system_u:system_r:xend_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774229.763:11616): arch=40000003 syscall=5 success=yes exit=21 a0=972fa48 a1=8000 a2=0 a3=8000 items=0 ppid=2735 pid=8569 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:xend_t:s0 key=(null)
+type=AVC msg=audit(1163774230.579:11617): avc: denied { search } for pid=8578 comm="block" name="xen" dev=dm-0 ino=14567524 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163774230.579:11617): avc: denied { write } for pid=8578 comm="block" name="xen" dev=dm-0 ino=14567524 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163774230.579:11617): avc: denied { add_name } for pid=8578 comm="block" name="xen-hotplug.log" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163774230.579:11617): avc: denied { create } for pid=8578 comm="block" name="xen-hotplug.log" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=file
+type=AVC msg=audit(1163774230.583:11618): avc: denied { append } for pid=8580 comm="vif-bridge" name="xen-hotplug.log" dev=dm-0 ino=14567775 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xend_var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774230.579:11617): arch=40000003 syscall=5 success=yes exit=3 a0=9b54580 a1=8441 a2=1b6 a3=8441 items=0 ppid=8574 pid=8578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="block" exe="/bin/bash" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=SYSCALL msg=audit(1163774230.583:11618): arch=40000003 syscall=5 success=yes exit=3 a0=8940740 a1=8441 a2=1b6 a3=8441 items=0 ppid=8579 pid=8580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vif-bridge" exe="/bin/bash" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774230.891:11619): avc: denied { search } for pid=8631 comm="xenstore-read" name="xen" dev=proc ino=-268434186 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_xen_t:s0 tclass=dir
+type=AVC msg=audit(1163774230.891:11620): avc: denied { search } for pid=8632 comm="xenstore-read" name="xen" dev=proc ino=-268434186 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_xen_t:s0 tclass=dir
+type=AVC msg=audit(1163774230.891:11620): avc: denied { getattr } for pid=8632 comm="xenstore-read" name="xenbus" dev=proc ino=-268434183 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774230.891:11620): arch=40000003 syscall=195 success=yes exit=0 a0=cc5d0c a1=bf88d36c a2=c4eff4 a3=bf88d36c items=0 ppid=8630 pid=8632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xenstore-read" exe="/usr/bin/xenstore-read" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774230.891:11620): path="/proc/xen/xenbus"
+type=AVC msg=audit(1163774230.891:11621): avc: denied { read write } for pid=8632 comm="xenstore-read" name="xenbus" dev=proc ino=-268434183 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_xen_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774230.891:11621): arch=40000003 syscall=5 success=yes exit=3 a0=cc5d0c a1=2 a2=bf88d400 a3=cc5d0c items=0 ppid=8630 pid=8632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xenstore-read" exe="/usr/bin/xenstore-read" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=SYSCALL msg=audit(1163774230.891:11619): arch=40000003 syscall=195 success=yes exit=0 a0=cc5d0c a1=bfbd0efc a2=c4eff4 a3=bfbd0efc items=0 ppid=8629 pid=8631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xenstore-read" exe="/usr/bin/xenstore-read" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774230.967:11622): avc: denied { getattr } for pid=8646 comm="readlink" name="home" dev=dm-0 ino=6547201 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774230.967:11622): arch=40000003 syscall=196 success=yes exit=0 a0=9fd9038 a1=bfdc09e0 a2=c4eff4 a3=bfdc09e0 items=0 ppid=8578 pid=8646 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="readlink" exe="/usr/bin/readlink" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774230.967:11622): path="/home"
+type=AVC msg=audit(1163774230.967:11623): avc: denied { search } for pid=8646 comm="readlink" name="home" dev=dm-0 ino=6547201 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774230.967:11623): arch=40000003 syscall=196 success=yes exit=0 a0=9fd9038 a1=bfdc09e0 a2=c4eff4 a3=bfdc09e0 items=0 ppid=8578 pid=8646 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="readlink" exe="/usr/bin/readlink" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774231.155:11624): avc: denied { read } for pid=8658 comm="brctl" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774231.155:11624): arch=40000003 syscall=33 success=yes exit=0 a0=c36d7e a1=4 a2=c4eff4 a3=c33980 items=0 ppid=8580 pid=8658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774231.155:11625): avc: denied { search } for pid=8658 comm="brctl" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163774231.155:11625): avc: denied { read } for pid=8658 comm="brctl" name="unix" dev=proc ino=-268433932 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774231.155:11625): arch=40000003 syscall=33 success=yes exit=0 a0=bff71b13 a1=4 a2=c4eff4 a3=c33980 items=0 ppid=8580 pid=8658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=ANOM_PROMISCUOUS msg=audit(1163774231.155:11626): dev=vif1.0 prom=256 old_prom=0 auid=4294967295
+type=SYSCALL msg=audit(1163774231.155:11626): arch=40000003 syscall=54 success=yes exit=0 a0=3 a1=89a2 a2=bff71bb0 a3=1 items=0 ppid=8580 pid=8658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774231.159:11627): avc: denied { getattr } for pid=8580 comm="vif-bridge" name="iptables" dev=dm-0 ino=9984709 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774231.159:11627): arch=40000003 syscall=195 success=yes exit=0 a0=893e740 a1=bf907eb0 a2=c4eff4 a3=893e740 items=0 ppid=8579 pid=8580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vif-bridge" exe="/bin/bash" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774231.159:11627): path="/sbin/iptables"
+type=AVC msg=audit(1163774231.179:11628): avc: denied { execute } for pid=8580 comm="vif-bridge" name="iptables" dev=dm-0 ino=9984709 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774231.179:11628): arch=40000003 syscall=33 success=yes exit=0 a0=893e740 a1=1 a2=11 a3=893e740 items=0 ppid=8579 pid=8580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vif-bridge" exe="/bin/bash" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774231.183:11629): avc: denied { read } for pid=8580 comm="vif-bridge" name="iptables" dev=dm-0 ino=9984709 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774231.183:11629): arch=40000003 syscall=33 success=yes exit=0 a0=893e740 a1=4 a2=ffffffff a3=893e740 items=0 ppid=8579 pid=8580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vif-bridge" exe="/bin/bash" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774231.183:11630): avc: denied { execute_no_trans } for pid=8660 comm="vif-bridge" name="iptables" dev=dm-0 ino=9984709 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774231.183:11630): arch=40000003 syscall=11 success=yes exit=0 a0=893e740 a1=89448c8 a2=8945318 a3=893e0a0 items=0 ppid=8580 pid=8660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774231.183:11630): path="/sbin/iptables"
+type=AVC msg=audit(1163774233.527:11631): avc: denied { write } for pid=8549 comm="gconfd-2" name=".gconfd" dev=dm-0 ino=13127148 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774233.527:11631): avc: denied { add_name } for pid=8549 comm="gconfd-2" name="saved_state.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774233.527:11631): avc: denied { create } for pid=8549 comm="gconfd-2" name="saved_state.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774233.527:11631): arch=40000003 syscall=5 success=yes exit=15 a0=9824658 a1=241 a2=1c0 a3=9648330 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774233.647:11632): avc: denied { write } for pid=8549 comm="gconfd-2" name="saved_state.tmp" dev=dm-0 ino=13127393 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774233.647:11632): arch=40000003 syscall=4 success=yes exit=2546 a0=f a1=982ab28 a2=9f2 a3=9648330 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774233.647:11632): path="/root/.gconfd/saved_state.tmp"
+type=AVC msg=audit(1163774233.647:11633): avc: denied { remove_name } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774233.647:11633): avc: denied { rename } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774233.647:11633): arch=40000003 syscall=38 success=yes exit=0 a0=964b2a0 a1=98298e8 a2=0 a3=9648330 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774233.647:11634): avc: denied { unlink } for pid=8549 comm="gconfd-2" name="saved_state.orig" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774233.647:11634): arch=40000003 syscall=10 success=yes exit=0 a0=98298e8 a1=964b2a0 a2=412708 a3=9648330 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=ANOM_PROMISCUOUS msg=audit(1163774238.875:11635): dev=vif1.0 prom=0 old_prom=256 auid=4294967295
+type=AVC msg=audit(1163774239.051:11636): avc: denied { connectto } for pid=8547 comm="python" name="xend-socket" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163774239.051:11636): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfcc6020 a2=91324c a3=0 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774239.051:11636): path="/var/lib/xend/xend-socket"
+type=AVC msg=audit(1163774239.519:11637): avc: denied { sys_module } for pid=8734 comm="brctl" capability=16 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability
+type=SYSCALL msg=audit(1163774239.519:11637): arch=40000003 syscall=54 success=no exit=-19 a0=4 a1=8933 a2=bfd1a0ec a3=bfd1a0ec items=0 ppid=8673 pid=8734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774239.803:11638): avc: denied { create } for pid=8757 comm="mkdir" name="block" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774239.803:11638): arch=40000003 syscall=39 success=yes exit=0 a0=bf89be9f a1=1ff a2=804f258 a3=bf89be9f items=0 ppid=8742 pid=8757 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mkdir" exe="/bin/mkdir" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774240.011:11639): avc: denied { rmdir } for pid=8788 comm="rm" name="block" dev=dm-0 ino=14567776 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774240.011:11639): arch=40000003 syscall=40 success=yes exit=0 a0=9d30140 a1=bff8b474 a2=805277c a3=2 items=0 ppid=8742 pid=8788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774258.076:11640): avc: denied { read } for pid=8547 comm="python" name="gtkfilechooser" dev=dm-0 ino=13127392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774258.076:11640): arch=40000003 syscall=5 success=yes exit=20 a0=8b4b3c0 a1=8000 a2=0 a3=8000 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774259.836:11641): avc: denied { write } for pid=8547 comm="python" name="gtk-2.0" dev=dm-0 ino=13127391 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774259.836:11641): avc: denied { add_name } for pid=8547 comm="python" name="gtkfilechooser.3C2NIT" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774259.836:11641): avc: denied { create } for pid=8547 comm="python" name="gtkfilechooser.3C2NIT" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774259.836:11641): arch=40000003 syscall=5 success=yes exit=20 a0=8a72740 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774259.836:11642): avc: denied { write } for pid=8547 comm="python" name="gtkfilechooser.3C2NIT" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774259.836:11642): arch=40000003 syscall=4 success=yes exit=96 a0=14 a1=b7f2f000 a2=60 a3=60 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774259.836:11642): path="/root/.config/gtk-2.0/gtkfilechooser.3C2NIT"
+type=AVC msg=audit(1163774259.836:11643): avc: denied { remove_name } for pid=8547 comm="python" name="gtkfilechooser.3C2NIT" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774259.836:11643): avc: denied { rename } for pid=8547 comm="python" name="gtkfilechooser.3C2NIT" dev=dm-0 ino=13127383 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=AVC msg=audit(1163774259.836:11643): avc: denied { unlink } for pid=8547 comm="python" name="gtkfilechooser" dev=dm-0 ino=13127392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774259.836:11643): arch=40000003 syscall=38 success=yes exit=0 a0=8a72b08 a1=8a72ac0 a2=412708 a3=b7f0f68c items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774295.471:11644): avc: denied { getattr } for pid=8368 comm="thunderbird-bin" name="necko_file.xpt" dev=dm-0 ino=10737989 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774295.471:11644): arch=40000003 syscall=195 success=yes exit=0 a0=a9831b8 a1=bfae6ce8 a2=c4eff4 a3=bfae6ce8 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774295.471:11644): path="/usr/lib/thunderbird-1.5.0.7/components/necko_file.xpt"
+type=AVC msg=audit(1163774295.511:11645): avc: denied { read } for pid=8368 comm="thunderbird-bin" name="necko_file.xpt" dev=dm-0 ino=10737989 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774295.511:11645): arch=40000003 syscall=5 success=yes exit=41 a0=a9831b8 a1=8000 a2=0 a3=8000 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163774296.723:11646): avc: denied { getattr } for pid=8368 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=5466955 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774296.723:11646): arch=40000003 syscall=195 success=yes exit=0 a0=c36800 a1=bfae855c a2=c4eff4 a3=0 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774296.723:11646): path="/etc/localtime"
+type=AVC msg=audit(1163774327.793:11647): avc: denied { write } for pid=8549 comm="gconfd-2" name="apps" dev=dm-0 ino=13127161 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774327.793:11647): avc: denied { add_name } for pid=8549 comm="gconfd-2" name="virt-manager" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774327.793:11647): avc: denied { create } for pid=8549 comm="gconfd-2" name="virt-manager" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774327.793:11647): arch=40000003 syscall=39 success=yes exit=0 a0=9829a88 a1=1c0 a2=879820 a3=964b2a0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774327.813:11648): avc: denied { write } for pid=8549 comm="gconfd-2" name="virt-manager" dev=dm-0 ino=13127392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=dir
+type=AVC msg=audit(1163774327.813:11648): avc: denied { add_name } for pid=8549 comm="gconfd-2" name="%gconf.xml.new" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774327.813:11648): arch=40000003 syscall=5 success=yes exit=15 a0=9826048 a1=41 a2=180 a3=964b2a0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774327.813:11649): avc: denied { remove_name } for pid=8549 comm="gconfd-2" name="%gconf.xml.new" dev=dm-0 ino=13127394 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774327.813:11649): arch=40000003 syscall=38 success=yes exit=0 a0=9826048 a1=9829300 a2=879820 a3=0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163774401.437:11650): user pid=8807 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163774401.437:11651): login pid=8807 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163774401.477:11652): user pid=8807 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163774401.477:11653): user pid=8807 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163774401.501:11654): avc: denied { execute } for pid=8808 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163774401.501:11654): avc: denied { execute_no_trans } for pid=8808 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.501:11654): arch=40000003 syscall=11 success=yes exit=0 a0=a0661b0 a1=a066358 a2=a066290 a3=a066008 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774401.501:11654): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163774401.557:11655): avc: denied { execute } for pid=8808 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163774401.557:11655): avc: denied { execute_no_trans } for pid=8808 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163774401.557:11655): avc: denied { read } for pid=8808 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.557:11655): arch=40000003 syscall=11 success=yes exit=0 a0=972bd48 a1=972b740 a2=972bd60 a3=972b740 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774401.557:11655): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163774401.557:11655): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163774401.605:11656): avc: denied { search } for pid=8808 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163774401.605:11656): avc: denied { read } for pid=8808 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.605:11656): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=84397f8 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774401.605:11657): avc: denied { getattr } for pid=8808 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.605:11657): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff58088 a2=24bff4 a3=84397f8 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774401.605:11657): path="/proc/net/dev"
+type=AVC msg=audit(1163774401.605:11658): avc: denied { search } for pid=8808 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774401.605:11658): arch=40000003 syscall=33 success=yes exit=0 a0=bff58434 a1=0 a2=bff58328 a3=bff58330 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774401.653:11659): avc: denied { read append } for pid=8808 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.653:11659): arch=40000003 syscall=5 success=yes exit=3 a0=bff58434 a1=402 a2=bff585f8 a3=bff58330 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774401.661:11660): avc: denied { search } for pid=8808 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163774401.661:11660): avc: denied { read } for pid=8808 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.661:11660): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=843a2f8 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774401.661:11661): avc: denied { getattr } for pid=8808 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.661:11661): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff57ee0 a2=24bff4 a3=843a2f8 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774401.661:11661): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163774401.661:11662): avc: denied { search } for pid=8808 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774401.661:11662): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=843a2f8 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163774401.661:11663): avc: denied { lock } for pid=8808 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774401.661:11663): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bff58330 a3=3 items=0 ppid=8807 pid=8808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163774401.661:11663): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163774401.761:11664): user pid=8807 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163774401.761:11665): user pid=8807 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163774538.766:11666): avc: denied { write } for pid=8303 comm="yum" name="packages" dev=dm-0 ino=15288142 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163774538.766:11666): avc: denied { add_name } for pid=8303 comm="yum" name="openssh-clients-4.3p2-12.fc7.i386.rpm" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774538.766:11666): arch=40000003 syscall=5 success=yes exit=10 a0=c675da8 a1=8241 a2=1b6 a3=8ecbc20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774644.333:11667): avc: denied { ipc_lock } for pid=8547 comm="python" capability=14 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163774644.333:11667): arch=40000003 syscall=150 success=yes exit=0 a0=8c60e18 a1=84d0 a2=91324c a3=1f4 items=0 ppid=8544 pid=8547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="python" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774670.742:11668): avc: denied { dac_override } for pid=8303 comm="yum" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163774670.742:11668): arch=40000003 syscall=33 success=yes exit=0 a0=de62ed8 a1=2 a2=488b44 a3=0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774685.187:11669): avc: denied { read } for pid=8303 comm="yum" name="dhcpd.conf" dev=dm-0 ino=9331955 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dhcp_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774685.187:11669): arch=40000003 syscall=5 success=yes exit=15 a0=de7e588 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774685.315:11670): avc: denied { read } for pid=8303 comm="yum" name="dhcpd" dev=dm-0 ino=9331480 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774685.315:11670): arch=40000003 syscall=5 success=yes exit=15 a0=de7e588 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774685.379:11671): avc: denied { read } for pid=8303 comm="yum" name="dhcpd.leases" dev=dm-0 ino=14600286 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:dhcpd_state_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774685.379:11671): arch=40000003 syscall=5 success=yes exit=15 a0=de7e588 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774685.567:11672): avc: denied { read } for pid=8303 comm="yum" name="session.conf" dev=dm-0 ino=9330291 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774685.567:11672): arch=40000003 syscall=5 success=yes exit=15 a0=de7e730 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774712.025:11673): avc: denied { read } for pid=8303 comm="yum" name="yumex" dev=dm-0 ino=9331890 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774712.025:11673): arch=40000003 syscall=5 success=yes exit=15 a0=dea5638 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774751.795:11674): avc: denied { read } for pid=8303 comm="yum" name="sysstat" dev=dm-0 ino=9330372 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_cron_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774751.795:11674): arch=40000003 syscall=5 success=yes exit=15 a0=de7bd10 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774761.820:11675): avc: denied { read } for pid=8303 comm="yum" name="proxy_ajp.conf" dev=dm-0 ino=9330410 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774761.820:11675): arch=40000003 syscall=5 success=yes exit=15 a0=de87b00 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774761.904:11676): avc: denied { read } for pid=8303 comm="yum" name="HTTP_BAD_GATEWAY.html.var" dev=dm-0 ino=14437217 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774761.904:11676): arch=40000003 syscall=5 success=yes exit=15 a0=de87b00 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774762.652:11677): avc: denied { read } for pid=8303 comm="yum" name="auto.master" dev=dm-0 ino=9331354 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:automount_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774762.652:11677): arch=40000003 syscall=5 success=yes exit=15 a0=debb1f8 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774767.344:11678): avc: denied { read } for pid=8303 comm="yum" name="lvm.conf" dev=dm-0 ino=9331271 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774767.344:11678): arch=40000003 syscall=5 success=yes exit=15 a0=deb6488 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774767.860:11679): avc: denied { read } for pid=8303 comm="yum" name="etab" dev=dm-0 ino=14438235 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774767.860:11679): arch=40000003 syscall=5 success=yes exit=15 a0=dea4970 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774774.257:11680): avc: denied { read } for pid=8303 comm="yum" name="glines.Large.scores" dev=dm-0 ino=14436943 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774774.257:11680): arch=40000003 syscall=5 success=yes exit=15 a0=de88c98 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774774.941:11681): avc: denied { read } for pid=8303 comm="yum" name="ioptions" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774774.941:11681): arch=40000003 syscall=5 success=yes exit=15 a0=de870d8 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774776.045:11682): avc: denied { read } for pid=8303 comm="yum" name="adjtime" dev=dm-0 ino=9330626 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774776.045:11682): arch=40000003 syscall=5 success=yes exit=15 a0=deb6280 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774776.073:11683): avc: denied { read } for pid=8303 comm="yum" name="ip-down" dev=dm-0 ino=9331766 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_script_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774776.073:11683): arch=40000003 syscall=5 success=yes exit=15 a0=deb6280 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774786.425:11684): avc: denied { read } for pid=8303 comm="yum" name="aliases" dev=dm-0 ino=9329982 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_aliases_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774786.425:11684): arch=40000003 syscall=5 success=yes exit=15 a0=de7f900 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774786.441:11685): avc: denied { read } for pid=8303 comm="yum" name="exports" dev=dm-0 ino=9329773 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:exports_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774786.441:11685): arch=40000003 syscall=5 success=yes exit=15 a0=de7f900 a1=8000 a2=0 a3=8000 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774851.769:11686): avc: denied { search } for pid=8544 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774851.769:11686): avc: denied { write } for pid=8544 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774851.769:11686): avc: denied { remove_name } for pid=8544 comm="userhelper" name=".xauthTAYBaF" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163774851.769:11686): avc: denied { unlink } for pid=8544 comm="userhelper" name=".xauthTAYBaF" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774851.769:11686): arch=40000003 syscall=10 success=yes exit=0 a0=90929d8 a1=90965ee a2=31dbc8 a3=9095bf8 items=0 ppid=8543 pid=8544 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=USER_END msg=audit(1163774851.805:11687): user pid=8544 uid=0 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session close acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163774861.786:11688): avc: denied { write } for pid=8303 comm="yum" name="lib" dev=dm-0 ino=13716385 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.786:11688): avc: denied { add_name } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.786:11688): avc: denied { create } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.786:11688): arch=40000003 syscall=5 success=yes exit=18 a0=deb2050 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.810:11689): avc: denied { write } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1;455dcb57" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.810:11689): arch=40000003 syscall=4 success=yes exit=40960 a0=12 a1=e919f68 a2=a000 a3=e8f92b8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774861.810:11689): path="/lib/libgcc_s-4.1.1-20061116.so.1;455dcb57"
+type=AVC msg=audit(1163774861.818:11690): avc: denied { remove_name } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1;455dcb57" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.818:11690): avc: denied { rename } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1;455dcb57" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.818:11690): arch=40000003 syscall=38 success=yes exit=0 a0=deb2050 a1=b843910 a2=d2a040 a3=deb2050 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.830:11691): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163774861.830:11691): avc: denied { relabelto } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.830:11691): arch=40000003 syscall=227 success=yes exit=0 a0=b843910 a1=a2f0d3 a2=e84a0f8 a3=1d items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.830:11692): avc: denied { setattr } for pid=8303 comm="yum" name="libgcc_s-4.1.1-20061116.so.1" dev=dm-0 ino=13716392 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.830:11692): arch=40000003 syscall=212 success=yes exit=0 a0=b843910 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.830:11693): avc: denied { create } for pid=8303 comm="yum" name="libgcc_s.so.1;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163774861.830:11693): arch=40000003 syscall=83 success=yes exit=0 a0=e919f68 a1=e6c5990 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.830:11694): avc: denied { rename } for pid=8303 comm="yum" name="libgcc_s.so.1;455dcb57" dev=dm-0 ino=13716398 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163774861.830:11694): avc: denied { unlink } for pid=8303 comm="yum" name="libgcc_s.so.1" dev=dm-0 ino=13717262 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163774861.830:11694): arch=40000003 syscall=38 success=yes exit=0 a0=e6c5990 a1=e850608 a2=d2a040 a3=e6c5990 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.850:11695): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgcc_s.so.1" dev=dm-0 ino=13716398 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163774861.850:11695): avc: denied { relabelto } for pid=8303 comm="yum" name="libgcc_s.so.1" dev=dm-0 ino=13716398 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163774861.850:11695): arch=40000003 syscall=227 success=yes exit=0 a0=e850608 a1=a2f0d3 a2=e6c5948 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.850:11696): avc: denied { setattr } for pid=8303 comm="yum" name="libgcc_s.so.1" dev=dm-0 ino=13716398 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163774861.850:11696): arch=40000003 syscall=198 success=yes exit=0 a0=e850608 a1=0 a2=0 a3=e8fd684 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.850:11697): avc: denied { write } for pid=8303 comm="yum" name="sbin" dev=dm-0 ino=10311842 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.850:11697): avc: denied { add_name } for pid=8303 comm="yum" name="libgcc_post_upgrade;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.850:11697): avc: denied { create } for pid=8303 comm="yum" name="libgcc_post_upgrade;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.850:11697): arch=40000003 syscall=5 success=yes exit=18 a0=e85bde8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.890:11698): avc: denied { write } for pid=8303 comm="yum" name="libgcc_post_upgrade;455dcb57" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.890:11698): arch=40000003 syscall=4 success=yes exit=1508 a0=12 a1=b6f50000 a2=5e4 a3=e85be18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774861.890:11698): path="/usr/sbin/libgcc_post_upgrade;455dcb57"
+type=AVC msg=audit(1163774861.890:11699): avc: denied { remove_name } for pid=8303 comm="yum" name="libgcc_post_upgrade;455dcb57" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.890:11699): avc: denied { rename } for pid=8303 comm="yum" name="libgcc_post_upgrade;455dcb57" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163774861.890:11699): avc: denied { unlink } for pid=8303 comm="yum" name="libgcc_post_upgrade" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.890:11699): arch=40000003 syscall=38 success=yes exit=0 a0=e85bde8 a1=e6c5968 a2=d2a040 a3=e85bde8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.922:11700): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgcc_post_upgrade" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163774861.922:11700): avc: denied { relabelto } for pid=8303 comm="yum" name="libgcc_post_upgrade" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.922:11700): arch=40000003 syscall=227 success=yes exit=0 a0=e6c5968 a1=a2f0d3 a2=e85bdc8 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.922:11701): avc: denied { setattr } for pid=8303 comm="yum" name="libgcc_post_upgrade" dev=dm-0 ino=10324310 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.922:11701): arch=40000003 syscall=212 success=yes exit=0 a0=e6c5968 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.926:11702): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgcc-4.1.1" dev=dm-0 ino=10608329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.926:11702): avc: denied { relabelto } for pid=8303 comm="yum" name="libgcc-4.1.1" dev=dm-0 ino=10608329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774861.926:11702): arch=40000003 syscall=227 success=yes exit=0 a0=e85bdc8 a1=a2f0d3 a2=e096d70 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.926:11703): avc: denied { setattr } for pid=8303 comm="yum" name="libgcc-4.1.1" dev=dm-0 ino=10608329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774861.926:11703): arch=40000003 syscall=212 success=yes exit=0 a0=e85bdc8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.926:11704): avc: denied { write } for pid=8303 comm="yum" name="libgcc-4.1.1" dev=dm-0 ino=10608329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.926:11704): avc: denied { add_name } for pid=8303 comm="yum" name="COPYING.LIB;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.926:11704): avc: denied { create } for pid=8303 comm="yum" name="COPYING.LIB;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.926:11704): arch=40000003 syscall=5 success=yes exit=18 a0=e0cbb50 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.942:11705): avc: denied { write } for pid=8303 comm="yum" name="COPYING.LIB;455dcb57" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.942:11705): arch=40000003 syscall=4 success=yes exit=24576 a0=12 a1=e919f68 a2=6000 a3=e0cbb88 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774861.942:11705): path="/usr/share/doc/libgcc-4.1.1/COPYING.LIB;455dcb57"
+type=AVC msg=audit(1163774861.950:11706): avc: denied { remove_name } for pid=8303 comm="yum" name="COPYING.LIB;455dcb57" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163774861.950:11706): avc: denied { rename } for pid=8303 comm="yum" name="COPYING.LIB;455dcb57" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=AVC msg=audit(1163774861.950:11706): avc: denied { unlink } for pid=8303 comm="yum" name="COPYING.LIB" dev=dm-0 ino=10609151 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.950:11706): arch=40000003 syscall=38 success=yes exit=0 a0=e0cbb50 a1=e0cbb20 a2=d2a040 a3=e0cbb50 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.966:11707): avc: denied { relabelfrom } for pid=8303 comm="yum" name="COPYING.LIB" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=AVC msg=audit(1163774861.966:11707): avc: denied { relabelto } for pid=8303 comm="yum" name="COPYING.LIB" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.966:11707): arch=40000003 syscall=227 success=yes exit=0 a0=e0cbb20 a1=a2f0d3 a2=c1f0820 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774861.966:11708): avc: denied { setattr } for pid=8303 comm="yum" name="COPYING.LIB" dev=dm-0 ino=10609081 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774861.966:11708): arch=40000003 syscall=212 success=yes exit=0 a0=e0cbb20 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774863.270:11709): avc: denied { setexec } for pid=8825 comm="yum" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163774863.270:11709): arch=40000003 syscall=4 success=no exit=-22 a0=1c a1=e91ca10 a2=20 a3=a2f751 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774863.282:11710): avc: denied { execute } for pid=8825 comm="libgcc_post_upg" name="ldconfig" dev=dm-0 ino=9984594 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774863.282:11710): arch=40000003 syscall=33 success=yes exit=0 a0=80482e0 a1=1 a2=bff661f4 a3=1 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="libgcc_post_upg" exe="/usr/sbin/libgcc_post_upgrade" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774863.330:11711): avc: denied { execute_no_trans } for pid=8825 comm="libgcc_post_upg" name="ldconfig" dev=dm-0 ino=9984594 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163774863.330:11711): avc: denied { read } for pid=8825 comm="libgcc_post_upg" name="ldconfig" dev=dm-0 ino=9984594 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774863.330:11711): arch=40000003 syscall=11 success=yes exit=0 a0=80482e0 a1=bff66184 a2=bff661fc a3=1 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774863.330:11711): path="/sbin/ldconfig"
+type=AVC_PATH msg=audit(1163774863.330:11711): path="/sbin/ldconfig"
+type=AVC msg=audit(1163774863.614:11712): avc: denied { append } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127393 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774863.614:11712): arch=40000003 syscall=5 success=yes exit=8 a0=96418f0 a1=441 a2=1b6 a3=964c020 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.060:11713): avc: denied { write } for pid=8825 comm="ldconfig" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.060:11713): avc: denied { add_name } for pid=8825 comm="ldconfig" name="ld.so.cache~" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.060:11713): avc: denied { create } for pid=8825 comm="ldconfig" name="ld.so.cache~" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.060:11713): arch=40000003 syscall=5 success=yes exit=3 a0=9b9eb20 a1=20241 a2=1a4 a3=9b9eb20 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.084:11714): avc: denied { write } for pid=8825 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.084:11714): arch=40000003 syscall=4 success=yes exit=17824 a0=3 a1=9bb3030 a2=45a0 a3=9b9eb20 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774899.084:11714): path="/etc/ld.so.cache~"
+type=AVC msg=audit(1163774899.084:11715): avc: denied { setattr } for pid=8825 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.084:11715): arch=40000003 syscall=15 success=yes exit=0 a0=9b9eb20 a1=1a4 a2=bfcb9ce0 a3=9b9eb20 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.084:11716): avc: denied { remove_name } for pid=8825 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.084:11716): avc: denied { rename } for pid=8825 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163774899.084:11716): avc: denied { unlink } for pid=8825 comm="ldconfig" name="ld.so.cache" dev=dm-0 ino=9330329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.084:11716): arch=40000003 syscall=38 success=yes exit=0 a0=9b9eb20 a1=bfcb9d60 a2=bfcb9ce0 a3=9b9eb20 items=0 ppid=8303 pid=8825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.128:11717): avc: denied { append } for pid=8303 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.128:11717): arch=40000003 syscall=4 success=yes exit=46 a0=4 a1=b7bd1000 a2=2e a3=2e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774899.128:11717): path="/var/log/yum.log"
+type=AVC msg=audit(1163774899.232:11718): avc: denied { relabelfrom } for pid=8303 comm="yum" name="xdg" dev=dm-0 ino=9329898 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.232:11718): avc: denied { relabelto } for pid=8303 comm="yum" name="xdg" dev=dm-0 ino=9329898 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774899.232:11718): arch=40000003 syscall=227 success=yes exit=0 a0=dea5808 a1=a2f0d3 a2=e0cb6e0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.232:11719): avc: denied { setattr } for pid=8303 comm="yum" name="xdg" dev=dm-0 ino=9329898 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774899.232:11719): arch=40000003 syscall=212 success=yes exit=0 a0=dea5808 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.236:11720): avc: denied { unlink } for pid=8303 comm="yum" name="applications.menu" dev=dm-0 ino=9330099 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.236:11720): arch=40000003 syscall=38 success=yes exit=0 a0=c287538 a1=c287568 a2=d2a040 a3=c287538 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.236:11721): avc: denied { relabelfrom } for pid=8303 comm="yum" name="applications.menu" dev=dm-0 ino=9330329 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163774899.236:11721): avc: denied { relabelto } for pid=8303 comm="yum" name="applications.menu" dev=dm-0 ino=9330329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.236:11721): arch=40000003 syscall=227 success=yes exit=0 a0=c287568 a1=a2f0d3 a2=c287538 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.236:11722): avc: denied { setattr } for pid=8303 comm="yum" name="applications.menu" dev=dm-0 ino=9330329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.236:11722): arch=40000003 syscall=212 success=yes exit=0 a0=c287568 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.480:11723): avc: denied { write } for pid=8303 comm="yum" name="LC_MESSAGES" dev=dm-0 ino=10311907 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.480:11723): avc: denied { add_name } for pid=8303 comm="yum" name="redhat-menus.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.480:11723): avc: denied { create } for pid=8303 comm="yum" name="redhat-menus.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.480:11723): arch=40000003 syscall=5 success=yes exit=29 a0=d7acf80 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.488:11724): avc: denied { write } for pid=8303 comm="yum" name="redhat-menus.mo;455dcb57" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.488:11724): arch=40000003 syscall=4 success=yes exit=6092 a0=1d a1=b6f50000 a2=17cc a3=d7acfc0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774899.488:11724): path="/usr/share/locale/af/LC_MESSAGES/redhat-menus.mo;455dcb57"
+type=AVC msg=audit(1163774899.488:11725): avc: denied { remove_name } for pid=8303 comm="yum" name="redhat-menus.mo;455dcb57" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163774899.488:11725): avc: denied { rename } for pid=8303 comm="yum" name="redhat-menus.mo;455dcb57" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=AVC msg=audit(1163774899.488:11725): avc: denied { unlink } for pid=8303 comm="yum" name="redhat-menus.mo" dev=dm-0 ino=10339841 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.488:11725): arch=40000003 syscall=38 success=yes exit=0 a0=d7acf80 a1=d7acf48 a2=d2a040 a3=d7acf80 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.504:11726): avc: denied { relabelfrom } for pid=8303 comm="yum" name="redhat-menus.mo" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=AVC msg=audit(1163774899.504:11726): avc: denied { relabelto } for pid=8303 comm="yum" name="redhat-menus.mo" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.504:11726): arch=40000003 syscall=227 success=yes exit=0 a0=d7acf48 a1=a2f0d3 a2=d7ae9b0 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774899.504:11727): avc: denied { setattr } for pid=8303 comm="yum" name="redhat-menus.mo" dev=dm-0 ino=10316014 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774899.504:11727): arch=40000003 syscall=212 success=yes exit=0 a0=d7acf48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.713:11728): avc: denied { setattr } for pid=8827 comm="update-desktop-" name=".mimeinfo.cache.6JNWIT" dev=dm-0 ino=10316943 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.713:11728): arch=40000003 syscall=94 success=yes exit=0 a0=3 a1=1a4 a2=1a4 a3=9fbdf50 items=0 ppid=8826 pid=8827 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.713:11729): avc: denied { unlink } for pid=8827 comm="update-desktop-" name="mimeinfo.cache" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.713:11729): arch=40000003 syscall=38 success=yes exit=0 a0=9fcc528 a1=9fcccc0 a2=1a4 a3=9fbdf50 items=0 ppid=8826 pid=8827 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.737:11730): avc: denied { read } for pid=8434 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774912.737:11730): arch=40000003 syscall=3 success=yes exit=416 a0=21 a1=9c76020 a2=400 a3=400 items=0 ppid=1 pid=8434 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774912.737:11730): path="inotify"
+type=AVC msg=audit(1163774912.825:11731): avc: denied { write } for pid=8303 comm="yum" name="bin" dev=dm-0 ino=10311850 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163774912.825:11731): avc: denied { add_name } for pid=8303 comm="yum" name="urlgrabber;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163774912.825:11731): avc: denied { create } for pid=8303 comm="yum" name="urlgrabber;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.825:11731): arch=40000003 syscall=5 success=yes exit=30 a0=e928150 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.853:11732): avc: denied { write } for pid=8303 comm="yum" name="urlgrabber;455dcb57" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.853:11732): arch=40000003 syscall=4 success=yes exit=4868 a0=1e a1=b6f50000 a2=1304 a3=c255100 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774912.853:11732): path="/usr/bin/urlgrabber;455dcb57"
+type=AVC msg=audit(1163774912.853:11733): avc: denied { remove_name } for pid=8303 comm="yum" name="urlgrabber;455dcb57" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163774912.853:11733): avc: denied { rename } for pid=8303 comm="yum" name="urlgrabber;455dcb57" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163774912.853:11733): avc: denied { unlink } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10324363 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.853:11733): arch=40000003 syscall=38 success=yes exit=0 a0=e928150 a1=c255328 a2=d2a040 a3=e928150 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.885:11734): avc: denied { relabelfrom } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163774912.885:11734): avc: denied { relabelto } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.885:11734): arch=40000003 syscall=227 success=yes exit=0 a0=c255328 a1=a2f0d3 a2=c287558 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.889:11735): avc: denied { setattr } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10323600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.889:11735): arch=40000003 syscall=212 success=yes exit=0 a0=c255328 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.889:11736): avc: denied { relabelfrom } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10609112 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163774912.889:11736): avc: denied { relabelto } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10609112 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774912.889:11736): arch=40000003 syscall=227 success=yes exit=0 a0=e255cd8 a1=a2f0d3 a2=e254fe0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.889:11737): avc: denied { setattr } for pid=8303 comm="yum" name="urlgrabber" dev=dm-0 ino=10609112 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774912.889:11737): arch=40000003 syscall=212 success=yes exit=0 a0=e255cd8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.897:11738): avc: denied { unlink } for pid=8303 comm="yum" name="__init__.py" dev=dm-0 ino=10608633 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.897:11738): arch=40000003 syscall=38 success=yes exit=0 a0=e279690 a1=e278050 a2=d2a040 a3=e279690 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.905:11739): avc: denied { relabelto } for pid=8303 comm="yum" name="__init__.py" dev=dm-0 ino=10609082 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.905:11739): arch=40000003 syscall=227 success=yes exit=0 a0=e278050 a1=a2f0d3 a2=db63178 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774912.905:11740): avc: denied { setattr } for pid=8303 comm="yum" name="__init__.py" dev=dm-0 ino=10609082 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774912.905:11740): arch=40000003 syscall=212 success=yes exit=0 a0=e278050 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774913.941:11741): avc: denied { unlink } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774913.941:11741): arch=40000003 syscall=38 success=yes exit=0 a0=c254478 a1=c22e658 a2=d2a040 a3=c254478 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774913.985:11742): avc: denied { relabelto } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=10324363 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774913.985:11742): arch=40000003 syscall=227 success=yes exit=0 a0=c22e658 a1=a2f0d3 a2=c254f90 a3=20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774913.985:11743): avc: denied { setattr } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=10324363 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774913.985:11743): arch=40000003 syscall=212 success=yes exit=0 a0=c22e658 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.765:11744): avc: denied { write } for pid=8303 comm="yum" name="man5" dev=dm-0 ino=10311893 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163774914.765:11744): avc: denied { add_name } for pid=8303 comm="yum" name="yum.conf.5.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163774914.765:11744): avc: denied { create } for pid=8303 comm="yum" name="yum.conf.5.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774914.765:11744): arch=40000003 syscall=5 success=yes exit=30 a0=c2044e0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.785:11745): avc: denied { write } for pid=8303 comm="yum" name="yum.conf.5.gz;455dcb57" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774914.785:11745): arch=40000003 syscall=4 success=yes exit=5173 a0=1e a1=b6f50000 a2=1435 a3=c205528 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163774914.785:11745): path="/usr/share/man/man5/yum.conf.5.gz;455dcb57"
+type=AVC msg=audit(1163774914.785:11746): avc: denied { remove_name } for pid=8303 comm="yum" name="yum.conf.5.gz;455dcb57" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163774914.785:11746): avc: denied { rename } for pid=8303 comm="yum" name="yum.conf.5.gz;455dcb57" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=AVC msg=audit(1163774914.785:11746): avc: denied { unlink } for pid=8303 comm="yum" name="yum.conf.5.gz" dev=dm-0 ino=10321857 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774914.785:11746): arch=40000003 syscall=38 success=yes exit=0 a0=c2044e0 a1=c205430 a2=d2a040 a3=c2044e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.785:11747): avc: denied { relabelfrom } for pid=8303 comm="yum" name="yum.conf.5.gz" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=AVC msg=audit(1163774914.785:11747): avc: denied { relabelto } for pid=8303 comm="yum" name="yum.conf.5.gz" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774914.785:11747): arch=40000003 syscall=227 success=yes exit=0 a0=c205430 a1=a2f0d3 a2=c205468 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.785:11748): avc: denied { setattr } for pid=8303 comm="yum" name="yum.conf.5.gz" dev=dm-0 ino=10321123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774914.785:11748): arch=40000003 syscall=212 success=yes exit=0 a0=c205430 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.929:11749): avc: denied { relabelfrom } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=14436582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=AVC msg=audit(1163774914.929:11749): avc: denied { relabelto } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=14436582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774914.929:11749): arch=40000003 syscall=227 success=yes exit=0 a0=c207f60 a1=a2f0d3 a2=c206e60 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774914.957:11750): avc: denied { setattr } for pid=8303 comm="yum" name="yum" dev=dm-0 ino=14436582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774914.957:11750): arch=40000003 syscall=212 success=yes exit=0 a0=c207f60 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774927.238:11751): avc: denied { create } for pid=8303 comm="yum" name="tzdata-2006o" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774927.238:11751): arch=40000003 syscall=39 success=yes exit=0 a0=d7da450 a1=1c0 a2=d2a040 a3=d7da450 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774927.298:11752): avc: denied { relabelfrom } for pid=8303 comm="yum" name="tzdata-2006o" dev=dm-0 ino=11098958 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774927.298:11752): arch=40000003 syscall=227 success=yes exit=0 a0=d7da450 a1=a2f0d3 a2=ccc2bc0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774927.330:11753): avc: denied { relabelfrom } for pid=8303 comm="yum" name="zoneinfo" dev=dm-0 ino=10312131 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163774927.330:11753): avc: denied { relabelto } for pid=8303 comm="yum" name="zoneinfo" dev=dm-0 ino=10312131 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774927.330:11753): arch=40000003 syscall=227 success=yes exit=0 a0=ccc2be0 a1=a2f0d3 a2=c227a70 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774927.358:11754): avc: denied { setattr } for pid=8303 comm="yum" name="zoneinfo" dev=dm-0 ino=10312131 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163774927.358:11754): arch=40000003 syscall=212 success=yes exit=0 a0=ccc2be0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774930.114:11755): avc: denied { link } for pid=8303 comm="yum" name="Yap;455dcb57" dev=dm-0 ino=10313177 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774930.114:11755): arch=40000003 syscall=9 success=yes exit=0 a0=e402dd8 a1=e402e10 a2=d2a040 a3=0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774930.118:11756): avc: denied { rename } for pid=8303 comm="yum" name="Yap;455dcb57" dev=dm-0 ino=10313177 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774930.118:11756): arch=40000003 syscall=38 success=yes exit=0 a0=e402dd8 a1=e4029b8 a2=d2a040 a3=e402dd8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163774930.118:11757): avc: denied { relabelfrom } for pid=8303 comm="yum" name="Yap" dev=dm-0 ino=10313177 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163774930.118:11757): arch=40000003 syscall=227 success=yes exit=0 a0=e4029b8 a1=a2f0d3 a2=e402cf8 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163775002.259:11758): user pid=8837 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163775002.259:11759): login pid=8837 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163775002.279:11760): user pid=8837 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163775002.283:11761): user pid=8837 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775002.291:11762): avc: denied { execute } for pid=8839 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775002.291:11762): avc: denied { execute_no_trans } for pid=8839 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775002.291:11762): arch=40000003 syscall=11 success=yes exit=0 a0=91971b0 a1=9197358 a2=9197290 a3=9197008 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775002.291:11762): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163775002.355:11763): avc: denied { execute } for pid=8839 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775002.355:11763): avc: denied { execute_no_trans } for pid=8839 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775002.355:11763): avc: denied { read } for pid=8839 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775002.355:11763): arch=40000003 syscall=11 success=yes exit=0 a0=89d9d48 a1=89d9740 a2=89d9d60 a3=89d9740 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775002.355:11763): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163775002.355:11763): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163775002.423:11764): avc: denied { search } for pid=8839 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775002.423:11764): arch=40000003 syscall=33 success=yes exit=0 a0=bfc260f4 a1=0 a2=bfc25fe8 a3=bfc25ff0 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775002.531:11765): avc: denied { read append } for pid=8839 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775002.531:11765): arch=40000003 syscall=5 success=yes exit=3 a0=bfc260f4 a1=402 a2=bfc262b8 a3=bfc25ff0 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775002.539:11766): avc: denied { search } for pid=8839 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775002.539:11766): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=84232f8 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775002.539:11767): avc: denied { search } for pid=8839 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775002.539:11767): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=84232f8 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775002.539:11768): avc: denied { lock } for pid=8839 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775002.539:11768): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfc25ff0 a3=3 items=0 ppid=8837 pid=8839 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775002.539:11768): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163775003.011:11769): user pid=8837 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163775003.011:11770): user pid=8837 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775034.029:11771): avc: denied { unlink } for pid=8840 comm="build-locale-ar" name="locale-archive" dev=dm-0 ino=10328905 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775034.029:11771): arch=40000003 syscall=10 success=yes exit=0 a0=80a5a29 a1=bfb61bb0 a2=0 a3=20612 items=0 ppid=8303 pid=8840 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="build-locale-ar" exe="/usr/sbin/build-locale-archive" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775034.033:11772): avc: denied { unlink } for pid=8840 comm="build-locale-ar" name="locale-archive.4nRZQd" dev=dm-0 ino=10314302 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775034.033:11772): arch=40000003 syscall=10 success=yes exit=0 a0=bfb506d0 a1=bfb50780 a2=bfb50714 a3=3 items=0 ppid=8303 pid=8840 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="build-locale-ar" exe="/usr/sbin/build-locale-archive" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775034.033:11773): avc: denied { setattr } for pid=8840 comm="build-locale-ar" name="locale-archive.4nRZQd" dev=dm-0 ino=10314302 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775034.033:11773): arch=40000003 syscall=94 success=yes exit=0 a0=3 a1=1a4 a2=bfb50714 a3=3 items=0 ppid=8303 pid=8840 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="build-locale-ar" exe="/usr/sbin/build-locale-archive" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775049.950:11774): avc: denied { unlink } for pid=8303 comm="yum" name="libc-2.5.90.so" dev=dm-0 ino=13716387 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775049.950:11774): arch=40000003 syscall=38 success=yes exit=0 a0=c1f8440 a1=e5b3590 a2=d2a040 a3=c1f8440 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775049.970:11775): avc: denied { unlink } for pid=8303 comm="yum" name="ld-2.5.90.so" dev=dm-0 ino=13716438 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775049.970:11775): arch=40000003 syscall=38 success=yes exit=0 a0=e5aad20 a1=e593780 a2=d2a040 a3=e5aad20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775049.970:11776): avc: denied { relabelto } for pid=8303 comm="yum" name="ld-2.5.90.so" dev=dm-0 ino=13716553 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775049.970:11776): arch=40000003 syscall=227 success=yes exit=0 a0=e593780 a1=a2f0d3 a2=e5b7f88 a3=1d items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775049.970:11777): avc: denied { setattr } for pid=8303 comm="yum" name="ld-2.5.90.so" dev=dm-0 ino=13716553 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775049.970:11777): arch=40000003 syscall=212 success=yes exit=0 a0=e593780 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775050.510:11778): avc: denied { unlink } for pid=8303 comm="yum" name="ldconfig" dev=dm-0 ino=9984594 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775050.510:11778): arch=40000003 syscall=38 success=yes exit=0 a0=e5acd30 a1=e593780 a2=d2a040 a3=e5acd30 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775050.534:11779): avc: denied { relabelto } for pid=8303 comm="yum" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775050.534:11779): arch=40000003 syscall=227 success=yes exit=0 a0=e593780 a1=a2f0d3 a2=db631a8 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775050.534:11780): avc: denied { setattr } for pid=8303 comm="yum" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775050.534:11780): arch=40000003 syscall=212 success=yes exit=0 a0=e593780 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775051.746:11781): avc: denied { unlink } for pid=8303 comm="yum" name="gconv-modules.cache" dev=dm-0 ino=10387675 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775051.746:11781): arch=40000003 syscall=38 success=yes exit=0 a0=e59f300 a1=e5b1170 a2=d2a040 a3=e59f300 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775051.906:11782): avc: denied { relabelfrom } for pid=8303 comm="yum" name="getconf" dev=dm-0 ino=10377557 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775051.906:11782): avc: denied { relabelto } for pid=8303 comm="yum" name="getconf" dev=dm-0 ino=10377557 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775051.906:11782): arch=40000003 syscall=227 success=yes exit=0 a0=e5b4328 a1=a2f0d3 a2=e59beb0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775051.906:11783): avc: denied { setattr } for pid=8303 comm="yum" name="getconf" dev=dm-0 ino=10377557 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775051.906:11783): arch=40000003 syscall=212 success=yes exit=0 a0=e5b4328 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775052.094:11784): avc: denied { link } for pid=8303 comm="yum" name="iconvconfig.i686;455dcb57" dev=dm-0 ino=10314303 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775052.094:11784): arch=40000003 syscall=9 success=yes exit=0 a0=e5b6ff0 a1=e5b7018 a2=d2a040 a3=0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775052.098:11785): avc: denied { rename } for pid=8303 comm="yum" name="iconvconfig.i686;455dcb57" dev=dm-0 ino=10314303 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775052.098:11785): arch=40000003 syscall=38 success=yes exit=0 a0=e5b7540 a1=e5b4af0 a2=d2a040 a3=e5b7540 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775052.102:11786): avc: denied { relabelfrom } for pid=8303 comm="yum" name="iconvconfig.i686" dev=dm-0 ino=10314303 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775052.102:11786): arch=40000003 syscall=227 success=yes exit=0 a0=e5b4af0 a1=a2f0d3 a2=e5b7568 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.051:11787): avc: denied { unlink } for pid=8845 comm="ldconfig" name="ld.so.cache" dev=dm-0 ino=9330919 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.051:11787): arch=40000003 syscall=38 success=yes exit=0 a0=821bb20 a1=bfcaace0 a2=bfcaac60 a3=821bb20 items=0 ppid=8844 pid=8845 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.115:11788): avc: denied { write } for pid=8844 comm="glibc_post_upgr" name="gconv-modules.cache" dev=dm-0 ino=10386338 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.115:11788): arch=40000003 syscall=271 success=yes exit=0 a0=809f933 a1=0 a2=0 a3=bf9bd020 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.155:11789): avc: denied { setattr } for pid=8846 comm="iconvconfig.i68" name="gconv-modules.cache.RsaIv0" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.155:11789): arch=40000003 syscall=94 success=yes exit=0 a0=3 a1=1a4 a2=6374 a3=bff33014 items=0 ppid=8844 pid=8846 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="iconvconfig.i68" exe="/usr/sbin/iconvconfig.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.155:11790): avc: denied { execute } for pid=8844 comm="glibc_post_upgr" name="init" dev=dm-0 ino=9984714 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.155:11790): arch=40000003 syscall=33 success=yes exit=0 a0=809f956 a1=1 a2=3 a3=bf9bd020 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.183:11791): avc: denied { sys_ptrace } for pid=8844 comm="glibc_post_upgr" capability=19 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163775060.183:11791): avc: denied { ptrace } for pid=8844 comm="glibc_post_upgr" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775060.183:11791): arch=40000003 syscall=85 success=yes exit=10 a0=809f971 a1=bf9be038 a2=100 a3=bf9bd020 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.183:11792): avc: denied { read } for pid=8844 comm="glibc_post_upgr" name="init" dev=dm-0 ino=9984714 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.183:11792): arch=40000003 syscall=5 success=yes exit=3 a0=809f971 a1=0 a2=bf9bcfe3 a3=1 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.187:11793): avc: denied { execute_no_trans } for pid=8847 comm="glibc_post_upgr" name="init" dev=dm-0 ino=9984714 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.187:11793): arch=40000003 syscall=11 success=yes exit=0 a0=809f956 a1=809fa98 a2=bf9be44c a3=bf9bd020 items=0 ppid=8844 pid=8847 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="telinit" exe="/sbin/init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775060.187:11793): path="/sbin/init"
+type=AVC msg=audit(1163775060.331:11794): avc: denied { write } for pid=8847 comm="telinit" name="initctl" dev=tmpfs ino=1148 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163775060.331:11794): arch=40000003 syscall=5 success=yes exit=3 a0=804f07f a1=1 a2=0 a3=bffc9bdd items=0 ppid=8844 pid=8847 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="telinit" exe="/sbin/init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.427:11795): avc: denied { execute } for pid=8844 comm="glibc_post_upgr" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.427:11795): arch=40000003 syscall=33 success=yes exit=0 a0=809f998 a1=1 a2=bf9be038 a3=bf9bd020 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775060.427:11796): avc: denied { read } for pid=8844 comm="glibc_post_upgr" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775060.427:11796): arch=40000003 syscall=5 success=yes exit=3 a0=809f998 a1=0 a2=14 a3=1 items=0 ppid=8303 pid=8844 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="glibc_post_upgr" exe="/usr/sbin/glibc_post_upgrade.i686" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775061.075:11797): avc: denied { execute } for pid=8849 comm="service" name="sshd" dev=dm-0 ino=9331582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.075:11797): arch=40000003 syscall=33 success=yes exit=0 a0=8696c30 a1=1 a2=1 a3=86932b0 items=0 ppid=8844 pid=8849 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="service" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775061.131:11798): avc: denied { execute_no_trans } for pid=8856 comm="env" name="sshd" dev=dm-0 ino=9331582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.131:11798): arch=40000003 syscall=11 success=yes exit=0 a0=bfefbbf3 a1=bfefb978 a2=98f4858 a3=5 items=0 ppid=8849 pid=8856 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775061.131:11798): path="/etc/rc.d/init.d/sshd"
+type=AVC msg=audit(1163775061.151:11799): avc: denied { ioctl } for pid=8856 comm="sshd" name="sshd" dev=dm-0 ino=9331582 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.151:11799): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf9c0d08 a3=bf9c0d48 items=0 ppid=8849 pid=8856 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775061.151:11799): path="/etc/rc.d/init.d/sshd"
+type=AVC msg=audit(1163775061.275:11800): avc: denied { execute_no_trans } for pid=8864 comm="sshd" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.275:11800): arch=40000003 syscall=11 success=yes exit=0 a0=81761d0 a1=81761e8 a2=81658e0 a3=8176070 items=0 ppid=8856 pid=8864 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775061.275:11800): path="/usr/sbin/sshd"
+type=AVC msg=audit(1163775061.483:11801): avc: denied { read } for pid=8864 comm="sshd" name="ssh_host_rsa_key" dev=dm-0 ino=9331557 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_key_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.483:11801): arch=40000003 syscall=5 success=yes exit=3 a0=62e425 a1=8000 a2=0 a3=8000 items=0 ppid=8856 pid=8864 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775061.579:11802): avc: denied { read } for pid=8865 comm="sshd" name="sshd.pid" dev=dm-0 ino=14436996 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.579:11802): arch=40000003 syscall=5 success=yes exit=3 a0=8177b90 a1=8000 a2=0 a3=8000 items=0 ppid=8856 pid=8865 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775061.599:11803): avc: denied { ioctl } for pid=8865 comm="sshd" name="sshd.pid" dev=dm-0 ino=14436996 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.599:11803): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bf9bd1d8 a3=bf9bd218 items=0 ppid=8856 pid=8865 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775061.599:11803): path="/var/run/sshd.pid"
+type=AVC msg=audit(1163775061.611:11804): avc: denied { signal } for pid=8856 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775061.611:11804): arch=40000003 syscall=37 success=yes exit=0 a0=888 a1=f a2=888 a3=888 items=0 ppid=8849 pid=8856 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sshd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775061.811:11805): avc: denied { write } for pid=8868 comm="rm" name="subsys" dev=dm-0 ino=14436611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775061.811:11805): avc: denied { remove_name } for pid=8868 comm="rm" name="sshd" dev=dm-0 ino=14436998 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775061.811:11805): avc: denied { unlink } for pid=8868 comm="rm" name="sshd" dev=dm-0 ino=14436998 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775061.811:11805): arch=40000003 syscall=10 success=yes exit=0 a0=bf9f2f87 a1=0 a2=805277c a3=bf9f0fe4 items=0 ppid=8856 pid=8868 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.915:11806): avc: denied { write } for pid=8870 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775064.915:11806): arch=40000003 syscall=5 success=yes exit=4 a0=9be2060 a1=8201 a2=0 a3=8201 items=0 ppid=8856 pid=8870 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cp" exe="/bin/cp" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.931:11807): avc: denied { node_bind } for pid=8872 comm="sshd" src=22 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:unspec_node_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163775064.931:11807): avc: denied { net_bind_service } for pid=8872 comm="sshd" capability=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775064.931:11807): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf895ed0 a2=dec7ac a3=9f1f3e8 items=0 ppid=8871 pid=8872 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.931:11808): avc: denied { node_bind } for pid=8872 comm="sshd" src=22 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163775064.931:11808): arch=40000003 syscall=102 success=no exit=-98 a0=2 a1=bf895ed0 a2=dec7ac a3=9f1f428 items=0 ppid=8871 pid=8872 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.931:11809): avc: denied { write } for pid=8872 comm="sshd" name="run" dev=dm-0 ino=14436616 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775064.931:11809): avc: denied { add_name } for pid=8872 comm="sshd" name="sshd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775064.931:11809): avc: denied { create } for pid=8872 comm="sshd" name="sshd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775064.931:11809): arch=40000003 syscall=5 success=yes exit=4 a0=dd8459 a1=8241 a2=1b6 a3=9f20f10 items=0 ppid=8871 pid=8872 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.931:11810): avc: denied { write } for pid=8872 comm="sshd" name="sshd.pid" dev=dm-0 ino=14436996 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775064.931:11810): arch=40000003 syscall=4 success=yes exit=5 a0=4 a1=b7fe4000 a2=5 a3=5 items=0 ppid=8871 pid=8872 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775064.931:11810): path="/var/run/sshd.pid"
+type=AVC msg=audit(1163775064.947:11811): avc: denied { add_name } for pid=8873 comm="touch" name="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775064.947:11811): avc: denied { create } for pid=8873 comm="touch" name="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775064.947:11811): arch=40000003 syscall=5 success=yes exit=0 a0=bfb21f81 a1=8941 a2=1b6 a3=8941 items=0 ppid=8856 pid=8873 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775064.947:11812): avc: denied { write } for pid=8873 comm="touch" name="sshd" dev=dm-0 ino=14436998 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775064.947:11812): arch=40000003 syscall=271 success=yes exit=0 a0=bfb1ffa4 a1=0 a2=f9fff4 a3=0 items=0 ppid=8856 pid=8873 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775068.911:11813): avc: denied { execute } for pid=8874 comm="yum" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775068.911:11813): avc: denied { execute_no_trans } for pid=8874 comm="yum" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775068.911:11813): avc: denied { read } for pid=8874 comm="yum" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775068.911:11813): arch=40000003 syscall=11 success=yes exit=0 a0=e531ba9 a1=bf87ad90 a2=892c7d0 a3=ffffffff items=0 ppid=8303 pid=8874 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775068.911:11813): path="/sbin/ldconfig"
+type=AVC_PATH msg=audit(1163775068.911:11813): path="/sbin/ldconfig"
+type=AVC msg=audit(1163775072.343:11814): avc: denied { write } for pid=8879 comm="install-info" name="dir" dev=dm-0 ino=10318269 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775072.343:11814): arch=40000003 syscall=5 success=yes exit=3 a0=bffe1be2 a1=241 a2=1b6 a3=98d61c0 items=0 ppid=8878 pid=8879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="install-info" exe="/sbin/install-info" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775073.899:11815): avc: denied { read } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775073.899:11815): arch=40000003 syscall=3 success=yes exit=60 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775073.899:11815): path="/dev/net/tun"
+type=AVC msg=audit(1163775073.987:11816): avc: denied { write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775073.987:11816): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfa20a54 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775073.987:11816): path="/dev/net/tun"
+type=AVC msg=audit(1163775079.260:11817): avc: denied { unlink } for pid=8303 comm="yum" name="ls" dev=dm-0 ino=13683777 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.260:11817): arch=40000003 syscall=38 success=yes exit=0 a0=e4cbd80 a1=d7d49b0 a2=d2a040 a3=e4cbd80 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.272:11818): avc: denied { relabelto } for pid=8303 comm="yum" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.272:11818): arch=40000003 syscall=227 success=yes exit=0 a0=d7d49b0 a1=a2f0d3 a2=b4ae160 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.272:11819): avc: denied { setattr } for pid=8303 comm="yum" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.272:11819): arch=40000003 syscall=212 success=yes exit=0 a0=d7d49b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.400:11820): avc: denied { unlink } for pid=8303 comm="yum" name="su" dev=dm-0 ino=13683660 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.400:11820): arch=40000003 syscall=38 success=yes exit=0 a0=e4cc770 a1=d7d49b0 a2=d2a040 a3=e4cc770 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.408:11821): avc: denied { relabelto } for pid=8303 comm="yum" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.408:11821): arch=40000003 syscall=227 success=yes exit=0 a0=d7d49b0 a1=a2f0d3 a2=b4ae160 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.408:11822): avc: denied { setattr } for pid=8303 comm="yum" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775079.408:11822): arch=40000003 syscall=212 success=yes exit=0 a0=d7d49b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.728:11823): avc: denied { create } for pid=8303 comm="yum" name="cut;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775079.728:11823): arch=40000003 syscall=83 success=yes exit=0 a0=e5e2e98 a1=e629fc0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.728:11824): avc: denied { rename } for pid=8303 comm="yum" name="cut;455dcb57" dev=dm-0 ino=10314339 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775079.728:11824): avc: denied { unlink } for pid=8303 comm="yum" name="cut" dev=dm-0 ino=654845 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775079.728:11824): arch=40000003 syscall=38 success=yes exit=0 a0=e629fc0 a1=e6255e0 a2=d2a040 a3=e629fc0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.768:11825): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cut" dev=dm-0 ino=10314339 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775079.768:11825): avc: denied { relabelto } for pid=8303 comm="yum" name="cut" dev=dm-0 ino=10314339 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775079.768:11825): arch=40000003 syscall=227 success=yes exit=0 a0=e6255e0 a1=a2f0d3 a2=e629fe0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775079.768:11826): avc: denied { setattr } for pid=8303 comm="yum" name="cut" dev=dm-0 ino=10314339 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775079.768:11826): arch=40000003 syscall=198 success=yes exit=0 a0=e6255e0 a1=0 a2=0 a3=e9184bc items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.896:11827): avc: denied { write } for pid=8303 comm="yum" name="LC_MESSAGES" dev=dm-0 ino=10311907 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775080.896:11827): avc: denied { add_name } for pid=8303 comm="yum" name="coreutils.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775080.896:11827): arch=40000003 syscall=5 success=yes exit=30 a0=e6425b0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.896:11828): avc: denied { remove_name } for pid=8303 comm="yum" name="coreutils.mo;455dcb57" dev=dm-0 ino=10318523 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775080.896:11828): arch=40000003 syscall=38 success=yes exit=0 a0=e6425b0 a1=e642478 a2=d2a040 a3=e6425b0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.900:11829): avc: denied { relabelfrom } for pid=8303 comm="yum" name="LC_TIME" dev=dm-0 ino=10543998 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775080.900:11829): avc: denied { relabelto } for pid=8303 comm="yum" name="LC_TIME" dev=dm-0 ino=10543998 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775080.900:11829): arch=40000003 syscall=227 success=yes exit=0 a0=e642538 a1=a2f0d3 a2=e642588 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.900:11830): avc: denied { setattr } for pid=8303 comm="yum" name="LC_TIME" dev=dm-0 ino=10543998 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775080.900:11830): arch=40000003 syscall=212 success=yes exit=0 a0=e642538 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.900:11831): avc: denied { create } for pid=8303 comm="yum" name="coreutils.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775080.900:11831): arch=40000003 syscall=83 success=yes exit=0 a0=e5e2e98 a1=e642620 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.916:11832): avc: denied { rename } for pid=8303 comm="yum" name="coreutils.mo;455dcb57" dev=dm-0 ino=10542613 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775080.916:11832): avc: denied { unlink } for pid=8303 comm="yum" name="coreutils.mo" dev=dm-0 ino=10548217 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775080.916:11832): arch=40000003 syscall=38 success=yes exit=0 a0=e642620 a1=e6425f0 a2=d2a040 a3=e642620 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.924:11833): avc: denied { relabelfrom } for pid=8303 comm="yum" name="coreutils.mo" dev=dm-0 ino=10542613 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775080.924:11833): avc: denied { relabelto } for pid=8303 comm="yum" name="coreutils.mo" dev=dm-0 ino=10542613 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775080.924:11833): arch=40000003 syscall=227 success=yes exit=0 a0=e6425f0 a1=a2f0d3 a2=e642538 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775080.924:11834): avc: denied { setattr } for pid=8303 comm="yum" name="coreutils.mo" dev=dm-0 ino=10542613 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775080.924:11834): arch=40000003 syscall=198 success=yes exit=0 a0=e6425f0 a1=0 a2=0 a3=e9184bc items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775086.344:11835): avc: denied { unlink } for pid=8885 comm="mv" name="dir" dev=dm-0 ino=10318269 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775086.344:11835): arch=40000003 syscall=38 success=yes exit=0 a0=bff70bda a1=bff70bf8 a2=805a75c a3=bff706ec items=0 ppid=8883 pid=8885 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mv" exe="/bin/mv" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775087.908:11836): avc: denied { rmdir } for pid=8889 comm="rm" name="ro" dev=dm-0 ino=10672443 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775087.908:11836): arch=40000003 syscall=40 success=yes exit=0 a0=9937960 a1=bfa45c34 a2=805277c a3=2 items=0 ppid=8888 pid=8889 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775088.528:11837): avc: denied { relabelfrom } for pid=8303 comm="yum" name="scrollkeeper" dev=dm-0 ino=14438155 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775088.528:11837): avc: denied { relabelto } for pid=8303 comm="yum" name="scrollkeeper" dev=dm-0 ino=14438155 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775088.528:11837): arch=40000003 syscall=227 success=yes exit=0 a0=e9aff48 a1=a2f0d3 a2=ea04d08 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775088.528:11838): avc: denied { setattr } for pid=8303 comm="yum" name="scrollkeeper" dev=dm-0 ino=14438155 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775088.528:11838): arch=40000003 syscall=212 success=yes exit=0 a0=e9aff48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775090.380:11839): avc: denied { append } for pid=8891 comm="sh" name="scrollkeeper.log" dev=dm-0 ino=14436937 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775090.380:11839): arch=40000003 syscall=5 success=yes exit=3 a0=93a7168 a1=8441 a2=1b6 a3=8441 items=0 ppid=8890 pid=8891 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sh" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775090.416:11840): avc: denied { write } for pid=8895 comm="rm" name="lib" dev=dm-0 ino=14436578 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775090.416:11840): arch=40000003 syscall=10 success=no exit=-21 a0=bf9d5bf6 a1=0 a2=805277c a3=bf9d43d4 items=0 ppid=8891 pid=8895 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775090.440:11841): avc: denied { write } for pid=8895 comm="rm" name="ro" dev=dm-0 ino=14438156 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775090.440:11841): avc: denied { remove_name } for pid=8895 comm="rm" name="scrollkeeper_cl.xml" dev=dm-0 ino=2618897 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775090.440:11841): avc: denied { unlink } for pid=8895 comm="rm" name="scrollkeeper_cl.xml" dev=dm-0 ino=2618897 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775090.440:11841): arch=40000003 syscall=10 success=yes exit=0 a0=853898f a1=853897c a2=805277c a3=bf9d43d4 items=0 ppid=8891 pid=8895 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775090.480:11842): avc: denied { remove_name } for pid=8895 comm="rm" name="ro" dev=dm-0 ino=14438156 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775090.480:11842): avc: denied { rmdir } for pid=8895 comm="rm" name="ro" dev=dm-0 ino=14438156 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775090.480:11842): arch=40000003 syscall=40 success=yes exit=0 a0=8538960 a1=bf9d43d4 a2=805277c a3=2 items=0 ppid=8891 pid=8895 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775091.320:11843): avc: denied { rmdir } for pid=8895 comm="rm" name="scrollkeeper" dev=dm-0 ino=14438155 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775091.320:11843): arch=40000003 syscall=40 success=yes exit=0 a0=8538960 a1=bf9d43d4 a2=805277c a3=2 items=0 ppid=8891 pid=8895 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775091.460:11844): avc: denied { add_name } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775091.460:11844): avc: denied { create } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775091.460:11844): arch=40000003 syscall=39 success=yes exit=0 a0=bfb32548 a1=1ed a2=658338 a3=9642869 items=0 ppid=8891 pid=8896 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775091.480:11845): avc: denied { write } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper" dev=dm-0 ino=14567773 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775091.480:11845): avc: denied { add_name } for pid=8896 comm="scrollkeeper-up" name="ro" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775091.480:11845): arch=40000003 syscall=39 success=yes exit=0 a0=bfb33008 a1=1ed a2=658338 a3=1 items=0 ppid=8891 pid=8896 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775091.480:11846): avc: denied { create } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper_cl.xml" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775091.480:11846): arch=40000003 syscall=5 success=yes exit=5 a0=bfb32e08 a1=241 a2=1b6 a3=9643a30 items=0 ppid=8891 pid=8896 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775091.480:11847): avc: denied { write } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper_cl.xml" dev=dm-0 ino=14567777 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775091.480:11847): arch=40000003 syscall=4 success=yes exit=4096 a0=5 a1=b7f09000 a2=1000 a3=1000 items=0 ppid=8891 pid=8896 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775091.480:11847): path="/var/lib/scrollkeeper/ro/scrollkeeper_cl.xml"
+type=AVC msg=audit(1163775092.981:11848): avc: denied { append } for pid=8896 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567874 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775092.981:11848): arch=40000003 syscall=4 success=yes exit=181 a0=3 a1=b7f0a000 a2=b5 a3=b5 items=0 ppid=8891 pid=8896 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775092.981:11848): path="/var/lib/scrollkeeper/scrollkeeper_docs"
+type=AVC msg=audit(1163775124.923:11849): avc: denied { write } for pid=10895 comm="xmlcatalog" name="catalog" dev=dm-0 ino=9330418 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775124.923:11849): arch=40000003 syscall=5 success=yes exit=3 a0=bfb80be3 a1=8241 a2=1b6 a3=89a9d50 items=0 ppid=8890 pid=10895 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xmlcatalog" exe="/usr/bin/xmlcatalog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.199:11850): avc: denied { relabelfrom } for pid=8303 comm="yum" name="console.apps" dev=dm-0 ino=9330284 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=AVC msg=audit(1163775125.199:11850): avc: denied { relabelto } for pid=8303 comm="yum" name="console.apps" dev=dm-0 ino=9330284 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775125.199:11850): arch=40000003 syscall=227 success=yes exit=0 a0=dc6c850 a1=a2f0d3 a2=e5f2e70 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.207:11851): avc: denied { setattr } for pid=8303 comm="yum" name="console.apps" dev=dm-0 ino=9330284 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775125.207:11851): arch=40000003 syscall=212 success=yes exit=0 a0=dc6c850 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.463:11852): avc: denied { unlink } for pid=8303 comm="yum" name="pam_console_apply" dev=dm-0 ino=9984687 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.463:11852): arch=40000003 syscall=38 success=yes exit=0 a0=ea2e4b0 a1=ea2f750 a2=d2a040 a3=ea2e4b0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.535:11853): avc: denied { relabelto } for pid=8303 comm="yum" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.535:11853): arch=40000003 syscall=227 success=yes exit=0 a0=ea2f750 a1=a2f0d3 a2=ea352e0 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.535:11854): avc: denied { setattr } for pid=8303 comm="yum" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.535:11854): arch=40000003 syscall=212 success=yes exit=0 a0=ea2f750 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.547:11855): avc: denied { unlink } for pid=8303 comm="yum" name="pam_timestamp_check" dev=dm-0 ino=9984596 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.547:11855): arch=40000003 syscall=38 success=yes exit=0 a0=ea35320 a1=ea35300 a2=d2a040 a3=ea35320 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.547:11856): avc: denied { relabelto } for pid=8303 comm="yum" name="pam_timestamp_check" dev=dm-0 ino=9984614 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.547:11856): arch=40000003 syscall=227 success=yes exit=0 a0=ea35300 a1=a2f0d3 a2=ea36290 a3=20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.547:11857): avc: denied { setattr } for pid=8303 comm="yum" name="pam_timestamp_check" dev=dm-0 ino=9984614 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.547:11857): arch=40000003 syscall=212 success=yes exit=0 a0=ea35300 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.551:11858): avc: denied { unlink } for pid=8303 comm="yum" name="unix_chkpwd" dev=dm-0 ino=9984659 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.551:11858): arch=40000003 syscall=38 success=yes exit=0 a0=ea35300 a1=ea2e4b0 a2=d2a040 a3=ea35300 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.591:11859): avc: denied { relabelto } for pid=8303 comm="yum" name="unix_chkpwd" dev=dm-0 ino=9984687 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.591:11859): arch=40000003 syscall=227 success=yes exit=0 a0=ea2e4b0 a1=a2f0d3 a2=ea3ded8 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.591:11860): avc: denied { setattr } for pid=8303 comm="yum" name="unix_chkpwd" dev=dm-0 ino=9984687 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:chkpwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.591:11860): arch=40000003 syscall=212 success=yes exit=0 a0=ea2e4b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.651:11861): avc: denied { unlink } for pid=8303 comm="yum" name="Copyright" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.651:11861): arch=40000003 syscall=38 success=yes exit=0 a0=ea427f0 a1=ea352b0 a2=d2a040 a3=ea427f0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.671:11862): avc: denied { relabelto } for pid=8303 comm="yum" name="Copyright" dev=dm-0 ino=14731258 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.671:11862): arch=40000003 syscall=227 success=yes exit=0 a0=ea352b0 a1=a2f0d3 a2=ea42790 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775125.671:11863): avc: denied { setattr } for pid=8303 comm="yum" name="Copyright" dev=dm-0 ino=14731258 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775125.671:11863): arch=40000003 syscall=212 success=yes exit=0 a0=ea352b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.023:11864): avc: denied { unlink } for pid=8303 comm="yum" name="Linux-PAM.mo" dev=dm-0 ino=3109965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.023:11864): arch=40000003 syscall=38 success=yes exit=0 a0=ea42828 a1=ea427f0 a2=d2a040 a3=ea42828 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.027:11865): avc: denied { relabelto } for pid=8303 comm="yum" name="Linux-PAM.mo" dev=dm-0 ino=10321235 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.027:11865): arch=40000003 syscall=227 success=yes exit=0 a0=ea427f0 a1=a2f0d3 a2=e64eac0 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.027:11866): avc: denied { setattr } for pid=8303 comm="yum" name="Linux-PAM.mo" dev=dm-0 ino=10321235 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.027:11866): arch=40000003 syscall=212 success=yes exit=0 a0=ea427f0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.295:11867): avc: denied { write } for pid=8303 comm="yum" name="log" dev=dm-0 ino=14436604 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163775126.295:11867): avc: denied { add_name } for pid=8303 comm="yum" name="faillog;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163775126.295:11867): avc: denied { create } for pid=8303 comm="yum" name="faillog;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.295:11867): arch=40000003 syscall=5 success=yes exit=30 a0=ea43e90 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.295:11868): avc: denied { remove_name } for pid=8303 comm="yum" name="faillog;455dcb57" dev=dm-0 ino=14437882 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163775126.295:11868): avc: denied { rename } for pid=8303 comm="yum" name="faillog;455dcb57" dev=dm-0 ino=14437882 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.295:11868): arch=40000003 syscall=38 success=yes exit=0 a0=ea43e90 a1=ea2e4b0 a2=d2a040 a3=ea43e90 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.299:11869): avc: denied { relabelfrom } for pid=8303 comm="yum" name="faillog" dev=dm-0 ino=14437882 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_log_t:s0 tclass=file
+type=AVC msg=audit(1163775126.299:11869): avc: denied { relabelto } for pid=8303 comm="yum" name="faillog" dev=dm-0 ino=14437882 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:faillog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.299:11869): arch=40000003 syscall=227 success=yes exit=0 a0=ea2e4b0 a1=a2f0d3 a2=eab52b8 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.299:11870): avc: denied { setattr } for pid=8303 comm="yum" name="faillog" dev=dm-0 ino=14437882 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:faillog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775126.299:11870): arch=40000003 syscall=212 success=yes exit=0 a0=ea2e4b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.323:11871): avc: denied { relabelfrom } for pid=8303 comm="yum" name="console" dev=dm-0 ino=14436665 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_var_console_t:s0 tclass=dir
+type=AVC msg=audit(1163775126.323:11871): avc: denied { relabelto } for pid=8303 comm="yum" name="console" dev=dm-0 ino=14436665 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_var_console_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775126.323:11871): arch=40000003 syscall=227 success=yes exit=0 a0=ea2e4b0 a1=a2f0d3 a2=ead9858 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775126.323:11872): avc: denied { setattr } for pid=8303 comm="yum" name="console" dev=dm-0 ino=14436665 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_var_console_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775126.323:11872): arch=40000003 syscall=212 success=yes exit=0 a0=ea2e4b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.171:11873): avc: denied { unlink } for pid=8303 comm="yum" name="liblber-2.3.so.0" dev=dm-0 ino=10314788 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775129.171:11873): arch=40000003 syscall=38 success=yes exit=0 a0=ea3de88 a1=e658000 a2=d2a040 a3=ea3de88 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.251:11874): avc: denied { write } for pid=8303 comm="yum" name="doc" dev=dm-0 ino=10311844 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775129.251:11874): avc: denied { add_name } for pid=8303 comm="yum" name="openldap-2.3.30" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775129.251:11874): arch=40000003 syscall=39 success=yes exit=0 a0=e6582a0 a1=1c0 a2=d2a040 a3=e6582a0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.251:11875): avc: denied { relabelto } for pid=8303 comm="yum" name="openldap-2.3.30" dev=dm-0 ino=11099061 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775129.251:11875): arch=40000003 syscall=227 success=yes exit=0 a0=e6582a0 a1=a2f0d3 a2=e658148 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.251:11876): avc: denied { setattr } for pid=8303 comm="yum" name="openldap-2.3.30" dev=dm-0 ino=11099061 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775129.251:11876): arch=40000003 syscall=212 success=yes exit=0 a0=e6582a0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.251:11877): avc: denied { remove_name } for pid=8303 comm="yum" name="ANNOUNCEMENT;455dcb57" dev=dm-0 ino=11099062 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775129.251:11877): arch=40000003 syscall=38 success=yes exit=0 a0=e6581c0 a1=ead9888 a2=d2a040 a3=e6581c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775129.303:11878): avc: denied { relabelfrom } for pid=8303 comm="yum" name="openldap" dev=dm-0 ino=10574715 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775129.303:11878): arch=40000003 syscall=227 success=yes exit=0 a0=e65bce8 a1=a2f0d3 a2=e52c110 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775148.900:11879): avc: denied { unlink } for pid=8303 comm="yum" name="gappletviewer" dev=dm-0 ino=10319685 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:java_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775148.900:11879): arch=40000003 syscall=38 success=yes exit=0 a0=e5f1d08 a1=e6a6140 a2=d2a040 a3=e5f1d08 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775148.996:11880): avc: denied { relabelto } for pid=8303 comm="yum" name="gappletviewer" dev=dm-0 ino=10317587 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:java_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775148.996:11880): arch=40000003 syscall=227 success=yes exit=0 a0=e6a6140 a1=a2f0d3 a2=e679d38 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775148.996:11881): avc: denied { setattr } for pid=8303 comm="yum" name="gappletviewer" dev=dm-0 ino=10317587 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:java_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775148.996:11881): arch=40000003 syscall=212 success=yes exit=0 a0=e6a6140 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775155.072:11882): avc: denied { read } for pid=10924 comm="gij" name="[59846]" dev=pipefs ino=59846 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=AVC msg=audit(1163775155.072:11882): avc: denied { write } for pid=10924 comm="gij" name="[59868]" dev=pipefs ino=59868 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163775155.072:11882): arch=40000003 syscall=11 success=yes exit=0 a0=9c5b768 a1=9c5b838 a2=9c5d8d8 a3=9c5b670 items=0 ppid=10923 pid=10924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gij" exe="/usr/bin/gij" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775155.072:11882): path="pipe:[59868]"
+type=AVC_PATH msg=audit(1163775155.072:11882): path="pipe:[59846]"
+type=AVC msg=audit(1163775155.112:11883): avc: denied { sigchld } for pid=10923 comm="sh" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1163775155.236:11884): avc: denied { getattr } for pid=10924 comm="gij" name="[59868]" dev=pipefs ino=59868 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163775155.236:11884): arch=40000003 syscall=197 success=yes exit=0 a0=1 a1=bf9fc2a0 a2=262ff4 a3=2634c0 items=0 ppid=10923 pid=10924 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gij" exe="/usr/bin/gij" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775155.236:11884): path="pipe:[59868]"
+type=SYSCALL msg=audit(1163775155.112:11883): arch=40000003 syscall=7 success=yes exit=10924 a0=ffffffff a1=bf98d6e8 a2=0 a3=9c5d5f0 items=0 ppid=10922 pid=10923 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sh" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775155.916:11885): avc: denied { unlink } for pid=10958 comm="update-alternat" name="jaxp_parser_impl" dev=dm-0 ino=9329800 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775155.916:11885): arch=40000003 syscall=10 success=yes exit=0 a0=bfb69870 a1=0 a2=81b2b40 a3=804c7f6 items=0 ppid=10922 pid=10958 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-alternat" exe="/usr/sbin/alternatives" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775155.916:11886): avc: denied { create } for pid=10958 comm="update-alternat" name="jaxp_parser_impl" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775155.916:11886): arch=40000003 syscall=83 success=yes exit=0 a0=81b2a90 a1=bfb69870 a2=81b2b40 a3=804c7f6 items=0 ppid=10922 pid=10958 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-alternat" exe="/usr/sbin/alternatives" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.741:11887): avc: denied { unlink } for pid=8303 comm="yum" name="chage" dev=dm-0 ino=10321438 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.741:11887): arch=40000003 syscall=38 success=yes exit=0 a0=dc651c8 a1=eb14e48 a2=d2a040 a3=dc651c8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.761:11888): avc: denied { relabelto } for pid=8303 comm="yum" name="chage" dev=dm-0 ino=10320806 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.761:11888): arch=40000003 syscall=227 success=yes exit=0 a0=eb14e48 a1=a2f0d3 a2=bc898f8 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.761:11889): avc: denied { setattr } for pid=8303 comm="yum" name="chage" dev=dm-0 ino=10320806 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.761:11889): arch=40000003 syscall=212 success=yes exit=0 a0=eb14e48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.777:11890): avc: denied { unlink } for pid=8303 comm="yum" name="gpasswd" dev=dm-0 ino=10325925 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.777:11890): arch=40000003 syscall=38 success=yes exit=0 a0=eb15308 a1=eb14e48 a2=d2a040 a3=eb15308 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.781:11891): avc: denied { relabelto } for pid=8303 comm="yum" name="gpasswd" dev=dm-0 ino=10321799 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.781:11891): arch=40000003 syscall=227 success=yes exit=0 a0=eb14e48 a1=a2f0d3 a2=ea7d7b0 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.781:11892): avc: denied { setattr } for pid=8303 comm="yum" name="gpasswd" dev=dm-0 ino=10321799 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.781:11892): arch=40000003 syscall=212 success=yes exit=0 a0=eb14e48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.857:11893): avc: denied { create } for pid=8303 comm="yum" name="adduser;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775156.857:11893): arch=40000003 syscall=83 success=yes exit=0 a0=eb15ef8 a1=e5f0b10 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.857:11894): avc: denied { rename } for pid=8303 comm="yum" name="adduser;455dcb57" dev=dm-0 ino=10317247 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775156.857:11894): avc: denied { unlink } for pid=8303 comm="yum" name="adduser" dev=dm-0 ino=10330001 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775156.857:11894): arch=40000003 syscall=38 success=yes exit=0 a0=e5f0b10 a1=eb14e48 a2=d2a040 a3=e5f0b10 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.857:11895): avc: denied { relabelfrom } for pid=8303 comm="yum" name="adduser" dev=dm-0 ino=10317247 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775156.857:11895): avc: denied { relabelto } for pid=8303 comm="yum" name="adduser" dev=dm-0 ino=10317247 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775156.857:11895): arch=40000003 syscall=227 success=yes exit=0 a0=eb14e48 a1=a2f0d3 a2=ea7da60 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.857:11896): avc: denied { setattr } for pid=8303 comm="yum" name="adduser" dev=dm-0 ino=10317247 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775156.857:11896): arch=40000003 syscall=198 success=yes exit=0 a0=eb14e48 a1=0 a2=0 a3=e5d8d4c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.889:11897): avc: denied { unlink } for pid=8303 comm="yum" name="grpconv" dev=dm-0 ino=10333815 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:admin_passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.889:11897): arch=40000003 syscall=38 success=yes exit=0 a0=eb33fa0 a1=eb14e48 a2=d2a040 a3=eb33fa0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.889:11898): avc: denied { relabelto } for pid=8303 comm="yum" name="grpconv" dev=dm-0 ino=10321538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:admin_passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.889:11898): arch=40000003 syscall=227 success=yes exit=0 a0=eb14e48 a1=a2f0d3 a2=eb34a30 a3=29 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.889:11899): avc: denied { setattr } for pid=8303 comm="yum" name="grpconv" dev=dm-0 ino=10321538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:admin_passwd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.889:11899): arch=40000003 syscall=212 success=yes exit=0 a0=eb14e48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.901:11900): avc: denied { unlink } for pid=8303 comm="yum" name="useradd" dev=dm-0 ino=10322649 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.901:11900): arch=40000003 syscall=38 success=yes exit=0 a0=eb41178 a1=e5f1540 a2=d2a040 a3=eb41178 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.921:11901): avc: denied { relabelto } for pid=8303 comm="yum" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.921:11901): arch=40000003 syscall=227 success=yes exit=0 a0=e5f1540 a1=a2f0d3 a2=eb49f08 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775156.921:11902): avc: denied { setattr } for pid=8303 comm="yum" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775156.921:11902): arch=40000003 syscall=212 success=yes exit=0 a0=e5f1540 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.709:11903): avc: denied { create } for pid=8303 comm="yum" name="adduser.8.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775157.709:11903): arch=40000003 syscall=83 success=yes exit=0 a0=eb15ef8 a1=eb4c5d0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.709:11904): avc: denied { rename } for pid=8303 comm="yum" name="adduser.8.gz;455dcb57" dev=dm-0 ino=10317994 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775157.709:11904): avc: denied { unlink } for pid=8303 comm="yum" name="adduser.8.gz" dev=dm-0 ino=10317995 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775157.709:11904): arch=40000003 syscall=38 success=yes exit=0 a0=eb4c5d0 a1=eb4c460 a2=d2a040 a3=eb4c5d0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.709:11905): avc: denied { relabelfrom } for pid=8303 comm="yum" name="adduser.8.gz" dev=dm-0 ino=10317994 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775157.709:11905): avc: denied { relabelto } for pid=8303 comm="yum" name="adduser.8.gz" dev=dm-0 ino=10317994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775157.709:11905): arch=40000003 syscall=227 success=yes exit=0 a0=eb4c460 a1=a2f0d3 a2=eb4c720 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.709:11906): avc: denied { setattr } for pid=8303 comm="yum" name="adduser.8.gz" dev=dm-0 ino=10317994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775157.709:11906): arch=40000003 syscall=198 success=yes exit=0 a0=eb4c460 a1=0 a2=0 a3=e5d8d4c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.853:11907): avc: denied { write } for pid=8303 comm="yum" name="man3" dev=dm-0 ino=10542601 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163775157.853:11907): avc: denied { add_name } for pid=8303 comm="yum" name="getspnam.3.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775157.853:11907): arch=40000003 syscall=5 success=yes exit=30 a0=eb4d1c0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775157.861:11908): avc: denied { remove_name } for pid=8303 comm="yum" name="getspnam.3.gz;455dcb57" dev=dm-0 ino=10543859 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775157.861:11908): arch=40000003 syscall=38 success=yes exit=0 a0=eb4d1c0 a1=eb4d168 a2=d2a040 a3=eb4d1c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.805:11909): avc: denied { execute } for pid=10978 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775160.805:11909): avc: denied { execute_no_trans } for pid=10978 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775160.805:11909): avc: denied { read } for pid=10978 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.805:11909): arch=40000003 syscall=11 success=yes exit=0 a0=9aa9278 a1=9aa8ae8 a2=9aa94b0 a3=9aa8e10 items=0 ppid=10977 pid=10978 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="useradd" exe="/usr/sbin/useradd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775160.805:11909): path="/usr/sbin/useradd"
+type=AVC_PATH msg=audit(1163775160.805:11909): path="/usr/sbin/useradd"
+type=AVC msg=audit(1163775160.901:11910): avc: denied { audit_write } for pid=10978 comm="useradd" capability=29 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=USER_CHAUTHTOK msg=audit(1163775160.901:11911): user pid=10978 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='op=adding user acct=dbus exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/1 res=failed)'
+type=SYSCALL msg=audit(1163775160.901:11910): arch=40000003 syscall=102 success=yes exit=116 a0=b a1=bffa7ed0 a2=a47ff4 a3=bffae920 items=0 ppid=10977 pid=10978 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="useradd" exe="/usr/sbin/useradd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.913:11912): avc: denied { create } for pid=8303 comm="yum" name="dbus-cleanup-sockets;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.913:11912): arch=40000003 syscall=5 success=yes exit=30 a0=eb4d550 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.921:11913): avc: denied { write } for pid=8303 comm="yum" name="dbus-cleanup-sockets;455dcb57" dev=dm-0 ino=13683789 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.921:11913): arch=40000003 syscall=4 success=yes exit=7800 a0=1e a1=b6f50000 a2=1e78 a3=e6a5630 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775160.921:11913): path="/bin/dbus-cleanup-sockets;455dcb57"
+type=AVC msg=audit(1163775160.921:11914): avc: denied { rename } for pid=8303 comm="yum" name="dbus-cleanup-sockets;455dcb57" dev=dm-0 ino=13683789 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.921:11914): arch=40000003 syscall=38 success=yes exit=0 a0=eb4d550 a1=e5f1ce8 a2=d2a040 a3=eb4d550 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.941:11915): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dbus-cleanup-sockets" dev=dm-0 ino=13683789 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.941:11915): arch=40000003 syscall=227 success=yes exit=0 a0=e5f1ce8 a1=a2f0d3 a2=eb4b930 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.981:11916): avc: denied { unlink } for pid=8303 comm="yum" name="dbus-daemon" dev=dm-0 ino=13683713 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.981:11916): arch=40000003 syscall=38 success=yes exit=0 a0=e5f1ce8 a1=eb4d0d0 a2=d2a040 a3=e5f1ce8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.981:11917): avc: denied { relabelto } for pid=8303 comm="yum" name="dbus-daemon" dev=dm-0 ino=13683727 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.981:11917): arch=40000003 syscall=227 success=yes exit=0 a0=eb4d0d0 a1=a2f0d3 a2=e6a5840 a3=29 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775160.981:11918): avc: denied { setattr } for pid=8303 comm="yum" name="dbus-daemon" dev=dm-0 ino=13683727 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775160.981:11918): arch=40000003 syscall=212 success=yes exit=0 a0=eb4d0d0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.057:11919): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dbus-1" dev=dm-0 ino=9329778 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775161.057:11919): avc: denied { relabelto } for pid=8303 comm="yum" name="dbus-1" dev=dm-0 ino=9329778 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.057:11919): arch=40000003 syscall=227 success=yes exit=0 a0=e11dfc8 a1=a2f0d3 a2=ea73908 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.077:11920): avc: denied { setattr } for pid=8303 comm="yum" name="dbus-1" dev=dm-0 ino=9329778 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.077:11920): arch=40000003 syscall=212 success=yes exit=0 a0=e11dfc8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.077:11921): avc: denied { write } for pid=8303 comm="yum" name="dbus-1" dev=dm-0 ino=9329778 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775161.077:11921): avc: denied { add_name } for pid=8303 comm="yum" name="session.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775161.077:11921): avc: denied { create } for pid=8303 comm="yum" name="session.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.077:11921): arch=40000003 syscall=5 success=yes exit=30 a0=ea73908 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.081:11922): avc: denied { write } for pid=8303 comm="yum" name="session.conf;455dcb57" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.081:11922): arch=40000003 syscall=4 success=yes exit=1016 a0=1e a1=b6f50000 a2=3f8 a3=ea73980 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775161.081:11922): path="/etc/dbus-1/session.conf;455dcb57"
+type=AVC msg=audit(1163775161.081:11923): avc: denied { remove_name } for pid=8303 comm="yum" name="session.conf;455dcb57" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775161.081:11923): avc: denied { rename } for pid=8303 comm="yum" name="session.conf;455dcb57" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775161.081:11923): avc: denied { unlink } for pid=8303 comm="yum" name="session.conf" dev=dm-0 ino=9330291 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.081:11923): arch=40000003 syscall=38 success=yes exit=0 a0=ea73908 a1=eb4b930 a2=d2a040 a3=ea73908 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.085:11924): avc: denied { relabelfrom } for pid=8303 comm="yum" name="session.conf" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775161.085:11924): avc: denied { relabelto } for pid=8303 comm="yum" name="session.conf" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.085:11924): arch=40000003 syscall=227 success=yes exit=0 a0=eb4b930 a1=a2f0d3 a2=ea73908 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.085:11925): avc: denied { setattr } for pid=8303 comm="yum" name="session.conf" dev=dm-0 ino=9329933 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.085:11925): arch=40000003 syscall=212 success=yes exit=0 a0=eb4b930 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.097:11926): avc: denied { unlink } for pid=8303 comm="yum" name="messagebus" dev=dm-0 ino=9331033 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.097:11926): arch=40000003 syscall=38 success=yes exit=0 a0=e6a5808 a1=eb4b930 a2=d2a040 a3=e6a5808 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.101:11927): avc: denied { relabelto } for pid=8303 comm="yum" name="messagebus" dev=dm-0 ino=9330223 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.101:11927): arch=40000003 syscall=227 success=yes exit=0 a0=eb4b930 a1=a2f0d3 a2=ea73958 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.101:11928): avc: denied { setattr } for pid=8303 comm="yum" name="messagebus" dev=dm-0 ino=9330223 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.101:11928): arch=40000003 syscall=212 success=yes exit=0 a0=eb4b930 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.157:11929): avc: denied { create } for pid=8303 comm="yum" name="dbus-1.0.0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.157:11929): arch=40000003 syscall=39 success=yes exit=0 a0=ea7cf00 a1=1c0 a2=d2a040 a3=ea7cf00 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.157:11930): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dbus-1.0.0" dev=dm-0 ino=11099077 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.157:11930): arch=40000003 syscall=227 success=yes exit=0 a0=ea7cf00 a1=a2f0d3 a2=eb5e6a0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.157:11931): avc: denied { create } for pid=8303 comm="yum" name="COPYING;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.157:11931): arch=40000003 syscall=5 success=yes exit=30 a0=eb5e6c0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.157:11932): avc: denied { write } for pid=8303 comm="yum" name="COPYING;455dcb57" dev=dm-0 ino=11099078 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.157:11932): arch=40000003 syscall=4 success=yes exit=24576 a0=1e a1=eb4d890 a2=6000 a3=eb5e6f0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775161.157:11932): path="/usr/share/doc/dbus-1.0.0/COPYING;455dcb57"
+type=AVC msg=audit(1163775161.157:11933): avc: denied { rename } for pid=8303 comm="yum" name="COPYING;455dcb57" dev=dm-0 ino=11099078 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.157:11933): arch=40000003 syscall=38 success=yes exit=0 a0=eb5e6c0 a1=ea73930 a2=d2a040 a3=eb5e6c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.165:11934): avc: denied { relabelfrom } for pid=8303 comm="yum" name="COPYING" dev=dm-0 ino=11099078 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775161.165:11934): arch=40000003 syscall=227 success=yes exit=0 a0=ea73930 a1=a2f0d3 a2=ea7cf00 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.213:11935): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dbus" dev=dm-0 ino=14567750 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.213:11935): arch=40000003 syscall=227 success=yes exit=0 a0=eb5e9f8 a1=a2f0d3 a2=ea73930 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.221:11936): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dbus" dev=dm-0 ino=14436623 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775161.221:11936): avc: denied { relabelto } for pid=8303 comm="yum" name="dbus" dev=dm-0 ino=14436623 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.221:11936): arch=40000003 syscall=227 success=yes exit=0 a0=eb5e9f8 a1=a2f0d3 a2=eb7a868 a3=2c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775161.221:11937): avc: denied { setattr } for pid=8303 comm="yum" name="dbus" dev=dm-0 ino=14436623 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775161.221:11937): arch=40000003 syscall=212 success=yes exit=0 a0=eb5e9f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775163.505:11938): avc: denied { create } for pid=8303 comm="yum" name="xfce-mcs-manager.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775163.505:11938): arch=40000003 syscall=5 success=yes exit=30 a0=e690328 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775163.505:11939): avc: denied { write } for pid=8303 comm="yum" name="xfce-mcs-manager.mo;455dcb57" dev=dm-0 ino=10321875 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775163.505:11939): arch=40000003 syscall=4 success=yes exit=560 a0=1e a1=b6f50000 a2=230 a3=eb2dc88 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775163.505:11939): path="/usr/share/locale/ar/LC_MESSAGES/xfce-mcs-manager.mo;455dcb57"
+type=AVC msg=audit(1163775163.509:11940): avc: denied { rename } for pid=8303 comm="yum" name="xfce-mcs-manager.mo;455dcb57" dev=dm-0 ino=10321875 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775163.509:11940): arch=40000003 syscall=38 success=yes exit=0 a0=e690328 a1=eb2ddf0 a2=d2a040 a3=e690328 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775163.517:11941): avc: denied { relabelfrom } for pid=8303 comm="yum" name="xfce-mcs-manager.mo" dev=dm-0 ino=10321875 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775163.517:11941): arch=40000003 syscall=227 success=yes exit=0 a0=eb2ddf0 a1=a2f0d3 a2=eb2ddc8 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775164.965:11942): avc: denied { create } for pid=8303 comm="yum" name="add.png;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775164.965:11942): arch=40000003 syscall=83 success=yes exit=0 a0=ebc2888 a1=dc65200 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775164.965:11943): avc: denied { rename } for pid=8303 comm="yum" name="add.png;455dcb57" dev=dm-0 ino=13061670 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775164.965:11943): avc: denied { unlink } for pid=8303 comm="yum" name="add.png" dev=dm-0 ino=13063759 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775164.965:11943): arch=40000003 syscall=38 success=yes exit=0 a0=dc65200 a1=e6a53d8 a2=d2a040 a3=dc65200 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775164.977:11944): avc: denied { relabelfrom } for pid=8303 comm="yum" name="add.png" dev=dm-0 ino=13061670 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775164.977:11944): avc: denied { relabelto } for pid=8303 comm="yum" name="add.png" dev=dm-0 ino=13061670 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775164.977:11944): arch=40000003 syscall=227 success=yes exit=0 a0=e6a53d8 a1=a2f0d3 a2=dc65240 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775164.977:11945): avc: denied { setattr } for pid=8303 comm="yum" name="add.png" dev=dm-0 ino=13061670 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775164.977:11945): arch=40000003 syscall=198 success=yes exit=0 a0=e6a53d8 a1=0 a2=0 a3=e5d7a34 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775188.875:11946): avc: denied { unlink } for pid=10990 comm="gtk-update-icon" name=".icon-theme.cache" dev=dm-0 ino=10378011 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775188.875:11946): arch=40000003 syscall=10 success=yes exit=0 a0=9f37be0 a1=1 a2=412708 a3=0 items=0 ppid=10984 pid=10990 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gtk-update-icon" exe="/usr/bin/gtk-update-icon-cache" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775197.651:11947): avc: denied { getattr } for pid=8368 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=9331954 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775197.651:11947): arch=40000003 syscall=195 success=yes exit=0 a0=c36800 a1=bfae855c a2=c4eff4 a3=0 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775197.651:11947): path="/etc/localtime"
+type=AVC msg=audit(1163775197.655:11948): avc: denied { read } for pid=8368 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=9331954 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775197.655:11948): arch=40000003 syscall=5 success=yes exit=43 a0=c36800 a1=0 a2=1b6 a3=ac8bf48 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775219.792:11949): avc: denied { read } for pid=11018 comm="mozilla-xremote" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775219.792:11949): arch=40000003 syscall=33 success=yes exit=0 a0=bfd34f92 a1=4 a2=252a64 a3=bfd34f92 items=0 ppid=11017 pid=11018 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775221.509:11950): avc: denied { read } for pid=11015 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775221.509:11950): arch=40000003 syscall=33 success=yes exit=0 a0=bf969fcb a1=4 a2=83ea64 a3=bf969fcb items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775221.509:11951): avc: denied { getattr } for pid=11015 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775221.509:11951): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf96758c a2=c4cff4 a3=8f41140 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775221.509:11951): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163775228.225:11952): avc: denied { append } for pid=8303 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775228.225:11952): arch=40000003 syscall=4 success=yes exit=55 a0=4 a1=b7bd1000 a2=37 a3=37 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775228.225:11952): path="/var/log/yum.log"
+type=AVC msg=audit(1163775228.409:11953): avc: denied { write } for pid=8303 comm="yum" name="lib" dev=dm-0 ino=10311854 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775228.409:11953): avc: denied { add_name } for pid=8303 comm="yum" name="libsoup-2.2.so.8;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775228.409:11953): arch=40000003 syscall=83 success=yes exit=0 a0=ebefb20 a1=eb04ab8 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775228.409:11954): avc: denied { remove_name } for pid=8303 comm="yum" name="libsoup-2.2.so.8;455dcb57" dev=dm-0 ino=10333004 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775228.409:11954): arch=40000003 syscall=38 success=yes exit=0 a0=eb04ab8 a1=e69bed0 a2=d2a040 a3=eb04ab8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775228.445:11955): avc: denied { relabelto } for pid=8303 comm="yum" name="libsoup-2.2.so.8.5.0" dev=dm-0 ino=10333007 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775228.445:11955): arch=40000003 syscall=227 success=yes exit=0 a0=eb04ab8 a1=a2f0d3 a2=ea5f800 a3=1d items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775228.445:11956): avc: denied { setattr } for pid=8303 comm="yum" name="libsoup-2.2.so.8.5.0" dev=dm-0 ino=10333007 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775228.445:11956): arch=40000003 syscall=212 success=yes exit=0 a0=eb04ab8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775231.461:11957): avc: denied { write } for pid=11030 comm="ldconfig" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775231.461:11957): avc: denied { add_name } for pid=11030 comm="ldconfig" name="ld.so.cache~" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775231.461:11957): arch=40000003 syscall=5 success=yes exit=3 a0=8c60b20 a1=20241 a2=1a4 a3=8c60b20 items=0 ppid=8303 pid=11030 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775231.461:11958): avc: denied { remove_name } for pid=11030 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9331033 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775231.461:11958): arch=40000003 syscall=38 success=yes exit=0 a0=8c60b20 a1=bfc904d0 a2=bfc90450 a3=8c60b20 items=0 ppid=8303 pid=11030 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775234.185:11959): avc: denied { unlink } for pid=8303 comm="yum" name="helpers.rc" dev=dm-0 ino=9334371 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775234.185:11959): arch=40000003 syscall=38 success=yes exit=0 a0=ea5eca0 a1=eb040f8 a2=d2a040 a3=ea5eca0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775234.197:11960): avc: denied { relabelto } for pid=8303 comm="yum" name="helpers.rc" dev=dm-0 ino=9330558 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775234.197:11960): arch=40000003 syscall=227 success=yes exit=0 a0=eb040f8 a1=a2f0d3 a2=ebeebb8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775234.197:11961): avc: denied { setattr } for pid=8303 comm="yum" name="helpers.rc" dev=dm-0 ino=9330558 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775234.197:11961): arch=40000003 syscall=212 success=yes exit=0 a0=eb040f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775236.106:11962): avc: denied { write } for pid=8303 comm="yum" name="exo-0.3" dev=dm-0 ino=10344948 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775236.106:11962): avc: denied { add_name } for pid=8303 comm="yum" name="exo-thumbnail-frame.png;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775236.106:11962): arch=40000003 syscall=5 success=yes exit=30 a0=ebb21b8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775236.118:11963): avc: denied { remove_name } for pid=8303 comm="yum" name="exo-thumbnail-frame.png;455dcb57" dev=dm-0 ino=10344947 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775236.118:11963): arch=40000003 syscall=38 success=yes exit=0 a0=ebb21b8 a1=ebb2060 a2=d2a040 a3=ebb21b8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775239.770:11964): avc: denied { unlink } for pid=8303 comm="yum" name="libaprutil-1.so.0.2.7" dev=dm-0 ino=10321183 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775239.770:11964): arch=40000003 syscall=38 success=yes exit=0 a0=ebcbe48 a1=e6598f8 a2=d2a040 a3=ebcbe48 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775240.926:11965): avc: denied { relabelfrom } for pid=8303 comm="yum" name="dev.d" dev=dm-0 ino=9330472 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775240.926:11965): avc: denied { relabelto } for pid=8303 comm="yum" name="dev.d" dev=dm-0 ino=9330472 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775240.926:11965): arch=40000003 syscall=227 success=yes exit=0 a0=e68d5f0 a1=a2f0d3 a2=ebcbec8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775240.926:11966): avc: denied { setattr } for pid=8303 comm="yum" name="dev.d" dev=dm-0 ino=9330472 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775240.926:11966): arch=40000003 syscall=212 success=yes exit=0 a0=e68d5f0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.090:11967): avc: denied { relabelfrom } for pid=8303 comm="yum" name="firmware" dev=dm-0 ino=13716612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775241.090:11967): avc: denied { relabelto } for pid=8303 comm="yum" name="firmware" dev=dm-0 ino=13716612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775241.090:11967): arch=40000003 syscall=227 success=yes exit=0 a0=e68d5f0 a1=a2f0d3 a2=ebcbee8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.090:11968): avc: denied { setattr } for pid=8303 comm="yum" name="firmware" dev=dm-0 ino=13716612 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775241.090:11968): arch=40000003 syscall=212 success=yes exit=0 a0=e68d5f0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.262:11969): avc: denied { unlink } for pid=8303 comm="yum" name="scsi_id" dev=dm-0 ino=13717608 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.262:11969): arch=40000003 syscall=38 success=yes exit=0 a0=eb863d8 a1=eb858f8 a2=d2a040 a3=eb863d8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.310:11970): avc: denied { relabelto } for pid=8303 comm="yum" name="scsi_id" dev=dm-0 ino=13717607 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.310:11970): arch=40000003 syscall=227 success=yes exit=0 a0=eb858f8 a1=a2f0d3 a2=eb86398 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.310:11971): avc: denied { setattr } for pid=8303 comm="yum" name="scsi_id" dev=dm-0 ino=13717607 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.310:11971): arch=40000003 syscall=212 success=yes exit=0 a0=eb858f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.386:11972): avc: denied { create } for pid=8303 comm="yum" name="firmware_helper;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.386:11972): arch=40000003 syscall=5 success=yes exit=30 a0=eb81dd0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.386:11973): avc: denied { write } for pid=8303 comm="yum" name="firmware_helper;455dcb57" dev=dm-0 ino=9984659 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.386:11973): arch=40000003 syscall=4 success=yes exit=5824 a0=1e a1=b6ebb000 a2=16c0 a3=eb880b8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775241.386:11973): path="/sbin/firmware_helper;455dcb57"
+type=AVC msg=audit(1163775241.386:11974): avc: denied { rename } for pid=8303 comm="yum" name="firmware_helper;455dcb57" dev=dm-0 ino=9984659 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.386:11974): arch=40000003 syscall=38 success=yes exit=0 a0=eb81dd0 a1=eb88098 a2=d2a040 a3=eb81dd0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.414:11975): avc: denied { relabelfrom } for pid=8303 comm="yum" name="firmware_helper" dev=dm-0 ino=9984659 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.414:11975): arch=40000003 syscall=227 success=yes exit=0 a0=eb88098 a1=a2f0d3 a2=eb88008 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.426:11976): avc: denied { unlink } for pid=8303 comm="yum" name="start_udev" dev=dm-0 ino=9984548 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.426:11976): arch=40000003 syscall=38 success=yes exit=0 a0=eb88008 a1=eb858f8 a2=d2a040 a3=eb88008 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.434:11977): avc: denied { relabelto } for pid=8303 comm="yum" name="start_udev" dev=dm-0 ino=9984710 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.434:11977): arch=40000003 syscall=227 success=yes exit=0 a0=eb858f8 a1=a2f0d3 a2=eb9ec48 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775241.434:11978): avc: denied { setattr } for pid=8303 comm="yum" name="start_udev" dev=dm-0 ino=9984710 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775241.434:11978): arch=40000003 syscall=212 success=yes exit=0 a0=eb858f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775242.826:11979): avc: denied { write } for pid=11015 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163775242.826:11979): avc: denied { add_name } for pid=11015 comm="firefox-bin" name="tmp.xpi" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163775242.826:11979): avc: denied { create } for pid=11015 comm="firefox-bin" name="tmp.xpi" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775242.826:11979): arch=40000003 syscall=5 success=yes exit=28 a0=94c3270 a1=82c1 a2=180 a3=82c1 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775243.254:11980): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.254:11980): arch=40000003 syscall=85 success=yes exit=10 a0=bfbc5178 a1=8c6a1e0 a2=1000 a3=8c6a028 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.254:11981): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.254:11981): arch=40000003 syscall=85 success=no exit=-2 a0=bfbc5178 a1=8c6b1e8 a2=1000 a3=8c6a058 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.254:11982): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.254:11982): arch=40000003 syscall=85 success=yes exit=30 a0=bfbc5178 a1=8c8bb08 a2=1000 a3=8c8a988 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.254:11983): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.254:11983): arch=40000003 syscall=85 success=yes exit=21 a0=bfbc5178 a1=8c8eb20 a2=1000 a3=8c8aa58 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.254:11984): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.254:11984): arch=40000003 syscall=85 success=yes exit=12 a0=bfbc5178 a1=8c8fcb0 a2=1000 a3=8c8aab8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11985): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11985): arch=40000003 syscall=85 success=yes exit=13 a0=bfbc5178 a1=8c91cc0 a2=1000 a3=8c8fb90 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11986): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11986): arch=40000003 syscall=85 success=yes exit=11 a0=bfbc5178 a1=8c92cc8 a2=1000 a3=8c8fbf0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11987): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11987): arch=40000003 syscall=85 success=yes exit=20 a0=bfbc5178 a1=8c93cd0 a2=1000 a3=8c8fc40 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11988): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11988): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8c94e90 a2=1000 a3=8c94cd8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11989): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11989): arch=40000003 syscall=85 success=yes exit=13 a0=bfbc5178 a1=8c95e98 a2=1000 a3=8c94d08 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11990): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11990): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8c96ea0 a2=1000 a3=8c94d58 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11991): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11991): arch=40000003 syscall=85 success=yes exit=14 a0=bfbc5178 a1=8c98eb0 a2=1000 a3=8c94df8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11992): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11992): arch=40000003 syscall=85 success=no exit=-2 a0=bfbc5178 a1=8c9b070 a2=1000 a3=8c99ee8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11993): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11993): arch=40000003 syscall=85 success=yes exit=19 a0=bfbc5178 a1=8c9d080 a2=1000 a3=8c99f70 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11994): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11994): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8c9e088 a2=1000 a3=8c99fc0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11995): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11995): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8c9f218 a2=1000 a3=8c9a018 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11996): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11996): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8ca1228 a2=1000 a3=8c9f0f0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11997): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11997): arch=40000003 syscall=85 success=yes exit=16 a0=bfbc5178 a1=8ca2230 a2=1000 a3=8c9f140 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11998): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11998): arch=40000003 syscall=85 success=yes exit=27 a0=bfbc5178 a1=8ca33c8 a2=1000 a3=8c9f1a8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:11999): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:11999): arch=40000003 syscall=85 success=yes exit=13 a0=bfbc5178 a1=8ca53d8 a2=1000 a3=8ca32a8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12000): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12000): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8ca63e0 a2=1000 a3=8ca3310 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12001): avc: denied { sys_ptrace } for pid=11047 comm="pidof" capability=19 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163775243.262:12001): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12001): arch=40000003 syscall=85 success=yes exit=12 a0=bfbc5178 a1=8ca7560 a2=1000 a3=8ca3360 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12002): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12002): arch=40000003 syscall=85 success=yes exit=14 a0=bfbc5178 a1=8ca9570 a2=1000 a3=8ca7440 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12003): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12003): arch=40000003 syscall=85 success=yes exit=19 a0=bfbc5178 a1=8caf918 a2=1000 a3=8caf750 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12004): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12004): arch=40000003 syscall=85 success=yes exit=21 a0=bfbc5178 a1=8cb0920 a2=1000 a3=8caf780 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12005): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12005): arch=40000003 syscall=85 success=yes exit=15 a0=bfbc5178 a1=8cb1928 a2=1000 a3=8caf7d0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12006): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12006): arch=40000003 syscall=85 success=yes exit=16 a0=bfbc5178 a1=8cb4ab8 a2=1000 a3=8cb3938 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.262:12007): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.262:12007): arch=40000003 syscall=85 success=yes exit=14 a0=bfbc5178 a1=8cb5ac0 a2=1000 a3=8cb39a0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.274:12008): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.274:12008): arch=40000003 syscall=85 success=yes exit=20 a0=bfbc5178 a1=8cbbe28 a2=1000 a3=8cb7c08 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.274:12009): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.274:12009): arch=40000003 syscall=85 success=yes exit=13 a0=bfbc5178 a1=8cbde38 a2=1000 a3=8cbbcf0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.274:12010): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.274:12010): arch=40000003 syscall=85 success=yes exit=18 a0=bfbc5178 a1=8cbffe8 a2=1000 a3=8cbbdb8 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.274:12011): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.274:12011): arch=40000003 syscall=85 success=yes exit=35 a0=bfbc5178 a1=8cc1ff8 a2=1000 a3=8cbfec0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.282:12012): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.282:12012): arch=40000003 syscall=85 success=yes exit=44 a0=bfbc5178 a1=8ccd550 a2=1000 a3=8ccc3a0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.282:12013): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.282:12013): arch=40000003 syscall=85 success=yes exit=26 a0=bfbc5178 a1=8cd88f8 a2=1000 a3=8cd4850 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.282:12014): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.282:12014): arch=40000003 syscall=85 success=yes exit=9 a0=bfbc5178 a1=8ce8000 a2=1000 a3=8ce5ed0 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.294:12015): avc: denied { ptrace } for pid=11047 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775243.294:12015): arch=40000003 syscall=85 success=yes exit=32 a0=bfbc5178 a1=8cf45a8 a2=1000 a3=8cf3420 items=0 ppid=11046 pid=11047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.294:12016): avc: denied { signal } for pid=11046 comm="sh" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775243.294:12016): arch=40000003 syscall=37 success=yes exit=0 a0=1b4 a1=f a2=1b4 a3=1b4 items=0 ppid=8303 pid=11046 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sh" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.294:12017): avc: denied { execute } for pid=11048 comm="sh" name="udevd" dev=dm-0 ino=9984584 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775243.294:12017): avc: denied { execute_no_trans } for pid=11048 comm="sh" name="udevd" dev=dm-0 ino=9984584 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775243.294:12017): avc: denied { read } for pid=11048 comm="sh" name="udevd" dev=dm-0 ino=9984584 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775243.294:12017): arch=40000003 syscall=11 success=yes exit=0 a0=94e7658 a1=94e76f0 a2=94e7528 a3=94e6850 items=0 ppid=11046 pid=11048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775243.294:12017): path="/sbin/udevd"
+type=AVC_PATH msg=audit(1163775243.294:12017): path="/sbin/udevd"
+type=AVC msg=audit(1163775243.330:12018): avc: denied { write } for pid=11015 comm="firefox-bin" name="tmp.xpi" dev=dm-0 ino=14469458 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775243.330:12018): arch=40000003 syscall=5 success=yes exit=33 a0=94c3270 a1=8241 a2=180 a3=8241 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775243.382:12019): avc: denied { create } for pid=11048 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163775243.382:12019): arch=40000003 syscall=102 success=yes exit=4 a0=1 a1=bfedb4d0 a2=791234 a3=17 items=0 ppid=11046 pid=11048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.382:12020): avc: denied { setopt } for pid=11048 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=AVC msg=audit(1163775243.382:12020): avc: denied { net_admin } for pid=11048 comm="udevd" capability=12 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775243.382:12020): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bfedb4c0 a2=791234 a3=17 items=0 ppid=11046 pid=11048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.386:12021): avc: denied { bind } for pid=11048 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163775243.386:12021): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfedb4d0 a2=791234 a3=17 items=0 ppid=11046 pid=11048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.394:12022): avc: denied { write } for pid=11048 comm="udevd" name="uevent_seqnum" dev=tmpfs ino=1522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775243.394:12022): arch=40000003 syscall=5 success=yes exit=6 a0=bfee5668 a1=8241 a2=1a4 a3=8241 items=0 ppid=11046 pid=11048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.394:12023): avc: denied { sys_resource } for pid=11049 comm="udevd" capability=24 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775243.394:12023): arch=40000003 syscall=4 success=yes exit=3 a0=6 a1=78b03d a2=3 a3=6 items=0 ppid=11048 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.470:12024): avc: denied { create } for pid=8303 comm="yum" name="libgd.so.2;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775243.470:12024): arch=40000003 syscall=83 success=yes exit=0 a0=ec28238 a1=eb20198 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.470:12025): avc: denied { rename } for pid=8303 comm="yum" name="libgd.so.2;455dcb57" dev=dm-0 ino=10333143 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775243.470:12025): avc: denied { unlink } for pid=8303 comm="yum" name="libgd.so.2" dev=dm-0 ino=10335526 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775243.470:12025): arch=40000003 syscall=38 success=yes exit=0 a0=eb20198 a1=a1cca30 a2=d2a040 a3=eb20198 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.490:12026): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgd.so.2" dev=dm-0 ino=10333143 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775243.490:12026): avc: denied { relabelto } for pid=8303 comm="yum" name="libgd.so.2" dev=dm-0 ino=10333143 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775243.490:12026): arch=40000003 syscall=227 success=yes exit=0 a0=a1cca30 a1=a2f0d3 a2=eba7ce8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775243.490:12027): avc: denied { setattr } for pid=8303 comm="yum" name="libgd.so.2" dev=dm-0 ino=10333143 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775243.490:12027): arch=40000003 syscall=198 success=yes exit=0 a0=a1cca30 a1=0 a2=0 a3=eb5428c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775244.138:12028): avc: denied { read } for pid=11015 comm="firefox-bin" name="tmp.xpi" dev=dm-0 ino=14469458 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775244.138:12028): arch=40000003 syscall=5 success=yes exit=33 a0=94c3270 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775244.174:12029): avc: denied { getattr } for pid=11015 comm="firefox-bin" name="tmp.xpi" dev=dm-0 ino=14469458 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775244.174:12029): arch=40000003 syscall=195 success=yes exit=0 a0=94c3270 a1=bf9667b0 a2=c4cff4 a3=bf9667b0 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775244.174:12029): path="/tmp/tmp.xpi"
+type=AVC msg=audit(1163775244.302:12030): avc: denied { write } for pid=11015 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163775244.302:12030): avc: denied { add_name } for pid=11015 comm="firefox-bin" name="install-6x3..rdf" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163775244.302:12030): avc: denied { create } for pid=11015 comm="firefox-bin" name="install-6x3..rdf" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775244.302:12030): arch=40000003 syscall=5 success=yes exit=35 a0=964b2f0 a1=8041 a2=1a4 a3=8041 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775244.310:12031): avc: denied { setattr } for pid=11015 comm="firefox-bin" name="install-6x3..rdf" dev=dm-0 ino=14469575 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775244.310:12031): arch=40000003 syscall=30 success=yes exit=0 a0=964b2f0 a1=bf9661f0 a2=4a4e304 a3=de9a3ce0 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775244.474:12032): avc: denied { setexec } for pid=11051 comm="yum" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775244.474:12032): arch=40000003 syscall=4 success=no exit=-22 a0=1e a1=eb9ebf8 a2=20 a3=a2f751 items=0 ppid=8303 pid=11051 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775244.806:12033): avc: denied { remove_name } for pid=11015 comm="firefox-bin" name="install-6x3..rdf" dev=dm-0 ino=14469575 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163775244.806:12033): avc: denied { unlink } for pid=11015 comm="firefox-bin" name="install-6x3..rdf" dev=dm-0 ino=14469575 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775244.806:12033): arch=40000003 syscall=10 success=yes exit=0 a0=964b2f0 a1=0 a2=4a4e304 a3=0 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775245.174:12034): avc: denied { create } for pid=8303 comm="yum" name="X;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775245.174:12034): arch=40000003 syscall=83 success=yes exit=0 a0=ec38240 a1=a1cca30 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.174:12035): avc: denied { rename } for pid=8303 comm="yum" name="X;455dcb57" dev=dm-0 ino=10324349 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775245.174:12035): avc: denied { unlink } for pid=8303 comm="yum" name="X" dev=dm-0 ino=10314705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775245.174:12035): arch=40000003 syscall=38 success=yes exit=0 a0=a1cca30 a1=ebac1e0 a2=d2a040 a3=a1cca30 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.210:12036): avc: denied { relabelfrom } for pid=8303 comm="yum" name="X" dev=dm-0 ino=10324349 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775245.210:12036): avc: denied { relabelto } for pid=8303 comm="yum" name="X" dev=dm-0 ino=10324349 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775245.210:12036): arch=40000003 syscall=227 success=yes exit=0 a0=ebac1e0 a1=a2f0d3 a2=e68d5c0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.214:12037): avc: denied { setattr } for pid=8303 comm="yum" name="X" dev=dm-0 ino=10324349 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775245.214:12037): arch=40000003 syscall=198 success=yes exit=0 a0=ebac1e0 a1=0 a2=0 a3=eb5448c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.294:12038): avc: denied { unlink } for pid=8303 comm="yum" name="Xorg" dev=dm-0 ino=10334312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xserver_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.294:12038): arch=40000003 syscall=38 success=yes exit=0 a0=e68d5c0 a1=a1cca30 a2=d2a040 a3=e68d5c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.298:12039): avc: denied { relabelto } for pid=8303 comm="yum" name="Xorg" dev=dm-0 ino=10314705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xserver_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.298:12039): arch=40000003 syscall=227 success=yes exit=0 a0=a1cca30 a1=a2f0d3 a2=ebac700 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.298:12040): avc: denied { setattr } for pid=8303 comm="yum" name="Xorg" dev=dm-0 ino=10314705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xserver_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.298:12040): arch=40000003 syscall=212 success=yes exit=0 a0=a1cca30 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.606:12041): avc: denied { unlink } for pid=8303 comm="yum" name="libglx.so" dev=dm-0 ino=11002042 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.606:12041): arch=40000003 syscall=38 success=yes exit=0 a0=ebcb0c0 a1=ec5b4c8 a2=d2a040 a3=ebcb0c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.610:12042): avc: denied { relabelto } for pid=8303 comm="yum" name="libglx.so" dev=dm-0 ino=9722652 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.610:12042): arch=40000003 syscall=227 success=yes exit=0 a0=ec5b4c8 a1=a2f0d3 a2=ec5cd20 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775245.610:12043): avc: denied { setattr } for pid=8303 comm="yum" name="libglx.so" dev=dm-0 ino=9722652 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775245.610:12043): arch=40000003 syscall=212 success=yes exit=0 a0=ec5b4c8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.194:12044): avc: denied { unlink } for pid=8303 comm="yum" name="SecurityPolicy" dev=dm-0 ino=10999522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.194:12044): arch=40000003 syscall=38 success=yes exit=0 a0=ec5d7e0 a1=ec5d758 a2=d2a040 a3=ec5d7e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.194:12045): avc: denied { relabelto } for pid=8303 comm="yum" name="SecurityPolicy" dev=dm-0 ino=163682 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.194:12045): arch=40000003 syscall=227 success=yes exit=0 a0=ec5d758 a1=a2f0d3 a2=ec5ce00 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.198:12046): avc: denied { setattr } for pid=8303 comm="yum" name="SecurityPolicy" dev=dm-0 ino=163682 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.198:12046): arch=40000003 syscall=212 success=yes exit=0 a0=ec5d758 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.302:12047): avc: denied { relabelfrom } for pid=8303 comm="yum" name="xkb" dev=dm-0 ino=14437298 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775246.302:12047): avc: denied { relabelto } for pid=8303 comm="yum" name="xkb" dev=dm-0 ino=14437298 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775246.302:12047): arch=40000003 syscall=227 success=yes exit=0 a0=ebcb0e0 a1=a2f0d3 a2=ec5f060 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.302:12048): avc: denied { setattr } for pid=8303 comm="yum" name="xkb" dev=dm-0 ino=14437298 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775246.302:12048): arch=40000003 syscall=212 success=yes exit=0 a0=ebcb0e0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.306:12049): avc: denied { write } for pid=8303 comm="yum" name="xkb" dev=dm-0 ino=14437298 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775246.306:12049): avc: denied { add_name } for pid=8303 comm="yum" name="README.compiled;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775246.306:12049): avc: denied { create } for pid=8303 comm="yum" name="README.compiled;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.306:12049): arch=40000003 syscall=5 success=yes exit=30 a0=c336540 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.310:12050): avc: denied { write } for pid=8303 comm="yum" name="README.compiled;455dcb57" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.310:12050): arch=40000003 syscall=4 success=yes exit=644 a0=1e a1=b6ebb000 a2=284 a3=ec5f0d8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775246.310:12050): path="/var/lib/xkb/README.compiled;455dcb57"
+type=AVC msg=audit(1163775246.310:12051): avc: denied { remove_name } for pid=8303 comm="yum" name="README.compiled;455dcb57" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775246.310:12051): avc: denied { rename } for pid=8303 comm="yum" name="README.compiled;455dcb57" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=AVC msg=audit(1163775246.310:12051): avc: denied { unlink } for pid=8303 comm="yum" name="README.compiled" dev=dm-0 ino=14437875 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.310:12051): arch=40000003 syscall=38 success=yes exit=0 a0=c336540 a1=ec5f060 a2=d2a040 a3=c336540 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.318:12052): avc: denied { relabelfrom } for pid=8303 comm="yum" name="README.compiled" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=AVC msg=audit(1163775246.318:12052): avc: denied { relabelto } for pid=8303 comm="yum" name="README.compiled" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.318:12052): arch=40000003 syscall=227 success=yes exit=0 a0=ec5f060 a1=a2f0d3 a2=ecf2e30 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775246.318:12053): avc: denied { setattr } for pid=8303 comm="yum" name="README.compiled" dev=dm-0 ino=14437971 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xkb_var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775246.318:12053): arch=40000003 syscall=212 success=yes exit=0 a0=ec5f060 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775255.799:12054): avc: denied { write } for pid=8303 comm="yum" name="xfce4-session" dev=dm-0 ino=9334423 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775255.799:12054): avc: denied { add_name } for pid=8303 comm="yum" name="xfce4-session.rc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775255.799:12054): arch=40000003 syscall=5 success=yes exit=30 a0=ebab930 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775255.807:12055): avc: denied { remove_name } for pid=8303 comm="yum" name="xfce4-session.rc;455dcb57" dev=dm-0 ino=9334424 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775255.807:12055): arch=40000003 syscall=38 success=yes exit=0 a0=ebab930 a1=ec4cd28 a2=d2a040 a3=ebab930 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775255.919:12056): avc: denied { write } for pid=8303 comm="yum" name="engines" dev=dm-0 ino=10345936 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775255.919:12056): avc: denied { add_name } for pid=8303 comm="yum" name="libmice.so;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775255.919:12056): arch=40000003 syscall=5 success=yes exit=30 a0=ebab930 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775255.959:12057): avc: denied { remove_name } for pid=8303 comm="yum" name="libmice.so;455dcb57" dev=dm-0 ino=10344644 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775255.959:12057): arch=40000003 syscall=38 success=yes exit=0 a0=ebab930 a1=ec4cd28 a2=d2a040 a3=ebab930 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775267.847:12058): avc: denied { write } for pid=8303 comm="yum" name="qt-devel-3.3.7" dev=dm-0 ino=12048172 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775267.847:12058): avc: denied { add_name } for pid=8303 comm="yum" name="html" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775267.847:12058): arch=40000003 syscall=39 success=yes exit=0 a0=ea5daa8 a1=1c0 a2=d2a040 a3=ea5daa8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775270.820:12059): avc: denied { read } for pid=11015 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775270.820:12059): arch=40000003 syscall=33 success=yes exit=0 a0=bf8b9f1c a1=4 a2=5a6a64 a3=bf8b9f1c items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775270.828:12060): avc: denied { getattr } for pid=11015 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775270.828:12060): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf8b7c1c a2=104aff4 a3=9cb40c0 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775270.828:12060): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163775271.260:12061): avc: denied { getattr } for pid=11015 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775271.260:12061): arch=40000003 syscall=195 success=yes exit=0 a0=9cf3b18 a1=bf8b7fac a2=104aff4 a3=bf8b7fac items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775271.260:12061): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163775291.741:12062): avc: denied { read } for pid=11015 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775291.741:12062): arch=40000003 syscall=3 success=yes exit=992 a0=23 a1=ac830388 a2=400 a3=400 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775291.741:12062): path="inotify"
+type=AVC msg=audit(1163775300.834:12063): avc: denied { relabelfrom } for pid=8303 comm="yum" name="settings" dev=dm-0 ino=10575168 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775300.834:12063): avc: denied { relabelto } for pid=8303 comm="yum" name="settings" dev=dm-0 ino=10575168 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775300.834:12063): arch=40000003 syscall=227 success=yes exit=0 a0=cd1c498 a1=a2f0d3 a2=ede56b8 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.834:12064): avc: denied { setattr } for pid=8303 comm="yum" name="settings" dev=dm-0 ino=10575168 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775300.834:12064): arch=40000003 syscall=212 success=yes exit=0 a0=cd1c498 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.834:12065): avc: denied { write } for pid=8303 comm="yum" name="settings" dev=dm-0 ino=10575168 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775300.834:12065): avc: denied { add_name } for pid=8303 comm="yum" name="kstylerc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775300.834:12065): avc: denied { create } for pid=8303 comm="yum" name="kstylerc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775300.834:12065): arch=40000003 syscall=5 success=yes exit=30 a0=ede5730 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.834:12066): avc: denied { remove_name } for pid=8303 comm="yum" name="kstylerc;455dcb57" dev=dm-0 ino=11523091 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775300.834:12066): avc: denied { rename } for pid=8303 comm="yum" name="kstylerc;455dcb57" dev=dm-0 ino=11523091 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xdm_var_run_t:s0 tclass=file
+type=AVC msg=audit(1163775300.834:12066): avc: denied { unlink } for pid=8303 comm="yum" name="kstylerc" dev=dm-0 ino=10574748 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775300.834:12066): arch=40000003 syscall=38 success=yes exit=0 a0=ede5730 a1=ecb7060 a2=d2a040 a3=ede5730 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.846:12067): avc: denied { relabelfrom } for pid=8303 comm="yum" name="kstylerc" dev=dm-0 ino=11523091 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xdm_var_run_t:s0 tclass=file
+type=AVC msg=audit(1163775300.846:12067): avc: denied { relabelto } for pid=8303 comm="yum" name="kstylerc" dev=dm-0 ino=11523091 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775300.846:12067): arch=40000003 syscall=227 success=yes exit=0 a0=ecb7060 a1=a2f0d3 a2=edebf48 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.846:12068): avc: denied { setattr } for pid=8303 comm="yum" name="kstylerc" dev=dm-0 ino=11523091 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775300.846:12068): arch=40000003 syscall=212 success=yes exit=0 a0=ecb7060 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775300.858:12069): avc: denied { write } for pid=8303 comm="yum" name="qtrc;455dcb57" dev=dm-0 ino=11523295 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775300.858:12069): arch=40000003 syscall=4 success=yes exit=1292 a0=1e a1=b6dcb000 a2=50c a3=edebf70 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775300.858:12069): path="/usr/lib/qt-3.3/etc/settings/qtrc;455dcb57"
+type=AVC msg=audit(1163775301.458:12070): avc: denied { create } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775301.458:12070): arch=40000003 syscall=83 success=yes exit=0 a0=eef78b8 a1=ec7bbf0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775301.458:12071): avc: denied { rename } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd;455dcb57" dev=dm-0 ino=12210965 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775301.458:12071): avc: denied { unlink } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd" dev=dm-0 ino=10574325 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775301.458:12071): arch=40000003 syscall=38 success=yes exit=0 a0=ec7bbf0 a1=ec7bc50 a2=d2a040 a3=ec7bbf0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775301.458:12072): avc: denied { relabelfrom } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd" dev=dm-0 ino=12210965 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775301.458:12072): avc: denied { relabelto } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd" dev=dm-0 ino=12210965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775301.458:12072): arch=40000003 syscall=227 success=yes exit=0 a0=ec7bc50 a1=a2f0d3 a2=ec7bbf0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775301.458:12073): avc: denied { setattr } for pid=8303 comm="yum" name="08e8e1c95fe2fc01f976f1e063a24ccd" dev=dm-0 ino=12210965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775301.458:12073): arch=40000003 syscall=198 success=yes exit=0 a0=ec7bc50 a1=0 a2=0 a3=ecb54a4 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775327.275:12074): avc: denied { read } for pid=11015 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775327.275:12074): arch=40000003 syscall=5 success=yes exit=58 a0=acb3c538 a1=0 a2=bf8b5174 a3=acb3c538 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163775327.383:12075): avc: denied { execute } for pid=11015 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=user_u:object_r:user_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775327.383:12075): arch=40000003 syscall=192 success=yes exit=134664192 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775327.383:12075): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163775357.749:12076): avc: denied { setattr } for pid=11129 comm="update-desktop-" name=".mimeinfo.cache.FYVVIT" dev=dm-0 ino=10937683 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775357.749:12076): arch=40000003 syscall=94 success=yes exit=0 a0=3 a1=1a4 a2=1a4 a3=9caef44 items=0 ppid=11124 pid=11129 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775361.813:12077): avc: denied { read } for pid=3838 comm="nautilus" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775361.813:12077): arch=40000003 syscall=33 success=yes exit=0 a0=bf97ae55 a1=4 a2=da3a64 a3=bf97ae55 items=0 ppid=1 pid=3838 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775366.318:12078): avc: denied { append } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775366.318:12078): arch=40000003 syscall=5 success=yes exit=15 a0=964bc70 a1=441 a2=1b6 a3=964c020 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775366.338:12079): avc: denied { create } for pid=8549 comm="gconfd-2" name="saved_state.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775366.338:12079): arch=40000003 syscall=5 success=yes exit=15 a0=9829600 a1=241 a2=1c0 a3=0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775366.346:12080): avc: denied { write } for pid=8549 comm="gconfd-2" name="saved_state.tmp" dev=dm-0 ino=13127397 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775366.346:12080): arch=40000003 syscall=4 success=yes exit=1897 a0=f a1=9829bf8 a2=769 a3=0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775366.346:12080): path="/root/.gconfd/saved_state.tmp"
+type=AVC msg=audit(1163775366.346:12081): avc: denied { rename } for pid=8549 comm="gconfd-2" name="saved_state" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775366.346:12081): arch=40000003 syscall=38 success=yes exit=0 a0=96418f0 a1=9828f58 a2=0 a3=0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775366.346:12082): avc: denied { unlink } for pid=8549 comm="gconfd-2" name="saved_state.orig" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775366.346:12082): arch=40000003 syscall=10 success=yes exit=0 a0=9828f58 a1=96418f0 a2=412708 a3=0 items=0 ppid=1 pid=8549 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775368.578:12083): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163775368.578:12083): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775368.578:12083): path="socket:[31406]"
+type=AVC msg=audit(1163775373.374:12084): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.374:12084): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12085): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12085): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12086): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12086): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12087): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12087): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12088): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12088): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12089): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12089): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.378:12090): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775373.378:12090): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12091): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12091): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12092): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12092): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12093): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12093): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12094): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12094): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12095): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=AVC msg=audit(1163775373.382:12096): avc: denied { write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775373.382:12096): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfa20a54 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775373.382:12096): path="/dev/net/tun"
+type=AVC msg=audit(1163775373.382:12097): avc: denied { read } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775373.382:12097): arch=40000003 syscall=3 success=yes exit=40 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775373.382:12097): path="/dev/net/tun"
+type=SYSCALL msg=audit(1163775373.382:12095): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12098): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12098): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.382:12099): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775373.382:12099): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.386:12100): avc: denied { kill } for pid=11138 comm="killall" capability=5 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775373.386:12100): arch=40000003 syscall=37 success=yes exit=0 a0=1042 a1=f a2=0 a3=1042 items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.394:12101): avc: denied { ptrace } for pid=11138 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775373.394:12101): arch=40000003 syscall=195 success=yes exit=0 a0=9194088 a1=bfed26f4 a2=6d1ff4 a3=bfed1a6c items=0 ppid=11135 pid=11138 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775373.638:12102): avc: denied { unlink } for pid=11135 comm="gconftool-2" name="%gconf-tree-th.xml" dev=dm-0 ino=9331348 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775373.638:12102): arch=40000003 syscall=38 success=yes exit=0 a0=9717650 a1=94ac4e8 a2=14d820 a3=0 items=0 ppid=11133 pid=11135 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775374.162:12103): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163775374.162:12103): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775374.162:12103): path="socket:[31406]"
+type=AVC msg=audit(1163775376.486:12104): avc: denied { unlink } for pid=8303 comm="yum" name="boxes.h" dev=dm-0 ino=10607191 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.486:12104): arch=40000003 syscall=38 success=yes exit=0 a0=ecc78b0 a1=effad30 a2=d2a040 a3=ecc78b0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.486:12105): avc: denied { relabelto } for pid=8303 comm="yum" name="boxes.h" dev=dm-0 ino=5368786 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.486:12105): arch=40000003 syscall=227 success=yes exit=0 a0=effad30 a1=a2f0d3 a2=ecc7a58 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.486:12106): avc: denied { setattr } for pid=8303 comm="yum" name="boxes.h" dev=dm-0 ino=5368786 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.486:12106): arch=40000003 syscall=212 success=yes exit=0 a0=effad30 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.866:12107): avc: denied { write } for pid=8303 comm="yum" name="LC_MESSAGES" dev=dm-0 ino=10311909 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775376.866:12107): avc: denied { add_name } for pid=8303 comm="yum" name="metacity.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775376.866:12107): arch=40000003 syscall=5 success=yes exit=30 a0=ecc7cf8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.866:12108): avc: denied { remove_name } for pid=8303 comm="yum" name="metacity.mo;455dcb57" dev=dm-0 ino=10316951 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775376.866:12108): avc: denied { unlink } for pid=8303 comm="yum" name="metacity.mo" dev=dm-0 ino=10325162 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.866:12108): arch=40000003 syscall=38 success=yes exit=0 a0=ecc7cf8 a1=ecc7c20 a2=d2a040 a3=ecc7cf8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.870:12109): avc: denied { relabelto } for pid=8303 comm="yum" name="metacity.mo" dev=dm-0 ino=10316951 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.870:12109): arch=40000003 syscall=227 success=yes exit=0 a0=ecc7c20 a1=a2f0d3 a2=ebfe948 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775376.870:12110): avc: denied { setattr } for pid=8303 comm="yum" name="metacity.mo" dev=dm-0 ino=10316951 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775376.870:12110): arch=40000003 syscall=212 success=yes exit=0 a0=ecc7c20 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775380.527:12111): avc: denied { write } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10311889 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163775380.527:12111): avc: denied { add_name } for pid=8303 comm="yum" name="metacity-theme-viewer.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775380.527:12111): arch=40000003 syscall=5 success=yes exit=30 a0=ecc7cf8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775380.539:12112): avc: denied { remove_name } for pid=8303 comm="yum" name="metacity-theme-viewer.1.gz;455dcb57" dev=dm-0 ino=10319617 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163775380.539:12112): avc: denied { unlink } for pid=8303 comm="yum" name="metacity-theme-viewer.1.gz" dev=dm-0 ino=10319618 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775380.539:12112): arch=40000003 syscall=38 success=yes exit=0 a0=ecc7cf8 a1=ecc7c20 a2=d2a040 a3=ecc7cf8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775380.571:12113): avc: denied { relabelto } for pid=8303 comm="yum" name="metacity-theme-viewer.1.gz" dev=dm-0 ino=10319617 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775380.571:12113): arch=40000003 syscall=227 success=yes exit=0 a0=ecc7c20 a1=a2f0d3 a2=ebfe928 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775380.571:12114): avc: denied { setattr } for pid=8303 comm="yum" name="metacity-theme-viewer.1.gz" dev=dm-0 ino=10319617 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775380.571:12114): arch=40000003 syscall=212 success=yes exit=0 a0=ecc7c20 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775389.011:12115): avc: denied { execute } for pid=11140 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775389.011:12115): avc: denied { execute_no_trans } for pid=11140 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775389.011:12115): avc: denied { read } for pid=11140 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775389.011:12115): arch=40000003 syscall=11 success=yes exit=0 a0=951ebb8 a1=951e220 a2=951ec38 a3=951e120 items=0 ppid=11139 pid=11140 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775389.011:12115): path="/sbin/ldconfig"
+type=AVC_PATH msg=audit(1163775389.011:12115): path="/sbin/ldconfig"
+type=AVC msg=audit(1163775396.440:12116): avc: denied { ptrace } for pid=11143 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775396.440:12116): arch=40000003 syscall=195 success=yes exit=0 a0=81c0088 a1=bfd375d4 a2=39dff4 a3=bfd3694c items=0 ppid=11142 pid=11143 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775396.440:12117): avc: denied { ptrace } for pid=11143 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775396.440:12117): arch=40000003 syscall=195 success=yes exit=0 a0=81c0088 a1=bfd375d4 a2=39dff4 a3=bfd3694c items=0 ppid=11142 pid=11143 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775396.440:12118): avc: denied { ptrace } for pid=11143 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775396.440:12118): arch=40000003 syscall=195 success=yes exit=0 a0=81c0088 a1=bfd375d4 a2=39dff4 a3=bfd3694c items=0 ppid=11142 pid=11143 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775396.440:12119): avc: denied { ptrace } for pid=11143 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775396.440:12119): arch=40000003 syscall=195 success=yes exit=0 a0=81c0088 a1=bfd375d4 a2=39dff4 a3=bfd3694c items=0 ppid=11142 pid=11143 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.248:12120): avc: denied { write } for pid=8303 comm="yum" name="/" dev=sda1 ino=2 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.248:12120): avc: denied { add_name } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.248:12120): avc: denied { create } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.248:12120): arch=40000003 syscall=5 success=yes exit=30 a0=ecc7c20 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.356:12121): avc: denied { write } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6;455dcb57" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.356:12121): arch=40000003 syscall=4 success=yes exit=65536 a0=1e a1=ef9fd28 a2=10000 a3=bef75f0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775400.356:12121): path="/boot/System.map-2.6.18-1.2849.fc6;455dcb57"
+type=AVC msg=audit(1163775400.436:12122): avc: denied { remove_name } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6;455dcb57" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.436:12122): avc: denied { rename } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6;455dcb57" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.436:12122): arch=40000003 syscall=38 success=yes exit=0 a0=ecc7c20 a1=ebfe948 a2=d2a040 a3=ecc7c20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.500:12123): avc: denied { relabelfrom } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=AVC msg=audit(1163775400.500:12123): avc: denied { relabelto } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.500:12123): arch=40000003 syscall=227 success=yes exit=0 a0=ebfe948 a1=a2f0d3 a2=ecc7c20 a3=22 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.500:12124): avc: denied { setattr } for pid=8303 comm="yum" name="System.map-2.6.18-1.2849.fc6" dev=sda1 ino=10046 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.500:12124): arch=40000003 syscall=212 success=yes exit=0 a0=ebfe948 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.508:12125): avc: denied { relabelto } for pid=8303 comm="yum" name="config-2.6.18-1.2849.fc6" dev=sda1 ino=10047 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.508:12125): arch=40000003 syscall=227 success=yes exit=0 a0=ebfe948 a1=a2f0d3 a2=ec35ac8 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.508:12126): avc: denied { setattr } for pid=8303 comm="yum" name="config-2.6.18-1.2849.fc6" dev=sda1 ino=10047 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.508:12126): arch=40000003 syscall=212 success=yes exit=0 a0=ebfe948 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.712:12127): avc: denied { write } for pid=8303 comm="yum" name="modules" dev=dm-0 ino=13716388 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.712:12127): avc: denied { add_name } for pid=8303 comm="yum" name="2.6.18-1.2849.fc6" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.712:12127): avc: denied { create } for pid=8303 comm="yum" name="2.6.18-1.2849.fc6" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775400.712:12127): arch=40000003 syscall=39 success=yes exit=0 a0=ebfe948 a1=1c0 a2=d2a040 a3=ebfe948 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.736:12128): avc: denied { relabelfrom } for pid=8303 comm="yum" name="2.6.18-1.2849.fc6" dev=dm-0 ino=13717306 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.736:12128): avc: denied { relabelto } for pid=8303 comm="yum" name="2.6.18-1.2849.fc6" dev=dm-0 ino=13717306 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775400.736:12128): arch=40000003 syscall=227 success=yes exit=0 a0=ebfe948 a1=a2f0d3 a2=eee8910 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.740:12129): avc: denied { setattr } for pid=8303 comm="yum" name="2.6.18-1.2849.fc6" dev=dm-0 ino=13717306 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775400.740:12129): arch=40000003 syscall=212 success=yes exit=0 a0=ebfe948 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.740:12130): avc: denied { create } for pid=8303 comm="yum" name="build;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775400.740:12130): arch=40000003 syscall=83 success=yes exit=0 a0=ef9fd28 a1=eee8910 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.740:12131): avc: denied { remove_name } for pid=8303 comm="yum" name="build;455dcb57" dev=dm-0 ino=13720656 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir
+type=AVC msg=audit(1163775400.740:12131): avc: denied { rename } for pid=8303 comm="yum" name="build;455dcb57" dev=dm-0 ino=13720656 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775400.740:12131): arch=40000003 syscall=38 success=yes exit=0 a0=eee8910 a1=ec0e4c8 a2=d2a040 a3=eee8910 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.740:12132): avc: denied { relabelfrom } for pid=8303 comm="yum" name="build" dev=dm-0 ino=13720656 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775400.740:12132): avc: denied { relabelto } for pid=8303 comm="yum" name="build" dev=dm-0 ino=13720656 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775400.740:12132): arch=40000003 syscall=227 success=yes exit=0 a0=ec0e4c8 a1=a2f0d3 a2=ec0e4f8 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.740:12133): avc: denied { setattr } for pid=8303 comm="yum" name="build" dev=dm-0 ino=13720656 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775400.740:12133): arch=40000003 syscall=198 success=yes exit=0 a0=ec0e4c8 a1=0 a2=0 a3=ec1460c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.744:12134): avc: denied { create } for pid=8303 comm="yum" name="aes-i586.ko;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.744:12134): arch=40000003 syscall=5 success=yes exit=30 a0=ec0e630 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.744:12135): avc: denied { write } for pid=8303 comm="yum" name="aes-i586.ko;455dcb57" dev=dm-0 ino=13720662 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.744:12135): arch=40000003 syscall=4 success=yes exit=16384 a0=1e a1=ef9fd28 a2=4000 a3=ec0e680 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775400.744:12135): path="/lib/modules/2.6.18-1.2849.fc6/kernel/arch/i386/crypto/aes-i586.ko;455dcb57"
+type=AVC msg=audit(1163775400.744:12136): avc: denied { rename } for pid=8303 comm="yum" name="aes-i586.ko;455dcb57" dev=dm-0 ino=13720662 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.744:12136): arch=40000003 syscall=38 success=yes exit=0 a0=ec0e630 a1=ec0e680 a2=d2a040 a3=ec0e630 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.760:12137): avc: denied { relabelfrom } for pid=8303 comm="yum" name="aes-i586.ko" dev=dm-0 ino=13720662 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=AVC msg=audit(1163775400.760:12137): avc: denied { relabelto } for pid=8303 comm="yum" name="aes-i586.ko" dev=dm-0 ino=13720662 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.760:12137): arch=40000003 syscall=227 success=yes exit=0 a0=ec0e680 a1=a2f0d3 a2=eee8910 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775400.760:12138): avc: denied { setattr } for pid=8303 comm="yum" name="aes-i586.ko" dev=dm-0 ino=13720662 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775400.760:12138): arch=40000003 syscall=212 success=yes exit=0 a0=ec0e680 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775422.877:12139): avc: denied { execute } for pid=11148 comm="new-kernel-pkg" name="depmod" dev=dm-0 ino=9984676 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:depmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775422.877:12139): arch=40000003 syscall=33 success=yes exit=0 a0=97f4298 a1=1 a2=11 a3=97f4298 items=0 ppid=11144 pid=11148 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="new-kernel-pkg" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775422.877:12140): avc: denied { read } for pid=11148 comm="new-kernel-pkg" name="depmod" dev=dm-0 ino=9984676 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:depmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775422.877:12140): arch=40000003 syscall=33 success=yes exit=0 a0=97f4298 a1=4 a2=ffffffff a3=97f4298 items=0 ppid=11144 pid=11148 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="new-kernel-pkg" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775422.877:12141): avc: denied { execute_no_trans } for pid=11156 comm="new-kernel-pkg" name="depmod" dev=dm-0 ino=9984676 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:depmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775422.877:12141): arch=40000003 syscall=11 success=yes exit=0 a0=97f4298 a1=97e60a0 a2=97e98a8 a3=97f45c8 items=0 ppid=11148 pid=11156 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="depmod" exe="/sbin/depmod" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775422.877:12141): path="/sbin/depmod"
+type=AVC msg=audit(1163775422.965:12142): avc: denied { read } for pid=11156 comm="depmod" name="anubis.ko" dev=dm-0 ino=13720675 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775422.965:12142): arch=40000003 syscall=5 success=yes exit=7 a0=9d7475c a1=0 a2=1b6 a3=9d7cf10 items=0 ppid=11148 pid=11156 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="depmod" exe="/sbin/depmod" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775423.421:12143): avc: denied { execute } for pid=11157 comm="new-kernel-pkg" name="mkinitrd" dev=dm-0 ino=9984521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775423.421:12143): avc: denied { execute_no_trans } for pid=11157 comm="new-kernel-pkg" name="mkinitrd" dev=dm-0 ino=9984521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775423.421:12143): avc: denied { read } for pid=11157 comm="new-kernel-pkg" name="mkinitrd" dev=dm-0 ino=9984521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.421:12143): arch=40000003 syscall=11 success=yes exit=0 a0=97f3dc0 a1=97e60a0 a2=97e98a8 a3=97f42d8 items=0 ppid=11148 pid=11157 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775423.421:12143): path="/sbin/mkinitrd"
+type=AVC_PATH msg=audit(1163775423.421:12143): path="/sbin/mkinitrd"
+type=AVC msg=audit(1163775423.445:12144): avc: denied { ioctl } for pid=11157 comm="mkinitrd" name="mkinitrd" dev=dm-0 ino=9984521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bootloader_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.445:12144): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf930808 a3=bf930848 items=0 ppid=11148 pid=11157 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775423.445:12144): path="/sbin/mkinitrd"
+type=AVC msg=audit(1163775423.725:12145): avc: denied { execute } for pid=11165 comm="mkinitrd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.725:12145): arch=40000003 syscall=33 success=yes exit=0 a0=99ec890 a1=1 a2=11 a3=99ec890 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775423.725:12146): avc: denied { read } for pid=11165 comm="mkinitrd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.725:12146): arch=40000003 syscall=33 success=yes exit=0 a0=99ec890 a1=4 a2=ffffffff a3=99ec890 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775423.725:12147): avc: denied { execute_no_trans } for pid=11165 comm="mkinitrd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.725:12147): arch=40000003 syscall=11 success=yes exit=0 a0=99ec890 a1=99ecaa8 a2=99c4170 a3=99ec908 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775423.725:12147): path="/sbin/modprobe"
+type=AVC msg=audit(1163775423.809:12148): avc: denied { read } for pid=11165 comm="modprobe" name="modules.dep" dev=dm-0 ino=13722566 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.809:12148): arch=40000003 syscall=5 success=yes exit=3 a0=822d1d0 a1=0 a2=1b6 a3=822d3b8 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775423.813:12149): avc: denied { write } for pid=11165 comm="modprobe" name="uhci-hcd.ko" dev=dm-0 ino=13721860 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.813:12149): arch=40000003 syscall=5 success=yes exit=3 a0=822d174 a1=2 a2=0 a3=822d174 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775423.813:12150): avc: denied { lock } for pid=11165 comm="modprobe" name="uhci-hcd.ko" dev=dm-0 ino=13721860 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775423.813:12150): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfb99a20 a3=bfb99a20 items=0 ppid=11164 pid=11165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775423.813:12150): path="/lib/modules/2.6.18-1.2849.fc6/kernel/drivers/usb/host/uhci-hcd.ko"
+type=AVC msg=audit(1163775424.821:12151): avc: denied { execute } for pid=11318 comm="mkinitrd" name="lvm.static" dev=dm-0 ino=9984644 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775424.821:12151): arch=40000003 syscall=33 success=yes exit=0 a0=99ebea8 a1=1 a2=11 a3=99ebea8 items=0 ppid=11157 pid=11318 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775424.825:12152): avc: denied { read } for pid=11318 comm="mkinitrd" name="lvm.static" dev=dm-0 ino=9984644 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775424.825:12152): arch=40000003 syscall=33 success=yes exit=0 a0=99ebea8 a1=4 a2=ffffffff a3=99ebea8 items=0 ppid=11157 pid=11318 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mkinitrd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775424.825:12153): avc: denied { execute_no_trans } for pid=11319 comm="mkinitrd" name="lvm.static" dev=dm-0 ino=9984644 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775424.825:12153): arch=40000003 syscall=11 success=yes exit=0 a0=99ebea8 a1=99eba60 a2=99c4170 a3=99ebf60 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775424.825:12153): path="/sbin/lvm.static"
+type=AVC msg=audit(1163775425.329:12154): avc: denied { read } for pid=11319 comm="lvm.static" name="lvm.conf" dev=dm-0 ino=9331271 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775425.329:12154): arch=40000003 syscall=5 success=yes exit=3 a0=8578d00 a1=8000 a2=0 a3=0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775425.341:12155): avc: denied { read } for pid=11319 comm="lvm.static" name=".cache" dev=dm-0 ino=9331107 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_metadata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775425.341:12155): arch=40000003 syscall=5 success=yes exit=3 a0=8585c70 a1=8000 a2=0 a3=0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775425.349:12156): avc: denied { getattr } for pid=11319 comm="lvm.static" name="001" dev=tmpfs ino=4880 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.349:12156): arch=40000003 syscall=195 success=yes exit=0 a0=858e330 a1=bf83d63c a2=1 a3=858e330 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.349:12156): path="/dev/bus/usb/001/001"
+type=AVC msg=audit(1163775425.353:12157): avc: denied { getattr } for pid=11319 comm="lvm.static" name="kcore" dev=proc ino=-268435434 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775425.353:12157): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.353:12157): path="/proc/kcore"
+type=AVC msg=audit(1163775425.353:12158): avc: denied { getattr } for pid=11319 comm="lvm.static" name="microcode" dev=tmpfs ino=3250 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cpu_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.353:12158): arch=40000003 syscall=195 success=yes exit=0 a0=858c210 a1=bf83d83c a2=1 a3=858c210 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.353:12158): path="/dev/cpu/microcode"
+type=AVC msg=audit(1163775425.353:12159): avc: denied { getattr } for pid=11319 comm="lvm.static" name="mice" dev=tmpfs ino=3191 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.353:12159): arch=40000003 syscall=195 success=yes exit=0 a0=858ae90 a1=bf83d83c a2=1 a3=858ae90 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.353:12159): path="/dev/input/mice"
+type=AVC msg=audit(1163775425.353:12160): avc: denied { getattr } for pid=11319 comm="lvm.static" name="lp0" dev=tmpfs ino=5586 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.353:12160): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.353:12160): path="/dev/lp0"
+type=AVC msg=audit(1163775425.361:12161): avc: denied { getattr } for pid=11319 comm="lvm.static" name="control" dev=tmpfs ino=965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.361:12161): arch=40000003 syscall=195 success=yes exit=0 a0=8585c60 a1=bf83d83c a2=1 a3=8585c60 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.361:12161): path="/dev/mapper/control"
+type=AVC msg=audit(1163775425.361:12162): avc: denied { getattr } for pid=11319 comm="lvm.static" name="mem" dev=tmpfs ino=2000 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.361:12162): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.361:12162): path="/dev/mem"
+type=AVC msg=audit(1163775425.361:12163): avc: denied { getattr } for pid=11319 comm="lvm.static" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.361:12163): arch=40000003 syscall=195 success=yes exit=0 a0=8585c60 a1=bf83d83c a2=1 a3=8585c60 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.361:12163): path="/dev/net/tun"
+type=AVC msg=audit(1163775425.361:12164): avc: denied { getattr } for pid=11319 comm="lvm.static" name="nvram" dev=tmpfs ino=3204 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:nvram_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.361:12164): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.361:12164): path="/dev/nvram"
+type=AVC msg=audit(1163775425.361:12165): avc: denied { getattr } for pid=11319 comm="lvm.static" name="ppp" dev=tmpfs ino=1477 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.361:12165): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.361:12165): path="/dev/ppp"
+type=AVC msg=audit(1163775425.365:12166): avc: denied { getattr } for pid=11319 comm="lvm.static" name="rtc" dev=tmpfs ino=744 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:clock_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.365:12166): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.365:12166): path="/dev/rtc"
+type=AVC msg=audit(1163775425.365:12167): avc: denied { getattr } for pid=11319 comm="lvm.static" name="sg0" dev=tmpfs ino=4865 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.365:12167): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.365:12167): path="/dev/sg0"
+type=AVC msg=audit(1163775425.365:12168): avc: denied { getattr } for pid=11319 comm="lvm.static" name="systty" dev=tmpfs ino=740 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.365:12168): arch=40000003 syscall=195 success=yes exit=0 a0=8586188 a1=bf83d93c a2=1 a3=8586188 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.365:12168): path="/dev/systty"
+type=AVC msg=audit(1163775425.365:12169): avc: denied { getattr } for pid=11319 comm="lvm.static" name="blktap0" dev=tmpfs ino=10081 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xen_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775425.365:12169): arch=40000003 syscall=195 success=yes exit=0 a0=8585c60 a1=bf83d83c a2=1 a3=8585c60 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.365:12169): path="/dev/xen/blktap0"
+type=AVC msg=audit(1163775425.425:12170): avc: denied { read write search } for pid=11319 comm="lvm.static" name="lvm" dev=dm-0 ino=14436627 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775425.425:12170): arch=40000003 syscall=33 success=yes exit=0 a0=81deb60 a1=7 a2=81d2a28 a3=81deb60 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775425.425:12171): avc: denied { add_name } for pid=11319 comm="lvm.static" name="V_VolGroup00" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775425.425:12171): avc: denied { create } for pid=11319 comm="lvm.static" name="V_VolGroup00" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lvm_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775425.425:12171): arch=40000003 syscall=5 success=yes exit=3 a0=bf83e3a8 a1=8442 a2=1ff a3=1ff items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775425.437:12172): avc: denied { lock } for pid=11319 comm="lvm.static" name="V_VolGroup00" dev=dm-0 ino=14438001 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lvm_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775425.437:12172): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=1 a2=81d2a28 a3=0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.437:12172): path="/var/lock/lvm/V_VolGroup00"
+type=AVC msg=audit(1163775425.437:12173): avc: denied { read } for pid=11319 comm="lvm.static" name="ram0" dev=tmpfs ino=790 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
+type=SYSCALL msg=audit(1163775425.437:12173): arch=40000003 syscall=5 success=no exit=-22 a0=857f7f8 a1=4c000 a2=0 a3=0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775425.437:12174): avc: denied { ioctl } for pid=11319 comm="lvm.static" name="ram0" dev=tmpfs ino=790 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
+type=SYSCALL msg=audit(1163775425.437:12174): arch=40000003 syscall=54 success=yes exit=0 a0=4 a1=80041270 a2=857f008 a3=857eff0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775425.437:12174): path="/dev/ram0"
+type=AVC msg=audit(1163775425.465:12175): avc: denied { dac_override } for pid=11319 comm="lvm.static" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775425.465:12175): arch=40000003 syscall=5 success=yes exit=4 a0=857d6f8 a1=4c000 a2=0 a3=0 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775427.045:12176): avc: denied { remove_name } for pid=11319 comm="lvm.static" name="V_VolGroup00" dev=dm-0 ino=14438001 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775427.045:12176): avc: denied { unlink } for pid=11319 comm="lvm.static" name="V_VolGroup00" dev=dm-0 ino=14438001 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lvm_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775427.045:12176): arch=40000003 syscall=10 success=yes exit=0 a0=858d878 a1=0 a2=81d2a28 a3=bf83e28c items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775427.045:12177): avc: denied { write } for pid=11319 comm="lvm.static" name=".cache" dev=dm-0 ino=9331107 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_metadata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775427.045:12177): arch=40000003 syscall=5 success=yes exit=3 a0=8586198 a1=8241 a2=1b6 a3=4 items=0 ppid=11318 pid=11319 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775427.137:12178): avc: denied { read write } for pid=11322 comm="lvm.static" name="control" dev=tmpfs ino=965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775427.137:12178): arch=40000003 syscall=5 success=yes exit=5 a0=bf9142d4 a1=8002 a2=0 a3=0 items=0 ppid=11321 pid=11322 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775427.137:12179): avc: denied { ioctl } for pid=11322 comm="lvm.static" name="control" dev=tmpfs ino=965 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775427.137:12179): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=c134fd00 a2=8d312b0 a3=81d6b60 items=0 ppid=11321 pid=11322 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm.static" exe="/sbin/lvm.static" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775427.137:12179): path="/dev/mapper/control"
+type=AVC msg=audit(1163775428.994:12180): avc: denied { create } for pid=11620 comm="dmraid" name=".lock" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775428.994:12180): arch=40000003 syscall=5 success=yes exit=3 a0=ca36cc a1=442 a2=1ff a3=81b73e0 items=0 ppid=11619 pid=11620 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dmraid" exe="/sbin/dmraid" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775429.014:12181): avc: denied { lock } for pid=11620 comm="dmraid" name=".lock" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775429.014:12181): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=2 a2=cac650 a3=81b73e0 items=0 ppid=11619 pid=11620 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dmraid" exe="/sbin/dmraid" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775429.014:12181): path="/var/lock/dmraid/.lock"
+type=AVC msg=audit(1163775429.014:12182): avc: denied { sys_rawio } for pid=11620 comm="dmraid" capability=17 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775429.014:12182): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=31f a2=81b9708 a3=81b9708 items=0 ppid=11619 pid=11620 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dmraid" exe="/sbin/dmraid" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775429.110:12183): avc: denied { unlink } for pid=11620 comm="dmraid" name=".lock" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775429.110:12183): arch=40000003 syscall=10 success=yes exit=0 a0=ca36cc a1=81b73e0 a2=cac650 a3=ca36cc items=0 ppid=11619 pid=11620 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="dmraid" exe="/sbin/dmraid" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775430.234:12184): avc: denied { mknod } for pid=11693 comm="mknod" capability=27 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163775430.234:12184): avc: denied { create } for pid=11693 comm="mknod" name="ram0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=blk_file
+type=SYSCALL msg=audit(1163775430.234:12184): arch=40000003 syscall=14 success=yes exit=0 a0=bfe88bb3 a1=61b6 a2=100 a3=0 items=0 ppid=11157 pid=11693 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mknod" exe="/bin/mknod" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775430.246:12185): avc: denied { create } for pid=11696 comm="mknod" name="null" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775430.246:12185): arch=40000003 syscall=14 success=yes exit=0 a0=bfde5bb3 a1=21b6 a2=103 a3=0 items=0 ppid=11157 pid=11696 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mknod" exe="/bin/mknod" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775430.882:12186): avc: denied { ioctl } for pid=11835 comm="gzip" name="initrd-2.6.18-1.2849.fc6.img" dev=sda1 ino=10050 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775430.882:12186): arch=40000003 syscall=54 success=no exit=-25 a0=1 a1=5401 a2=bfcd9728 a3=bfcd9768 items=0 ppid=11157 pid=11835 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gzip" exe="/bin/gzip" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775430.882:12186): path="/boot/initrd-2.6.18-1.2849.fc6.img"
+type=AVC msg=audit(1163775433.094:12187): avc: denied { unlink } for pid=11836 comm="rm" name="ram1" dev=dm-0 ino=14568121 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=blk_file
+type=SYSCALL msg=audit(1163775433.094:12187): arch=40000003 syscall=10 success=yes exit=0 a0=80b198f a1=80b197c a2=805277c a3=bfc2fde4 items=0 ppid=11157 pid=11836 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.094:12188): avc: denied { unlink } for pid=11836 comm="rm" name="ttyS1" dev=dm-0 ino=14568140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163775433.094:12188): arch=40000003 syscall=10 success=yes exit=0 a0=80b19a7 a1=80b1994 a2=805277c a3=bfc2fde4 items=0 ppid=11157 pid=11836 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.346:12189): avc: denied { write } for pid=11843 comm="grubby" name="fd0" dev=tmpfs ino=4597 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
+type=SYSCALL msg=audit(1163775433.346:12189): arch=40000003 syscall=5 success=no exit=-6 a0=9651970 a1=0 a2=0 a3=3 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.590:12190): avc: denied { write } for pid=11843 comm="grubby" name="blkid.tab" dev=dm-0 ino=9331364 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.590:12190): arch=40000003 syscall=33 success=yes exit=0 a0=96536c0 a1=2 a2=96518f8 a3=3 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.590:12191): avc: denied { write } for pid=11843 comm="grubby" name="blkid" dev=dm-0 ino=9330183 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=dir
+type=AVC msg=audit(1163775433.590:12191): avc: denied { add_name } for pid=11843 comm="grubby" name="blkid.tab-lm5AcU" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=dir
+type=AVC msg=audit(1163775433.590:12191): avc: denied { create } for pid=11843 comm="grubby" name="blkid.tab-lm5AcU" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.590:12191): arch=40000003 syscall=5 success=yes exit=3 a0=96532c0 a1=c2 a2=180 a3=62a46a items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.590:12192): avc: denied { setattr } for pid=11843 comm="grubby" name="blkid.tab-lm5AcU" dev=dm-0 ino=9331792 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.590:12192): arch=40000003 syscall=94 success=yes exit=0 a0=3 a1=1a4 a2=3 a3=3 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.590:12193): avc: denied { write } for pid=11843 comm="grubby" name="blkid.tab-lm5AcU" dev=dm-0 ino=9331792 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.590:12193): arch=40000003 syscall=4 success=yes exit=1160 a0=3 a1=b7fa8000 a2=488 a3=488 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775433.590:12193): path="/etc/blkid/blkid.tab-lm5AcU"
+type=AVC msg=audit(1163775433.594:12194): avc: denied { remove_name } for pid=11843 comm="grubby" name="blkid.tab.old" dev=dm-0 ino=9330705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=dir
+type=AVC msg=audit(1163775433.594:12194): avc: denied { unlink } for pid=11843 comm="grubby" name="blkid.tab.old" dev=dm-0 ino=9330705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.594:12194): arch=40000003 syscall=10 success=yes exit=0 a0=9651920 a1=0 a2=9651920 a3=96518f8 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.594:12195): avc: denied { link } for pid=11843 comm="grubby" name="blkid.tab" dev=dm-0 ino=9331364 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.594:12195): arch=40000003 syscall=9 success=yes exit=0 a0=96536c0 a1=9651920 a2=9651920 a3=96518f8 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.594:12196): avc: denied { rename } for pid=11843 comm="grubby" name="blkid.tab-lm5AcU" dev=dm-0 ino=9331792 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.594:12196): arch=40000003 syscall=38 success=yes exit=0 a0=96532c0 a1=96536c0 a2=9651920 a3=96518f8 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.626:12197): avc: denied { setattr } for pid=11843 comm="grubby" name="grub.conf-" dev=sda1 ino=2011 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.626:12197): arch=40000003 syscall=15 success=yes exit=0 a0=bffadda0 a1=180 a2=80efd04 a3=9651660 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775433.626:12198): avc: denied { unlink } for pid=11843 comm="grubby" name="grub.conf" dev=sda1 ino=2010 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:boot_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775433.626:12198): arch=40000003 syscall=38 success=yes exit=0 a0=bffadda0 a1=80d08b1 a2=80efd04 a3=0 items=0 ppid=11148 pid=11843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="grubby" exe="/sbin/grubby" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.530:12199): avc: denied { append } for pid=8303 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.530:12199): arch=40000003 syscall=4 success=yes exit=57 a0=4 a1=b7bd1000 a2=39 a3=39 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775434.530:12199): path="/var/log/yum.log"
+type=AVC msg=audit(1163775434.590:12200): avc: denied { write } for pid=8303 comm="yum" name="bin" dev=dm-0 ino=10311850 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775434.590:12200): avc: denied { add_name } for pid=8303 comm="yum" name="update-mime-database;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775434.590:12200): avc: denied { create } for pid=8303 comm="yum" name="update-mime-database;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.590:12200): arch=40000003 syscall=5 success=yes exit=30 a0=ec35558 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.590:12201): avc: denied { write } for pid=8303 comm="yum" name="update-mime-database;455dcb57" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.590:12201): arch=40000003 syscall=4 success=yes exit=32768 a0=1e a1=ef73980 a2=8000 a3=9c6ab30 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775434.590:12201): path="/usr/bin/update-mime-database;455dcb57"
+type=AVC msg=audit(1163775434.590:12202): avc: denied { remove_name } for pid=8303 comm="yum" name="update-mime-database;455dcb57" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775434.590:12202): avc: denied { rename } for pid=8303 comm="yum" name="update-mime-database;455dcb57" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163775434.590:12202): avc: denied { unlink } for pid=8303 comm="yum" name="update-mime-database" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.590:12202): arch=40000003 syscall=38 success=yes exit=0 a0=ec35558 a1=edeae48 a2=d2a040 a3=ec35558 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.646:12203): avc: denied { relabelfrom } for pid=8303 comm="yum" name="update-mime-database" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163775434.646:12203): avc: denied { relabelto } for pid=8303 comm="yum" name="update-mime-database" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.646:12203): arch=40000003 syscall=227 success=yes exit=0 a0=edeae48 a1=a2f0d3 a2=efba528 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.646:12204): avc: denied { setattr } for pid=8303 comm="yum" name="update-mime-database" dev=dm-0 ino=10319620 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.646:12204): arch=40000003 syscall=212 success=yes exit=0 a0=edeae48 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.646:12205): avc: denied { create } for pid=8303 comm="yum" name="shared-mime-info.pc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.646:12205): arch=40000003 syscall=5 success=yes exit=30 a0=f03cde8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.646:12206): avc: denied { write } for pid=8303 comm="yum" name="shared-mime-info.pc;455dcb57" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.646:12206): arch=40000003 syscall=4 success=yes exit=177 a0=1e a1=b6dcb000 a2=b1 a3=9c6ab30 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775434.646:12206): path="/usr/lib/pkgconfig/shared-mime-info.pc;455dcb57"
+type=AVC msg=audit(1163775434.646:12207): avc: denied { rename } for pid=8303 comm="yum" name="shared-mime-info.pc;455dcb57" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775434.646:12207): avc: denied { unlink } for pid=8303 comm="yum" name="shared-mime-info.pc" dev=dm-0 ino=10319316 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.646:12207): arch=40000003 syscall=38 success=yes exit=0 a0=f03cde8 a1=ec0e498 a2=d2a040 a3=f03cde8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.662:12208): avc: denied { relabelfrom } for pid=8303 comm="yum" name="shared-mime-info.pc" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775434.662:12208): avc: denied { relabelto } for pid=8303 comm="yum" name="shared-mime-info.pc" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.662:12208): arch=40000003 syscall=227 success=yes exit=0 a0=ec0e498 a1=a2f0d3 a2=efba660 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.666:12209): avc: denied { setattr } for pid=8303 comm="yum" name="shared-mime-info.pc" dev=dm-0 ino=10325206 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775434.666:12209): arch=40000003 syscall=212 success=yes exit=0 a0=ec0e498 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.666:12210): avc: denied { write } for pid=8303 comm="yum" name="applications" dev=dm-0 ino=10311883 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775434.666:12210): avc: denied { add_name } for pid=8303 comm="yum" name="defaults.list;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775434.666:12210): arch=40000003 syscall=5 success=yes exit=30 a0=f03cde8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.666:12211): avc: denied { remove_name } for pid=8303 comm="yum" name="defaults.list;455dcb57" dev=dm-0 ino=10319316 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775434.666:12211): arch=40000003 syscall=38 success=yes exit=0 a0=f03cde8 a1=ec0e498 a2=d2a040 a3=f03cde8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.690:12212): avc: denied { read } for pid=11015 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775434.690:12212): arch=40000003 syscall=3 success=yes exit=304 a0=23 a1=acbc0110 a2=400 a3=400 items=0 ppid=1 pid=11015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775434.690:12212): path="inotify"
+type=AVC msg=audit(1163775434.690:12213): avc: denied { relabelfrom } for pid=8303 comm="yum" name="shared-mime-info-0.19" dev=dm-0 ino=10968927 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775434.690:12213): avc: denied { relabelto } for pid=8303 comm="yum" name="shared-mime-info-0.19" dev=dm-0 ino=10968927 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775434.690:12213): arch=40000003 syscall=227 success=yes exit=0 a0=ec0e498 a1=a2f0d3 a2=efba8d0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775434.690:12214): avc: denied { setattr } for pid=8303 comm="yum" name="shared-mime-info-0.19" dev=dm-0 ino=10968927 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775434.690:12214): arch=40000003 syscall=212 success=yes exit=0 a0=ec0e498 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775436.302:12215): avc: denied { unlink } for pid=12108 comm="update-mime-dat" name="x-kodak-dcr.xml" dev=dm-0 ino=10216297 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775436.302:12215): arch=40000003 syscall=38 success=yes exit=0 a0=95cf988 a1=95e7190 a2=95cf988 a3=95e7190 items=0 ppid=12107 pid=12108 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-mime-dat" exe="/usr/bin/update-mime-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.202:12216): avc: denied { write } for pid=8303 comm="yum" name="schemas" dev=dm-0 ino=9330176 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775437.202:12216): avc: denied { add_name } for pid=8303 comm="yum" name="gsf-office-thumbnailer.schemas;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775437.202:12216): arch=40000003 syscall=5 success=yes exit=30 a0=f03d5b8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.254:12217): avc: denied { remove_name } for pid=8303 comm="yum" name="gsf-office-thumbnailer.schemas;455dcb57" dev=dm-0 ino=9330705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775437.254:12217): arch=40000003 syscall=38 success=yes exit=0 a0=f03d5b8 a1=f03d4e0 a2=d2a040 a3=f03d5b8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.342:12218): avc: denied { create } for pid=8303 comm="yum" name="libgsf-1.14.3" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775437.342:12218): arch=40000003 syscall=39 success=yes exit=0 a0=edeae60 a1=1c0 a2=d2a040 a3=edeae60 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.346:12219): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgsf-1.14.3" dev=dm-0 ino=12050786 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775437.346:12219): arch=40000003 syscall=227 success=yes exit=0 a0=edeae60 a1=a2f0d3 a2=f034840 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.354:12220): avc: denied { create } for pid=8303 comm="yum" name="libgsf.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775437.354:12220): arch=40000003 syscall=5 success=yes exit=30 a0=f03d4e0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.362:12221): avc: denied { write } for pid=8303 comm="yum" name="libgsf.mo;455dcb57" dev=dm-0 ino=10333883 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775437.362:12221): arch=40000003 syscall=4 success=yes exit=1933 a0=1e a1=b6dcb000 a2=78d a3=9c6ae78 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775437.362:12221): path="/usr/share/locale/es/LC_MESSAGES/libgsf.mo;455dcb57"
+type=AVC msg=audit(1163775437.362:12222): avc: denied { rename } for pid=8303 comm="yum" name="libgsf.mo;455dcb57" dev=dm-0 ino=10333883 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775437.362:12222): arch=40000003 syscall=38 success=yes exit=0 a0=f03d4e0 a1=ec14750 a2=d2a040 a3=f03d4e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775437.390:12223): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgsf.mo" dev=dm-0 ino=10333883 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775437.390:12223): arch=40000003 syscall=227 success=yes exit=0 a0=ec14750 a1=a2f0d3 a2=edeae60 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775438.722:12224): avc: denied { write } for pid=8303 comm="yum" name="lib" dev=dm-0 ino=10311854 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775438.722:12224): avc: denied { add_name } for pid=8303 comm="yum" name="libboost_date_time.so.1.33.1;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775438.722:12224): arch=40000003 syscall=5 success=yes exit=30 a0=f03d4e0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775438.722:12225): avc: denied { remove_name } for pid=8303 comm="yum" name="libboost_date_time.so.1.33.1;455dcb57" dev=dm-0 ino=10333915 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775438.722:12225): arch=40000003 syscall=38 success=yes exit=0 a0=f03d4e0 a1=ec8dab0 a2=d2a040 a3=f03d4e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775442.898:12226): avc: denied { relabelfrom } for pid=8303 comm="yum" name="subversion" dev=dm-0 ino=13063900 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775442.898:12226): avc: denied { relabelto } for pid=8303 comm="yum" name="subversion" dev=dm-0 ino=13063900 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775442.898:12226): arch=40000003 syscall=227 success=yes exit=0 a0=efc2ac8 a1=a2f0d3 a2=f03b0c0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775442.898:12227): avc: denied { setattr } for pid=8303 comm="yum" name="subversion" dev=dm-0 ino=13063900 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775442.898:12227): arch=40000003 syscall=212 success=yes exit=0 a0=efc2ac8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775443.238:12228): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libsvn" dev=dm-0 ino=11690863 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775443.238:12228): avc: denied { relabelto } for pid=8303 comm="yum" name="libsvn" dev=dm-0 ino=11690863 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775443.238:12228): arch=40000003 syscall=227 success=yes exit=0 a0=eeea900 a1=a2f0d3 a2=eee9460 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775443.238:12229): avc: denied { setattr } for pid=8303 comm="yum" name="libsvn" dev=dm-0 ino=11690863 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775443.238:12229): arch=40000003 syscall=212 success=yes exit=0 a0=eeea900 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775449.427:12230): avc: denied { unlink } for pid=8303 comm="yum" name="virsh" dev=dm-0 ino=10317042 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775449.427:12230): arch=40000003 syscall=38 success=yes exit=0 a0=eee9688 a1=f0383b0 a2=d2a040 a3=eee9688 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775449.471:12231): avc: denied { relabelto } for pid=8303 comm="yum" name="virsh" dev=dm-0 ino=10321258 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775449.471:12231): arch=40000003 syscall=227 success=yes exit=0 a0=f0383b0 a1=a2f0d3 a2=eee9688 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775449.471:12232): avc: denied { setattr } for pid=8303 comm="yum" name="virsh" dev=dm-0 ino=10321258 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775449.471:12232): arch=40000003 syscall=212 success=yes exit=0 a0=f0383b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775467.036:12233): avc: denied { write } for pid=8303 comm="yum" name="model" dev=dm-0 ino=10738101 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775467.036:12233): avc: denied { add_name } for pid=8303 comm="yum" name="pxlcolor.ppd;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775467.036:12233): avc: denied { create } for pid=8303 comm="yum" name="pxlcolor.ppd;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775467.036:12233): arch=40000003 syscall=5 success=yes exit=30 a0=eda4c40 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775467.048:12234): avc: denied { write } for pid=8303 comm="yum" name="pxlcolor.ppd;455dcb57" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775467.048:12234): arch=40000003 syscall=4 success=yes exit=8192 a0=1e a1=ef4a310 a2=2000 a3=eda4d10 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775467.048:12234): path="/usr/share/cups/model/pxlcolor.ppd;455dcb57"
+type=AVC msg=audit(1163775467.048:12235): avc: denied { remove_name } for pid=8303 comm="yum" name="pxlcolor.ppd;455dcb57" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775467.048:12235): avc: denied { rename } for pid=8303 comm="yum" name="pxlcolor.ppd;455dcb57" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775467.048:12235): avc: denied { unlink } for pid=8303 comm="yum" name="pxlcolor.ppd" dev=dm-0 ino=10738344 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775467.048:12235): arch=40000003 syscall=38 success=yes exit=0 a0=eda4c40 a1=ef83438 a2=d2a040 a3=eda4c40 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775467.064:12236): avc: denied { relabelfrom } for pid=8303 comm="yum" name="pxlcolor.ppd" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775467.064:12236): avc: denied { relabelto } for pid=8303 comm="yum" name="pxlcolor.ppd" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775467.064:12236): arch=40000003 syscall=227 success=yes exit=0 a0=ef83438 a1=a2f0d3 a2=eda4c40 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775467.064:12237): avc: denied { setattr } for pid=8303 comm="yum" name="pxlcolor.ppd" dev=dm-0 ino=10738705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775467.064:12237): arch=40000003 syscall=212 success=yes exit=0 a0=ef83438 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775469.972:12238): avc: denied { write } for pid=8303 comm="yum" name="cjkv" dev=dm-0 ino=10836419 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775469.972:12238): avc: denied { add_name } for pid=8303 comm="yum" name="baseutil.ps;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775469.972:12238): arch=40000003 syscall=5 success=yes exit=30 a0=eda9710 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775469.992:12239): avc: denied { remove_name } for pid=8303 comm="yum" name="baseutil.ps;455dcb57" dev=dm-0 ino=10835826 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775469.992:12239): arch=40000003 syscall=38 success=yes exit=0 a0=eda9710 a1=eda6060 a2=d2a040 a3=eda9710 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.412:12240): avc: denied { relabelfrom } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10543757 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163775470.412:12240): avc: denied { relabelto } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10543757 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775470.412:12240): arch=40000003 syscall=227 success=yes exit=0 a0=efa1e38 a1=a2f0d3 a2=eda6040 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.412:12241): avc: denied { setattr } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10543757 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775470.412:12241): arch=40000003 syscall=212 success=yes exit=0 a0=efa1e38 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.508:12242): avc: denied { create } for pid=8303 comm="yum" name="eps2eps.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775470.508:12242): arch=40000003 syscall=83 success=yes exit=0 a0=ef4a310 a1=eda96a0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.508:12243): avc: denied { rename } for pid=8303 comm="yum" name="eps2eps.1.gz;455dcb57" dev=dm-0 ino=10331611 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775470.508:12243): avc: denied { unlink } for pid=8303 comm="yum" name="eps2eps.1.gz" dev=dm-0 ino=10321889 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775470.508:12243): arch=40000003 syscall=38 success=yes exit=0 a0=eda96a0 a1=ef83438 a2=d2a040 a3=eda96a0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.512:12244): avc: denied { relabelfrom } for pid=8303 comm="yum" name="eps2eps.1.gz" dev=dm-0 ino=10331611 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775470.512:12244): avc: denied { relabelto } for pid=8303 comm="yum" name="eps2eps.1.gz" dev=dm-0 ino=10331611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775470.512:12244): arch=40000003 syscall=227 success=yes exit=0 a0=ef83438 a1=a2f0d3 a2=efa1ff8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775470.512:12245): avc: denied { setattr } for pid=8303 comm="yum" name="eps2eps.1.gz" dev=dm-0 ino=10331611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775470.512:12245): arch=40000003 syscall=198 success=yes exit=0 a0=ef83438 a1=0 a2=0 a3=f030f04 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775475.524:12246): avc: denied { create } for pid=8303 comm="yum" name="2.17.0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775475.524:12246): arch=40000003 syscall=39 success=yes exit=0 a0=eda97b0 a1=1c0 a2=d2a040 a3=eda97b0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775475.528:12247): avc: denied { relabelfrom } for pid=8303 comm="yum" name="2.17.0" dev=dm-0 ino=12051054 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775475.528:12247): arch=40000003 syscall=227 success=yes exit=0 a0=eda97b0 a1=a2f0d3 a2=eda9710 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775485.721:12248): avc: denied { unlink } for pid=8303 comm="yum" name="checkpolicy" dev=dm-0 ino=10325702 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:checkpolicy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775485.721:12248): arch=40000003 syscall=38 success=yes exit=0 a0=eed1500 a1=ef7c388 a2=d2a040 a3=eed1500 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775486.109:12249): avc: denied { relabelto } for pid=8303 comm="yum" name="checkpolicy" dev=dm-0 ino=10320741 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:checkpolicy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775486.109:12249): arch=40000003 syscall=227 success=yes exit=0 a0=ef7c388 a1=a2f0d3 a2=ea06aa0 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775486.109:12250): avc: denied { setattr } for pid=8303 comm="yum" name="checkpolicy" dev=dm-0 ino=10320741 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:checkpolicy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775486.109:12250): arch=40000003 syscall=212 success=yes exit=0 a0=ef7c388 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775497.898:12251): avc: denied { getattr } for pid=8368 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=9331954 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775497.898:12251): arch=40000003 syscall=195 success=yes exit=0 a0=c36800 a1=bfae855c a2=c4eff4 a3=0 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775497.898:12251): path="/etc/localtime"
+type=AVC msg=audit(1163775526.272:12252): avc: denied { write } for pid=8303 comm="yum" name="panel" dev=dm-0 ino=9331729 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775526.272:12252): avc: denied { add_name } for pid=8303 comm="yum" name="clock-14.rc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775526.272:12252): arch=40000003 syscall=5 success=yes exit=30 a0=f05f818 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.292:12253): avc: denied { remove_name } for pid=8303 comm="yum" name="clock-14.rc;455dcb57" dev=dm-0 ino=9331515 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775526.292:12253): avc: denied { unlink } for pid=8303 comm="yum" name="clock-14.rc" dev=dm-0 ino=9334405 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775526.292:12253): arch=40000003 syscall=38 success=yes exit=0 a0=f05f818 a1=f00ac58 a2=d2a040 a3=f05f818 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.296:12254): avc: denied { relabelto } for pid=8303 comm="yum" name="clock-14.rc" dev=dm-0 ino=9331515 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775526.296:12254): arch=40000003 syscall=227 success=yes exit=0 a0=f00ac58 a1=a2f0d3 a2=f05ec38 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.296:12255): avc: denied { setattr } for pid=8303 comm="yum" name="clock-14.rc" dev=dm-0 ino=9331515 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775526.296:12255): arch=40000003 syscall=212 success=yes exit=0 a0=f00ac58 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.364:12256): avc: denied { unlink } for pid=8303 comm="yum" name="libxfce4panel.so.1" dev=dm-0 ino=10338329 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775526.364:12256): arch=40000003 syscall=38 success=yes exit=0 a0=f05f818 a1=f05cec8 a2=d2a040 a3=f05f818 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.364:12257): avc: denied { relabelto } for pid=8303 comm="yum" name="libxfce4panel.so.1" dev=dm-0 ino=10337831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775526.364:12257): arch=40000003 syscall=227 success=yes exit=0 a0=f05cec8 a1=a2f0d3 a2=f05ce88 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.364:12258): avc: denied { setattr } for pid=8303 comm="yum" name="libxfce4panel.so.1" dev=dm-0 ino=10337831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775526.364:12258): arch=40000003 syscall=198 success=yes exit=0 a0=f05cec8 a1=0 a2=0 a3=e8ffb94 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.472:12259): avc: denied { relabelfrom } for pid=8303 comm="yum" name="panel-plugins" dev=dm-0 ino=10345319 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775526.472:12259): avc: denied { relabelto } for pid=8303 comm="yum" name="panel-plugins" dev=dm-0 ino=10345319 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775526.472:12259): arch=40000003 syscall=227 success=yes exit=0 a0=f05cf28 a1=a2f0d3 a2=f05cff0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775526.472:12260): avc: denied { setattr } for pid=8303 comm="yum" name="panel-plugins" dev=dm-0 ino=10345319 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775526.472:12260): arch=40000003 syscall=212 success=yes exit=0 a0=f05cf28 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.857:12261): avc: denied { write } for pid=8303 comm="yum" name="sbin" dev=dm-0 ino=9984481 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163775546.857:12261): avc: denied { add_name } for pid=8303 comm="yum" name="cbq;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163775546.857:12261): avc: denied { create } for pid=8303 comm="yum" name="cbq;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.857:12261): arch=40000003 syscall=5 success=yes exit=30 a0=f0fb368 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.881:12262): avc: denied { write } for pid=8303 comm="yum" name="cbq;455dcb57" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.881:12262): arch=40000003 syscall=4 success=yes exit=32768 a0=1e a1=f15f550 a2=8000 a3=f0061e8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775546.881:12262): path="/sbin/cbq;455dcb57"
+type=AVC msg=audit(1163775546.881:12263): avc: denied { remove_name } for pid=8303 comm="yum" name="cbq;455dcb57" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163775546.881:12263): avc: denied { rename } for pid=8303 comm="yum" name="cbq;455dcb57" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163775546.881:12263): avc: denied { unlink } for pid=8303 comm="yum" name="cbq" dev=dm-0 ino=9984551 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.881:12263): arch=40000003 syscall=38 success=yes exit=0 a0=f0fb368 a1=af6f3f8 a2=d2a040 a3=f0fb368 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.889:12264): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cbq" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163775546.889:12264): avc: denied { relabelto } for pid=8303 comm="yum" name="cbq" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.889:12264): arch=40000003 syscall=227 success=yes exit=0 a0=af6f3f8 a1=a2f0d3 a2=f0f3720 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.889:12265): avc: denied { setattr } for pid=8303 comm="yum" name="cbq" dev=dm-0 ino=9984600 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.889:12265): arch=40000003 syscall=212 success=yes exit=0 a0=af6f3f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.917:12266): avc: denied { unlink } for pid=8303 comm="yum" name="ip" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.917:12266): arch=40000003 syscall=38 success=yes exit=0 a0=f0f3810 a1=af6f3f8 a2=d2a040 a3=f0f3810 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.945:12267): avc: denied { relabelto } for pid=8303 comm="yum" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.945:12267): arch=40000003 syscall=227 success=yes exit=0 a0=af6f3f8 a1=a2f0d3 a2=f0080e0 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775546.945:12268): avc: denied { setattr } for pid=8303 comm="yum" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775546.945:12268): arch=40000003 syscall=212 success=yes exit=0 a0=af6f3f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775547.253:12269): avc: denied { create } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163775547.253:12269): arch=40000003 syscall=102 success=yes exit=20 a0=1 a1=adf061d4 a2=c4eff4 a3=0 items=0 ppid=8363 pid=12153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775547.253:12270): avc: denied { bind } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163775547.253:12270): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=adf061d4 a2=c4eff4 a3=14 items=0 ppid=8363 pid=12153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775547.253:12271): avc: denied { getattr } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163775547.253:12271): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=adf061d4 a2=c4eff4 a3=14 items=0 ppid=8363 pid=12153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775547.253:12272): avc: denied { write } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163775547.253:12272): avc: denied { nlmsg_read } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163775547.253:12272): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=adf0510c a2=c4eff4 a3=0 items=0 ppid=8363 pid=12153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775547.253:12273): avc: denied { read } for pid=12153 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163775547.253:12273): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=adf0510c a2=c4eff4 a3=0 items=0 ppid=8363 pid=12153 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775548.961:12274): avc: denied { execute } for pid=12155 comm="sh" name="groupadd" dev=dm-0 ino=10321803 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775548.961:12274): avc: denied { execute_no_trans } for pid=12155 comm="sh" name="groupadd" dev=dm-0 ino=10321803 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775548.961:12274): avc: denied { read } for pid=12155 comm="sh" name="groupadd" dev=dm-0 ino=10321803 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775548.961:12274): arch=40000003 syscall=11 success=yes exit=0 a0=9129d48 a1=9129168 a2=9129ea8 a3=9129b40 items=0 ppid=12154 pid=12155 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="groupadd" exe="/usr/sbin/groupadd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775548.961:12274): path="/usr/sbin/groupadd"
+type=AVC_PATH msg=audit(1163775548.961:12274): path="/usr/sbin/groupadd"
+type=AVC msg=audit(1163775549.293:12275): avc: denied { unlink } for pid=8303 comm="yum" name="prefdm" dev=dm-0 ino=9330912 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.293:12275): arch=40000003 syscall=38 success=yes exit=0 a0=f110f18 a1=f0f8690 a2=d2a040 a3=f110f18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.309:12276): avc: denied { relabelto } for pid=8303 comm="yum" name="prefdm" dev=dm-0 ino=9329924 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.309:12276): arch=40000003 syscall=227 success=yes exit=0 a0=f0f8690 a1=a2f0d3 a2=f002208 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.313:12277): avc: denied { setattr } for pid=8303 comm="yum" name="prefdm" dev=dm-0 ino=9329924 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.313:12277): arch=40000003 syscall=212 success=yes exit=0 a0=f0f8690 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.317:12278): avc: denied { relabelfrom } for pid=8303 comm="yum" name="ppp" dev=dm-0 ino=9330491 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775549.317:12278): avc: denied { relabelto } for pid=8303 comm="yum" name="ppp" dev=dm-0 ino=9330491 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775549.317:12278): arch=40000003 syscall=227 success=yes exit=0 a0=f16f548 a1=a2f0d3 a2=f002208 a3=20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.321:12279): avc: denied { setattr } for pid=8303 comm="yum" name="ppp" dev=dm-0 ino=9330491 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775549.321:12279): arch=40000003 syscall=212 success=yes exit=0 a0=f16f548 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.321:12280): avc: denied { write } for pid=8303 comm="yum" name="ppp" dev=dm-0 ino=9330491 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775549.321:12280): avc: denied { add_name } for pid=8303 comm="yum" name="ip-down;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775549.321:12280): avc: denied { create } for pid=8303 comm="yum" name="ip-down;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.321:12280): arch=40000003 syscall=5 success=yes exit=30 a0=ea06a70 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.325:12281): avc: denied { write } for pid=8303 comm="yum" name="ip-down;455dcb57" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.325:12281): arch=40000003 syscall=4 success=yes exit=386 a0=1e a1=b6dcb000 a2=182 a3=f0dd100 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775549.325:12281): path="/etc/ppp/ip-down;455dcb57"
+type=AVC msg=audit(1163775549.329:12282): avc: denied { remove_name } for pid=8303 comm="yum" name="ip-down;455dcb57" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775549.329:12282): avc: denied { rename } for pid=8303 comm="yum" name="ip-down;455dcb57" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775549.329:12282): avc: denied { unlink } for pid=8303 comm="yum" name="ip-down" dev=dm-0 ino=9331766 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_script_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.329:12282): arch=40000003 syscall=38 success=yes exit=0 a0=ea06a70 a1=f0f8690 a2=d2a040 a3=ea06a70 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.329:12283): avc: denied { relabelfrom } for pid=8303 comm="yum" name="ip-down" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775549.329:12283): avc: denied { relabelto } for pid=8303 comm="yum" name="ip-down" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_script_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.329:12283): arch=40000003 syscall=227 success=yes exit=0 a0=f0f8690 a1=a2f0d3 a2=f1a9ca8 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.329:12284): avc: denied { setattr } for pid=8303 comm="yum" name="ip-down" dev=dm-0 ino=9331157 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_script_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.329:12284): arch=40000003 syscall=212 success=yes exit=0 a0=f0f8690 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.373:12285): avc: denied { relabelfrom } for pid=8303 comm="yum" name="peers" dev=dm-0 ino=9330497 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1163775549.373:12285): avc: denied { relabelto } for pid=8303 comm="yum" name="peers" dev=dm-0 ino=9330497 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775549.373:12285): arch=40000003 syscall=227 success=yes exit=0 a0=f1ab5f0 a1=a2f0d3 a2=f1b0670 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.373:12286): avc: denied { setattr } for pid=8303 comm="yum" name="peers" dev=dm-0 ino=9330497 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775549.373:12286): arch=40000003 syscall=212 success=yes exit=0 a0=f1ab5f0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.377:12287): avc: denied { create } for pid=8303 comm="yum" name="rc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775549.377:12287): arch=40000003 syscall=83 success=yes exit=0 a0=f194088 a1=f1ab5f0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.377:12288): avc: denied { rename } for pid=8303 comm="yum" name="rc;455dcb57" dev=dm-0 ino=9331705 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775549.377:12288): avc: denied { unlink } for pid=8303 comm="yum" name="rc" dev=dm-0 ino=9331516 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775549.377:12288): arch=40000003 syscall=38 success=yes exit=0 a0=f1ab5f0 a1=ea06a80 a2=d2a040 a3=f1ab5f0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.385:12289): avc: denied { relabelfrom } for pid=8303 comm="yum" name="rc" dev=dm-0 ino=9331705 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775549.385:12289): avc: denied { relabelto } for pid=8303 comm="yum" name="rc" dev=dm-0 ino=9331705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775549.385:12289): arch=40000003 syscall=227 success=yes exit=0 a0=ea06a80 a1=a2f0d3 a2=f1aea08 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.385:12290): avc: denied { setattr } for pid=8303 comm="yum" name="rc" dev=dm-0 ino=9331705 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775549.385:12290): arch=40000003 syscall=198 success=yes exit=0 a0=ea06a80 a1=0 a2=0 a3=f11055c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.641:12291): avc: denied { unlink } for pid=8303 comm="yum" name="consoletype" dev=dm-0 ino=9984704 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.641:12291): arch=40000003 syscall=38 success=yes exit=0 a0=f21aa78 a1=f21a418 a2=d2a040 a3=f21aa78 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.653:12292): avc: denied { relabelto } for pid=8303 comm="yum" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.653:12292): arch=40000003 syscall=227 success=yes exit=0 a0=f21a418 a1=a2f0d3 a2=f21d4c0 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.653:12293): avc: denied { setattr } for pid=8303 comm="yum" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.653:12293): arch=40000003 syscall=212 success=yes exit=0 a0=f21a418 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.869:12294): avc: denied { unlink } for pid=8303 comm="yum" name="ppp-watch" dev=dm-0 ino=9984662 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.869:12294): arch=40000003 syscall=38 success=yes exit=0 a0=f220838 a1=f21a418 a2=d2a040 a3=f220838 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.889:12295): avc: denied { relabelto } for pid=8303 comm="yum" name="ppp-watch" dev=dm-0 ino=9984568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.889:12295): arch=40000003 syscall=227 success=yes exit=0 a0=f21a418 a1=a2f0d3 a2=f222918 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.889:12296): avc: denied { setattr } for pid=8303 comm="yum" name="ppp-watch" dev=dm-0 ino=9984568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.889:12296): arch=40000003 syscall=212 success=yes exit=0 a0=f21a418 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.937:12297): avc: denied { unlink } for pid=8303 comm="yum" name="usernetctl" dev=dm-0 ino=10318051 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usernetctl_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.937:12297): arch=40000003 syscall=38 success=yes exit=0 a0=f224d18 a1=f223ae0 a2=d2a040 a3=f224d18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.953:12298): avc: denied { relabelto } for pid=8303 comm="yum" name="usernetctl" dev=dm-0 ino=10337895 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usernetctl_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.953:12298): arch=40000003 syscall=227 success=yes exit=0 a0=f223ae0 a1=a2f0d3 a2=f227488 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775549.953:12299): avc: denied { setattr } for pid=8303 comm="yum" name="usernetctl" dev=dm-0 ino=10337895 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usernetctl_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775549.953:12299): arch=40000003 syscall=212 success=yes exit=0 a0=f223ae0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775551.453:12300): avc: denied { relabelfrom } for pid=8303 comm="yum" name="stateless" dev=dm-0 ino=15648201 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775551.453:12300): arch=40000003 syscall=227 success=yes exit=0 a0=f2267b8 a1=a2f0d3 a2=f226480 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775551.473:12301): avc: denied { relabelfrom } for pid=8303 comm="yum" name="netreport" dev=dm-0 ino=14437051 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775551.473:12301): avc: denied { relabelto } for pid=8303 comm="yum" name="netreport" dev=dm-0 ino=14437051 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775551.473:12301): arch=40000003 syscall=227 success=yes exit=0 a0=f2267b8 a1=a2f0d3 a2=f2264d8 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775551.473:12302): avc: denied { setattr } for pid=8303 comm="yum" name="netreport" dev=dm-0 ino=14437051 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775551.473:12302): arch=40000003 syscall=212 success=yes exit=0 a0=f2267b8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775553.909:12303): avc: denied { setexec } for pid=12156 comm="yum" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775553.909:12303): arch=40000003 syscall=4 success=no exit=-22 a0=1e a1=f16f4d8 a2=20 a3=a2f751 items=0 ppid=8303 pid=12156 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775553.981:12304): avc: denied { write } for pid=12157 comm="touch" name="btmp" dev=dm-0 ino=14437055 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:faillog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775553.981:12304): arch=40000003 syscall=5 success=yes exit=0 a0=bf8a6bf8 a1=8941 a2=1b6 a3=8941 items=0 ppid=12156 pid=12157 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.025:12305): avc: denied { setattr } for pid=12158 comm="chown" name="wtmp" dev=dm-0 ino=6422812 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:wtmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775554.025:12305): arch=40000003 syscall=212 success=yes exit=0 a0=889c9d0 a1=0 a2=16 a3=0 items=0 ppid=12156 pid=12158 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chown" exe="/bin/chown" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.029:12306): avc: denied { setattr } for pid=12158 comm="chown" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775554.029:12306): arch=40000003 syscall=212 success=yes exit=0 a0=889c9d0 a1=0 a2=16 a3=1 items=0 ppid=12156 pid=12158 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chown" exe="/bin/chown" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.029:12307): avc: denied { setattr } for pid=12158 comm="chown" name="btmp" dev=dm-0 ino=14437055 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:faillog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775554.029:12307): arch=40000003 syscall=212 success=yes exit=0 a0=889c9d0 a1=0 a2=16 a3=1 items=0 ppid=12156 pid=12158 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chown" exe="/bin/chown" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.057:12308): avc: denied { read } for pid=12161 comm="chkconfig" name="netfs" dev=dm-0 ino=9330630 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775554.057:12308): arch=40000003 syscall=5 success=yes exit=3 a0=bfa3d930 a1=0 a2=ffffffff a3=bfa3dbb4 items=0 ppid=12156 pid=12161 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chkconfig" exe="/sbin/chkconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.781:12309): avc: denied { unlink } for pid=12161 comm="chkconfig" name="K75netfs" dev=dm-0 ino=9330687 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775554.781:12309): arch=40000003 syscall=10 success=yes exit=0 a0=8c33078 a1=8c33068 a2=1 a3=0 items=0 ppid=12156 pid=12161 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chkconfig" exe="/sbin/chkconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775554.953:12310): avc: denied { execute } for pid=12165 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775554.953:12310): avc: denied { execute_no_trans } for pid=12165 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775554.953:12310): avc: denied { read } for pid=12165 comm="sh" name="useradd" dev=dm-0 ino=10321811 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775554.953:12310): arch=40000003 syscall=11 success=yes exit=0 a0=9007f90 a1=9007ae0 a2=90084b0 a3=9007e40 items=0 ppid=12164 pid=12165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="useradd" exe="/usr/sbin/useradd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775554.953:12310): path="/usr/sbin/useradd"
+type=AVC_PATH msg=audit(1163775554.953:12310): path="/usr/sbin/useradd"
+type=AVC msg=audit(1163775555.041:12311): avc: denied { audit_write } for pid=12165 comm="useradd" capability=29 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=USER_CHAUTHTOK msg=audit(1163775555.041:12312): user pid=12165 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='op=adding user acct=haldaemon exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/1 res=failed)'
+type=SYSCALL msg=audit(1163775555.041:12311): arch=40000003 syscall=102 success=yes exit=120 a0=b a1=bf93d650 a2=a47ff4 a3=bf9440a0 items=0 ppid=12164 pid=12165 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="useradd" exe="/usr/sbin/useradd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.073:12313): avc: denied { relabelfrom } for pid=8303 comm="yum" name="system.d" dev=dm-0 ino=9330036 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775555.073:12313): avc: denied { relabelto } for pid=8303 comm="yum" name="system.d" dev=dm-0 ino=9330036 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775555.073:12313): arch=40000003 syscall=227 success=yes exit=0 a0=f121e30 a1=a2f0d3 a2=f231150 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.073:12314): avc: denied { setattr } for pid=8303 comm="yum" name="system.d" dev=dm-0 ino=9330036 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775555.073:12314): arch=40000003 syscall=212 success=yes exit=0 a0=f121e30 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.073:12315): avc: denied { write } for pid=8303 comm="yum" name="system.d" dev=dm-0 ino=9330036 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775555.073:12315): avc: denied { add_name } for pid=8303 comm="yum" name="hal.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775555.073:12315): avc: denied { create } for pid=8303 comm="yum" name="hal.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775555.073:12315): arch=40000003 syscall=5 success=yes exit=30 a0=e906748 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.089:12316): avc: denied { write } for pid=8303 comm="yum" name="hal.conf;455dcb57" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775555.089:12316): arch=40000003 syscall=4 success=yes exit=2992 a0=1e a1=b6dcb000 a2=bb0 a3=f0facb0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775555.089:12316): path="/etc/dbus-1/system.d/hal.conf;455dcb57"
+type=AVC msg=audit(1163775555.089:12317): avc: denied { remove_name } for pid=8303 comm="yum" name="hal.conf;455dcb57" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775555.089:12317): avc: denied { rename } for pid=8303 comm="yum" name="hal.conf;455dcb57" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775555.089:12317): avc: denied { unlink } for pid=8303 comm="yum" name="hal.conf" dev=dm-0 ino=9331851 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775555.089:12317): arch=40000003 syscall=38 success=yes exit=0 a0=e906748 a1=f231150 a2=d2a040 a3=e906748 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.097:12318): avc: denied { relabelfrom } for pid=8303 comm="yum" name="hal.conf" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775555.097:12318): avc: denied { relabelto } for pid=8303 comm="yum" name="hal.conf" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775555.097:12318): arch=40000003 syscall=227 success=yes exit=0 a0=f231150 a1=a2f0d3 a2=e9067a0 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.097:12319): avc: denied { setattr } for pid=8303 comm="yum" name="hal.conf" dev=dm-0 ino=9330704 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775555.097:12319): arch=40000003 syscall=212 success=yes exit=0 a0=f231150 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.145:12320): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163775555.145:12320): arch=40000003 syscall=100 success=yes exit=0 a0=12 a1=bfcd50ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163775555.954:12321): avc: denied { create } for pid=8303 comm="yum" name="libhal-storage.so.1;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775555.954:12321): arch=40000003 syscall=83 success=yes exit=0 a0=ef8fd20 a1=efa0e48 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.958:12322): avc: denied { rename } for pid=8303 comm="yum" name="libhal-storage.so.1;455dcb57" dev=dm-0 ino=10337394 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775555.958:12322): arch=40000003 syscall=38 success=yes exit=0 a0=efa0e48 a1=efffb00 a2=d2a040 a3=efa0e48 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775555.958:12323): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libhal-storage.so.1" dev=dm-0 ino=10337394 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775555.958:12323): arch=40000003 syscall=227 success=yes exit=0 a0=efffb00 a1=a2f0d3 a2=efffbc0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775556.262:12324): avc: denied { unlink } for pid=8303 comm="yum" name="hald" dev=dm-0 ino=10321480 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hald_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775556.262:12324): arch=40000003 syscall=38 success=yes exit=0 a0=f0d5ed8 a1=f0d5e60 a2=d2a040 a3=f0d5ed8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775556.266:12325): avc: denied { relabelto } for pid=8303 comm="yum" name="hald" dev=dm-0 ino=10337903 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hald_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775556.266:12325): arch=40000003 syscall=227 success=yes exit=0 a0=f0d5e60 a1=a2f0d3 a2=f1a3e78 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775556.266:12326): avc: denied { setattr } for pid=8303 comm="yum" name="hald" dev=dm-0 ino=10337903 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hald_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775556.266:12326): arch=40000003 syscall=212 success=yes exit=0 a0=f0d5e60 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775556.626:12327): avc: denied { relabelfrom } for pid=8303 comm="yum" name="ca" dev=dm-0 ino=10311922 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775556.626:12327): avc: denied { relabelto } for pid=8303 comm="yum" name="ca" dev=dm-0 ino=10311922 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775556.626:12327): arch=40000003 syscall=227 success=yes exit=0 a0=f13f128 a1=a2f0d3 a2=f13f018 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775556.638:12328): avc: denied { setattr } for pid=8303 comm="yum" name="ca" dev=dm-0 ino=10311922 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775556.638:12328): arch=40000003 syscall=212 success=yes exit=0 a0=f13f128 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.642:12329): avc: denied { write } for pid=8303 comm="yum" name="selinux" dev=dm-0 ino=9330337 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163775559.642:12329): avc: denied { add_name } for pid=8303 comm="yum" name="restorecond.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163775559.642:12329): avc: denied { create } for pid=8303 comm="yum" name="restorecond.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.642:12329): arch=40000003 syscall=5 success=yes exit=30 a0=abaa280 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.662:12330): avc: denied { write } for pid=8303 comm="yum" name="restorecond.conf;455dcb57" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.662:12330): arch=40000003 syscall=4 success=yes exit=129 a0=1e a1=b6dcb000 a2=81 a3=e8ff550 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775559.662:12330): path="/etc/selinux/restorecond.conf;455dcb57"
+type=AVC msg=audit(1163775559.662:12331): avc: denied { remove_name } for pid=8303 comm="yum" name="restorecond.conf;455dcb57" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163775559.662:12331): avc: denied { rename } for pid=8303 comm="yum" name="restorecond.conf;455dcb57" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=AVC msg=audit(1163775559.662:12331): avc: denied { unlink } for pid=8303 comm="yum" name="restorecond.conf" dev=dm-0 ino=9330199 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.662:12331): arch=40000003 syscall=38 success=yes exit=0 a0=abaa280 a1=f13f168 a2=d2a040 a3=abaa280 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.670:12332): avc: denied { relabelfrom } for pid=8303 comm="yum" name="restorecond.conf" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=AVC msg=audit(1163775559.670:12332): avc: denied { relabelto } for pid=8303 comm="yum" name="restorecond.conf" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.670:12332): arch=40000003 syscall=227 success=yes exit=0 a0=f13f168 a1=a2f0d3 a2=cb09b88 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.670:12333): avc: denied { setattr } for pid=8303 comm="yum" name="restorecond.conf" dev=dm-0 ino=9330709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.670:12333): arch=40000003 syscall=212 success=yes exit=0 a0=f13f168 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.762:12334): avc: denied { unlink } for pid=8303 comm="yum" name="restorecon" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.762:12334): arch=40000003 syscall=38 success=yes exit=0 a0=f1d9690 a1=f1d98b0 a2=d2a040 a3=f1d9690 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.762:12335): avc: denied { relabelto } for pid=8303 comm="yum" name="restorecon" dev=dm-0 ino=9984525 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.762:12335): arch=40000003 syscall=227 success=yes exit=0 a0=f1d98b0 a1=a2f0d3 a2=cb09b88 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.762:12336): avc: denied { setattr } for pid=8303 comm="yum" name="restorecon" dev=dm-0 ino=9984525 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.762:12336): arch=40000003 syscall=212 success=yes exit=0 a0=f1d98b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.766:12337): avc: denied { unlink } for pid=8303 comm="yum" name="setfiles" dev=dm-0 ino=9984633 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.766:12337): arch=40000003 syscall=38 success=yes exit=0 a0=f1d9670 a1=f1d98b0 a2=d2a040 a3=f1d9670 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.770:12338): avc: denied { relabelto } for pid=8303 comm="yum" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.770:12338): arch=40000003 syscall=227 success=yes exit=0 a0=f1d98b0 a1=a2f0d3 a2=c789798 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.770:12339): avc: denied { setattr } for pid=8303 comm="yum" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.770:12339): arch=40000003 syscall=212 success=yes exit=0 a0=f1d98b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.986:12340): avc: denied { unlink } for pid=8303 comm="yum" name="load_policy" dev=dm-0 ino=10316125 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.986:12340): arch=40000003 syscall=38 success=yes exit=0 a0=f1de218 a1=f1dcfa0 a2=d2a040 a3=f1de218 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.990:12341): avc: denied { relabelto } for pid=8303 comm="yum" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.990:12341): arch=40000003 syscall=227 success=yes exit=0 a0=f1dcfa0 a1=a2f0d3 a2=f1e0bc8 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.990:12342): avc: denied { setattr } for pid=8303 comm="yum" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.990:12342): arch=40000003 syscall=212 success=yes exit=0 a0=f1dcfa0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.990:12343): avc: denied { unlink } for pid=8303 comm="yum" name="restorecond" dev=dm-0 ino=10329701 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.990:12343): arch=40000003 syscall=38 success=yes exit=0 a0=f1e5540 a1=f1e1b80 a2=d2a040 a3=f1e5540 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.994:12344): avc: denied { relabelto } for pid=8303 comm="yum" name="restorecond" dev=dm-0 ino=10326222 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.994:12344): arch=40000003 syscall=227 success=yes exit=0 a0=f1e1b80 a1=a2f0d3 a2=f1e7e70 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.994:12345): avc: denied { setattr } for pid=8303 comm="yum" name="restorecond" dev=dm-0 ino=10326222 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.994:12345): arch=40000003 syscall=212 success=yes exit=0 a0=f1e1b80 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775559.994:12346): avc: denied { unlink } for pid=8303 comm="yum" name="run_init" dev=dm-0 ino=10337318 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775559.994:12346): arch=40000003 syscall=38 success=yes exit=0 a0=f1e1b80 a1=f1dc8a8 a2=d2a040 a3=f1e1b80 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775560.006:12347): avc: denied { relabelto } for pid=8303 comm="yum" name="run_init" dev=dm-0 ino=10337905 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775560.006:12347): arch=40000003 syscall=227 success=yes exit=0 a0=f1dc8a8 a1=a2f0d3 a2=f1e7ed0 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775560.006:12348): avc: denied { setattr } for pid=8303 comm="yum" name="run_init" dev=dm-0 ino=10337905 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775560.006:12348): arch=40000003 syscall=212 success=yes exit=0 a0=f1dc8a8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775560.006:12349): avc: denied { unlink } for pid=8303 comm="yum" name="semanage" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775560.006:12349): arch=40000003 syscall=38 success=yes exit=0 a0=f1e1b80 a1=f1dc8a8 a2=d2a040 a3=f1e1b80 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775560.014:12350): avc: denied { relabelto } for pid=8303 comm="yum" name="semanage" dev=dm-0 ino=10337318 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775560.014:12350): arch=40000003 syscall=227 success=yes exit=0 a0=f1dc8a8 a1=a2f0d3 a2=f1e7ea0 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775560.014:12351): avc: denied { setattr } for pid=8303 comm="yum" name="semanage" dev=dm-0 ino=10337318 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775560.014:12351): arch=40000003 syscall=212 success=yes exit=0 a0=f1dc8a8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.182:12352): avc: denied { execute } for pid=12171 comm="service" name="restorecond" dev=dm-0 ino=9330750 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.182:12352): arch=40000003 syscall=33 success=yes exit=0 a0=87b0b10 a1=1 a2=1 a3=87b02c0 items=0 ppid=12169 pid=12171 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="service" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.222:12353): avc: denied { execute_no_trans } for pid=12178 comm="env" name="restorecond" dev=dm-0 ino=9330750 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.222:12353): arch=40000003 syscall=11 success=yes exit=0 a0=bfa2bbec a1=bfa29ca8 a2=952b858 a3=5 items=0 ppid=12171 pid=12178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775562.222:12353): path="/etc/rc.d/init.d/restorecond"
+type=AVC msg=audit(1163775562.222:12354): avc: denied { ioctl } for pid=12178 comm="restorecond" name="restorecond" dev=dm-0 ino=9330750 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.222:12354): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfa29d68 a3=bfa29da8 items=0 ppid=12171 pid=12178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775562.222:12354): path="/etc/rc.d/init.d/restorecond"
+type=AVC msg=audit(1163775562.342:12355): avc: denied { read } for pid=12178 comm="restorecond" name="restorecond.pid" dev=dm-0 ino=14436927 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.342:12355): arch=40000003 syscall=5 success=yes exit=3 a0=95fa0e0 a1=8000 a2=0 a3=8000 items=0 ppid=12171 pid=12178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.342:12356): avc: denied { ioctl } for pid=12178 comm="restorecond" name="restorecond.pid" dev=dm-0 ino=14436927 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.342:12356): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bfa268b8 a3=bfa268f8 items=0 ppid=12171 pid=12178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775562.342:12356): path="/var/run/restorecond.pid"
+type=AVC msg=audit(1163775562.406:12357): avc: denied { signal } for pid=12178 comm="restorecond" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775562.406:12357): arch=40000003 syscall=37 success=yes exit=0 a0=73d a1=f a2=73d a3=73d items=0 ppid=12171 pid=12178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.518:12358): avc: denied { write } for pid=12186 comm="rm" name="subsys" dev=dm-0 ino=14436611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775562.518:12358): avc: denied { remove_name } for pid=12186 comm="rm" name="restorecond" dev=dm-0 ino=14436931 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163775562.518:12358): avc: denied { unlink } for pid=12186 comm="rm" name="restorecond" dev=dm-0 ino=14436931 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.518:12358): arch=40000003 syscall=10 success=yes exit=0 a0=bf816f80 a1=0 a2=805277c a3=bf815604 items=0 ppid=12178 pid=12186 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.526:12359): avc: denied { execute } for pid=12188 comm="bash" name="restorecond" dev=dm-0 ino=10326222 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775562.526:12359): avc: denied { execute_no_trans } for pid=12188 comm="bash" name="restorecond" dev=dm-0 ino=10326222 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775562.526:12359): avc: denied { read } for pid=12188 comm="bash" name="restorecond" dev=dm-0 ino=10326222 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.526:12359): arch=40000003 syscall=11 success=yes exit=0 a0=94ee878 a1=94ee808 a2=94eea90 a3=94ee610 items=0 ppid=12187 pid=12188 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775562.526:12359): path="/usr/sbin/restorecond"
+type=AVC_PATH msg=audit(1163775562.526:12359): path="/usr/sbin/restorecond"
+type=AVC msg=audit(1163775562.526:12360): avc: denied { read } for pid=12188 comm="restorecond" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.526:12360): arch=40000003 syscall=5 success=yes exit=5 a0=8385548 a1=28000 a2=0 a3=28000 items=0 ppid=12187 pid=12188 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.762:12361): avc: denied { read } for pid=12188 comm="restorecond" name="secrets.tdb" dev=dm-0 ino=9330306 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:samba_secrets_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.762:12361): arch=40000003 syscall=5 success=yes exit=5 a0=8385548 a1=28000 a2=0 a3=28000 items=0 ppid=12187 pid=12188 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.786:12362): avc: denied { write } for pid=12189 comm="restorecond" name="run" dev=dm-0 ino=14436616 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775562.786:12362): avc: denied { add_name } for pid=12189 comm="restorecond" name="restorecond.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775562.786:12362): avc: denied { create } for pid=12189 comm="restorecond" name="restorecond.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.786:12362): arch=40000003 syscall=5 success=yes exit=4 a0=6842e8 a1=28241 a2=1a4 a3=28241 items=0 ppid=12188 pid=12189 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.786:12363): avc: denied { write } for pid=12189 comm="restorecond" name="restorecond.pid" dev=dm-0 ino=14436927 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.786:12363): arch=40000003 syscall=4 success=yes exit=6 a0=4 a1=bfedd4c4 a2=6 a3=4 items=0 ppid=12188 pid=12189 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775562.786:12363): path="/var/run/restorecond.pid"
+type=AVC msg=audit(1163775562.794:12364): avc: denied { add_name } for pid=12190 comm="touch" name="restorecond" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775562.794:12364): arch=40000003 syscall=5 success=yes exit=0 a0=bfacef7a a1=8941 a2=1b6 a3=8941 items=0 ppid=12178 pid=12190 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775562.794:12365): avc: denied { write } for pid=12190 comm="touch" name="restorecond" dev=dm-0 ino=14436931 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775562.794:12365): arch=40000003 syscall=271 success=yes exit=0 a0=bfacd754 a1=0 a2=7a1ff4 a3=0 items=0 ppid=12178 pid=12190 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.302:12366): avc: denied { unlink } for pid=8303 comm="yum" name="Xreset" dev=dm-0 ino=9362698 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xsession_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.302:12366): arch=40000003 syscall=38 success=yes exit=0 a0=f0a3908 a1=f1a1568 a2=d2a040 a3=f0a3908 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.310:12367): avc: denied { relabelto } for pid=8303 comm="yum" name="Xreset" dev=dm-0 ino=9362552 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xsession_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.310:12367): arch=40000003 syscall=227 success=yes exit=0 a0=f1a1568 a1=a2f0d3 a2=f13a800 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.310:12368): avc: denied { setattr } for pid=8303 comm="yum" name="Xreset" dev=dm-0 ino=9362552 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xsession_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.310:12368): arch=40000003 syscall=212 success=yes exit=0 a0=f1a1568 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.710:12369): avc: denied { unlink } for pid=8303 comm="yum" name="kdesu" dev=dm-0 ino=10317497 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.710:12369): arch=40000003 syscall=38 success=yes exit=0 a0=f26a548 a1=f267d90 a2=d2a040 a3=f26a548 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.770:12370): avc: denied { relabelto } for pid=8303 comm="yum" name="kdesu" dev=dm-0 ino=10334290 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.770:12370): arch=40000003 syscall=227 success=yes exit=0 a0=f267d90 a1=a2f0d3 a2=f269f28 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.770:12371): avc: denied { setattr } for pid=8303 comm="yum" name="kdesu" dev=dm-0 ino=10334290 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.770:12371): arch=40000003 syscall=212 success=yes exit=0 a0=f267d90 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.810:12372): avc: denied { unlink } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=10324938 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.810:12372): arch=40000003 syscall=38 success=yes exit=0 a0=f26a608 a1=f267d90 a2=d2a040 a3=f26a608 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.878:12373): avc: denied { relabelto } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=10315462 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.878:12373): arch=40000003 syscall=227 success=yes exit=0 a0=f267d90 a1=a2f0d3 a2=c35a930 a3=20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775563.878:12374): avc: denied { setattr } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=10315462 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775563.878:12374): arch=40000003 syscall=212 success=yes exit=0 a0=f267d90 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775564.098:12375): avc: denied { create } for pid=8303 comm="yum" name="kinfocenter;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775564.098:12375): arch=40000003 syscall=83 success=yes exit=0 a0=f37c3a0 a1=f26af08 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775564.098:12376): avc: denied { rename } for pid=8303 comm="yum" name="kinfocenter;455dcb57" dev=dm-0 ino=10337328 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775564.098:12376): avc: denied { unlink } for pid=8303 comm="yum" name="kinfocenter" dev=dm-0 ino=10334341 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775564.098:12376): arch=40000003 syscall=38 success=yes exit=0 a0=f26af08 a1=f26b4f8 a2=d2a040 a3=f26af08 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775564.110:12377): avc: denied { relabelfrom } for pid=8303 comm="yum" name="kinfocenter" dev=dm-0 ino=10337328 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775564.110:12377): avc: denied { relabelto } for pid=8303 comm="yum" name="kinfocenter" dev=dm-0 ino=10337328 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775564.110:12377): arch=40000003 syscall=227 success=yes exit=0 a0=f26b4f8 a1=a2f0d3 a2=f26b538 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775564.110:12378): avc: denied { setattr } for pid=8303 comm="yum" name="kinfocenter" dev=dm-0 ino=10337328 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775564.110:12378): arch=40000003 syscall=198 success=yes exit=0 a0=f26b4f8 a1=0 a2=0 a3=e90651c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775581.927:12379): avc: denied { create } for pid=8303 comm="yum" name="kdm;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775581.927:12379): arch=40000003 syscall=83 success=yes exit=0 a0=f37c3a0 a1=f39eb68 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775581.931:12380): avc: denied { rename } for pid=8303 comm="yum" name="kdm;455dcb57" dev=dm-0 ino=11036166 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775581.931:12380): avc: denied { unlink } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=11036193 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775581.931:12380): arch=40000003 syscall=38 success=yes exit=0 a0=f39eb68 a1=f39ebd0 a2=d2a040 a3=f39eb68 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775581.939:12381): avc: denied { relabelfrom } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=11036166 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775581.939:12381): avc: denied { relabelto } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=11036166 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775581.939:12381): arch=40000003 syscall=227 success=yes exit=0 a0=f39ebd0 a1=a2f0d3 a2=f39ec10 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775581.939:12382): avc: denied { setattr } for pid=8303 comm="yum" name="kdm" dev=dm-0 ino=11036166 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775581.939:12382): arch=40000003 syscall=198 success=yes exit=0 a0=f39ebd0 a1=0 a2=0 a3=e90651c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163775602.316:12383): user pid=12195 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163775602.316:12384): login pid=12195 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163775602.440:12385): user pid=12195 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163775602.440:12386): user pid=12195 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775602.440:12387): avc: denied { execute } for pid=12196 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775602.440:12387): avc: denied { execute_no_trans } for pid=12196 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.440:12387): arch=40000003 syscall=11 success=yes exit=0 a0=8f9a1b0 a1=8f9a358 a2=8f9a290 a3=8f9a008 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775602.440:12387): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163775602.580:12388): avc: denied { execute } for pid=12196 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775602.580:12388): avc: denied { execute_no_trans } for pid=12196 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163775602.580:12388): avc: denied { read } for pid=12196 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.580:12388): arch=40000003 syscall=11 success=yes exit=0 a0=94a6d48 a1=94a6740 a2=94a6d60 a3=94a6740 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775602.580:12388): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163775602.580:12388): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163775602.728:12389): avc: denied { search } for pid=12196 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163775602.728:12389): avc: denied { read } for pid=12196 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.728:12389): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=817e7f8 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775602.728:12390): avc: denied { getattr } for pid=12196 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.728:12390): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfedd808 a2=dd0ff4 a3=817e7f8 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775602.728:12390): path="/proc/net/dev"
+type=AVC msg=audit(1163775602.728:12391): avc: denied { search } for pid=12196 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775602.728:12391): arch=40000003 syscall=33 success=yes exit=0 a0=bfeddbb4 a1=0 a2=bfeddaa8 a3=bfeddab0 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775602.832:12392): avc: denied { read append } for pid=12196 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.832:12392): arch=40000003 syscall=5 success=yes exit=3 a0=bfeddbb4 a1=402 a2=bfeddd78 a3=bfeddab0 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775602.840:12393): avc: denied { search } for pid=12196 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163775602.840:12393): avc: denied { read } for pid=12196 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.840:12393): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=817f348 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775602.840:12394): avc: denied { getattr } for pid=12196 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.840:12394): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfedd660 a2=dd0ff4 a3=817f348 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775602.840:12394): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163775602.840:12395): avc: denied { search } for pid=12196 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775602.840:12395): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=817f348 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775602.840:12396): avc: denied { lock } for pid=12196 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775602.840:12396): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfeddab0 a3=3 items=0 ppid=12195 pid=12196 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775602.840:12396): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163775603.168:12397): user pid=12195 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163775603.168:12398): user pid=12195 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775603.212:12399): avc: denied { getattr } for pid=8368 comm="thunderbird-bin" name="nsCloseAllWindows.js" dev=dm-0 ino=10738025 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775603.212:12399): arch=40000003 syscall=195 success=yes exit=0 a0=b5eb1ff8 a1=bfae865c a2=c4eff4 a3=bfae865c items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775603.212:12399): path="/usr/lib/thunderbird-1.5.0.7/components/nsCloseAllWindows.js"
+type=AVC msg=audit(1163775603.256:12400): avc: denied { read } for pid=8368 comm="thunderbird-bin" name="nsCloseAllWindows.js" dev=dm-0 ino=10738025 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775603.256:12400): arch=40000003 syscall=5 success=yes exit=20 a0=b5eb1ff8 a1=0 a2=1b6 a3=b52b9800 items=0 ppid=8363 pid=8368 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163775614.593:12401): avc: denied { read } for pid=3838 comm="nautilus" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775614.593:12401): arch=40000003 syscall=33 success=yes exit=0 a0=bf97ae55 a1=4 a2=da3a64 a3=bf97ae55 items=0 ppid=1 pid=3838 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775623.350:12402): avc: denied { write } for pid=12202 comm="kbuildsycoca" name=".qtrc.lock" dev=dm-0 ino=10574414 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:xdm_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775623.350:12402): arch=40000003 syscall=5 success=yes exit=3 a0=9943270 a1=8042 a2=180 a3=8042 items=0 ppid=12197 pid=12202 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="kbuildsycoca" exe="/usr/bin/kbuildsycoca" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775623.438:12403): avc: denied { write } for pid=12202 comm="kbuildsycoca" name="kdeglobals" dev=dm-0 ino=11036161 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775623.438:12403): arch=40000003 syscall=33 success=yes exit=0 a0=994c2a8 a1=2 a2=af76dc a3=bfecb290 items=0 ppid=12197 pid=12202 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="kbuildsycoca" exe="/usr/bin/kbuildsycoca" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775623.450:12404): avc: denied { write } for pid=12202 comm="kbuildsycoca" name="ksycoca" dev=dm-0 ino=11036830 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775623.450:12404): arch=40000003 syscall=33 success=yes exit=0 a0=994c1e8 a1=2 a2=af76dc a3=bfecb410 items=0 ppid=12197 pid=12202 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="kbuildsycoca" exe="/usr/bin/kbuildsycoca" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.574:12405): avc: denied { rmdir } for pid=12202 comm="kbuildsycoca" name="applnk" dev=dm-0 ino=11036154 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775630.574:12405): arch=40000003 syscall=40 success=no exit=-39 a0=9949b78 a1=9949b78 a2=d73958 a3=bfecb724 items=0 ppid=12197 pid=12202 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="kbuildsycoca" exe="/usr/bin/kbuildsycoca" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.906:12406): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=9330715 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775630.906:12406): avc: denied { relabelto } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=9330715 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775630.906:12406): arch=40000003 syscall=227 success=yes exit=0 a0=f39c518 a1=a2f0d3 a2=f3a6fe8 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.910:12407): avc: denied { setattr } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=9330715 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775630.910:12407): arch=40000003 syscall=212 success=yes exit=0 a0=f39c518 a1=0 a2=7 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.910:12408): avc: denied { create } for pid=8303 comm="yum" name="client.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.910:12408): arch=40000003 syscall=5 success=yes exit=30 a0=f3a6fe8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.918:12409): avc: denied { rename } for pid=8303 comm="yum" name="client.conf;455dcb57" dev=dm-0 ino=9329957 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.918:12409): arch=40000003 syscall=38 success=yes exit=0 a0=f3a6fe8 a1=f3af5e8 a2=d2a040 a3=f3a6fe8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.926:12410): avc: denied { relabelfrom } for pid=8303 comm="yum" name="client.conf" dev=dm-0 ino=9329957 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.926:12410): arch=40000003 syscall=227 success=yes exit=0 a0=f3af5e8 a1=a2f0d3 a2=f3a6bc8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.926:12411): avc: denied { write } for pid=8303 comm="yum" name="cupsd.conf.default;455dcb57" dev=dm-0 ino=9330232 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.926:12411): arch=40000003 syscall=4 success=yes exit=2472 a0=1e a1=b6dcb000 a2=9a8 a3=f2a44a8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775630.926:12411): path="/etc/cups/cupsd.conf.default;455dcb57"
+type=AVC msg=audit(1163775630.926:12412): avc: denied { unlink } for pid=8303 comm="yum" name="cupsd.conf.default" dev=dm-0 ino=9330707 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.926:12412): arch=40000003 syscall=38 success=yes exit=0 a0=f2a4478 a1=f154640 a2=d2a040 a3=f2a4478 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.934:12413): avc: denied { relabelto } for pid=8303 comm="yum" name="cupsd.conf.default" dev=dm-0 ino=9330232 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.934:12413): arch=40000003 syscall=227 success=yes exit=0 a0=f154640 a1=a2f0d3 a2=c353758 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.934:12414): avc: denied { setattr } for pid=8303 comm="yum" name="cupsd.conf.default" dev=dm-0 ino=9330232 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.934:12414): arch=40000003 syscall=212 success=yes exit=0 a0=f154640 a1=0 a2=7 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.954:12415): avc: denied { create } for pid=8303 comm="yum" name="cups.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.954:12415): arch=40000003 syscall=5 success=yes exit=30 a0=f3f8a90 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.954:12416): avc: denied { write } for pid=8303 comm="yum" name="cups.conf;455dcb57" dev=dm-0 ino=9331412 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.954:12416): arch=40000003 syscall=4 success=yes exit=460 a0=1e a1=b6dcb000 a2=1cc a3=f3f8ac0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775630.954:12416): path="/etc/dbus-1/system.d/cups.conf;455dcb57"
+type=AVC msg=audit(1163775630.958:12417): avc: denied { rename } for pid=8303 comm="yum" name="cups.conf;455dcb57" dev=dm-0 ino=9331412 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.958:12417): arch=40000003 syscall=38 success=yes exit=0 a0=f3f8a90 a1=f3f8a68 a2=d2a040 a3=f3f8a90 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.958:12418): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups.conf" dev=dm-0 ino=9331412 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.958:12418): arch=40000003 syscall=227 success=yes exit=0 a0=f3f8a68 a1=a2f0d3 a2=f3f4718 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.962:12419): avc: denied { unlink } for pid=8303 comm="yum" name="cancel.cups" dev=dm-0 ino=10334670 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.962:12419): arch=40000003 syscall=38 success=yes exit=0 a0=f3f46f0 a1=f3f8a68 a2=d2a040 a3=f3f46f0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.978:12420): avc: denied { relabelto } for pid=8303 comm="yum" name="cancel.cups" dev=dm-0 ino=10327946 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.978:12420): arch=40000003 syscall=227 success=yes exit=0 a0=f3f8a68 a1=a2f0d3 a2=f3f8b50 a3=20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775630.982:12421): avc: denied { setattr } for pid=8303 comm="yum" name="cancel.cups" dev=dm-0 ino=10327946 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775630.982:12421): arch=40000003 syscall=212 success=yes exit=0 a0=f3f8a68 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.102:12422): avc: denied { unlink } for pid=8303 comm="yum" name="ipp" dev=dm-0 ino=4583583 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775631.102:12422): arch=40000003 syscall=38 success=yes exit=0 a0=f3ffda0 a1=f3ffd78 a2=d2a040 a3=f3ffda0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.122:12423): avc: denied { relabelto } for pid=8303 comm="yum" name="ipp" dev=dm-0 ino=10705026 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775631.122:12423): arch=40000003 syscall=227 success=yes exit=0 a0=f3ffd78 a1=a2f0d3 a2=f406ff0 a3=22 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.122:12424): avc: denied { setattr } for pid=8303 comm="yum" name="ipp" dev=dm-0 ino=10705026 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775631.122:12424): arch=40000003 syscall=212 success=yes exit=0 a0=f3ffd78 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.470:12425): avc: denied { write } for pid=8303 comm="yum" name="modules" dev=dm-0 ino=12345321 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775631.470:12425): avc: denied { add_name } for pid=8303 comm="yum" name="phpcups.so;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775631.470:12425): arch=40000003 syscall=5 success=yes exit=30 a0=f40f438 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.474:12426): avc: denied { remove_name } for pid=8303 comm="yum" name="phpcups.so;455dcb57" dev=dm-0 ino=12343179 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775631.474:12426): arch=40000003 syscall=38 success=yes exit=0 a0=f40f438 a1=b51acc8 a2=d2a040 a3=f40f438 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.514:12427): avc: denied { create } for pid=8303 comm="yum" name="cupsdisable;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775631.514:12427): arch=40000003 syscall=83 success=yes exit=0 a0=f27c828 a1=f4147f8 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.514:12428): avc: denied { rename } for pid=8303 comm="yum" name="cupsdisable;455dcb57" dev=dm-0 ino=10337772 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775631.514:12428): avc: denied { unlink } for pid=8303 comm="yum" name="cupsdisable" dev=dm-0 ino=10334675 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775631.514:12428): arch=40000003 syscall=38 success=yes exit=0 a0=f4147f8 a1=f4156e0 a2=d2a040 a3=f4147f8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.518:12429): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cupsdisable" dev=dm-0 ino=10337772 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775631.518:12429): avc: denied { relabelto } for pid=8303 comm="yum" name="cupsdisable" dev=dm-0 ino=10337772 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775631.518:12429): arch=40000003 syscall=227 success=yes exit=0 a0=f4156e0 a1=a2f0d3 a2=f40f3f8 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775631.518:12430): avc: denied { setattr } for pid=8303 comm="yum" name="cupsdisable" dev=dm-0 ino=10337772 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775631.518:12430): arch=40000003 syscall=198 success=yes exit=0 a0=f4156e0 a1=0 a2=0 a3=f19fdfc items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775632.498:12431): avc: denied { create } for pid=8303 comm="yum" name="doc;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775632.498:12431): arch=40000003 syscall=83 success=yes exit=0 a0=f27c828 a1=f41c358 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775632.498:12432): avc: denied { rename } for pid=8303 comm="yum" name="doc;455dcb57" dev=dm-0 ino=10738075 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775632.498:12432): avc: denied { unlink } for pid=8303 comm="yum" name="doc" dev=dm-0 ino=10738076 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775632.498:12432): arch=40000003 syscall=38 success=yes exit=0 a0=f41c358 a1=f4147f8 a2=d2a040 a3=f41c358 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775632.502:12433): avc: denied { relabelfrom } for pid=8303 comm="yum" name="doc" dev=dm-0 ino=10738075 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163775632.502:12433): avc: denied { relabelto } for pid=8303 comm="yum" name="doc" dev=dm-0 ino=10738075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775632.502:12433): arch=40000003 syscall=227 success=yes exit=0 a0=f4147f8 a1=a2f0d3 a2=f41c570 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775632.502:12434): avc: denied { setattr } for pid=8303 comm="yum" name="doc" dev=dm-0 ino=10738075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775632.502:12434): arch=40000003 syscall=198 success=yes exit=0 a0=f4147f8 a1=0 a2=0 a3=f19fdfc items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775633.462:12435): avc: denied { create } for pid=8303 comm="yum" name="it" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775633.462:12435): arch=40000003 syscall=39 success=yes exit=0 a0=f41ec98 a1=1c0 a2=d2a040 a3=f41ec98 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775633.462:12436): avc: denied { relabelfrom } for pid=8303 comm="yum" name="it" dev=dm-0 ino=12177867 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775633.462:12436): arch=40000003 syscall=227 success=yes exit=0 a0=f41ec98 a1=a2f0d3 a2=f41ed80 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.155:12437): avc: denied { write } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10311889 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163775636.155:12437): avc: denied { add_name } for pid=8303 comm="yum" name="cancel-cups.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.155:12437): arch=40000003 syscall=83 success=yes exit=0 a0=f27c828 a1=f4262e0 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.163:12438): avc: denied { remove_name } for pid=8303 comm="yum" name="cancel-cups.1.gz;455dcb57" dev=dm-0 ino=10319625 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.163:12438): arch=40000003 syscall=38 success=yes exit=0 a0=f4262e0 a1=f426170 a2=d2a040 a3=f4262e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.167:12439): avc: denied { create } for pid=8303 comm="yum" name="cups-config.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775636.167:12439): arch=40000003 syscall=5 success=yes exit=30 a0=f4262e0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.167:12440): avc: denied { write } for pid=8303 comm="yum" name="cups-config.1.gz;455dcb57" dev=dm-0 ino=10319627 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775636.167:12440): arch=40000003 syscall=4 success=yes exit=1126 a0=1e a1=b6dcb000 a2=466 a3=f426378 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775636.167:12440): path="/usr/share/man/man1/cups-config.1.gz;455dcb57"
+type=AVC msg=audit(1163775636.167:12441): avc: denied { rename } for pid=8303 comm="yum" name="cups-config.1.gz;455dcb57" dev=dm-0 ino=10319627 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775636.167:12441): arch=40000003 syscall=38 success=yes exit=0 a0=f4262e0 a1=f426170 a2=d2a040 a3=f4262e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.167:12442): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups-config.1.gz" dev=dm-0 ino=10319627 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775636.167:12442): arch=40000003 syscall=227 success=yes exit=0 a0=f426170 a1=a2f0d3 a2=f4262b8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.283:12443): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437052 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=AVC msg=audit(1163775636.283:12443): avc: denied { relabelto } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437052 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.283:12443): arch=40000003 syscall=227 success=yes exit=0 a0=f421458 a1=a2f0d3 a2=f4478b8 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.315:12444): avc: denied { setattr } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437052 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.315:12444): arch=40000003 syscall=212 success=yes exit=0 a0=f421458 a1=4 a2=3 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.331:12445): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14534808 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775636.331:12445): avc: denied { relabelto } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14534808 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.331:12445): arch=40000003 syscall=227 success=yes exit=0 a0=f421458 a1=a2f0d3 a2=f448c88 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.331:12446): avc: denied { setattr } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14534808 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.331:12446): arch=40000003 syscall=212 success=yes exit=0 a0=f421458 a1=0 a2=7 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.355:12447): avc: denied { relabelfrom } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437056 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163775636.355:12447): avc: denied { relabelto } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437056 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.355:12447): arch=40000003 syscall=227 success=yes exit=0 a0=f421458 a1=a2f0d3 a2=f447908 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775636.355:12448): avc: denied { setattr } for pid=8303 comm="yum" name="cups" dev=dm-0 ino=14437056 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:print_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775636.355:12448): arch=40000003 syscall=212 success=yes exit=0 a0=f421458 a1=0 a2=7 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775640.143:12449): avc: denied { unlink } for pid=12210 comm="ln" name="smb" dev=dm-0 ino=10704859 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775640.143:12449): arch=40000003 syscall=10 success=yes exit=0 a0=bfb7dbf2 a1=34aff4 a2=804f42c a3=1 items=0 ppid=12209 pid=12210 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ln" exe="/bin/ln" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775640.811:12450): avc: denied { unlink } for pid=8303 comm="yum" name="beh" dev=dm-0 ino=15451397 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775640.811:12450): arch=40000003 syscall=38 success=yes exit=0 a0=f1a0110 a1=ab82440 a2=d2a040 a3=f1a0110 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775640.859:12451): avc: denied { relabelto } for pid=8303 comm="yum" name="beh" dev=dm-0 ino=10705042 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775640.859:12451): arch=40000003 syscall=227 success=yes exit=0 a0=ab82440 a1=a2f0d3 a2=f3853e8 a3=22 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775640.859:12452): avc: denied { setattr } for pid=8303 comm="yum" name="beh" dev=dm-0 ino=10705042 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775640.859:12452): arch=40000003 syscall=212 success=yes exit=0 a0=ab82440 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775656.092:12453): avc: denied { relabelfrom } for pid=8303 comm="yum" name="foomatic" dev=dm-0 ino=14437080 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775656.092:12453): avc: denied { relabelto } for pid=8303 comm="yum" name="foomatic" dev=dm-0 ino=14437080 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775656.092:12453): arch=40000003 syscall=227 success=yes exit=0 a0=f5832b0 a1=a2f0d3 a2=f591e68 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775656.092:12454): avc: denied { setattr } for pid=8303 comm="yum" name="foomatic" dev=dm-0 ino=14437080 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775656.092:12454): arch=40000003 syscall=212 success=yes exit=0 a0=f5832b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163775661.176:12455): user pid=12211 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163775661.176:12456): login pid=12211 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163775661.176:12457): user pid=12211 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163775661.176:12458): user pid=12211 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775661.180:12459): avc: denied { getattr } for pid=12212 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.180:12459): arch=40000003 syscall=195 success=yes exit=0 a0=886d120 a1=bfb4c400 a2=bdaff4 a3=886d120 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.180:12459): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163775661.264:12460): avc: denied { execute } for pid=12212 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.264:12460): arch=40000003 syscall=33 success=yes exit=0 a0=886d120 a1=1 a2=11 a3=886d120 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775661.264:12461): avc: denied { read } for pid=12212 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.264:12461): arch=40000003 syscall=33 success=yes exit=0 a0=886d120 a1=4 a2=ffffffff a3=886d120 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775661.264:12462): avc: denied { execute_no_trans } for pid=12212 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.264:12462): arch=40000003 syscall=11 success=yes exit=0 a0=886d120 a1=886d3d8 a2=886d2f8 a3=886cf98 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.264:12462): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163775661.272:12463): avc: denied { ioctl } for pid=12212 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.272:12463): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfcd5fb8 a3=bfcd5ff8 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.272:12463): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163775661.288:12464): avc: denied { execute } for pid=12212 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.288:12464): arch=40000003 syscall=33 success=yes exit=0 a0=a01a990 a1=1 a2=1 a3=a01ac98 items=0 ppid=12211 pid=12212 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775661.288:12465): avc: denied { execute_no_trans } for pid=12213 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.288:12465): arch=40000003 syscall=11 success=yes exit=0 a0=a01aa10 a1=a01aad8 a2=a01aae8 a3=a01a758 items=0 ppid=12212 pid=12213 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.288:12465): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1163775661.388:12466): avc: denied { execute } for pid=12215 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163775661.388:12466): avc: denied { execute_no_trans } for pid=12215 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163775661.388:12466): avc: denied { read } for pid=12215 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.388:12466): arch=40000003 syscall=11 success=yes exit=0 a0=9392678 a1=9392808 a2=9392720 a3=9392508 items=0 ppid=12213 pid=12215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.388:12466): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1163775661.388:12466): path="/sbin/chkconfig"
+type=AVC msg=audit(1163775661.392:12467): avc: denied { read } for pid=12215 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.392:12467): arch=40000003 syscall=5 success=yes exit=3 a0=bf82eaf0 a1=0 a2=ffffffff a3=8ba7038 items=0 ppid=12213 pid=12215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163775661.392:12468): avc: denied { getattr } for pid=12215 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775661.392:12468): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf82ea5c a2=24bff4 a3=bf82ea5c items=0 ppid=12213 pid=12215 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163775661.392:12468): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1163775661.672:12469): user pid=12211 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163775661.672:12470): user pid=12211 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163775663.072:12471): avc: denied { read } for pid=12237 comm="cups" name="cupsd.pid" dev=dm-0 ino=14436994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775663.072:12471): arch=40000003 syscall=5 success=yes exit=3 a0=9beee18 a1=8000 a2=0 a3=8000 items=0 ppid=12230 pid=12237 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cups" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775663.072:12472): avc: denied { ioctl } for pid=12237 comm="cups" name="cupsd.pid" dev=dm-0 ino=14436994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775663.072:12472): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bffb0478 a3=bffb04b8 items=0 ppid=12230 pid=12237 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cups" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775663.072:12472): path="/var/run/cupsd.pid"
+type=AVC msg=audit(1163775663.076:12473): avc: denied { signal } for pid=12237 comm="cups" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775663.076:12473): arch=40000003 syscall=37 success=yes exit=0 a0=87a a1=f a2=87a a3=87a items=0 ppid=12230 pid=12237 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cups" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.304:12474): avc: denied { remove_name } for pid=12244 comm="rm" name="cupsd.pid" dev=dm-0 ino=14436994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775664.304:12474): avc: denied { unlink } for pid=12244 comm="rm" name="cupsd.pid" dev=dm-0 ino=14436994 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.304:12474): arch=40000003 syscall=10 success=yes exit=0 a0=bfc86f8a a1=0 a2=805277c a3=bfc85274 items=0 ppid=12237 pid=12244 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.316:12475): avc: denied { execute } for pid=12246 comm="bash" name="cupsd" dev=dm-0 ino=10311849 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.316:12475): arch=40000003 syscall=33 success=yes exit=0 a0=8746808 a1=1 a2=11 a3=8746808 items=0 ppid=12237 pid=12246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.316:12476): avc: denied { read } for pid=12246 comm="bash" name="cupsd" dev=dm-0 ino=10311849 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.316:12476): arch=40000003 syscall=33 success=yes exit=0 a0=8746808 a1=4 a2=ffffffff a3=8746808 items=0 ppid=12237 pid=12246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.316:12477): avc: denied { execute_no_trans } for pid=12247 comm="bash" name="cupsd" dev=dm-0 ino=10311849 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.316:12477): arch=40000003 syscall=11 success=yes exit=0 a0=8746808 a1=8746bf0 a2=8746b48 a3=87465a0 items=0 ppid=12246 pid=12247 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775664.316:12477): path="/usr/sbin/cupsd"
+type=AVC msg=audit(1163775664.780:12478): avc: denied { read append } for pid=12248 comm="cupsd" name="error_log" dev=dm-0 ino=14438248 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.780:12478): arch=40000003 syscall=5 success=yes exit=2 a0=bfb130b4 a1=8442 a2=1b6 a3=8442 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.780:12479): avc: denied { setattr } for pid=12248 comm="cupsd" name="error_log" dev=dm-0 ino=14438248 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.780:12479): arch=40000003 syscall=207 success=yes exit=0 a0=2 a1=0 a2=7 a3=0 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775664.928:12480): avc: denied { ioctl } for pid=12248 comm="cupsd" name="printers.conf" dev=dm-0 ino=9329769 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.928:12480): arch=40000003 syscall=54 success=no exit=-25 a0=1 a1=5401 a2=bfb1088c a3=bfb108cc items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775664.928:12480): path="/etc/cups/printers.conf"
+type=AVC msg=audit(1163775664.932:12481): avc: denied { ioctl } for pid=12248 comm="cupsd" name="error_log" dev=dm-0 ino=14438248 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775664.932:12481): arch=40000003 syscall=54 success=no exit=-25 a0=2 a1=5401 a2=bfb1088c a3=bfb108cc items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775664.932:12481): path="/var/log/cups/error_log"
+type=LABEL_LEVEL_CHANGE msg=audit(1163775664.932:12482): user pid=12248 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='printer=ML-1740 uri=hal:///org/freedesktop/Hal/devices/usb_device_4e8_324c_2W61BKCX911232K0_if0_printer_noserial banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
+type=AVC msg=audit(1163775665.052:12483): avc: denied { write } for pid=12248 comm="cupsd" name="printcap" dev=dm-0 ino=9329785 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775665.052:12483): arch=40000003 syscall=5 success=yes exit=1 a0=9108640 a1=8241 a2=1b6 a3=8241 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.076:12484): avc: denied { read } for pid=12248 comm="cupsd" name="c00026" dev=dm-0 ino=14437207 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:print_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775665.076:12484): arch=40000003 syscall=5 success=yes exit=3 a0=bfb14e38 a1=8000 a2=0 a3=8000 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.104:12485): avc: denied { node_bind } for pid=12248 comm="cupsd" saddr=127.0.0.1 src=631 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lo_node_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163775665.104:12485): avc: denied { net_bind_service } for pid=12248 comm="cupsd" capability=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163775665.104:12485): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfb16a60 a2=927ff4 a3=bfb16a94 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.104:12486): avc: denied { name_bind } for pid=12248 comm="cupsd" src=631 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ipp_port_t:s0 tclass=udp_socket
+type=SYSCALL msg=audit(1163775665.104:12486): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfb16b50 a2=927ff4 a3=928964 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.108:12487): avc: denied { write } for pid=12248 comm="cupsd" name="certs" dev=dm-0 ino=14534810 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775665.108:12487): avc: denied { add_name } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163775665.108:12487): avc: denied { create } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775665.108:12487): arch=40000003 syscall=5 success=yes exit=7 a0=bfb16788 a1=80c1 a2=100 a3=80c1 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.108:12488): avc: denied { setattr } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775665.108:12488): arch=40000003 syscall=94 success=yes exit=0 a0=7 a1=120 a2=927ff4 a3=21 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775665.108:12489): avc: denied { write } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775665.108:12489): arch=40000003 syscall=4 success=yes exit=32 a0=7 a1=9139578 a2=20 a3=9139578 items=0 ppid=12247 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775665.108:12489): path="/var/run/cups/certs/0"
+type=AVC msg=audit(1163775666.252:12490): avc: denied { unlink } for pid=8303 comm="yum" name="hal_lpadmin" dev=dm-0 ino=10327522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_config_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775666.252:12490): arch=40000003 syscall=38 success=yes exit=0 a0=f27fe68 a1=f280838 a2=d2a040 a3=f27fe68 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775666.276:12491): avc: denied { relabelto } for pid=8303 comm="yum" name="hal_lpadmin" dev=dm-0 ino=10326729 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_config_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775666.276:12491): arch=40000003 syscall=227 success=yes exit=0 a0=f280838 a1=a2f0d3 a2=f147e60 a3=29 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775666.276:12492): avc: denied { setattr } for pid=8303 comm="yum" name="hal_lpadmin" dev=dm-0 ino=10326729 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_config_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775666.276:12492): arch=40000003 syscall=212 success=yes exit=0 a0=f280838 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775693.654:12493): avc: denied { relabelfrom } for pid=8303 comm="yum" name="selinux" dev=dm-0 ino=9330337 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163775693.654:12493): avc: denied { relabelto } for pid=8303 comm="yum" name="selinux" dev=dm-0 ino=9330337 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775693.654:12493): arch=40000003 syscall=227 success=yes exit=0 a0=f494f10 a1=a2f0d3 a2=f148140 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775693.702:12494): avc: denied { setattr } for pid=8303 comm="yum" name="selinux" dev=dm-0 ino=9330337 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775693.702:12494): arch=40000003 syscall=212 success=yes exit=0 a0=f494f10 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.138:12495): avc: denied { write } for pid=12273 comm="cp" name="seusers" dev=dm-0 ino=9334717 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.138:12495): arch=40000003 syscall=5 success=yes exit=4 a0=bfe4dbe1 a1=8201 a2=0 a3=8201 items=0 ppid=12272 pid=12273 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cp" exe="/bin/cp" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.378:12496): avc: denied { unlink } for pid=8303 comm="yum" name="ssh-keygen" dev=dm-0 ino=10330013 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keygen_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.378:12496): arch=40000003 syscall=38 success=yes exit=0 a0=f57c240 a1=f0a1860 a2=d2a040 a3=f57c240 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.402:12497): avc: denied { relabelto } for pid=8303 comm="yum" name="ssh-keygen" dev=dm-0 ino=10316656 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keygen_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.402:12497): arch=40000003 syscall=227 success=yes exit=0 a0=f0a1860 a1=a2f0d3 a2=f3761f0 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.402:12498): avc: denied { setattr } for pid=8303 comm="yum" name="ssh-keygen" dev=dm-0 ino=10316656 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keygen_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.402:12498): arch=40000003 syscall=212 success=yes exit=0 a0=f0a1860 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.434:12499): avc: denied { unlink } for pid=8303 comm="yum" name="ssh-keysign" dev=dm-0 ino=1014851 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keysign_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.434:12499): arch=40000003 syscall=38 success=yes exit=0 a0=f147e00 a1=f54c580 a2=d2a040 a3=f147e00 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.486:12500): avc: denied { relabelto } for pid=8303 comm="yum" name="ssh-keysign" dev=dm-0 ino=10802910 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keysign_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.486:12500): arch=40000003 syscall=227 success=yes exit=0 a0=f54c580 a1=a2f0d3 a2=f147e00 a3=28 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775696.486:12501): avc: denied { setattr } for pid=8303 comm="yum" name="ssh-keysign" dev=dm-0 ino=10802910 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ssh_keysign_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775696.486:12501): arch=40000003 syscall=212 success=yes exit=0 a0=f54c580 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775707.375:12502): avc: denied { unlink } for pid=8303 comm="yum" name="newrole" dev=dm-0 ino=10318603 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775707.375:12502): arch=40000003 syscall=38 success=yes exit=0 a0=f375a98 a1=f4909b8 a2=d2a040 a3=f375a98 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775707.403:12503): avc: denied { relabelto } for pid=8303 comm="yum" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775707.403:12503): arch=40000003 syscall=227 success=yes exit=0 a0=f4909b8 a1=a2f0d3 a2=f4b8e20 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775707.403:12504): avc: denied { setattr } for pid=8303 comm="yum" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775707.403:12504): arch=40000003 syscall=212 success=yes exit=0 a0=f4909b8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.535:12505): avc: denied { write } for pid=8303 comm="yum" name="ppp" dev=dm-0 ino=9330491 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.535:12505): avc: denied { add_name } for pid=8303 comm="yum" name="ioptions;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.535:12505): avc: denied { create } for pid=8303 comm="yum" name="ioptions;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.535:12505): arch=40000003 syscall=5 success=yes exit=30 a0=f27c7a0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.535:12506): avc: denied { remove_name } for pid=8303 comm="yum" name="ioptions;455dcb57" dev=dm-0 ino=9330999 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.535:12506): avc: denied { rename } for pid=8303 comm="yum" name="ioptions;455dcb57" dev=dm-0 ino=9330999 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775708.535:12506): avc: denied { unlink } for pid=8303 comm="yum" name="ioptions" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.535:12506): arch=40000003 syscall=38 success=yes exit=0 a0=f27c7a0 a1=f4b0458 a2=d2a040 a3=f27c7a0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.535:12507): avc: denied { relabelfrom } for pid=8303 comm="yum" name="ioptions" dev=dm-0 ino=9330999 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163775708.535:12507): avc: denied { relabelto } for pid=8303 comm="yum" name="ioptions" dev=dm-0 ino=9330999 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.535:12507): arch=40000003 syscall=227 success=yes exit=0 a0=f4b0458 a1=a2f0d3 a2=eeffe80 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.535:12508): avc: denied { setattr } for pid=8303 comm="yum" name="ioptions" dev=dm-0 ino=9330999 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.535:12508): arch=40000003 syscall=212 success=yes exit=0 a0=f4b0458 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.551:12509): avc: denied { relabelfrom } for pid=8303 comm="yum" name="isdn" dev=dm-0 ino=9331005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.551:12509): avc: denied { relabelto } for pid=8303 comm="yum" name="isdn" dev=dm-0 ino=9331005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775708.551:12509): arch=40000003 syscall=227 success=yes exit=0 a0=f4b0458 a1=a2f0d3 a2=f4b3278 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.551:12510): avc: denied { setattr } for pid=8303 comm="yum" name="isdn" dev=dm-0 ino=9331005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775708.551:12510): arch=40000003 syscall=212 success=yes exit=0 a0=f4b0458 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.555:12511): avc: denied { write } for pid=8303 comm="yum" name="isdn" dev=dm-0 ino=9331005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.555:12511): avc: denied { add_name } for pid=8303 comm="yum" name="arcor;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.555:12511): avc: denied { create } for pid=8303 comm="yum" name="arcor;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.555:12511): arch=40000003 syscall=5 success=yes exit=30 a0=ef000c0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.555:12512): avc: denied { write } for pid=8303 comm="yum" name="arcor;455dcb57" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.555:12512): arch=40000003 syscall=4 success=yes exit=180 a0=1e a1=b6dcb000 a2=b4 a3=f55d720 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775708.555:12512): path="/etc/ppp/peers/isdn/arcor;455dcb57"
+type=AVC msg=audit(1163775708.555:12513): avc: denied { remove_name } for pid=8303 comm="yum" name="arcor;455dcb57" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pppd_etc_rw_t:s0 tclass=dir
+type=AVC msg=audit(1163775708.555:12513): avc: denied { rename } for pid=8303 comm="yum" name="arcor;455dcb57" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.555:12513): arch=40000003 syscall=38 success=yes exit=0 a0=ef000c0 a1=f375a98 a2=d2a040 a3=ef000c0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775708.559:12514): avc: denied { relabelfrom } for pid=8303 comm="yum" name="arcor" dev=dm-0 ino=9331000 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:pppd_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775708.559:12514): arch=40000003 syscall=227 success=yes exit=0 a0=f375a98 a1=a2f0d3 a2=f4b3278 a3=23 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775710.859:12515): avc: denied { relabelfrom } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437085 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163775710.859:12515): avc: denied { relabelto } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437085 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775710.859:12515): arch=40000003 syscall=227 success=yes exit=0 a0=f641240 a1=a2f0d3 a2=f6411e0 a3=1f items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775710.863:12516): avc: denied { setattr } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437085 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775710.863:12516): arch=40000003 syscall=212 success=yes exit=0 a0=f641240 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775710.863:12517): avc: denied { relabelfrom } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437086 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163775710.863:12517): avc: denied { relabelto } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437086 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775710.863:12517): arch=40000003 syscall=227 success=yes exit=0 a0=f641240 a1=a2f0d3 a2=b4ef810 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775710.863:12518): avc: denied { setattr } for pid=8303 comm="yum" name="vbox" dev=dm-0 ino=14437086 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775710.863:12518): arch=40000003 syscall=212 success=yes exit=0 a0=f641240 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775713.747:12519): avc: denied { unlink } for pid=12284 comm="chkconfig" name="K91capi" dev=dm-0 ino=7365619 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775713.747:12519): arch=40000003 syscall=10 success=yes exit=0 a0=946aba0 a1=946ab90 a2=1 a3=946aa38 items=0 ppid=12280 pid=12284 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="chkconfig" exe="/sbin/chkconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.816:12520): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.816:12520): arch=40000003 syscall=195 success=no exit=-2 a0=9b280a0 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.816:12521): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.816:12521): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.816:12522): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.816:12522): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.816:12523): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.816:12523): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12524): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12524): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12525): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12525): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12526): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12526): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12527): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12527): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12528): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12528): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12529): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12529): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12530): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12530): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12531): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12531): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12532): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12532): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12533): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12533): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12534): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12534): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12535): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12535): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12536): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12536): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12537): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12537): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.820:12538): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.820:12538): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12539): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12539): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12540): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12540): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12541): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12541): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12542): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12542): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12543): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12543): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775721.824:12544): avc: denied { ptrace } for pid=12289 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775721.824:12544): arch=40000003 syscall=195 success=yes exit=0 a0=9b28088 a1=bfb8cbb4 a2=385ff4 a3=bfb8bf2c items=0 ppid=12288 pid=12289 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775724.280:12545): avc: denied { write } for pid=8303 comm="yum" name="bin" dev=dm-0 ino=10311850 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775724.280:12545): avc: denied { add_name } for pid=8303 comm="yum" name="gnomevfs-cat;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775724.280:12545): avc: denied { create } for pid=8303 comm="yum" name="gnomevfs-cat;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775724.280:12545): arch=40000003 syscall=5 success=yes exit=30 a0=f5a3320 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775724.280:12546): avc: denied { write } for pid=8303 comm="yum" name="gnomevfs-cat;455dcb57" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775724.280:12546): arch=40000003 syscall=4 success=yes exit=8192 a0=1e a1=f4965d8 a2=2000 a3=ef7b798 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775724.280:12546): path="/usr/bin/gnomevfs-cat;455dcb57"
+type=AVC msg=audit(1163775724.280:12547): avc: denied { remove_name } for pid=8303 comm="yum" name="gnomevfs-cat;455dcb57" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163775724.280:12547): avc: denied { rename } for pid=8303 comm="yum" name="gnomevfs-cat;455dcb57" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163775724.280:12547): avc: denied { unlink } for pid=8303 comm="yum" name="gnomevfs-cat" dev=dm-0 ino=10333891 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775724.280:12547): arch=40000003 syscall=38 success=yes exit=0 a0=f5a3320 a1=f384878 a2=d2a040 a3=f5a3320 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775724.288:12548): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gnomevfs-cat" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163775724.288:12548): avc: denied { relabelto } for pid=8303 comm="yum" name="gnomevfs-cat" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775724.288:12548): arch=40000003 syscall=227 success=yes exit=0 a0=f384878 a1=a2f0d3 a2=f57c2e8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775724.288:12549): avc: denied { setattr } for pid=8303 comm="yum" name="gnomevfs-cat" dev=dm-0 ino=10312124 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775724.288:12549): arch=40000003 syscall=212 success=yes exit=0 a0=f384878 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.040:12550): avc: denied { write } for pid=8303 comm="yum" name="services" dev=dm-0 ino=10543975 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775725.040:12550): avc: denied { add_name } for pid=8303 comm="yum" name="gnome-vfs-daemon.service;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775725.040:12550): arch=40000003 syscall=5 success=yes exit=30 a0=ef7b8e0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.120:12551): avc: denied { remove_name } for pid=8303 comm="yum" name="gnome-vfs-daemon.service;455dcb57" dev=dm-0 ino=15648912 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775725.120:12551): arch=40000003 syscall=38 success=yes exit=0 a0=ef7b8e0 a1=f5cd730 a2=d2a040 a3=ef7b8e0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.120:12552): avc: denied { relabelto } for pid=8303 comm="yum" name="gnome-vfs2-2.16.2" dev=dm-0 ino=12179053 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775725.120:12552): arch=40000003 syscall=227 success=yes exit=0 a0=f2c8e90 a1=a2f0d3 a2=ef7b948 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.120:12553): avc: denied { setattr } for pid=8303 comm="yum" name="gnome-vfs2-2.16.2" dev=dm-0 ino=12179053 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775725.120:12553): arch=40000003 syscall=212 success=yes exit=0 a0=f2c8e90 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.208:12554): avc: denied { unlink } for pid=8303 comm="yum" name="gnome-vfs-2.0.mo" dev=dm-0 ino=10338227 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775725.208:12554): arch=40000003 syscall=38 success=yes exit=0 a0=f5cd768 a1=f5cd730 a2=d2a040 a3=f5cd768 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.252:12555): avc: denied { relabelto } for pid=8303 comm="yum" name="gnome-vfs-2.0.mo" dev=dm-0 ino=10337938 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775725.252:12555): arch=40000003 syscall=227 success=yes exit=0 a0=f5cd730 a1=a2f0d3 a2=f2c8e90 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775725.252:12556): avc: denied { setattr } for pid=8303 comm="yum" name="gnome-vfs-2.0.mo" dev=dm-0 ino=10337938 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775725.252:12556): arch=40000003 syscall=212 success=yes exit=0 a0=f5cd730 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775733.685:12557): avc: denied { ptrace } for pid=12294 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775733.685:12557): arch=40000003 syscall=195 success=yes exit=0 a0=8874088 a1=bfaefb14 a2=24bff4 a3=bfaeee8c items=0 ppid=12293 pid=12294 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775733.685:12558): avc: denied { ptrace } for pid=12294 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775733.685:12558): arch=40000003 syscall=195 success=yes exit=0 a0=8874088 a1=bfaefb14 a2=24bff4 a3=bfaeee8c items=0 ppid=12293 pid=12294 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775733.685:12559): avc: denied { ptrace } for pid=12294 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775733.685:12559): arch=40000003 syscall=195 success=yes exit=0 a0=8874088 a1=bfaefb14 a2=24bff4 a3=bfaeee8c items=0 ppid=12293 pid=12294 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775733.685:12560): avc: denied { ptrace } for pid=12294 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775733.685:12560): arch=40000003 syscall=195 success=yes exit=0 a0=8874088 a1=bfaefb14 a2=24bff4 a3=bfaeee8c items=0 ppid=12293 pid=12294 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775733.685:12561): avc: denied { ptrace } for pid=12294 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775733.685:12561): arch=40000003 syscall=195 success=yes exit=0 a0=8874088 a1=bfaefb14 a2=24bff4 a3=bfaeee8c items=0 ppid=12293 pid=12294 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775735.625:12562): avc: denied { append } for pid=8303 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775735.625:12562): arch=40000003 syscall=4 success=yes exit=54 a0=4 a1=b7bd1000 a2=36 a3=36 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775735.625:12562): path="/var/log/yum.log"
+type=AVC msg=audit(1163775742.197:12563): avc: denied { ptrace } for pid=12298 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775742.197:12563): arch=40000003 syscall=195 success=yes exit=0 a0=81890a0 a1=bf9b3284 a2=69eff4 a3=bf9b25fc items=0 ppid=12297 pid=12298 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.637:12564): avc: denied { create } for pid=8303 comm="yum" name="libmoniker_extra_2.so;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.637:12564): arch=40000003 syscall=5 success=yes exit=30 a0=bd495a0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.645:12565): avc: denied { write } for pid=8303 comm="yum" name="libmoniker_extra_2.so;455dcb57" dev=dm-0 ino=10455193 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.645:12565): arch=40000003 syscall=4 success=yes exit=16384 a0=1e a1=f55fe88 a2=4000 a3=f144cc0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775744.645:12565): path="/usr/lib/bonobo/monikers/libmoniker_extra_2.so;455dcb57"
+type=AVC msg=audit(1163775744.645:12566): avc: denied { rename } for pid=8303 comm="yum" name="libmoniker_extra_2.so;455dcb57" dev=dm-0 ino=10455193 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775744.645:12566): avc: denied { unlink } for pid=8303 comm="yum" name="libmoniker_extra_2.so" dev=dm-0 ino=10446408 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.645:12566): arch=40000003 syscall=38 success=yes exit=0 a0=bd495a0 a1=f145010 a2=d2a040 a3=bd495a0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.649:12567): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libmoniker_extra_2.so" dev=dm-0 ino=10455193 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775744.649:12567): avc: denied { relabelto } for pid=8303 comm="yum" name="libmoniker_extra_2.so" dev=dm-0 ino=10455193 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.649:12567): arch=40000003 syscall=227 success=yes exit=0 a0=f145010 a1=a2f0d3 a2=f279f88 a3=1d items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.649:12568): avc: denied { setattr } for pid=8303 comm="yum" name="libmoniker_extra_2.so" dev=dm-0 ino=10455193 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.649:12568): arch=40000003 syscall=212 success=yes exit=0 a0=f145010 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.729:12569): avc: denied { unlink } for pid=8303 comm="yum" name="GNOME_Moniker_std.server" dev=dm-0 ino=10447004 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.729:12569): arch=40000003 syscall=38 success=yes exit=0 a0=bd495a0 a1=f145010 a2=d2a040 a3=bd495a0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.729:12570): avc: denied { relabelto } for pid=8303 comm="yum" name="GNOME_Moniker_std.server" dev=dm-0 ino=10446408 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.729:12570): arch=40000003 syscall=227 success=yes exit=0 a0=f145010 a1=a2f0d3 a2=f5ccec8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775744.729:12571): avc: denied { setattr } for pid=8303 comm="yum" name="GNOME_Moniker_std.server" dev=dm-0 ino=10446408 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775744.729:12571): arch=40000003 syscall=212 success=yes exit=0 a0=f145010 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775753.778:12572): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gnome-about" dev=dm-0 ino=10803023 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775753.778:12572): arch=40000003 syscall=227 success=yes exit=0 a0=f0f83f0 a1=a2f0d3 a2=f0f8430 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775758.842:12573): avc: denied { create } for pid=8303 comm="yum" name="openoffice.org2.1" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775758.842:12573): arch=40000003 syscall=39 success=yes exit=0 a0=f3847d0 a1=1c0 a2=d2a040 a3=f3847d0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775758.846:12574): avc: denied { relabelfrom } for pid=8303 comm="yum" name="openoffice.org2.1" dev=dm-0 ino=12179071 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775758.846:12574): arch=40000003 syscall=227 success=yes exit=0 a0=f3847d0 a1=a2f0d3 a2=f570790 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775759.542:12575): avc: denied { relabelto } for pid=8303 comm="yum" name="program" dev=dm-0 ino=12179293 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775759.542:12575): arch=40000003 syscall=227 success=yes exit=0 a0=ef7b898 a1=a2f0d3 a2=eef2670 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775759.546:12576): avc: denied { setattr } for pid=8303 comm="yum" name="program" dev=dm-0 ino=12179293 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775759.546:12576): arch=40000003 syscall=212 success=yes exit=0 a0=ef7b898 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775759.558:12577): avc: denied { create } for pid=8303 comm="yum" name="addin" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775759.558:12577): arch=40000003 syscall=39 success=yes exit=0 a0=f5ca2d8 a1=1c0 a2=d2a040 a3=f5ca2d8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775759.558:12578): avc: denied { relabelfrom } for pid=8303 comm="yum" name="addin" dev=dm-0 ino=12179296 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775759.558:12578): arch=40000003 syscall=227 success=yes exit=0 a0=f5ca2d8 a1=a2f0d3 a2=f5ca308 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775832.227:12579): avc: denied { unlink } for pid=8303 comm="yum" name="evolution-data-server-1.10" dev=dm-0 ino=10326685 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_server_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775832.227:12579): arch=40000003 syscall=38 success=yes exit=0 a0=f5dfc50 a1=f629e78 a2=d2a040 a3=f5dfc50 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775832.271:12580): avc: denied { relabelto } for pid=8303 comm="yum" name="evolution-data-server-1.10" dev=dm-0 ino=10318123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_server_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775832.271:12580): arch=40000003 syscall=227 success=yes exit=0 a0=f629e78 a1=a2f0d3 a2=f5dfc50 a3=2d items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775832.271:12581): avc: denied { setattr } for pid=8303 comm="yum" name="evolution-data-server-1.10" dev=dm-0 ino=10318123 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_server_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775832.271:12581): arch=40000003 syscall=212 success=yes exit=0 a0=f629e78 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775843.035:12582): avc: denied { write } for pid=12315 comm="ldconfig" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775843.035:12582): avc: denied { add_name } for pid=12315 comm="ldconfig" name="ld.so.cache~" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775843.035:12582): arch=40000003 syscall=5 success=yes exit=3 a0=8aeeb20 a1=20241 a2=1a4 a3=8aeeb20 items=0 ppid=8303 pid=12315 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775843.043:12583): avc: denied { remove_name } for pid=12315 comm="ldconfig" name="ld.so.cache~" dev=dm-0 ino=9331027 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775843.043:12583): arch=40000003 syscall=38 success=yes exit=0 a0=8aeeb20 a1=bf949180 a2=bf949100 a3=8aeeb20 items=0 ppid=8303 pid=12315 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775905.011:12584): avc: denied { append } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper.log" dev=dm-0 ino=14436937 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775905.011:12584): arch=40000003 syscall=5 success=yes exit=3 a0=7385d0 a1=441 a2=1b6 a3=8acd250 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775906.575:12585): avc: denied { write } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper" dev=dm-0 ino=14567773 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775906.575:12585): avc: denied { add_name } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775906.575:12585): avc: denied { create } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775906.575:12585): arch=40000003 syscall=5 success=yes exit=4 a0=bfbe2e13 a1=241 a2=1b6 a3=8b06d18 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775906.591:12586): avc: denied { write } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" dev=dm-0 ino=14567525 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775906.591:12586): arch=40000003 syscall=4 success=yes exit=4096 a0=4 a1=b7ff1000 a2=1000 a3=1000 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775906.591:12586): path="/var/lib/scrollkeeper/scrollkeeper_docs.tmp"
+type=AVC msg=audit(1163775906.591:12587): avc: denied { remove_name } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567874 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775906.591:12587): avc: denied { unlink } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567874 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775906.591:12587): arch=40000003 syscall=10 success=yes exit=0 a0=bfbe2d13 a1=1 a2=73a338 a3=bfbe2f33 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775906.591:12588): avc: denied { rename } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" dev=dm-0 ino=14567525 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775906.591:12588): arch=40000003 syscall=38 success=yes exit=0 a0=bfbe2e13 a1=bfbe2d13 a2=73a338 a3=bfbe2f33 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775906.903:12589): avc: denied { append } for pid=12351 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567525 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775906.903:12589): arch=40000003 syscall=5 success=yes exit=3 a0=bfbe2a38 a1=441 a2=1b6 a3=8adbfb8 items=0 ppid=12346 pid=12351 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775915.816:12590): avc: denied { ptrace } for pid=12737 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775915.816:12590): arch=40000003 syscall=195 success=yes exit=0 a0=9839088 a1=bffbd904 a2=fb6ff4 a3=bffbcc7c items=0 ppid=12736 pid=12737 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775918.492:12591): avc: denied { write } for pid=8303 comm="yum" name="modules" dev=dm-0 ino=10802956 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775918.492:12591): avc: denied { add_name } for pid=8303 comm="yum" name="libmapping.so;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775918.492:12591): arch=40000003 syscall=5 success=yes exit=30 a0=f70a6b8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775918.500:12592): avc: denied { remove_name } for pid=8303 comm="yum" name="libmapping.so;455dcb57" dev=dm-0 ino=10802957 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775918.500:12592): arch=40000003 syscall=38 success=yes exit=0 a0=f70a6b8 a1=f7ec010 a2=d2a040 a3=f70a6b8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775941.518:12593): avc: denied { write } for pid=12789 comm="update-desktop-" name="applications" dev=dm-0 ino=10936389 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163775941.518:12593): avc: denied { add_name } for pid=12789 comm="update-desktop-" name=".mimeinfo.cache.EF10IT" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775941.518:12593): arch=40000003 syscall=5 success=yes exit=3 a0=9f4ae20 a1=80c2 a2=180 a3=80c2 items=0 ppid=12749 pid=12789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775941.518:12594): avc: denied { remove_name } for pid=12789 comm="update-desktop-" name=".mimeinfo.cache.EF10IT" dev=dm-0 ino=10937705 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775941.518:12594): arch=40000003 syscall=38 success=yes exit=0 a0=9f4ae20 a1=9f4bba8 a2=1a4 a3=9f4815c items=0 ppid=12749 pid=12789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775949.386:12595): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=9362524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163775949.386:12595): avc: denied { relabelto } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=9362524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775949.386:12595): arch=40000003 syscall=227 success=yes exit=0 a0=f569c18 a1=a2f0d3 a2=f569898 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775949.386:12596): avc: denied { setattr } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=9362524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775949.386:12596): arch=40000003 syscall=212 success=yes exit=0 a0=f569c18 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775949.542:12597): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=10902116 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775949.542:12597): avc: denied { relabelto } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=10902116 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775949.542:12597): arch=40000003 syscall=227 success=yes exit=0 a0=f70a620 a1=a2f0d3 a2=f73eaf8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775949.542:12598): avc: denied { setattr } for pid=8303 comm="yum" name="gaim" dev=dm-0 ino=10902116 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775949.542:12598): arch=40000003 syscall=212 success=yes exit=0 a0=f70a620 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775950.890:12599): avc: denied { write } for pid=8303 comm="yum" name="LC_MESSAGES" dev=dm-0 ino=10382818 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163775950.890:12599): avc: denied { add_name } for pid=8303 comm="yum" name="gaim.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775950.890:12599): arch=40000003 syscall=5 success=yes exit=30 a0=f2aea08 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775950.934:12600): avc: denied { remove_name } for pid=8303 comm="yum" name="gaim.mo;455dcb57" dev=dm-0 ino=10379674 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163775950.934:12600): arch=40000003 syscall=38 success=yes exit=0 a0=f2aea08 a1=f2b0398 a2=d2a040 a3=f2aea08 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775963.323:12601): avc: denied { read } for pid=12798 comm="gcj-dbtool" name="[120769]" dev=pipefs ino=120769 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=AVC msg=audit(1163775963.323:12601): avc: denied { write } for pid=12798 comm="gcj-dbtool" name="[120790]" dev=pipefs ino=120790 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163775963.323:12601): arch=40000003 syscall=11 success=yes exit=0 a0=9e7a200 a1=9e79ea0 a2=9e79938 a3=9e78238 items=0 ppid=12797 pid=12798 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163775963.323:12601): path="pipe:[120790]"
+type=AVC_PATH msg=audit(1163775963.323:12601): path="pipe:[120769]"
+type=AVC msg=audit(1163775965.247:12602): avc: denied { sigchld } for pid=12797 comm="rebuild-gcj-db" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775965.247:12602): arch=40000003 syscall=7 success=yes exit=12798 a0=ffffffff a1=bf8c8768 a2=0 a3=9e79a40 items=0 ppid=8303 pid=12797 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rebuild-gcj-db" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775965.531:12603): avc: denied { write } for pid=12803 comm="gcj-dbtool" name="classmap.db" dev=dm-0 ino=949382 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775965.531:12603): arch=40000003 syscall=5 success=yes exit=5 a0=194e60 a1=8042 a2=1b6 a3=8042 items=0 ppid=12797 pid=12803 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163775966.595:12604): avc: denied { write } for pid=12807 comm="gcj-dbtool" name="gcj-4.1.1" dev=dm-0 ino=11001132 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775966.595:12604): avc: denied { add_name } for pid=12807 comm="gcj-dbtool" name="classmap.db70c2ys" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775966.595:12604): avc: denied { create } for pid=12807 comm="gcj-dbtool" name="classmap.db70c2ys" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775966.595:12604): arch=40000003 syscall=5 success=yes exit=5 a0=bfc3aea0 a1=80c0 a2=1a4 a3=80c0 items=0 ppid=12806 pid=12807 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163775968.391:12605): avc: denied { write } for pid=12807 comm="gcj-dbtool" name="classmap.db70c2ys" dev=dm-0 ino=10999442 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775968.391:12605): arch=40000003 syscall=5 success=yes exit=136 a0=195cf8 a1=8042 a2=1b6 a3=8042 items=0 ppid=12806 pid=12807 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163775968.771:12606): avc: denied { remove_name } for pid=12807 comm="gcj-dbtool" name="classmap.db70c2ys" dev=dm-0 ino=10999442 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163775968.771:12606): avc: denied { rename } for pid=12807 comm="gcj-dbtool" name="classmap.db70c2ys" dev=dm-0 ino=10999442 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163775968.771:12606): avc: denied { unlink } for pid=12807 comm="gcj-dbtool" name="classmap.db" dev=dm-0 ino=949382 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163775968.771:12606): arch=40000003 syscall=38 success=yes exit=0 a0=bfc3aeb0 a1=bfc3ae80 a2=227e5f4 a3=bfc3ae80 items=0 ppid=12806 pid=12807 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163775969.307:12607): avc: denied { unlink } for pid=8303 comm="yum" name="libgtkhtml-3.8.so.15" dev=dm-0 ino=10333524 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775969.307:12607): arch=40000003 syscall=38 success=yes exit=0 a0=f568398 a1=f565df8 a2=d2a040 a3=f568398 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775969.311:12608): avc: denied { relabelto } for pid=8303 comm="yum" name="libgtkhtml-3.8.so.15" dev=dm-0 ino=10333827 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775969.311:12608): arch=40000003 syscall=227 success=yes exit=0 a0=f565df8 a1=a2f0d3 a2=f568580 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775969.311:12609): avc: denied { setattr } for pid=8303 comm="yum" name="libgtkhtml-3.8.so.15" dev=dm-0 ino=10333827 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163775969.311:12609): arch=40000003 syscall=198 success=yes exit=0 a0=f565df8 a1=0 a2=0 a3=f5632bc items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775976.504:12610): avc: denied { ptrace } for pid=12820 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775976.504:12610): arch=40000003 syscall=195 success=yes exit=0 a0=9c25088 a1=bfe64934 a2=b82ff4 a3=bfe63cac items=0 ppid=12819 pid=12820 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775976.504:12611): avc: denied { ptrace } for pid=12820 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775976.504:12611): arch=40000003 syscall=195 success=yes exit=0 a0=9c25088 a1=bfe64934 a2=b82ff4 a3=bfe63cac items=0 ppid=12819 pid=12820 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775976.508:12612): avc: denied { ptrace } for pid=12820 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775976.508:12612): arch=40000003 syscall=195 success=yes exit=0 a0=9c25088 a1=bfe64934 a2=b82ff4 a3=bfe63cac items=0 ppid=12819 pid=12820 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775976.512:12613): avc: denied { ptrace } for pid=12820 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775976.512:12613): arch=40000003 syscall=195 success=yes exit=0 a0=9c25088 a1=bfe64934 a2=b82ff4 a3=bfe63cac items=0 ppid=12819 pid=12820 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163775989.425:12614): avc: denied { setexec } for pid=12823 comm="yum" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163775989.425:12614): arch=40000003 syscall=4 success=no exit=-22 a0=1e a1=f5f08a0 a2=20 a3=a2f751 items=0 ppid=8303 pid=12823 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776017.614:12615): avc: denied { write } for pid=8303 comm="yum" name="console.apps" dev=dm-0 ino=9330284 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=AVC msg=audit(1163776017.614:12615): avc: denied { add_name } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=AVC msg=audit(1163776017.614:12615): avc: denied { create } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776017.614:12615): arch=40000003 syscall=5 success=yes exit=30 a0=f5fca38 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776017.674:12616): avc: denied { write } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776017.674:12616): arch=40000003 syscall=4 success=yes exit=73 a0=1e a1=b6dcb000 a2=49 a3=f762860 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776017.674:12616): path="/etc/security/console.apps/gnome-system-log;455dcb57"
+type=AVC msg=audit(1163776017.674:12617): avc: denied { remove_name } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=dir
+type=AVC msg=audit(1163776017.674:12617): avc: denied { rename } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:userhelper_conf_t:s0 tclass=file
+type=AVC msg=audit(1163776017.674:12617): avc: denied { unlink } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=9331034 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776017.674:12617): arch=40000003 syscall=38 success=yes exit=0 a0=f5fca38 a1=f7d9d78 a2=d2a040 a3=f5fca38 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776017.682:12618): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:userhelper_conf_t:s0 tclass=file
+type=AVC msg=audit(1163776017.682:12618): avc: denied { relabelto } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776017.682:12618): arch=40000003 syscall=227 success=yes exit=0 a0=f7d9d78 a1=a2f0d3 a2=f5fe1a8 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776017.682:12619): avc: denied { setattr } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=9331047 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776017.682:12619): arch=40000003 syscall=212 success=yes exit=0 a0=f7d9d78 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.162:12620): avc: denied { create } for pid=8303 comm="yum" name="libgdict-1.0.so.5;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776018.162:12620): arch=40000003 syscall=83 success=yes exit=0 a0=f829fb8 a1=f776c70 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.162:12621): avc: denied { rename } for pid=8303 comm="yum" name="libgdict-1.0.so.5;455dcb57" dev=dm-0 ino=10329922 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776018.162:12621): arch=40000003 syscall=38 success=yes exit=0 a0=f776c70 a1=f56ecb8 a2=d2a040 a3=f776c70 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.166:12622): avc: denied { relabelfrom } for pid=8303 comm="yum" name="libgdict-1.0.so.5" dev=dm-0 ino=10329922 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776018.166:12622): arch=40000003 syscall=227 success=yes exit=0 a0=f56ecb8 a1=a2f0d3 a2=f83a060 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.314:12623): avc: denied { write } for pid=8303 comm="yum" name="sbin" dev=dm-0 ino=10311842 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163776018.314:12623): avc: denied { add_name } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163776018.314:12623): avc: denied { create } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776018.314:12623): arch=40000003 syscall=5 success=yes exit=30 a0=f7628a8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.314:12624): avc: denied { write } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776018.314:12624): arch=40000003 syscall=4 success=yes exit=65536 a0=1e a1=f829fb8 a2=10000 a3=f763d00 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776018.314:12624): path="/usr/sbin/gnome-system-log;455dcb57"
+type=AVC msg=audit(1163776018.314:12625): avc: denied { remove_name } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163776018.314:12625): avc: denied { rename } for pid=8303 comm="yum" name="gnome-system-log;455dcb57" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163776018.314:12625): avc: denied { unlink } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=10318824 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776018.314:12625): arch=40000003 syscall=38 success=yes exit=0 a0=f7628a8 a1=f839fe0 a2=d2a040 a3=f7628a8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.474:12626): avc: denied { relabelfrom } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163776018.474:12626): avc: denied { relabelto } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776018.474:12626): arch=40000003 syscall=227 success=yes exit=0 a0=f839fe0 a1=a2f0d3 a2=f7628d0 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776018.474:12627): avc: denied { setattr } for pid=8303 comm="yum" name="gnome-system-log" dev=dm-0 ino=10324825 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776018.474:12627): arch=40000003 syscall=212 success=yes exit=0 a0=f839fe0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776031.787:12628): avc: denied { ptrace } for pid=12970 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776031.787:12628): arch=40000003 syscall=195 success=yes exit=0 a0=9701088 a1=bfadb304 a2=cceff4 a3=bfada67c items=0 ppid=12969 pid=12970 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776035.996:12629): avc: denied { relabelfrom } for pid=8303 comm="yum" name="program" dev=dm-0 ino=12179293 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776035.996:12629): arch=40000003 syscall=227 success=yes exit=0 a0=f83a000 a1=a2f0d3 a2=f7d9d78 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776048.764:12630): avc: denied { write } for pid=8303 comm="yum" name="thunarx-1" dev=dm-0 ino=10352019 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776048.764:12630): avc: denied { add_name } for pid=8303 comm="yum" name="thunar-apr.so;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776048.764:12630): arch=40000003 syscall=5 success=yes exit=30 a0=f794a10 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776048.804:12631): avc: denied { remove_name } for pid=8303 comm="yum" name="thunar-apr.so;455dcb57" dev=dm-0 ino=16237115 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776048.804:12631): arch=40000003 syscall=38 success=yes exit=0 a0=f794a10 a1=f4a3688 a2=d2a040 a3=f794a10 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776058.997:12632): avc: denied { unlink } for pid=8303 comm="yum" name="evolution-2.10" dev=dm-0 ino=10326966 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776058.997:12632): arch=40000003 syscall=38 success=yes exit=0 a0=f5faa60 a1=f7980f0 a2=d2a040 a3=f5faa60 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776059.045:12633): avc: denied { relabelto } for pid=8303 comm="yum" name="evolution-2.10" dev=dm-0 ino=10329292 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776059.045:12633): arch=40000003 syscall=227 success=yes exit=0 a0=f7980f0 a1=a2f0d3 a2=de0ed50 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776059.045:12634): avc: denied { setattr } for pid=8303 comm="yum" name="evolution-2.10" dev=dm-0 ino=10329292 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776059.045:12634): arch=40000003 syscall=212 success=yes exit=0 a0=f7980f0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776060.261:12635): avc: denied { unlink } for pid=8303 comm="yum" name="evolution-alarm-notify" dev=dm-0 ino=10870027 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_alarm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776060.261:12635): arch=40000003 syscall=38 success=yes exit=0 a0=f7ac8e8 a1=f86c688 a2=d2a040 a3=f7ac8e8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776060.273:12636): avc: denied { relabelto } for pid=8303 comm="yum" name="evolution-alarm-notify" dev=dm-0 ino=10868468 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_alarm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776060.273:12636): arch=40000003 syscall=227 success=yes exit=0 a0=f86c688 a1=a2f0d3 a2=f8727a0 a3=2c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776060.273:12637): avc: denied { setattr } for pid=8303 comm="yum" name="evolution-alarm-notify" dev=dm-0 ino=10868468 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:evolution_alarm_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776060.273:12637): arch=40000003 syscall=212 success=yes exit=0 a0=f86c688 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776101.364:12638): avc: denied { unlink } for pid=8303 comm="yum" name="neat-tui" dev=dm-0 ino=10320377 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776101.364:12638): arch=40000003 syscall=38 success=yes exit=0 a0=f7c6ab8 a1=f873c68 a2=d2a040 a3=f7c6ab8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776101.364:12639): avc: denied { relabelto } for pid=8303 comm="yum" name="neat-tui" dev=dm-0 ino=10315508 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776101.364:12639): arch=40000003 syscall=227 success=yes exit=0 a0=f873c68 a1=a2f0d3 a2=f7c6a98 a3=1c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776101.364:12640): avc: denied { setattr } for pid=8303 comm="yum" name="neat-tui" dev=dm-0 ino=10315508 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776101.364:12640): arch=40000003 syscall=198 success=yes exit=0 a0=f873c68 a1=0 a2=0 a3=f7c2914 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776114.724:12641): avc: denied { write } for pid=8303 comm="yum" name="videoaliases" dev=dm-0 ino=10607880 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
+type=AVC msg=audit(1163776114.724:12641): avc: denied { add_name } for pid=8303 comm="yum" name="i810.xinf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
+type=AVC msg=audit(1163776114.724:12641): avc: denied { create } for pid=8303 comm="yum" name="i810.xinf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776114.724:12641): arch=40000003 syscall=5 success=yes exit=30 a0=f8c7f18 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776114.736:12642): avc: denied { write } for pid=8303 comm="yum" name="i810.xinf;455dcb57" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776114.736:12642): arch=40000003 syscall=4 success=yes exit=1823 a0=1e a1=b6dcb000 a2=71f a3=f9b4f88 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776114.736:12642): path="/usr/share/hwdata/videoaliases/i810.xinf;455dcb57"
+type=AVC msg=audit(1163776114.736:12643): avc: denied { remove_name } for pid=8303 comm="yum" name="i810.xinf;455dcb57" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
+type=AVC msg=audit(1163776114.736:12643): avc: denied { rename } for pid=8303 comm="yum" name="i810.xinf;455dcb57" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:hwdata_t:s0 tclass=file
+type=AVC msg=audit(1163776114.736:12643): avc: denied { unlink } for pid=8303 comm="yum" name="i810.xinf" dev=dm-0 ino=10607411 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776114.736:12643): arch=40000003 syscall=38 success=yes exit=0 a0=f8c7f18 a1=f7c1588 a2=d2a040 a3=f8c7f18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776114.748:12644): avc: denied { relabelfrom } for pid=8303 comm="yum" name="i810.xinf" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:hwdata_t:s0 tclass=file
+type=AVC msg=audit(1163776114.748:12644): avc: denied { relabelto } for pid=8303 comm="yum" name="i810.xinf" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776114.748:12644): arch=40000003 syscall=227 success=yes exit=0 a0=f7c1588 a1=a2f0d3 a2=f8c7e20 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776114.752:12645): avc: denied { setattr } for pid=8303 comm="yum" name="i810.xinf" dev=dm-0 ino=10607197 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776114.752:12645): arch=40000003 syscall=212 success=yes exit=0 a0=f7c1588 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776116.961:12646): avc: denied { write } for pid=13022 comm="update-gdk-pixb" name="gdk-pixbuf.loaders" dev=dm-0 ino=9362549 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776116.961:12646): arch=40000003 syscall=5 success=yes exit=3 a0=9ff0378 a1=8241 a2=1b6 a3=8241 items=0 ppid=13018 pid=13022 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-gdk-pixb" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776144.918:12647): avc: denied { link } for pid=8303 comm="yum" name="i386-redhat-linux-gcc;455dcb57" dev=dm-0 ino=10318121 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776144.918:12647): arch=40000003 syscall=9 success=yes exit=0 a0=f5c4aa0 a1=f5c4a00 a2=d2a040 a3=0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776144.930:12648): avc: denied { rename } for pid=8303 comm="yum" name="i386-redhat-linux-gcc;455dcb57" dev=dm-0 ino=10318121 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776144.930:12648): arch=40000003 syscall=38 success=yes exit=0 a0=f5c4aa0 a1=f7b7480 a2=d2a040 a3=f5c4aa0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776144.950:12649): avc: denied { relabelfrom } for pid=8303 comm="yum" name="i386-redhat-linux-gcc" dev=dm-0 ino=10318121 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776144.950:12649): arch=40000003 syscall=227 success=yes exit=0 a0=f7b7480 a1=a2f0d3 a2=f5c4af0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776160.135:12650): avc: denied { unlink } for pid=8303 comm="yum" name="libImlib2.so.1.3.0" dev=dm-0 ino=10334610 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776160.135:12650): arch=40000003 syscall=38 success=yes exit=0 a0=923ea10 a1=f9f43b0 a2=d2a040 a3=923ea10 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776160.167:12651): avc: denied { relabelto } for pid=8303 comm="yum" name="libImlib2.so.1.3.0" dev=dm-0 ino=10323377 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776160.167:12651): arch=40000003 syscall=227 success=yes exit=0 a0=f9f43b0 a1=a2f0d3 a2=f9eb320 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776160.167:12652): avc: denied { setattr } for pid=8303 comm="yum" name="libImlib2.so.1.3.0" dev=dm-0 ino=10323377 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776160.167:12652): arch=40000003 syscall=212 success=yes exit=0 a0=f9f43b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776162.579:12653): avc: denied { relabelfrom } for pid=8303 comm="yum" name="fr" dev=dm-0 ino=10541414 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163776162.579:12653): avc: denied { relabelto } for pid=8303 comm="yum" name="fr" dev=dm-0 ino=10541414 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776162.579:12653): arch=40000003 syscall=227 success=yes exit=0 a0=f8c1bc0 a1=a2f0d3 a2=af72d20 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776162.579:12654): avc: denied { setattr } for pid=8303 comm="yum" name="fr" dev=dm-0 ino=10541414 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776162.579:12654): arch=40000003 syscall=212 success=yes exit=0 a0=f8c1bc0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776173.620:12655): avc: denied { rmdir } for pid=8303 comm="yum" name="libgnomeprint" dev=dm-0 ino=12049646 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776173.620:12655): arch=40000003 syscall=40 success=yes exit=0 a0=b8f1fc8 a1=2d a2=d2a040 a3=b8f1fc8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776175.940:12656): avc: denied { unlink } for pid=13044 comm="ln" name="gcc" dev=dm-0 ino=12407052 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776175.940:12656): arch=40000003 syscall=10 success=yes exit=0 a0=bf9e7bf8 a1=3b2ff4 a2=804f42c a3=1 items=0 ppid=13043 pid=13044 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ln" exe="/bin/ln" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776200.670:12657): avc: denied { execmem } for pid=13074 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776200.670:12657): arch=40000003 syscall=192 success=yes exit=81354752 a0=4d96000 a1=1a000 a2=7 a3=812 items=0 ppid=3928 pid=13074 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776200.670:12658): avc: denied { execstack } for pid=13074 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776200.670:12658): arch=40000003 syscall=125 success=yes exit=0 a0=bfa8a000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=3928 pid=13074 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163776203.186:12659): user pid=13075 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163776203.186:12660): login pid=13075 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163776203.430:12661): user pid=13075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163776203.430:12662): user pid=13075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163776203.694:12663): avc: denied { execute } for pid=13076 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163776203.694:12663): avc: denied { execute_no_trans } for pid=13076 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776203.694:12663): arch=40000003 syscall=11 success=yes exit=0 a0=9cf31b0 a1=9cf3358 a2=9cf3290 a3=9cf3008 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776203.694:12663): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163776204.326:12664): avc: denied { execute } for pid=13074 comm="gnome-screensav" name="zero" dev=tmpfs ino=1493 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776204.326:12664): arch=40000003 syscall=192 success=yes exit=2637824 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=3928 pid=13074 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776204.326:12664): path="/dev/zero"
+type=AVC msg=audit(1163776204.410:12665): avc: denied { search } for pid=13076 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163776204.410:12665): avc: denied { read } for pid=13076 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776204.410:12665): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9d087f8 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776204.410:12666): avc: denied { getattr } for pid=13076 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776204.410:12666): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8184d8 a2=faaff4 a3=9d087f8 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776204.410:12666): path="/proc/net/dev"
+type=AVC msg=audit(1163776204.758:12667): avc: denied { read } for pid=13076 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776204.758:12667): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9d09348 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776204.758:12668): avc: denied { getattr } for pid=13076 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776204.758:12668): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf818330 a2=faaff4 a3=9d09348 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776204.758:12668): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163776204.758:12669): avc: denied { search } for pid=13076 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776204.758:12669): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9d09348 items=0 ppid=13075 pid=13076 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1163776207.066:12670): user pid=13075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163776207.526:12671): user pid=13075 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163776216.279:12672): avc: denied { ptrace } for pid=13085 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163776216.279:12672): arch=40000003 syscall=195 success=yes exit=0 a0=867d088 a1=bfba1bc4 a2=50aff4 a3=bfba0f3c items=0 ppid=13084 pid=13085 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776216.283:12673): avc: denied { ptrace } for pid=13085 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776216.283:12673): arch=40000003 syscall=195 success=yes exit=0 a0=867d088 a1=bfba1bc4 a2=50aff4 a3=bfba0f3c items=0 ppid=13084 pid=13085 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776216.283:12674): avc: denied { ptrace } for pid=13085 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776216.283:12674): arch=40000003 syscall=195 success=yes exit=0 a0=867d088 a1=bfba1bc4 a2=50aff4 a3=bfba0f3c items=0 ppid=13084 pid=13085 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776221.295:12675): avc: denied { read } for pid=13087 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776221.295:12675): arch=40000003 syscall=33 success=yes exit=0 a0=bfd24fcb a1=4 a2=842a64 a3=bfd24fcb items=0 ppid=1 pid=13087 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163776221.295:12676): avc: denied { getattr } for pid=13087 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776221.295:12676): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfd2294c a2=fb0ff4 a3=9555140 items=0 ppid=1 pid=13087 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776221.295:12676): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163776232.044:12677): avc: denied { append } for pid=8523 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776232.044:12677): arch=40000003 syscall=5 success=yes exit=3 a0=86c00e0 a1=8401 a2=0 a3=8401 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776232.064:12678): avc: denied { read } for pid=8523 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776232.064:12678): arch=40000003 syscall=5 success=yes exit=3 a0=86c00e0 a1=8000 a2=0 a3=8000 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776232.072:12679): avc: denied { write } for pid=8523 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776232.072:12679): arch=40000003 syscall=5 success=yes exit=3 a0=86c00e0 a1=8201 a2=0 a3=8201 items=0 ppid=8520 pid=8523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1163776232.412:12680): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163776232.416:12681): avc: denied { search } for pid=8520 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776232.416:12681): avc: denied { write } for pid=8520 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776232.416:12681): avc: denied { remove_name } for pid=8520 comm="su" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776232.416:12681): avc: denied { unlink } for pid=8520 comm="su" name=".xauthb3Z41E" dev=dm-0 ino=13127387 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776232.416:12681): arch=40000003 syscall=10 success=yes exit=0 a0=96e49a8 a1=96e4a86 a2=259bc8 a3=96e1008 items=0 ppid=8500 pid=8520 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_END msg=audit(1163776232.440:12682): user pid=8520 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163776236.944:12683): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.944:12683): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.944:12684): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.944:12684): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.948:12685): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.948:12685): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.948:12686): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.948:12686): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.948:12687): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.948:12687): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.948:12688): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163776236.948:12688): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.948:12689): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163776236.948:12689): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776236.952:12690): avc: denied { ptrace } for pid=13109 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776236.952:12690): arch=40000003 syscall=195 success=yes exit=0 a0=9be6088 a1=bfb70394 a2=6a3ff4 a3=bfb6f70c items=0 ppid=13105 pid=13109 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776239.168:12691): avc: denied { read } for pid=3838 comm="nautilus" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776239.168:12691): arch=40000003 syscall=33 success=yes exit=0 a0=bf97ae55 a1=4 a2=da3a64 a3=bf97ae55 items=0 ppid=1 pid=3838 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776265.914:12692): avc: denied { ptrace } for pid=13126 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776265.914:12692): arch=40000003 syscall=195 success=yes exit=0 a0=850d088 a1=bfbdac04 a2=dcaff4 a3=bfbd9f7c items=0 ppid=13125 pid=13126 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776265.914:12693): avc: denied { ptrace } for pid=13126 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776265.914:12693): arch=40000003 syscall=195 success=yes exit=0 a0=850d088 a1=bfbdac04 a2=dcaff4 a3=bfbd9f7c items=0 ppid=13125 pid=13126 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776270.686:12694): avc: denied { read } for pid=13129 comm="gcj-dbtool" name="[135348]" dev=pipefs ino=135348 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=AVC msg=audit(1163776270.686:12694): avc: denied { write } for pid=13129 comm="gcj-dbtool" name="[135369]" dev=pipefs ino=135369 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163776270.686:12694): arch=40000003 syscall=11 success=yes exit=0 a0=9eab218 a1=9eab250 a2=9eaa958 a3=9ea9258 items=0 ppid=13128 pid=13129 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776270.686:12694): path="pipe:[135369]"
+type=AVC_PATH msg=audit(1163776270.686:12694): path="pipe:[135348]"
+type=AVC msg=audit(1163776270.966:12695): avc: denied { sigchld } for pid=13128 comm="rebuild-gcj-db" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776270.966:12695): arch=40000003 syscall=7 success=yes exit=13129 a0=ffffffff a1=bfde7cb8 a2=0 a3=9eaaa60 items=0 ppid=13127 pid=13128 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rebuild-gcj-db" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776271.154:12696): avc: denied { write } for pid=13135 comm="gcj-dbtool" name="classmap.db" dev=dm-0 ino=10999442 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776271.154:12696): arch=40000003 syscall=5 success=yes exit=5 a0=2e0e60 a1=8042 a2=1b6 a3=8042 items=0 ppid=13128 pid=13135 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163776271.394:12697): avc: denied { write } for pid=13139 comm="gcj-dbtool" name="gcj-4.1.1" dev=dm-0 ino=11001132 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776271.394:12697): avc: denied { add_name } for pid=13139 comm="gcj-dbtool" name="classmap.dbchwmlp" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776271.394:12697): avc: denied { create } for pid=13139 comm="gcj-dbtool" name="classmap.dbchwmlp" scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776271.394:12697): arch=40000003 syscall=5 success=yes exit=5 a0=bfba7610 a1=80c0 a2=1a4 a3=80c0 items=0 ppid=13138 pid=13139 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163776273.046:12698): avc: denied { remove_name } for pid=13139 comm="gcj-dbtool" name="classmap.dbchwmlp" dev=dm-0 ino=11000703 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776273.046:12698): avc: denied { rename } for pid=13139 comm="gcj-dbtool" name="classmap.dbchwmlp" dev=dm-0 ino=11000703 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163776273.046:12698): avc: denied { unlink } for pid=13139 comm="gcj-dbtool" name="classmap.db" dev=dm-0 ino=10999442 scontext=staff_u:staff_r:staff_javaplugin_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776273.046:12698): arch=40000003 syscall=38 success=yes exit=0 a0=bfba7620 a1=bfba75f0 a2=23dd5f4 a3=bfba75f0 items=0 ppid=13138 pid=13139 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:staff_r:staff_javaplugin_t:s0 key=(null)
+type=AVC msg=audit(1163776273.414:12699): avc: denied { write } for pid=13146 comm="update-desktop-" name="applications" dev=dm-0 ino=10311883 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163776273.414:12699): avc: denied { add_name } for pid=13146 comm="update-desktop-" name=".mimeinfo.cache.ED02IT" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776273.414:12699): arch=40000003 syscall=5 success=yes exit=3 a0=8cf6450 a1=80c2 a2=180 a3=80c2 items=0 ppid=13127 pid=13146 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776273.422:12700): avc: denied { remove_name } for pid=13146 comm="update-desktop-" name=".mimeinfo.cache.ED02IT" dev=dm-0 ino=10314902 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776273.422:12700): arch=40000003 syscall=38 success=yes exit=0 a0=8cf6450 a1=8cf5cc0 a2=1a4 a3=8ce7f50 items=0 ppid=13127 pid=13146 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776274.138:12701): avc: denied { setattr } for pid=13148 comm="gtk-update-icon" name="hicolor" dev=dm-0 ino=10444975 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776274.138:12701): arch=40000003 syscall=30 success=yes exit=0 a0=bfdb2bc5 a1=bfdb0f44 a2=1 a3=8a4bc28 items=0 ppid=13127 pid=13148 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gtk-update-icon" exe="/usr/bin/gtk-update-icon-cache" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776276.719:12702): avc: denied { unlink } for pid=8303 comm="yum" name=".eclipseproduct" dev=dm-0 ino=10704855 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776276.719:12702): arch=40000003 syscall=38 success=yes exit=0 a0=fb15cb8 a1=fa744e0 a2=d2a040 a3=fb15cb8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776276.723:12703): avc: denied { relabelto } for pid=8303 comm="yum" name=".eclipseproduct" dev=dm-0 ino=12177802 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776276.723:12703): arch=40000003 syscall=227 success=yes exit=0 a0=fa744e0 a1=a2f0d3 a2=fb43f98 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776276.723:12704): avc: denied { setattr } for pid=8303 comm="yum" name=".eclipseproduct" dev=dm-0 ino=12177802 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776276.723:12704): arch=40000003 syscall=212 success=yes exit=0 a0=fa744e0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776276.731:12705): avc: denied { relabelfrom } for pid=8303 comm="yum" name="features" dev=dm-0 ino=10707976 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163776276.731:12705): avc: denied { relabelto } for pid=8303 comm="yum" name="features" dev=dm-0 ino=10707976 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776276.731:12705): arch=40000003 syscall=227 success=yes exit=0 a0=fb44018 a1=a2f0d3 a2=f9e40b8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776284.727:12706): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163776284.727:12706): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776284.727:12706): path="socket:[31406]"
+type=AVC msg=audit(1163776285.791:12707): avc: denied { ptrace } for pid=13168 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776285.791:12707): arch=40000003 syscall=195 success=yes exit=0 a0=8ca0088 a1=bfde0604 a2=24bff4 a3=bfddf97c items=0 ppid=13167 pid=13168 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776285.795:12708): avc: denied { ptrace } for pid=13168 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776285.795:12708): arch=40000003 syscall=195 success=yes exit=0 a0=8ca0088 a1=bfde0604 a2=24bff4 a3=bfddf97c items=0 ppid=13167 pid=13168 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.239:12709): avc: denied { write } for pid=8303 comm="yum" name="bin" dev=dm-0 ino=10311850 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163776288.239:12709): avc: denied { add_name } for pid=8303 comm="yum" name="nautilus-sendto;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163776288.239:12709): avc: denied { create } for pid=8303 comm="yum" name="nautilus-sendto;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776288.239:12709): arch=40000003 syscall=5 success=yes exit=30 a0=f986a18 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.239:12710): avc: denied { write } for pid=8303 comm="yum" name="nautilus-sendto;455dcb57" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776288.239:12710): arch=40000003 syscall=4 success=yes exit=16384 a0=1e a1=faac280 a2=4000 a3=f9c7408 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776288.239:12710): path="/usr/bin/nautilus-sendto;455dcb57"
+type=AVC msg=audit(1163776288.239:12711): avc: denied { remove_name } for pid=8303 comm="yum" name="nautilus-sendto;455dcb57" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=AVC msg=audit(1163776288.239:12711): avc: denied { rename } for pid=8303 comm="yum" name="nautilus-sendto;455dcb57" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163776288.239:12711): avc: denied { unlink } for pid=8303 comm="yum" name="nautilus-sendto" dev=dm-0 ino=10317618 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776288.239:12711): arch=40000003 syscall=38 success=yes exit=0 a0=f986a18 a1=fb43fd8 a2=d2a040 a3=f986a18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.367:12712): avc: denied { relabelfrom } for pid=8303 comm="yum" name="nautilus-sendto" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:bin_t:s0 tclass=file
+type=AVC msg=audit(1163776288.367:12712): avc: denied { relabelto } for pid=8303 comm="yum" name="nautilus-sendto" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776288.367:12712): arch=40000003 syscall=227 success=yes exit=0 a0=fb43fd8 a1=a2f0d3 a2=fb43fb8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.367:12713): avc: denied { setattr } for pid=8303 comm="yum" name="nautilus-sendto" dev=dm-0 ino=10321655 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776288.367:12713): arch=40000003 syscall=212 success=yes exit=0 a0=fb43fd8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.947:12714): avc: denied { write } for pid=8303 comm="yum" name="LC_MESSAGES" dev=dm-0 ino=10311917 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163776288.947:12714): avc: denied { add_name } for pid=8303 comm="yum" name="nautilus-sendto.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776288.947:12714): arch=40000003 syscall=5 success=yes exit=30 a0=f934028 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776288.951:12715): avc: denied { remove_name } for pid=8303 comm="yum" name="nautilus-sendto.mo;455dcb57" dev=dm-0 ino=10317618 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776288.951:12715): arch=40000003 syscall=38 success=yes exit=0 a0=f934028 a1=f9e4978 a2=d2a040 a3=f934028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776289.203:12716): avc: denied { write } for pid=8303 comm="yum" name="man1" dev=dm-0 ino=10311889 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163776289.203:12716): avc: denied { add_name } for pid=8303 comm="yum" name="nautilus-sendto.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163776289.203:12716): avc: denied { create } for pid=8303 comm="yum" name="nautilus-sendto.1.gz;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776289.203:12716): arch=40000003 syscall=5 success=yes exit=30 a0=f9e4978 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776289.283:12717): avc: denied { write } for pid=8303 comm="yum" name="nautilus-sendto.1.gz;455dcb57" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776289.283:12717): arch=40000003 syscall=4 success=yes exit=648 a0=1e a1=b6dcb000 a2=288 a3=f9c79c8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776289.283:12717): path="/usr/share/man/man1/nautilus-sendto.1.gz;455dcb57"
+type=AVC msg=audit(1163776289.283:12718): avc: denied { remove_name } for pid=8303 comm="yum" name="nautilus-sendto.1.gz;455dcb57" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=dir
+type=AVC msg=audit(1163776289.283:12718): avc: denied { rename } for pid=8303 comm="yum" name="nautilus-sendto.1.gz;455dcb57" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=AVC msg=audit(1163776289.283:12718): avc: denied { unlink } for pid=8303 comm="yum" name="nautilus-sendto.1.gz" dev=dm-0 ino=10331547 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776289.283:12718): arch=40000003 syscall=38 success=yes exit=0 a0=f9e4978 a1=fb43ab8 a2=d2a040 a3=f9e4978 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776289.295:12719): avc: denied { relabelfrom } for pid=8303 comm="yum" name="nautilus-sendto.1.gz" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:man_t:s0 tclass=file
+type=AVC msg=audit(1163776289.295:12719): avc: denied { relabelto } for pid=8303 comm="yum" name="nautilus-sendto.1.gz" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776289.295:12719): arch=40000003 syscall=227 success=yes exit=0 a0=fb43ab8 a1=a2f0d3 a2=f9c7428 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776289.295:12720): avc: denied { setattr } for pid=8303 comm="yum" name="nautilus-sendto.1.gz" dev=dm-0 ino=10331542 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:man_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776289.295:12720): arch=40000003 syscall=212 success=yes exit=0 a0=fb43ab8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776290.935:12721): avc: denied { ptrace } for pid=13172 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776290.935:12721): arch=40000003 syscall=195 success=yes exit=0 a0=9d6d088 a1=bfde8614 a2=d8aff4 a3=bfde798c items=0 ppid=13171 pid=13172 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776290.935:12722): avc: denied { ptrace } for pid=13172 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776290.935:12722): arch=40000003 syscall=195 success=yes exit=0 a0=9d6d088 a1=bfde8614 a2=d8aff4 a3=bfde798c items=0 ppid=13171 pid=13172 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776290.943:12723): avc: denied { ptrace } for pid=13172 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776290.943:12723): arch=40000003 syscall=195 success=yes exit=0 a0=9d6d088 a1=bfde8614 a2=d8aff4 a3=bfde798c items=0 ppid=13171 pid=13172 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776296.688:12724): avc: denied { execute } for pid=13174 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776296.688:12724): avc: denied { execute_no_trans } for pid=13174 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776296.688:12724): avc: denied { read } for pid=13174 comm="sh" name="ldconfig" dev=dm-0 ino=9984490 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776296.688:12724): arch=40000003 syscall=11 success=yes exit=0 a0=87a4c70 a1=87a4e00 a2=87a4cf0 a3=87a4120 items=0 ppid=13173 pid=13174 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="ldconfig" exe="/sbin/ldconfig" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776296.688:12724): path="/sbin/ldconfig"
+type=AVC_PATH msg=audit(1163776296.688:12724): path="/sbin/ldconfig"
+type=AVC msg=audit(1163776297.520:12725): avc: denied { write } for pid=13178 comm="update-desktop-" name="applications" dev=dm-0 ino=10936389 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=AVC msg=audit(1163776297.520:12725): avc: denied { add_name } for pid=13178 comm="update-desktop-" name=".mimeinfo.cache.GETUIT" scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776297.520:12725): arch=40000003 syscall=5 success=yes exit=3 a0=9803e20 a1=80c2 a2=180 a3=80c2 items=0 ppid=13173 pid=13178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.524:12726): avc: denied { remove_name } for pid=13178 comm="update-desktop-" name=".mimeinfo.cache.GETUIT" dev=dm-0 ino=10935284 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776297.524:12726): arch=40000003 syscall=38 success=yes exit=0 a0=9803e20 a1=9804ba8 a2=1a4 a3=980115c items=0 ppid=13173 pid=13178 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="update-desktop-" exe="/usr/bin/update-desktop-database" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.716:12727): avc: denied { append } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper.log" dev=dm-0 ino=14436937 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.716:12727): arch=40000003 syscall=5 success=yes exit=3 a0=87c5d0 a1=441 a2=1b6 a3=9de1638 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.760:12728): avc: denied { write } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper" dev=dm-0 ino=14567773 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776297.760:12728): avc: denied { add_name } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776297.760:12728): avc: denied { create } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.760:12728): arch=40000003 syscall=5 success=yes exit=4 a0=bf8146a3 a1=241 a2=1b6 a3=9e1bcf8 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.784:12729): avc: denied { write } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" dev=dm-0 ino=14567669 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.784:12729): arch=40000003 syscall=4 success=yes exit=4096 a0=4 a1=b7f70000 a2=1000 a3=1000 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776297.784:12729): path="/var/lib/scrollkeeper/scrollkeeper_docs.tmp"
+type=AVC msg=audit(1163776297.788:12730): avc: denied { remove_name } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567553 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776297.788:12730): avc: denied { unlink } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567553 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.788:12730): arch=40000003 syscall=10 success=yes exit=0 a0=bf8145a3 a1=1 a2=87e338 a3=bf8147c3 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.796:12731): avc: denied { rename } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" dev=dm-0 ino=14567669 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.796:12731): arch=40000003 syscall=38 success=yes exit=0 a0=bf8146a3 a1=bf8145a3 a2=87e338 a3=bf8147c3 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776297.944:12732): avc: denied { append } for pid=13179 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567669 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776297.944:12732): arch=40000003 syscall=5 success=yes exit=3 a0=bf8142c8 a1=441 a2=1b6 a3=9de2320 items=0 ppid=13173 pid=13179 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776313.553:12733): avc: denied { relabelto } for pid=8303 comm="yum" name="file-roller" dev=dm-0 ino=12343447 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776313.553:12733): arch=40000003 syscall=227 success=yes exit=0 a0=fb40618 a1=a2f0d3 a2=fa942a8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776313.553:12734): avc: denied { setattr } for pid=8303 comm="yum" name="file-roller" dev=dm-0 ino=12343447 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776313.553:12734): arch=40000003 syscall=212 success=yes exit=0 a0=fb40618 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776313.581:12735): avc: denied { create } for pid=8303 comm="yum" name="file-roller-2.17.2" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776313.581:12735): arch=40000003 syscall=39 success=yes exit=0 a0=fa93118 a1=1c0 a2=d2a040 a3=fa93118 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776313.585:12736): avc: denied { relabelfrom } for pid=8303 comm="yum" name="file-roller-2.17.2" dev=dm-0 ino=12343560 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776313.585:12736): arch=40000003 syscall=227 success=yes exit=0 a0=fa93118 a1=a2f0d3 a2=fa92ff0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776314.381:12737): avc: denied { create } for pid=8303 comm="yum" name="file-roller.mo;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776314.381:12737): arch=40000003 syscall=5 success=yes exit=30 a0=faa23d0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776314.381:12738): avc: denied { write } for pid=8303 comm="yum" name="file-roller.mo;455dcb57" dev=dm-0 ino=10327037 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776314.381:12738): arch=40000003 syscall=4 success=yes exit=4015 a0=1e a1=b6dcb000 a2=faf a3=faaaaf8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776314.381:12738): path="/usr/share/locale/am/LC_MESSAGES/file-roller.mo;455dcb57"
+type=AVC msg=audit(1163776314.381:12739): avc: denied { rename } for pid=8303 comm="yum" name="file-roller.mo;455dcb57" dev=dm-0 ino=10327037 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776314.381:12739): arch=40000003 syscall=38 success=yes exit=0 a0=faa23d0 a1=fa95f90 a2=d2a040 a3=faa23d0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776314.397:12740): avc: denied { relabelfrom } for pid=8303 comm="yum" name="file-roller.mo" dev=dm-0 ino=10327037 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776314.397:12740): arch=40000003 syscall=227 success=yes exit=0 a0=fa95f90 a1=a2f0d3 a2=fb0e208 a3=1e items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776321.953:12741): avc: denied { relabelfrom } for pid=8303 comm="yum" name="program" dev=dm-0 ino=12179293 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776321.953:12741): arch=40000003 syscall=227 success=yes exit=0 a0=fa92168 a1=a2f0d3 a2=fb15500 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776346.791:12742): avc: denied { read } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776346.791:12742): arch=40000003 syscall=3 success=yes exit=59 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776346.791:12742): path="/dev/net/tun"
+type=AVC msg=audit(1163776346.839:12743): avc: denied { write } for pid=8137 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776346.839:12743): arch=40000003 syscall=4 success=yes exit=127 a0=4 a1=805c570 a2=7f a3=bfa20a54 items=0 ppid=8135 pid=8137 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776346.839:12743): path="/dev/net/tun"
+type=AVC msg=audit(1163776347.947:12744): avc: denied { write } for pid=13312 comm="gconftool-2" name="gconf.xml.defaults" dev=dm-0 ino=9330097 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776347.947:12744): avc: denied { add_name } for pid=13312 comm="gconftool-2" name=".testing.writeability" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776347.947:12744): arch=40000003 syscall=5 success=yes exit=3 a0=80b2ce0 a1=41 a2=1c0 a3=80b2ce0 items=0 ppid=13309 pid=13312 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776347.947:12745): avc: denied { remove_name } for pid=13312 comm="gconftool-2" name=".testing.writeability" dev=dm-0 ino=9330048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776347.947:12745): arch=40000003 syscall=10 success=yes exit=0 a0=80b2ce0 a1=41 a2=412708 a3=80b2ce0 items=0 ppid=13309 pid=13312 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776350.943:12746): avc: denied { ptrace } for pid=13314 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776350.943:12746): arch=40000003 syscall=195 success=yes exit=0 a0=9f6b0a0 a1=bf8890b4 a2=3b8ff4 a3=bf88842c items=0 ppid=13312 pid=13314 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776350.943:12747): avc: denied { ptrace } for pid=13314 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776350.943:12747): arch=40000003 syscall=195 success=yes exit=0 a0=9f6b088 a1=bf8890b4 a2=3b8ff4 a3=bf88842c items=0 ppid=13312 pid=13314 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776350.947:12748): avc: denied { ptrace } for pid=13314 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776350.947:12748): arch=40000003 syscall=195 success=yes exit=0 a0=9f6b088 a1=bf8890b4 a2=3b8ff4 a3=bf88842c items=0 ppid=13312 pid=13314 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776350.947:12749): avc: denied { ptrace } for pid=13314 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776350.947:12749): arch=40000003 syscall=195 success=yes exit=0 a0=9f6b088 a1=bf8890b4 a2=3b8ff4 a3=bf88842c items=0 ppid=13312 pid=13314 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776350.951:12750): avc: denied { ptrace } for pid=13314 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776350.951:12750): arch=40000003 syscall=195 success=yes exit=0 a0=9f6b088 a1=bf8890b4 a2=3b8ff4 a3=bf88842c items=0 ppid=13312 pid=13314 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776354.243:12751): avc: denied { append } for pid=8303 comm="yum" name="yum.log" dev=dm-0 ino=8707846 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:rpm_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776354.243:12751): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=b7bd1000 a2=34 a3=34 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776354.243:12751): path="/var/log/yum.log"
+type=AVC msg=audit(1163776357.444:12752): avc: denied { ptrace } for pid=13368 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776357.444:12752): arch=40000003 syscall=195 success=yes exit=0 a0=8ac1088 a1=bf970994 a2=364ff4 a3=bf96fd0c items=0 ppid=13367 pid=13368 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.444:12753): avc: denied { ptrace } for pid=13368 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776357.444:12753): arch=40000003 syscall=195 success=yes exit=0 a0=8ac1088 a1=bf970994 a2=364ff4 a3=bf96fd0c items=0 ppid=13367 pid=13368 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.452:12754): avc: denied { ptrace } for pid=13368 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776357.452:12754): arch=40000003 syscall=195 success=no exit=-2 a0=8ac1088 a1=bf970994 a2=364ff4 a3=bf96fd0c items=0 ppid=13367 pid=13368 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.620:12755): avc: denied { write } for pid=8303 comm="yum" name="servers" dev=dm-0 ino=10443133 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776357.620:12755): avc: denied { add_name } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776357.620:12755): avc: denied { create } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776357.620:12755): arch=40000003 syscall=5 success=yes exit=30 a0=f928fe8 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.620:12756): avc: denied { write } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server;455dcb57" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776357.620:12756): arch=40000003 syscall=4 success=yes exit=507 a0=1e a1=b6dcb000 a2=1fb a3=f929178 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776357.620:12756): path="/usr/lib/bonobo/servers/GNOME_RemoteDesktop.server;455dcb57"
+type=AVC msg=audit(1163776357.624:12757): avc: denied { remove_name } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server;455dcb57" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776357.624:12757): avc: denied { rename } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server;455dcb57" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163776357.624:12757): avc: denied { unlink } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server" dev=dm-0 ino=10446189 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776357.624:12757): arch=40000003 syscall=38 success=yes exit=0 a0=f928fe8 a1=fbbfa10 a2=d2a040 a3=f928fe8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.644:12758): avc: denied { relabelfrom } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163776357.644:12758): avc: denied { relabelto } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776357.644:12758): arch=40000003 syscall=227 success=yes exit=0 a0=fbbfa10 a1=a2f0d3 a2=b700d48 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776357.644:12759): avc: denied { setattr } for pid=8303 comm="yum" name="GNOME_RemoteDesktop.server" dev=dm-0 ino=18103017 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776357.644:12759): arch=40000003 syscall=212 success=yes exit=0 a0=fbbfa10 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776362.156:12760): avc: denied { ptrace } for pid=13373 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776362.156:12760): arch=40000003 syscall=195 success=yes exit=0 a0=9977088 a1=bfca9cd4 a2=ef4ff4 a3=bfca904c items=0 ppid=13371 pid=13373 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.224:12761): avc: denied { write } for pid=8303 comm="yum" name="system.d" dev=dm-0 ino=9330036 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776366.224:12761): avc: denied { add_name } for pid=8303 comm="yum" name="printdriverselector.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776366.224:12761): avc: denied { create } for pid=8303 comm="yum" name="printdriverselector.conf;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776366.224:12761): arch=40000003 syscall=5 success=yes exit=30 a0=faa7098 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.248:12762): avc: denied { write } for pid=8303 comm="yum" name="printdriverselector.conf;455dcb57" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776366.248:12762): arch=40000003 syscall=4 success=yes exit=783 a0=1e a1=b6dcb000 a2=30f a3=fb0b740 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776366.248:12762): path="/etc/dbus-1/system.d/printdriverselector.conf;455dcb57"
+type=AVC msg=audit(1163776366.248:12763): avc: denied { remove_name } for pid=8303 comm="yum" name="printdriverselector.conf;455dcb57" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776366.248:12763): avc: denied { rename } for pid=8303 comm="yum" name="printdriverselector.conf;455dcb57" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163776366.248:12763): avc: denied { unlink } for pid=8303 comm="yum" name="printdriverselector.conf" dev=dm-0 ino=9331681 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776366.248:12763): arch=40000003 syscall=38 success=yes exit=0 a0=faa7098 a1=fac6400 a2=d2a040 a3=faa7098 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.256:12764): avc: denied { relabelfrom } for pid=8303 comm="yum" name="printdriverselector.conf" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:dbusd_etc_t:s0 tclass=file
+type=AVC msg=audit(1163776366.256:12764): avc: denied { relabelto } for pid=8303 comm="yum" name="printdriverselector.conf" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776366.256:12764): arch=40000003 syscall=227 success=yes exit=0 a0=fac6400 a1=a2f0d3 a2=b033890 a3=21 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.256:12765): avc: denied { setattr } for pid=8303 comm="yum" name="printdriverselector.conf" dev=dm-0 ino=9331097 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776366.256:12765): arch=40000003 syscall=212 success=yes exit=0 a0=fac6400 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.260:12766): avc: denied { relabelfrom } for pid=8303 comm="yum" name="schemas" dev=dm-0 ino=9330176 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776366.260:12766): avc: denied { relabelto } for pid=8303 comm="yum" name="schemas" dev=dm-0 ino=9330176 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776366.260:12766): arch=40000003 syscall=227 success=yes exit=0 a0=f928380 a1=a2f0d3 a2=fa92f60 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.260:12767): avc: denied { setattr } for pid=8303 comm="yum" name="schemas" dev=dm-0 ino=9330176 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776366.260:12767): arch=40000003 syscall=212 success=yes exit=0 a0=f928380 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776366.272:12768): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163776366.272:12768): arch=40000003 syscall=100 success=yes exit=0 a0=12 a1=bfcd50ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776372.853:12769): avc: denied { ptrace } for pid=13382 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776372.853:12769): arch=40000003 syscall=195 success=yes exit=0 a0=9ae8088 a1=bfade7a4 a2=24bff4 a3=bfaddb1c items=0 ppid=13381 pid=13382 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776372.857:12770): avc: denied { ptrace } for pid=13382 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776372.857:12770): arch=40000003 syscall=195 success=yes exit=0 a0=9ae8088 a1=bfade7a4 a2=24bff4 a3=bfaddb1c items=0 ppid=13381 pid=13382 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776387.505:12771): avc: denied { write } for pid=13401 comm="gnome-backgroun" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776387.505:12771): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf98f200 a2=254770 a3=15 items=0 ppid=1 pid=13401 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776387.505:12772): avc: denied { read } for pid=13401 comm="gnome-backgroun" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776387.505:12772): arch=40000003 syscall=33 success=yes exit=0 a0=99afcd8 a1=4 a2=254770 a3=99afcd8 items=0 ppid=1 pid=13401 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776389.002:12773): avc: denied { ptrace } for pid=13408 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776389.002:12773): arch=40000003 syscall=195 success=yes exit=0 a0=805f088 a1=bf862874 a2=dbcff4 a3=bf861bec items=0 ppid=13399 pid=13408 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776389.002:12774): avc: denied { sys_ptrace } for pid=13408 comm="killall" capability=19 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776389.002:12774): arch=40000003 syscall=195 success=yes exit=0 a0=805f088 a1=bf862874 a2=dbcff4 a3=bf861bec items=0 ppid=13399 pid=13408 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776389.006:12775): avc: denied { kill } for pid=13408 comm="killall" capability=5 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776389.006:12775): arch=40000003 syscall=37 success=yes exit=0 a0=345b a1=f a2=0 a3=345b items=0 ppid=13399 pid=13408 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776391.938:12776): avc: denied { unlink } for pid=8303 comm="yum" name="blackjack" dev=dm-0 ino=10326957 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776391.938:12776): arch=40000003 syscall=38 success=yes exit=0 a0=fb09ff8 a1=f99df40 a2=d2a040 a3=fb09ff8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776391.990:12777): avc: denied { relabelto } for pid=8303 comm="yum" name="blackjack" dev=dm-0 ino=10331034 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776391.990:12777): arch=40000003 syscall=227 success=yes exit=0 a0=f99df40 a1=a2f0d3 a2=fbbfa30 a3=22 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776391.990:12778): avc: denied { setattr } for pid=8303 comm="yum" name="blackjack" dev=dm-0 ino=10331034 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776391.990:12778): arch=40000003 syscall=212 success=yes exit=0 a0=f99df40 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776392.402:12779): avc: denied { create } for pid=8303 comm="yum" name="glchess" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776392.402:12779): arch=40000003 syscall=39 success=yes exit=0 a0=b50e4d8 a1=1c0 a2=d2a040 a3=b50e4d8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776392.402:12780): avc: denied { relabelfrom } for pid=8303 comm="yum" name="glchess" dev=dm-0 ino=12343648 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163776392.402:12780): avc: denied { relabelto } for pid=8303 comm="yum" name="glchess" dev=dm-0 ino=12343648 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776392.402:12780): arch=40000003 syscall=227 success=yes exit=0 a0=b50e4d8 a1=a2f0d3 a2=fc50df8 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776392.402:12781): avc: denied { setattr } for pid=8303 comm="yum" name="glchess" dev=dm-0 ino=12343648 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776392.402:12781): arch=40000003 syscall=212 success=yes exit=0 a0=b50e4d8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776393.742:12782): avc: denied { read } for pid=13464 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776393.742:12782): arch=40000003 syscall=33 success=yes exit=0 a0=bf800fcb a1=4 a2=da3a64 a3=bf800fcb items=0 ppid=1 pid=13464 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163776393.742:12783): avc: denied { getattr } for pid=13464 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776393.742:12783): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf7fec1c a2=d94ff4 a3=9546140 items=0 ppid=1 pid=13464 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776393.742:12783): path="/tmp/.gdmV8RYIT"
+type=AVC msg=audit(1163776406.931:12784): avc: denied { write } for pid=8303 comm="yum" name="games" dev=dm-0 ino=14436607 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=AVC msg=audit(1163776406.931:12784): avc: denied { add_name } for pid=8303 comm="yum" name="glines.Large.scores;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=AVC msg=audit(1163776406.931:12784): avc: denied { create } for pid=8303 comm="yum" name="glines.Large.scores;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776406.931:12784): arch=40000003 syscall=5 success=yes exit=30 a0=fc58818 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776406.971:12785): avc: denied { remove_name } for pid=8303 comm="yum" name="glines.Large.scores;455dcb57" dev=dm-0 ino=14438005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=dir
+type=AVC msg=audit(1163776406.971:12785): avc: denied { rename } for pid=8303 comm="yum" name="glines.Large.scores;455dcb57" dev=dm-0 ino=14438005 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:games_data_t:s0 tclass=file
+type=AVC msg=audit(1163776406.971:12785): avc: denied { unlink } for pid=8303 comm="yum" name="glines.Large.scores" dev=dm-0 ino=14436943 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776406.971:12785): arch=40000003 syscall=38 success=yes exit=0 a0=fc58818 a1=fc588e8 a2=d2a040 a3=fc58818 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776406.975:12786): avc: denied { relabelfrom } for pid=8303 comm="yum" name="glines.Large.scores" dev=dm-0 ino=14438005 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:games_data_t:s0 tclass=file
+type=AVC msg=audit(1163776406.975:12786): avc: denied { relabelto } for pid=8303 comm="yum" name="glines.Large.scores" dev=dm-0 ino=14438005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776406.975:12786): arch=40000003 syscall=227 success=yes exit=0 a0=fc588e8 a1=a2f0d3 a2=fc5a588 a3=22 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776406.975:12787): avc: denied { setattr } for pid=8303 comm="yum" name="glines.Large.scores" dev=dm-0 ino=14438005 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776406.975:12787): arch=40000003 syscall=212 success=yes exit=0 a0=fc588e8 a1=c a2=14 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776406.975:12788): avc: denied { unlink } for pid=8303 comm="yum" name="glines.Medium.scores" dev=dm-0 ino=14437124 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:games_data_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776406.975:12788): arch=40000003 syscall=38 success=yes exit=0 a0=fc5a600 a1=fc5a588 a2=d2a040 a3=fc5a600 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776421.060:12789): avc: denied { create } for pid=13541 comm="scrollkeeper-up" name="553" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776421.060:12789): arch=40000003 syscall=5 success=yes exit=3 a0=92ac138 a1=241 a2=1b6 a3=920fd20 items=0 ppid=13540 pid=13541 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776421.064:12790): avc: denied { write } for pid=13541 comm="scrollkeeper-up" name="553" dev=dm-0 ino=14567911 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776421.064:12790): arch=40000003 syscall=4 success=yes exit=808 a0=3 a1=b7f76000 a2=328 a3=328 items=0 ppid=13540 pid=13541 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776421.064:12790): path="/var/lib/scrollkeeper/TOC/553"
+type=AVC msg=audit(1163776421.124:12791): avc: denied { unlink } for pid=13541 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14567910 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776421.124:12791): arch=40000003 syscall=10 success=yes exit=0 a0=bfe62443 a1=1 a2=50c338 a3=bfe62663 items=0 ppid=13540 pid=13541 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776421.124:12792): avc: denied { rename } for pid=13541 comm="scrollkeeper-up" name="scrollkeeper_docs.tmp" dev=dm-0 ino=14568138 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776421.124:12792): arch=40000003 syscall=38 success=yes exit=0 a0=bfe62543 a1=bfe62443 a2=50c338 a3=bfe62663 items=0 ppid=13540 pid=13541 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776421.152:12793): avc: denied { append } for pid=13541 comm="scrollkeeper-up" name="scrollkeeper_docs" dev=dm-0 ino=14568138 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776421.152:12793): arch=40000003 syscall=5 success=yes exit=3 a0=bfe62168 a1=441 a2=1b6 a3=920fd20 items=0 ppid=13540 pid=13541 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="scrollkeeper-up" exe="/usr/bin/scrollkeeper-update" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776422.896:12794): avc: denied { create } for pid=13617 comm="gconftool-2" name=".testing.writeability" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776422.896:12794): arch=40000003 syscall=5 success=yes exit=3 a0=966e1a8 a1=41 a2=1c0 a3=966e1a8 items=0 ppid=13616 pid=13617 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776422.896:12795): avc: denied { unlink } for pid=13617 comm="gconftool-2" name=".testing.writeability" dev=dm-0 ino=9331998 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776422.896:12795): arch=40000003 syscall=10 success=yes exit=0 a0=966e1a8 a1=41 a2=412708 a3=966e1a8 items=0 ppid=13616 pid=13617 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.956:12796): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163776425.956:12796): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.956:12797): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.956:12797): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.956:12798): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.956:12798): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.960:12799): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.960:12799): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.960:12800): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.960:12800): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.960:12801): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.960:12801): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.960:12802): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776425.960:12802): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776425.960:12803): avc: denied { ptrace } for pid=13619 comm="killall" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163776425.960:12803): arch=40000003 syscall=195 success=yes exit=0 a0=8a24088 a1=bfffa804 a2=3b1ff4 a3=bfff9b7c items=0 ppid=13617 pid=13619 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="killall" exe="/usr/bin/killall" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776426.020:12804): avc: denied { write } for pid=13617 comm="gconftool-2" name="%gconf-tree.xml.new" dev=dm-0 ino=9331998 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776426.020:12804): arch=40000003 syscall=4 success=yes exit=4096 a0=3 a1=b7fec000 a2=1000 a3=1000 items=0 ppid=13616 pid=13617 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776426.020:12804): path="/etc/gconf/gconf.xml.defaults/%gconf-tree.xml.new"
+type=AVC msg=audit(1163776426.144:12805): avc: denied { rename } for pid=13617 comm="gconftool-2" name="%gconf-tree.xml.new" dev=dm-0 ino=9331998 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776426.144:12805): arch=40000003 syscall=38 success=yes exit=0 a0=b38d1c8 a1=b38b750 a2=122820 a3=0 items=0 ppid=13616 pid=13617 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="gconftool-2" exe="/usr/bin/gconftool-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.552:12806): avc: denied { write } for pid=13623 comm="cp" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.552:12806): avc: denied { add_name } for pid=13623 comm="cp" name="file_contexts.pre" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.552:12806): avc: denied { create } for pid=13623 comm="cp" name="file_contexts.pre" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.552:12806): arch=40000003 syscall=5 success=yes exit=4 a0=bfab7bd7 a1=8041 a2=81a4 a3=8041 items=0 ppid=13622 pid=13623 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cp" exe="/bin/cp" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.572:12807): avc: denied { write } for pid=13623 comm="cp" name="file_contexts.pre" dev=dm-0 ino=9330913 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.572:12807): arch=40000003 syscall=4 success=yes exit=4096 a0=4 a1=bfab4000 a2=1000 a3=1000 items=0 ppid=13622 pid=13623 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="cp" exe="/bin/cp" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776431.572:12807): path="/etc/selinux/strict/contexts/files/file_contexts.pre"
+type=AVC msg=audit(1163776431.580:12808): avc: denied { relabelfrom } for pid=8303 comm="yum" name="strict" dev=dm-0 ino=9331930 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.580:12808): avc: denied { relabelto } for pid=8303 comm="yum" name="strict" dev=dm-0 ino=9331930 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.580:12808): arch=40000003 syscall=227 success=yes exit=0 a0=f99e4c8 a1=a2f0d3 a2=faf3e68 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.624:12809): avc: denied { setattr } for pid=8303 comm="yum" name="strict" dev=dm-0 ino=9331930 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.624:12809): arch=40000003 syscall=212 success=yes exit=0 a0=f99e4c8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.624:12810): avc: denied { relabelfrom } for pid=8303 comm="yum" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.624:12810): avc: denied { relabelto } for pid=8303 comm="yum" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.624:12810): arch=40000003 syscall=227 success=yes exit=0 a0=fc5a5b0 a1=a2f0d3 a2=faeaea8 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.628:12811): avc: denied { setattr } for pid=8303 comm="yum" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.628:12811): arch=40000003 syscall=212 success=yes exit=0 a0=fc5a5b0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.628:12812): avc: denied { write } for pid=8303 comm="yum" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.628:12812): avc: denied { add_name } for pid=8303 comm="yum" name="customizable_types;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.628:12812): avc: denied { create } for pid=8303 comm="yum" name="customizable_types;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.628:12812): arch=40000003 syscall=5 success=yes exit=30 a0=fb96de0 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.628:12813): avc: denied { write } for pid=8303 comm="yum" name="customizable_types;455dcb57" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.628:12813): arch=40000003 syscall=4 success=yes exit=233 a0=1e a1=b6dcb000 a2=e9 a3=fb96e20 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776431.628:12813): path="/etc/selinux/strict/contexts/customizable_types;455dcb57"
+type=AVC msg=audit(1163776431.628:12814): avc: denied { remove_name } for pid=8303 comm="yum" name="customizable_types;455dcb57" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.628:12814): avc: denied { rename } for pid=8303 comm="yum" name="customizable_types;455dcb57" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=AVC msg=audit(1163776431.628:12814): avc: denied { unlink } for pid=8303 comm="yum" name="customizable_types" dev=dm-0 ino=9334401 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.628:12814): arch=40000003 syscall=38 success=yes exit=0 a0=fb96de0 a1=faa64f8 a2=d2a040 a3=fb96de0 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.628:12815): avc: denied { relabelfrom } for pid=8303 comm="yum" name="customizable_types" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=AVC msg=audit(1163776431.628:12815): avc: denied { relabelto } for pid=8303 comm="yum" name="customizable_types" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.628:12815): arch=40000003 syscall=227 success=yes exit=0 a0=faa64f8 a1=a2f0d3 a2=faeaea8 a3=27 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.628:12816): avc: denied { setattr } for pid=8303 comm="yum" name="customizable_types" dev=dm-0 ino=9334567 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.628:12816): arch=40000003 syscall=212 success=yes exit=0 a0=faa64f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.640:12817): avc: denied { relabelfrom } for pid=8303 comm="yum" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.640:12817): avc: denied { relabelto } for pid=8303 comm="yum" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.640:12817): arch=40000003 syscall=227 success=yes exit=0 a0=fb96fa0 a1=a2f0d3 a2=fc5a5d8 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.640:12818): avc: denied { setattr } for pid=8303 comm="yum" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.640:12818): arch=40000003 syscall=212 success=yes exit=0 a0=fb96fa0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.640:12819): avc: denied { remove_name } for pid=8303 comm="yum" name="media;455dcb57" dev=dm-0 ino=9334434 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.640:12819): avc: denied { rename } for pid=8303 comm="yum" name="media;455dcb57" dev=dm-0 ino=9334434 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=AVC msg=audit(1163776431.640:12819): avc: denied { unlink } for pid=8303 comm="yum" name="media" dev=dm-0 ino=9334528 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.640:12819): arch=40000003 syscall=38 success=yes exit=0 a0=f78a080 a1=fb96db0 a2=d2a040 a3=f78a080 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.640:12820): avc: denied { relabelfrom } for pid=8303 comm="yum" name="media" dev=dm-0 ino=9334434 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=AVC msg=audit(1163776431.640:12820): avc: denied { relabelto } for pid=8303 comm="yum" name="media" dev=dm-0 ino=9334434 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.640:12820): arch=40000003 syscall=227 success=yes exit=0 a0=fb96db0 a1=a2f0d3 a2=fc5a5d8 a3=24 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.640:12821): avc: denied { setattr } for pid=8303 comm="yum" name="media" dev=dm-0 ino=9334434 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.640:12821): arch=40000003 syscall=212 success=yes exit=0 a0=fb96db0 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.664:12822): avc: denied { relabelfrom } for pid=8303 comm="yum" name="active" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.664:12822): avc: denied { relabelto } for pid=8303 comm="yum" name="active" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.664:12822): arch=40000003 syscall=227 success=yes exit=0 a0=f78a080 a1=a2f0d3 a2=cb51b80 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.664:12823): avc: denied { setattr } for pid=8303 comm="yum" name="active" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.664:12823): arch=40000003 syscall=212 success=yes exit=0 a0=f78a080 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.664:12824): avc: denied { write } for pid=8303 comm="yum" name="modules" dev=dm-0 ino=9334534 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.664:12824): avc: denied { add_name } for pid=8303 comm="yum" name="semanage.read.LOCK;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.664:12824): avc: denied { create } for pid=8303 comm="yum" name="semanage.read.LOCK;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.664:12824): arch=40000003 syscall=5 success=yes exit=30 a0=fb91c18 a1=8241 a2=1b6 a3=8241 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.664:12825): avc: denied { remove_name } for pid=8303 comm="yum" name="semanage.read.LOCK;455dcb57" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.664:12825): avc: denied { rename } for pid=8303 comm="yum" name="semanage.read.LOCK;455dcb57" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=AVC msg=audit(1163776431.664:12825): avc: denied { unlink } for pid=8303 comm="yum" name="semanage.read.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.664:12825): arch=40000003 syscall=38 success=yes exit=0 a0=fb91c18 a1=fb915c8 a2=d2a040 a3=fb91c18 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.668:12826): avc: denied { relabelfrom } for pid=8303 comm="yum" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=AVC msg=audit(1163776431.668:12826): avc: denied { relabelto } for pid=8303 comm="yum" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.668:12826): arch=40000003 syscall=227 success=yes exit=0 a0=fb915c8 a1=a2f0d3 a2=cb56428 a3=2a items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.668:12827): avc: denied { setattr } for pid=8303 comm="yum" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.668:12827): arch=40000003 syscall=212 success=yes exit=0 a0=fb915c8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.668:12828): avc: denied { unlink } for pid=8303 comm="yum" name="semanage.trans.LOCK" dev=dm-0 ino=9334537 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.668:12828): arch=40000003 syscall=38 success=yes exit=0 a0=fc75d08 a1=fb915c8 a2=d2a040 a3=fc75d08 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.676:12829): avc: denied { relabelto } for pid=8303 comm="yum" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.676:12829): arch=40000003 syscall=227 success=yes exit=0 a0=fb915c8 a1=a2f0d3 a2=fc75cd8 a3=2b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.676:12830): avc: denied { setattr } for pid=8303 comm="yum" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.676:12830): arch=40000003 syscall=212 success=yes exit=0 a0=fb915c8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.688:12831): avc: denied { relabelfrom } for pid=8303 comm="yum" name="policy" dev=dm-0 ino=9334538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776431.688:12831): avc: denied { relabelto } for pid=8303 comm="yum" name="policy" dev=dm-0 ino=9334538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.688:12831): arch=40000003 syscall=227 success=yes exit=0 a0=fc785f8 a1=a2f0d3 a2=fc785c8 a3=25 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.688:12832): avc: denied { setattr } for pid=8303 comm="yum" name="policy" dev=dm-0 ino=9334538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776431.688:12832): arch=40000003 syscall=212 success=yes exit=0 a0=fc785f8 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.688:12833): avc: denied { write } for pid=8303 comm="yum" name="setrans.conf;455dcb57" dev=dm-0 ino=9334537 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.688:12833): arch=40000003 syscall=4 success=yes exit=598 a0=1e a1=b6dcb000 a2=256 a3=fc79e88 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776431.688:12833): path="/etc/selinux/strict/setrans.conf;455dcb57"
+type=AVC msg=audit(1163776431.688:12834): avc: denied { unlink } for pid=8303 comm="yum" name="setrans.conf" dev=dm-0 ino=9334539 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.688:12834): arch=40000003 syscall=38 success=yes exit=0 a0=fc785c8 a1=fc79e60 a2=d2a040 a3=fc785c8 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.688:12835): avc: denied { relabelto } for pid=8303 comm="yum" name="setrans.conf" dev=dm-0 ino=9334537 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.688:12835): arch=40000003 syscall=227 success=yes exit=0 a0=fc79e60 a1=a2f0d3 a2=fc75ca8 a3=26 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776431.688:12836): avc: denied { setattr } for pid=8303 comm="yum" name="setrans.conf" dev=dm-0 ino=9334537 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776431.688:12836): arch=40000003 syscall=212 success=yes exit=0 a0=fc79e60 a1=0 a2=0 a3=6028 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776432.620:12837): avc: denied { create } for pid=8303 comm="yum" name="include;455dcb57" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776432.620:12837): arch=40000003 syscall=83 success=yes exit=0 a0=fc5b370 a1=cb50098 a2=508a38 a3=602c items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776432.620:12838): avc: denied { rename } for pid=8303 comm="yum" name="include;455dcb57" dev=dm-0 ino=11982828 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163776432.620:12838): avc: denied { unlink } for pid=8303 comm="yum" name="include" dev=dm-0 ino=11982840 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776432.620:12838): arch=40000003 syscall=38 success=yes exit=0 a0=cb50098 a1=fc7fb30 a2=d2a040 a3=cb50098 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776432.620:12839): avc: denied { relabelfrom } for pid=8303 comm="yum" name="include" dev=dm-0 ino=11982828 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:usr_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163776432.620:12839): avc: denied { relabelto } for pid=8303 comm="yum" name="include" dev=dm-0 ino=11982828 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776432.620:12839): arch=40000003 syscall=227 success=yes exit=0 a0=fc7fb30 a1=a2f0d3 a2=fc7fff0 a3=1b items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776432.620:12840): avc: denied { setattr } for pid=8303 comm="yum" name="include" dev=dm-0 ino=11982828 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776432.620:12840): arch=40000003 syscall=198 success=yes exit=0 a0=fc7fb30 a1=0 a2=0 a3=a1f7554 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.513:12841): avc: denied { execute } for pid=13625 comm="sh" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.513:12841): arch=40000003 syscall=33 success=yes exit=0 a0=963cd40 a1=1 a2=11 a3=963cd40 items=0 ppid=13624 pid=13625 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sh" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.513:12842): avc: denied { read } for pid=13625 comm="sh" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.513:12842): arch=40000003 syscall=33 success=yes exit=0 a0=963cd40 a1=4 a2=ffffffff a3=963cd40 items=0 ppid=13624 pid=13625 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="sh" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.513:12843): avc: denied { execute_no_trans } for pid=13626 comm="sh" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.513:12843): arch=40000003 syscall=11 success=yes exit=0 a0=963cd40 a1=963dcc8 a2=963f410 a3=9637b48 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776437.513:12843): path="/usr/sbin/semodule"
+type=AVC msg=audit(1163776437.553:12844): avc: denied { execute } for pid=13626 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.553:12844): arch=40000003 syscall=33 success=yes exit=0 a0=c75905 a1=1 a2=c7b21c a3=9988f00 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.605:12845): avc: denied { read write search } for pid=13626 comm="semodule" name="active" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776437.605:12845): arch=40000003 syscall=33 success=yes exit=0 a0=9989578 a1=7 a2=c7b21c a3=9989578 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.625:12846): avc: denied { read write search } for pid=13626 comm="semodule" name="modules" dev=dm-0 ino=9334945 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776437.625:12846): arch=40000003 syscall=33 success=yes exit=0 a0=99895a0 a1=7 a2=c7b21c a3=99895a0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.625:12847): avc: denied { read write } for pid=13626 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.625:12847): arch=40000003 syscall=33 success=yes exit=0 a0=9989500 a1=6 a2=c7b21c a3=9989500 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.625:12848): avc: denied { read } for pid=13626 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.625:12848): arch=40000003 syscall=5 success=yes exit=3 a0=9989020 a1=0 a2=24d120 a3=9988dd0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.625:12849): avc: denied { lock } for pid=13626 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.625:12849): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=c7b21c a3=5 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776437.625:12849): path="/etc/selinux/strict/modules/semanage.trans.LOCK"
+type=AVC msg=audit(1163776437.625:12850): avc: denied { create } for pid=13626 comm="semodule" name="tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776437.625:12850): arch=40000003 syscall=39 success=yes exit=0 a0=998de60 a1=1c0 a2=c7b21c a3=998de60 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.637:12851): avc: denied { read } for pid=13626 comm="semodule" name="base.linked" dev=dm-0 ino=9334715 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776437.637:12851): arch=40000003 syscall=5 success=yes exit=4 a0=bfe11248 a1=0 a2=1 a3=81a4 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.637:12852): avc: denied { write } for pid=13626 comm="semodule" name="tmp" dev=dm-0 ino=9395239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776437.637:12852): avc: denied { add_name } for pid=13626 comm="semodule" name="base.linked.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776437.637:12852): arch=40000003 syscall=5 success=yes exit=5 a0=bfe0f198 a1=241 a2=81a4 a3=81a4 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776437.941:12853): avc: denied { remove_name } for pid=13626 comm="semodule" name="base.linked.tmp" dev=dm-0 ino=9395240 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776437.941:12853): arch=40000003 syscall=38 success=yes exit=0 a0=bfe0f198 a1=bfe10248 a2=c7b21c a3=0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776446.341:12854): avc: denied { read } for pid=13628 comm="gnome-backgroun" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776446.341:12854): arch=40000003 syscall=33 success=yes exit=0 a0=bfdbde42 a1=4 a2=da3a64 a3=bfdbde42 items=0 ppid=1 pid=13628 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776446.349:12855): avc: denied { read } for pid=13628 comm="gnome-backgroun" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776446.349:12855): arch=40000003 syscall=33 success=yes exit=0 a0=9f23cd8 a1=4 a2=df7770 a3=9f23cd8 items=0 ppid=1 pid=13628 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.069:12856): avc: denied { lock } for pid=13626 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.069:12856): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=6 a2=c7b21c a3=5 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776448.069:12856): path="/etc/selinux/strict/modules/semanage.read.LOCK"
+type=AVC msg=audit(1163776448.089:12857): avc: denied { remove_name } for pid=13626 comm="semodule" name="base.linked" dev=dm-0 ino=9334718 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=AVC msg=audit(1163776448.089:12857): avc: denied { unlink } for pid=13626 comm="semodule" name="base.linked" dev=dm-0 ino=9334718 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.089:12857): arch=40000003 syscall=10 success=yes exit=0 a0=bfe12099 a1=0 a2=24bff4 a3=bfe12099 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.497:12858): avc: denied { rmdir } for pid=13626 comm="semodule" name="modules" dev=dm-0 ino=9334726 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776448.497:12858): arch=40000003 syscall=40 success=yes exit=0 a0=bfe12099 a1=b7fa4688 a2=24bff4 a3=bfe12099 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.513:12859): avc: denied { rename } for pid=13626 comm="semodule" name="active" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776448.513:12859): arch=40000003 syscall=38 success=yes exit=0 a0=9989578 a1=998d9d8 a2=c7b21c a3=bfe12248 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.513:12860): avc: denied { rename } for pid=13626 comm="semodule" name="tmp" dev=dm-0 ino=9395239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776448.513:12860): arch=40000003 syscall=38 success=yes exit=0 a0=998de60 a1=9989578 a2=c7b21c a3=bfe12248 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.513:12861): avc: denied { write } for pid=13626 comm="semodule" name="policy" dev=dm-0 ino=9334538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776448.513:12861): avc: denied { add_name } for pid=13626 comm="semodule" name="policy.21.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776448.513:12861): avc: denied { create } for pid=13626 comm="semodule" name="policy.21.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.513:12861): arch=40000003 syscall=5 success=yes exit=6 a0=bfe0b058 a1=241 a2=1a4 a3=1a4 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.521:12862): avc: denied { write } for pid=13626 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.521:12862): arch=40000003 syscall=4 success=yes exit=4192 a0=6 a1=bfe09ff8 a2=1060 a3=1060 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776448.521:12862): path="/etc/selinux/strict/policy/policy.21.tmp"
+type=AVC msg=audit(1163776448.537:12863): avc: denied { remove_name } for pid=13626 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163776448.537:12863): avc: denied { rename } for pid=13626 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=AVC msg=audit(1163776448.537:12863): avc: denied { unlink } for pid=13626 comm="semodule" name="policy.21" dev=dm-0 ino=9330752 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.537:12863): arch=40000003 syscall=38 success=yes exit=0 a0=bfe0b058 a1=bfe0e198 a2=c7b21c a3=0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.593:12864): avc: denied { unlink } for pid=13626 comm="semodule" name="homedir_template" dev=dm-0 ino=9331333 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.593:12864): arch=40000003 syscall=38 success=yes exit=0 a0=bfe0b058 a1=bfe0f198 a2=c7b21c a3=0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.593:12865): avc: denied { unlink } for pid=13626 comm="semodule" name="seusers" dev=dm-0 ino=9334535 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.593:12865): arch=40000003 syscall=38 success=yes exit=0 a0=bfe0b058 a1=bfe0d198 a2=c7b21c a3=0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.665:12866): avc: denied { unlink } for pid=13626 comm="semodule" name="netfilter_contexts" dev=dm-0 ino=9334540 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.665:12866): arch=40000003 syscall=38 success=yes exit=0 a0=bfe0b058 a1=bfe0c198 a2=c7b21c a3=0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.749:12867): avc: denied { execute } for pid=13658 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776448.749:12867): avc: denied { execute_no_trans } for pid=13658 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776448.749:12867): avc: denied { read } for pid=13658 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.749:12867): arch=40000003 syscall=11 success=yes exit=0 a0=9988f10 a1=dba7c68 a2=0 a3=0 items=0 ppid=13626 pid=13658 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776448.749:12867): path="/usr/sbin/load_policy"
+type=AVC_PATH msg=audit(1163776448.749:12867): path="/usr/sbin/load_policy"
+type=AVC msg=audit(1163776448.829:12868): avc: denied { read } for pid=13658 comm="load_policy" name="policy.21" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776448.829:12868): arch=40000003 syscall=5 success=yes exit=3 a0=bfb09148 a1=8000 a2=0 a3=8000 items=0 ppid=13626 pid=13658 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776448.949:12869): avc: denied { load_policy } for pid=13658 comm="load_policy" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security
+type=AVC msg=audit(1163776449.073:12870): avc: denied { read } for pid=13663 comm="gnome_segv2" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776449.073:12870): arch=40000003 syscall=33 success=yes exit=0 a0=bfe4de4e a1=4 a2=843a64 a3=bfe4de4e items=0 ppid=13662 pid=13663 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome_segv2" exe="/usr/libexec/gnome_segv2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=MAC_POLICY_LOAD msg=audit(1163776448.949:12869): policy loaded auid=500
+type=AVC msg=audit(1163776449.089:12871): avc: denied { ptrace } for pid=3367 comm="dbus-daemon" scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776449.089:12871): arch=40000003 syscall=85 success=yes exit=35 a0=a45fce a1=b7fd1b58 a2=fff a3=b7fd4eba items=0 ppid=1 pid=3367 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=SYSCALL msg=audit(1163776448.949:12869): arch=40000003 syscall=4 success=yes exit=2109187 a0=4 a1=b7da3000 a2=202f03 a3=bfb08078 items=0 ppid=13626 pid=13658 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776449.097:12872): user pid=8554 uid=0 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: received policyload notice (seqno=2) : exe="/bin/dbus-daemon" (sauid=0, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776449.109:12873): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=AVC msg=audit(1163776449.109:12874): avc: denied { execute } for pid=13665 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776449.109:12873): arch=40000003 syscall=100 success=yes exit=0 a0=13 a1=bfcd50ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776449.109:12874): avc: denied { execute_no_trans } for pid=13665 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776449.109:12874): avc: denied { read } for pid=13665 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776449.109:12874): arch=40000003 syscall=11 success=yes exit=0 a0=9988f40 a1=dbe0260 a2=0 a3=0 items=0 ppid=13626 pid=13665 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="setfiles" exe="/sbin/setfiles" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776449.109:12874): path="/sbin/setfiles"
+type=AVC_PATH msg=audit(1163776449.109:12874): path="/sbin/setfiles"
+type=AVC msg=audit(1163776449.357:12875): avc: denied { read } for pid=13665 comm="setfiles" name="policy.21" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776449.357:12875): arch=40000003 syscall=5 success=yes exit=3 a0=bf81af97 a1=8000 a2=1b6 a3=8cad3e0 items=0 ppid=13626 pid=13665 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="setfiles" exe="/sbin/setfiles" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776449.689:12876): avc: denied { lock } for pid=13626 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776449.689:12876): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=8 a2=c7b21c a3=9988dd0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776449.689:12876): path="/etc/selinux/strict/modules/semanage.read.LOCK"
+type=AVC msg=audit(1163776449.689:12877): avc: denied { search } for pid=8554 comm="dbus-daemon" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776449.689:12878): avc: denied { search } for pid=3366 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776449.689:12878): avc: denied { search } for pid=3366 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776449.689:12878): arch=40000003 syscall=5 success=no exit=-2 a0=87ef658 a1=18800 a2=0 a3=bfaf9f38 items=0 ppid=1 pid=3366 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=SYSCALL msg=audit(1163776449.689:12877): arch=40000003 syscall=5 success=no exit=-2 a0=9af01c0 a1=18800 a2=39e1d8 a3=bfcccb98 items=0 ppid=1 pid=8554 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776450.389:12879): avc: denied { read } for pid=13676 comm="genhomedircon" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776450.389:12879): arch=40000003 syscall=33 success=yes exit=0 a0=8952d10 a1=4 a2=c7b21c a3=8952d10 items=0 ppid=13626 pid=13676 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776450.389:12880): avc: denied { write } for pid=13676 comm="genhomedircon" name="modules" dev=dm-0 ino=9395255 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776450.389:12880): arch=40000003 syscall=33 success=yes exit=0 a0=8951598 a1=7 a2=c7b21c a3=8952d10 items=0 ppid=13626 pid=13676 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776450.465:12881): avc: denied { write } for pid=13676 comm="genhomedircon" name="file_contexts.homedirs" dev=dm-0 ino=9334712 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776450.465:12881): arch=40000003 syscall=5 success=yes exit=3 a0=8966508 a1=8241 a2=1b6 a3=8966548 items=0 ppid=13626 pid=13676 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776450.701:12882): avc: denied { lock } for pid=13626 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776450.701:12882): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=8 a2=c7b21c a3=9988dd0 items=0 ppid=13625 pid=13626 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776450.701:12882): path="/etc/selinux/strict/modules/semanage.trans.LOCK"
+type=AVC msg=audit(1163776451.141:12883): avc: denied { write } for pid=13713 comm="mktemp" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776451.141:12883): avc: denied { add_name } for pid=13713 comm="mktemp" name="file_contexts.ProyZ13713" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776451.141:12883): avc: denied { create } for pid=13713 comm="mktemp" name="file_contexts.ProyZ13713" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776451.141:12883): arch=40000003 syscall=5 success=yes exit=3 a0=8bc8008 a1=c2 a2=180 a3=8bc8008 items=0 ppid=13695 pid=13713 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mktemp" exe="/bin/mktemp" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776451.229:12884): avc: denied { write } for pid=13716 comm="fixfiles" name="file_contexts.pre.rVudp13714" dev=dm-0 ino=9334541 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776451.229:12884): arch=40000003 syscall=5 success=yes exit=3 a0=95f59a8 a1=8241 a2=1b6 a3=8241 items=0 ppid=13695 pid=13716 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="fixfiles" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776451.357:12885): avc: denied { execute } for pid=13732 comm="fixfiles" name="restorecon" dev=dm-0 ino=9984525 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776451.357:12885): avc: denied { execute_no_trans } for pid=13732 comm="fixfiles" name="restorecon" dev=dm-0 ino=9984525 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776451.357:12885): avc: denied { read } for pid=13732 comm="fixfiles" name="restorecon" dev=dm-0 ino=9984525 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776451.357:12885): arch=40000003 syscall=11 success=yes exit=0 a0=95f5910 a1=95f5b88 a2=95ea7a0 a3=95f5808 items=0 ppid=13695 pid=13732 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="restorecon" exe="/sbin/restorecon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776451.357:12885): path="/sbin/restorecon"
+type=AVC_PATH msg=audit(1163776451.357:12885): path="/sbin/restorecon"
+type=AVC msg=audit(1163776451.449:12886): avc: denied { append } for pid=13738 comm="fixfiles" name="file_contexts.ProyZ13713" dev=dm-0 ino=9334540 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776451.449:12886): arch=40000003 syscall=5 success=yes exit=3 a0=95f5e38 a1=8441 a2=1b6 a3=8441 items=0 ppid=13730 pid=13738 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="fixfiles" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776459.950:12887): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776461.782:12888): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=deactivateVPNConnection dest=org.freedesktop.NetworkManager spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776461.782:12889): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776461.782:12890): avc: denied { net_admin } for pid=6687 comm="NetworkManager" capability=12 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776461.782:12890): arch=40000003 syscall=102 success=yes exit=32 a0=10 a1=bfaf3350 a2=cd036c a3=0 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776461.806:12891): avc: denied { execute } for pid=13819 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776461.806:12891): avc: denied { execute_no_trans } for pid=13819 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776461.806:12891): avc: denied { read } for pid=13819 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776461.806:12891): arch=40000003 syscall=11 success=yes exit=0 a0=84fe3a8 a1=8502440 a2=bfaf4160 a3=400 items=0 ppid=6687 pid=13819 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ip" exe="/sbin/ip" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776461.806:12891): path="/sbin/ip"
+type=AVC_PATH msg=audit(1163776461.806:12891): path="/sbin/ip"
+type=AVC msg=audit(1163776461.854:12892): avc: denied { write } for pid=6687 comm="NetworkManager" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776461.854:12892): avc: denied { add_name } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776461.854:12892): avc: denied { create } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776461.854:12892): arch=40000003 syscall=5 success=yes exit=14 a0=80892c8 a1=241 a2=1b6 a3=8503678 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776461.854:12893): avc: denied { write } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776461.854:12893): arch=40000003 syscall=4 success=yes exit=125 a0=e a1=b7fa1000 a2=7d a3=7d items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776461.854:12893): path="/etc/resolv.conf.tmp"
+type=AVC msg=audit(1163776461.854:12894): avc: denied { remove_name } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776461.854:12894): avc: denied { rename } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163776461.854:12894): avc: denied { unlink } for pid=6687 comm="NetworkManager" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776461.854:12894): arch=40000003 syscall=38 success=yes exit=0 a0=80892c8 a1=8089313 a2=8094374 a3=808930e items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776461.970:12895): avc: denied { relabelfrom } for pid=12189 comm="restorecond" name="resolv.conf" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163776461.970:12895): avc: denied { relabelto } for pid=12189 comm="restorecond" name="resolv.conf" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776461.970:12895): arch=40000003 syscall=228 success=yes exit=0 a0=4 a1=ba70d3 a2=8385568 a3=20 items=0 ppid=1 pid=12189 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.010:12896): avc: denied { create } for pid=6687 comm="NetworkManager" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=AVC msg=audit(1163776463.010:12896): avc: denied { net_raw } for pid=6687 comm="NetworkManager" capability=13 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776463.010:12896): arch=40000003 syscall=102 success=yes exit=14 a0=1 a1=bfaf32f0 a2=84fed00 a3=2 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.010:12897): avc: denied { ioctl } for pid=6687 comm="NetworkManager" name="[146272]" dev=sockfs ino=146272 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163776463.010:12897): arch=40000003 syscall=54 success=yes exit=0 a0=e a1=890b a2=bfaf33a4 a3=84fed00 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776463.010:12897): path="socket:[146272]"
+type=USER_AVC msg=audit(1163776463.022:12898): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=3866 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776463.022:12899): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.vpnc member=stopConnection dest=org.freedesktop.NetworkManager.vpnc spid=6687 tpid=8135 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776463.022:12900): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776463.022:12901): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776463.022:12902): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=8135 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776463.050:12903): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163776463.050:12903): arch=40000003 syscall=102 success=yes exit=101 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.050:12904): avc: denied { write } for pid=11049 comm="udevd" name="uevent_seqnum" dev=tmpfs ino=1522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776463.050:12904): arch=40000003 syscall=5 success=yes exit=9 a0=bfee5668 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.050:12905): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.050:12905): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.050:12905): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776463.050:12905): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.050:12906): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.050:12906): avc: denied { create } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776463.050:12906): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.050:12907): avc: denied { write } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=146273 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.050:12907): avc: denied { add_name } for pid=11049 comm="udevd" name="class@net@tun0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.050:12907): avc: denied { create } for pid=11049 comm="udevd" name="class@net@tun0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776463.050:12907): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.930:12908): avc: denied { sendto } for pid=13826 comm="udevd" path=002F6F72672F667265656465736B746F702F68616C2F756465765F6576656E74 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=unix_dgram_socket
+type=SYSCALL msg=audit(1163776463.930:12908): arch=40000003 syscall=102 success=yes exit=126 a0=b a1=bfed27a0 a2=791234 a3=7e items=0 ppid=11049 pid=13826 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.930:12909): avc: denied { remove_name } for pid=11049 comm="udevd" name="class@net@tun0" dev=tmpfs ino=146274 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776463.930:12909): avc: denied { unlink } for pid=11049 comm="udevd" name="class@net@tun0" dev=tmpfs ino=146274 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776463.930:12909): arch=40000003 syscall=10 success=yes exit=0 a0=bfedb2b8 a1=24bff4 a2=791234 a3=791418 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776463.930:12910): avc: denied { rmdir } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=146273 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776463.930:12910): arch=40000003 syscall=40 success=yes exit=0 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776467.522:12911): avc: denied { write } for pid=13836 comm="gnome-backgroun" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776467.522:12911): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfc324a0 a2=df7770 a3=15 items=0 ppid=1 pid=13836 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776467.530:12912): avc: denied { read } for pid=13836 comm="gnome-backgroun" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776467.530:12912): arch=40000003 syscall=33 success=yes exit=0 a0=8a14cd8 a1=4 a2=df7770 a3=8a14cd8 items=0 ppid=1 pid=13836 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776480.779:12913): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776486.176:12914): avc: denied { read } for pid=14002 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776486.176:12914): arch=40000003 syscall=33 success=yes exit=0 a0=bff20fcb a1=4 a2=da3a64 a3=bff20fcb items=0 ppid=1 pid=14002 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163776486.176:12915): avc: denied { getattr } for pid=14002 comm="firefox-bin" name=".gdmV8RYIT" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776486.176:12915): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff1e33c a2=ef3ff4 a3=8311140 items=0 ppid=1 pid=14002 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776486.176:12915): path="/tmp/.gdmV8RYIT"
+type=USER_AVC msg=audit(1163776489.432:12916): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=3866 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776688.156:12917): avc: denied { remove_name } for pid=14116 comm="rm" name="file_contexts.ProyZ13713" dev=dm-0 ino=9334540 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163776688.156:12917): avc: denied { unlink } for pid=14116 comm="rm" name="file_contexts.ProyZ13713" dev=dm-0 ino=9334540 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776688.156:12917): arch=40000003 syscall=10 success=yes exit=0 a0=bff52b90 a1=0 a2=805277c a3=bff518e4 items=0 ppid=13695 pid=14116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776688.268:12918): avc: denied { dac_override } for pid=8303 comm="yum" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776688.268:12918): arch=40000003 syscall=5 success=yes exit=12 a0=f642ce0 a1=8002 a2=0 a3=8002 items=0 ppid=6537 pid=8303 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="yum" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776695.277:12919): avc: denied { read } for pid=6537 comm="bash" name=".bash_logout" dev=dm-0 ino=13061690 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776695.277:12919): arch=40000003 syscall=5 success=yes exit=3 a0=884c360 a1=8000 a2=0 a3=8000 items=0 ppid=6534 pid=6537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776695.737:12920): avc: denied { append } for pid=6537 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776695.737:12920): arch=40000003 syscall=5 success=yes exit=3 a0=882b640 a1=8401 a2=0 a3=8401 items=0 ppid=6534 pid=6537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776695.757:12921): avc: denied { read } for pid=6537 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776695.757:12921): arch=40000003 syscall=5 success=yes exit=3 a0=882b640 a1=8000 a2=0 a3=8000 items=0 ppid=6534 pid=6537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776695.765:12922): avc: denied { write } for pid=6537 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776695.765:12922): arch=40000003 syscall=5 success=yes exit=3 a0=882b640 a1=8201 a2=0 a3=8201 items=0 ppid=6534 pid=6537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1163776695.773:12923): user pid=6534 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163776695.777:12924): avc: denied { search } for pid=6534 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=AVC msg=audit(1163776695.777:12924): avc: denied { search } for pid=6534 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key
+type=AVC msg=audit(1163776695.777:12924): avc: denied { write } for pid=6534 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=SYSCALL msg=audit(1163776695.777:12924): arch=40000003 syscall=288 success=yes exit=0 a0=3 a1=1b14edbb a2=0 a3=0 items=0 ppid=4071 pid=6534 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163776695.777:12925): avc: denied { search } for pid=6534 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776695.777:12925): avc: denied { write } for pid=6534 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776695.777:12925): avc: denied { remove_name } for pid=6534 comm="su" name=".xauthZUyRWj" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776695.777:12925): avc: denied { unlink } for pid=6534 comm="su" name=".xauthZUyRWj" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776695.777:12925): arch=40000003 syscall=10 success=yes exit=0 a0=9a8eb48 a1=9a8ec26 a2=140bc8 a3=9a8c798 items=0 ppid=4071 pid=6534 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_END msg=audit(1163776695.825:12926): user pid=6534 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=CRED_DISP msg=audit(1163776696.381:12927): user pid=4062 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_END msg=audit(1163776696.381:12928): user pid=4062 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163776701.257:12929): avc: denied { read } for pid=3836 comm="gnome-panel" name="resolv.conf" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776701.257:12929): arch=40000003 syscall=5 success=yes exit=28 a0=c37093 a1=0 a2=1b6 a3=9493400 items=0 ppid=1 pid=3836 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-panel" exe="/usr/bin/gnome-panel" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776701.433:12930): avc: denied { read } for pid=14120 comm="esd" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776701.433:12930): arch=40000003 syscall=5 success=yes exit=12 a0=97a6258 a1=0 a2=1b6 a3=97a6278 items=0 ppid=1 pid=14120 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="esd" exe="/usr/bin/esd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776701.645:12931): avc: denied { execheap } for pid=3852 comm="beagle-search" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1163776701.645:12931): avc: denied { execmem } for pid=3852 comm="beagle-search" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776701.645:12931): arch=40000003 syscall=125 success=yes exit=0 a0=8c4e000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=3852 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776701.817:12932): avc: denied { read } for pid=12189 comm="restorecond" name="secrets.tdb" dev=dm-0 ino=9330306 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:samba_secrets_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776701.817:12932): arch=40000003 syscall=5 success=yes exit=6 a0=8385460 a1=28000 a2=0 a3=28000 items=0 ppid=1 pid=12189 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776709.838:12933): avc: denied { write } for pid=3310 comm="gnome-session" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776709.838:12933): arch=40000003 syscall=5 success=yes exit=4 a0=8602c00 a1=241 a2=1b6 a3=86279b8 items=0 ppid=3285 pid=3310 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776709.878:12934): avc: denied { write } for pid=3310 comm="gnome-session" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163776709.878:12934): avc: denied { remove_name } for pid=3310 comm="gnome-session" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163776709.878:12934): avc: denied { unlink } for pid=3310 comm="gnome-session" name="3310" dev=dm-0 ino=14567721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776709.878:12934): arch=40000003 syscall=10 success=yes exit=0 a0=8602d72 a1=1 a2=df7770 a3=8602cc8 items=0 ppid=3285 pid=3310 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_END msg=audit(1163776710.834:12935): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session close acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_DISP msg=audit(1163776710.838:12936): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=AVC msg=audit(1163776712.422:12937): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163776712.422:12937): arch=40000003 syscall=102 success=yes exit=99 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776712.454:12938): avc: denied { getattr } for pid=14246 comm="udevd" name="vcs7" dev=tmpfs ino=12075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776712.454:12938): arch=40000003 syscall=195 success=yes exit=0 a0=bfed2dc8 a1=bfed2b68 a2=24bff4 a3=bfed2dc8 items=0 ppid=11049 pid=14246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776712.454:12938): path="/dev/vcs7"
+type=AVC msg=audit(1163776712.454:12939): avc: denied { setattr } for pid=14246 comm="udevd" name="vcs7" dev=tmpfs ino=12075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776712.454:12939): arch=40000003 syscall=212 success=yes exit=0 a0=bfed2dc8 a1=0 a2=0 a3=bfed2dc8 items=0 ppid=11049 pid=14246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776712.454:12940): avc: denied { unlink } for pid=14246 comm="udevd" name="vcs7" dev=tmpfs ino=12075 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776712.454:12940): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dc8 a1=0 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=14246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776712.494:12941): avc: denied { sendto } for pid=14246 comm="udevd" path=002F6F72672F667265656465736B746F702F68616C2F756465765F6576656E74 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=unix_dgram_socket
+type=SYSCALL msg=audit(1163776712.494:12941): arch=40000003 syscall=102 success=yes exit=142 a0=b a1=bfed27a0 a2=791234 a3=8e items=0 ppid=11049 pid=14246 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776713.642:12942): avc: denied { mknod } for pid=14253 comm="udevd" capability=27 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163776713.642:12942): avc: denied { create } for pid=14253 comm="udevd" name="vcs7" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776713.642:12942): arch=40000003 syscall=14 success=yes exit=0 a0=bfed2dc4 a1=2180 a2=707 a3=180 items=0 ppid=11049 pid=14253 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776713.642:12943): avc: denied { create } for pid=14253 comm="udevd" name="class@vc@vcs7" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776713.642:12943): arch=40000003 syscall=83 success=yes exit=0 a0=9526ccc a1=bfed2dc8 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=14253 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776713.998:12944): avc: denied { unlink } for pid=14255 comm="udevd" name="class@vc@vcs7" dev=tmpfs ino=154201 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163776713.998:12944): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dcc a1=1b a2=791234 a3=bfed2dcc items=0 ppid=11049 pid=14255 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163776801.991:12945): user pid=14278 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163776801.991:12946): login pid=14278 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163776801.995:12947): user pid=14278 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163776801.995:12948): user pid=14278 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163776802.003:12949): avc: denied { execute } for pid=14279 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163776802.003:12949): avc: denied { execute_no_trans } for pid=14279 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.003:12949): arch=40000003 syscall=11 success=yes exit=0 a0=9d6a1b0 a1=9d6a358 a2=9d6a290 a3=9d6a008 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776802.003:12949): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163776802.019:12950): avc: denied { execute } for pid=14279 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776802.019:12950): avc: denied { execute_no_trans } for pid=14279 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776802.019:12950): avc: denied { read } for pid=14279 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.019:12950): arch=40000003 syscall=11 success=yes exit=0 a0=886cd48 a1=886c740 a2=886cd60 a3=886c740 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776802.019:12950): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163776802.019:12950): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163776802.035:12951): avc: denied { search } for pid=14279 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163776802.035:12951): avc: denied { read } for pid=14279 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.035:12951): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=9abc7f8 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776802.035:12952): avc: denied { getattr } for pid=14279 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.035:12952): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfec7ff8 a2=24bff4 a3=9abc7f8 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776802.035:12952): path="/proc/net/dev"
+type=AVC msg=audit(1163776802.039:12953): avc: denied { search } for pid=14279 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776802.039:12953): arch=40000003 syscall=33 success=yes exit=0 a0=bfec83a4 a1=0 a2=bfec8298 a3=bfec82a0 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776802.111:12954): avc: denied { read append } for pid=14279 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.111:12954): arch=40000003 syscall=5 success=yes exit=3 a0=bfec83a4 a1=402 a2=bfec8568 a3=bfec82a0 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776802.123:12955): avc: denied { search } for pid=14279 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163776802.123:12955): avc: denied { read } for pid=14279 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.123:12955): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=9abd2b8 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776802.123:12956): avc: denied { getattr } for pid=14279 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.123:12956): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfec7e50 a2=24bff4 a3=9abd2b8 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776802.123:12956): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163776802.123:12957): avc: denied { search } for pid=14279 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776802.123:12957): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=9abd2b8 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776802.123:12958): avc: denied { lock } for pid=14279 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776802.123:12958): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfec82a0 a3=3 items=0 ppid=14278 pid=14279 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776802.123:12958): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163776802.139:12959): user pid=14278 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163776802.139:12960): user pid=14278 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_AUTH msg=audit(1163776857.199:12961): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_ACCT msg=audit(1163776857.199:12962): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_ACQ msg=audit(1163776857.199:12963): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=LOGIN msg=audit(1163776857.215:12964): login pid=3285 uid=0 old auid=500 new auid=500
+type=USER_START msg=audit(1163776857.267:12965): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_LOGIN msg=audit(1163776857.267:12966): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)'
+type=AVC msg=audit(1163776857.583:12967): avc: denied { read } for pid=14281 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776857.583:12967): arch=40000003 syscall=5 success=yes exit=10 a0=80865d5 a1=0 a2=1 a3=c items=0 ppid=3285 pid=14281 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163776857.583:12968): avc: denied { getattr } for pid=14281 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776857.583:12968): arch=40000003 syscall=196 success=yes exit=0 a0=80865d5 a1=bfd7023c a2=c4eff4 a3=bfd7023c items=0 ppid=3285 pid=14281 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163776857.583:12968): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1163776857.715:12969): avc: denied { read } for pid=14294 comm="xrdb" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776857.715:12969): arch=40000003 syscall=33 success=yes exit=0 a0=bfbadfce a1=4 a2=da3a64 a3=bfbadfce items=0 ppid=14281 pid=14294 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xrdb" exe="/usr/bin/xrdb" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776858.471:12970): avc: denied { getattr } for pid=14335 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163776858.471:12970): arch=40000003 syscall=100 success=yes exit=0 a0=5 a1=bff76fbc a2=e7fff4 a3=ffffffb8 items=0 ppid=14334 pid=14335 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776858.639:12971): avc: denied { search } for pid=14335 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776858.639:12971): avc: denied { search } for pid=14335 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776858.639:12971): arch=40000003 syscall=5 success=no exit=-2 a0=94e5c68 a1=18800 a2=d4925c a3=0 items=0 ppid=14334 pid=14335 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776860.535:12972): avc: denied { add_name } for pid=14281 comm="gnome-session" name="14281" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163776860.535:12972): avc: denied { create } for pid=14281 comm="gnome-session" name="14281" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776860.535:12972): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf87d4a0 a2=df7770 a3=0 items=0 ppid=3285 pid=14281 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776860.535:12973): avc: denied { read } for pid=14281 comm="gnome-session" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776860.535:12973): arch=40000003 syscall=5 success=yes exit=16 a0=94f7088 a1=0 a2=1b6 a3=94f70b0 items=0 ppid=3285 pid=14281 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776860.535:12974): avc: denied { write } for pid=14281 comm="gnome-session" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776860.535:12974): arch=40000003 syscall=5 success=yes exit=16 a0=94f7088 a1=241 a2=1b6 a3=94ff5b8 items=0 ppid=3285 pid=14281 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776860.679:12975): avc: denied { read write } for pid=14354 comm="gnome-settings-" name="[154493]" dev=sockfs ino=154493 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1163776860.679:12975): arch=40000003 syscall=11 success=yes exit=0 a0=94ec490 a1=94ec7d8 a2=94ecd90 a3=94ec4b8 items=0 ppid=14353 pid=14354 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776860.679:12975): path="socket:[154493]"
+type=AVC msg=audit(1163776861.147:12976): avc: denied { read } for pid=14354 comm="gnome-settings-" name="resolv.conf" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776861.147:12976): arch=40000003 syscall=5 success=yes exit=24 a0=7c7e73 a1=0 a2=1b6 a3=8f98930 items=0 ppid=14353 pid=14354 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776861.159:12977): avc: denied { read } for pid=14362 comm="esd" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776861.159:12977): arch=40000003 syscall=5 success=yes exit=14 a0=96a0258 a1=0 a2=1b6 a3=96a0278 items=0 ppid=1 pid=14362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="esd" exe="/usr/bin/esd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776866.443:12978): avc: denied { write } for pid=14856 comm="metacity" name="14281" dev=dm-0 ino=14567723 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776866.443:12978): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe99e40 a2=df7770 a3=16 items=0 ppid=1 pid=14856 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776867.555:12979): avc: denied { execute } for pid=14873 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776867.555:12979): arch=40000003 syscall=33 success=yes exit=0 a0=8b1d880 a1=1 a2=11 a3=8b1d880 items=0 ppid=1 pid=14873 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776867.555:12980): avc: denied { read } for pid=14873 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776867.555:12980): arch=40000003 syscall=33 success=yes exit=0 a0=8b1d880 a1=4 a2=ffffffff a3=8b1d880 items=0 ppid=1 pid=14873 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776867.555:12981): avc: denied { execute_no_trans } for pid=14873 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776867.555:12981): arch=40000003 syscall=11 success=yes exit=0 a0=8b1d698 a1=8b1d868 a2=8b1df70 a3=8b1d868 items=0 ppid=1 pid=14873 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776867.555:12981): path="/usr/bin/mono"
+type=AVC msg=audit(1163776867.943:12982): avc: denied { execheap } for pid=14873 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1163776867.943:12982): avc: denied { execmem } for pid=14873 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776867.943:12982): arch=40000003 syscall=125 success=yes exit=0 a0=9a7d000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=14873 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776868.844:12983): avc: denied { sigchld } for pid=14889 comm="dbus-daemon" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776868.844:12983): arch=40000003 syscall=7 success=yes exit=0 a0=3a2a a1=bff76bc8 a2=1 a3=3a2a items=0 ppid=14337 pid=14889 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776870.456:12984): avc: denied { ioctl } for pid=14914 comm="pam_timestamp_c" name="[154356]" dev=pipefs ino=154356 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1163776870.456:12984): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bf8bcd48 a3=bf8bcd88 items=0 ppid=14912 pid=14914 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776870.456:12984): path="pipe:[154356]"
+type=USER_AVC msg=audit(1163776871.064:12985): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getNetworks dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.064:12986): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnections dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.072:12987): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.072:12988): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getDevices dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12989): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getWirelessEnabled dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12990): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getDialup dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12991): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnections dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12992): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12993): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12994): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12995): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.NetworkManager.NoDialup dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12996): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.076:12997): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.NetworkManagerInfo.NoNetworks dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.252:12998): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.252:12999): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776871.252:13000): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnectionProperties dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776871.172:13001): avc: denied { write } for pid=12248 comm="cupsd" name="certs" dev=dm-0 ino=14534810 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163776871.172:13001): avc: denied { remove_name } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163776871.172:13001): avc: denied { unlink } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.172:13001): arch=40000003 syscall=10 success=yes exit=0 a0=bfb167c8 a1=0 a2=927ff4 a3=bfb167c8 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776871.464:13002): avc: denied { add_name } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163776871.464:13002): avc: denied { create } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.464:13002): arch=40000003 syscall=5 success=yes exit=8 a0=bfb167c8 a1=80c1 a2=100 a3=80c1 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776871.464:13003): avc: denied { setattr } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.464:13003): arch=40000003 syscall=94 success=yes exit=0 a0=8 a1=120 a2=927ff4 a3=21 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776871.464:13004): avc: denied { write } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.464:13004): arch=40000003 syscall=4 success=yes exit=32 a0=8 a1=9139578 a2=20 a3=9139578 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776871.464:13004): path="/var/run/cups/certs/0"
+type=AVC msg=audit(1163776871.496:13005): avc: denied { read append } for pid=12248 comm="cupsd" name="access_log" dev=dm-0 ino=14437015 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.496:13005): arch=40000003 syscall=5 success=yes exit=8 a0=bfb122c4 a1=8442 a2=1b6 a3=8442 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776871.800:13006): avc: denied { setattr } for pid=12248 comm="cupsd" name="access_log" dev=dm-0 ino=14437015 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776871.800:13006): arch=40000003 syscall=207 success=yes exit=0 a0=8 a1=0 a2=7 a3=0 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776872.780:13007): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionProperties dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.780:13008): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.780:13009): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.816:13010): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.816:13011): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.816:13012): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionUpdate dest=org.freedesktop.DBus spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.816:13013): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.820:13014): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnectionProperties dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776872.820:13015): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.23 spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776873.740:13016): avc: denied { read write } for pid=14926 comm="nautilus" name=4C6F7720427261737320417474656E64616E636520506F6C6963792E646F63 dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776873.740:13016): arch=40000003 syscall=33 success=yes exit=0 a0=b46025e8 a1=6 a2=412708 a3=bcab59 items=0 ppid=1 pid=14926 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776875.476:13017): avc: denied { read } for pid=14886 comm="beagled" name="max_user_instances" dev=proc ino=-268435221 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776875.476:13017): arch=40000003 syscall=5 success=yes exit=24 a0=c9533c a1=0 a2=1 a3=844dff8 items=0 ppid=1 pid=14886 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163776937.604:13018): user pid=14970 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1163776937.604:13019): user pid=14970 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163776937.620:13020): avc: denied { write } for pid=14970 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=AVC msg=audit(1163776937.620:13020): avc: denied { link } for pid=14970 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key
+type=SYSCALL msg=audit(1163776937.620:13020): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=0 items=0 ppid=14949 pid=14970 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163776937.620:13021): avc: denied { search } for pid=14970 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776937.620:13021): arch=40000003 syscall=5 success=no exit=-2 a0=bff7b248 a1=8000 a2=1b6 a3=8797200 items=0 ppid=14949 pid=14970 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163776937.664:13022): avc: denied { write } for pid=14971 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.664:13022): arch=40000003 syscall=33 success=yes exit=0 a0=bf80ef2b a1=2 a2=bf80d650 a3=0 items=0 ppid=14970 pid=14971 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.668:13023): avc: denied { read } for pid=14971 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.668:13023): arch=40000003 syscall=5 success=yes exit=2 a0=bf80ef2b a1=0 a2=1b6 a3=92e7008 items=0 ppid=14970 pid=14971 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.668:13024): avc: denied { getattr } for pid=14971 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.668:13024): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf80d39c a2=24bff4 a3=92e7008 items=0 ppid=14970 pid=14971 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776937.668:13024): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163776937.668:13025): avc: denied { write } for pid=14970 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776937.668:13025): avc: denied { add_name } for pid=14970 comm="su" name=".xauthN5hi8W" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776937.668:13025): avc: denied { create } for pid=14970 comm="su" name=".xauthN5hi8W" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.668:13025): arch=40000003 syscall=5 success=yes exit=4 a0=8797323 a1=80c2 a2=180 a3=80c2 items=0 ppid=14949 pid=14970 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163776937.668:13026): avc: denied { setattr } for pid=14970 comm="su" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.668:13026): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=96b5bf items=0 ppid=14949 pid=14970 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts1 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13027): avc: denied { search } for pid=14972 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776937.672:13027): arch=40000003 syscall=195 success=no exit=-2 a0=bfaafbc7 a1=bfaaf6dc a2=24bff4 a3=bfaaf6dc items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13028): avc: denied { write } for pid=14972 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776937.672:13028): avc: denied { add_name } for pid=14972 comm="xauth" name=".xauthN5hi8W-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776937.672:13028): avc: denied { create } for pid=14972 comm="xauth" name=".xauthN5hi8W-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13028): arch=40000003 syscall=5 success=yes exit=2 a0=bfaafbc7 a1=c1 a2=180 a3=ffffffff items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13029): avc: denied { link } for pid=14972 comm="xauth" name=".xauthN5hi8W-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13029): arch=40000003 syscall=9 success=yes exit=0 a0=bfaafbc7 a1=bfaaf7c6 a2=da3a64 a3=2 items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13030): avc: denied { write } for pid=14972 comm="xauth" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13030): arch=40000003 syscall=33 success=yes exit=0 a0=bfab0f27 a1=2 a2=bfab00f0 a3=0 items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13031): avc: denied { read } for pid=14972 comm="xauth" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13031): arch=40000003 syscall=5 success=yes exit=2 a0=bfab0f27 a1=0 a2=1b6 a3=8462008 items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163776937.672:13032): avc: denied { getattr } for pid=14972 comm="xauth" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13032): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfaafe3c a2=24bff4 a3=8462008 items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776937.672:13032): path="/root/.xauthN5hi8W"
+type=AVC msg=audit(1163776937.672:13033): avc: denied { remove_name } for pid=14972 comm="xauth" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163776937.672:13033): avc: denied { unlink } for pid=14972 comm="xauth" name=".xauthN5hi8W" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.672:13033): arch=40000003 syscall=10 success=yes exit=0 a0=8462008 a1=1000 a2=0 a3=846208a items=0 ppid=14970 pid=14972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163776937.672:13034): user pid=14970 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=CRED_ACQ msg=audit(1163776937.672:13035): user pid=14970 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163776937.788:13036): avc: denied { read } for pid=14973 comm="bash" name=".bash_profile" dev=dm-0 ino=13127141 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.788:13036): arch=40000003 syscall=5 success=yes exit=3 a0=8dfef98 a1=8000 a2=0 a3=8000 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776937.948:13037): avc: denied { read } for pid=14973 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776937.948:13037): arch=40000003 syscall=5 success=yes exit=3 a0=8dfedb8 a1=8000 a2=0 a3=8000 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163776943.384:13038): user pid=15016 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1163776943.384:13039): user pid=15016 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163776949.573:13040): avc: denied { execheap } for pid=15050 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1163776949.573:13040): avc: denied { execmem } for pid=15050 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776949.573:13040): arch=40000003 syscall=125 success=yes exit=0 a0=8a42000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=15050 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776957.221:13041): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776958.733:13042): avc: denied { write } for pid=15062 comm="nm-vpnc-auth-di" name="14281" dev=dm-0 ino=14567723 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163776958.733:13042): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfda95d0 a2=df7770 a3=16 items=0 ppid=14885 pid=15062 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nm-vpnc-auth-di" exe="/usr/libexec/nm-vpnc-auth-dialog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776961.789:13043): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=activateVPNConnection dest=org.freedesktop.NetworkManager spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776961.789:13044): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManagerInfo member=UserInterfaceActivated dest=org.freedesktop.DBus spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776961.789:13045): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionRoutes dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776961.793:13046): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776961.793:13047): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionVPNData dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776961.793:13048): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776961.941:13049): avc: denied { execute } for pid=15068 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776961.941:13049): avc: denied { execute_no_trans } for pid=15068 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776961.941:13049): avc: denied { read } for pid=15068 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776961.941:13049): arch=40000003 syscall=11 success=yes exit=0 a0=9a0f6c0 a1=9a0f830 a2=9a0f770 a3=9a0f548 items=0 ppid=15067 pid=15068 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776961.941:13049): path="/sbin/modprobe"
+type=AVC_PATH msg=audit(1163776961.941:13049): path="/sbin/modprobe"
+type=AVC msg=audit(1163776962.045:13050): avc: denied { read } for pid=15068 comm="modprobe" name="modules.dep" dev=dm-0 ino=13720574 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.045:13050): arch=40000003 syscall=5 success=yes exit=5 a0=86ae118 a1=0 a2=1b6 a3=86ae300 items=0 ppid=15067 pid=15068 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.101:13051): avc: denied { read write } for pid=15068 comm="modprobe" name="tun.ko" dev=dm-0 ino=13719702 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.101:13051): arch=40000003 syscall=5 success=yes exit=5 a0=86ae0bc a1=2 a2=0 a3=86ae0bc items=0 ppid=15067 pid=15068 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.153:13052): avc: denied { lock } for pid=15068 comm="modprobe" name="tun.ko" dev=dm-0 ino=13719702 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.153:13052): arch=40000003 syscall=221 success=yes exit=0 a0=5 a1=7 a2=bfb395e0 a3=bfb395e0 items=0 ppid=15067 pid=15068 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776962.153:13052): path="/lib/modules/2.6.18-1.2849.fc6xen/kernel/drivers/net/tun.ko"
+type=USER_AVC msg=audit(1163776962.165:13053): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=15067 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.213:13054): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.213:13055): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.vpnc member=startConnection dest=org.freedesktop.NetworkManager.vpnc spid=6687 tpid=15067 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.213:13056): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=15067 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776962.213:13057): avc: denied { execute } for pid=15069 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776962.213:13057): avc: denied { execute_no_trans } for pid=15069 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776962.213:13057): avc: denied { read } for pid=15069 comm="nm-vpnc-service" name="vpnc" dev=dm-0 ino=10323010 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:vpnc_exec_t:s0 tclass=file
+type=USER_AVC msg=audit(1163776962.217:13058): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=15067 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.217:13059): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=SYSCALL msg=audit(1163776962.213:13057): arch=40000003 syscall=11 success=yes exit=0 a0=804b8f3 a1=8e53518 a2=bf80aebc a3=0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776962.213:13057): path="/usr/sbin/vpnc"
+type=AVC_PATH msg=audit(1163776962.213:13057): path="/usr/sbin/vpnc"
+type=AVC msg=audit(1163776962.237:13060): avc: denied { ipc_lock } for pid=15069 comm="vpnc" capability=14 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776962.237:13060): arch=40000003 syscall=150 success=yes exit=0 a0=b7fad000 a1=4000 a2=57612c4 a3=b7fad000 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.237:13061): avc: denied { name_bind } for pid=15069 comm="vpnc" src=500 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:isakmp_port_t:s0 tclass=udp_socket
+type=AVC msg=audit(1163776962.237:13061): avc: denied { net_bind_service } for pid=15069 comm="vpnc" capability=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776962.237:13061): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfd59130 a2=805b6e8 a3=3 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13062): avc: denied { read write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776962.257:13062): arch=40000003 syscall=5 success=yes exit=4 a0=8058da4 a1=2 a2=1 a3=805c4c4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13063): avc: denied { ioctl } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=AVC msg=audit(1163776962.257:13063): avc: denied { net_admin } for pid=15069 comm="vpnc" capability=12 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776962.257:13063): arch=40000003 syscall=54 success=yes exit=0 a0=4 a1=400454ca a2=bfd59148 a3=4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13064): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=AVC_PATH msg=audit(1163776962.257:13063): path="/dev/net/tun"
+type=SYSCALL msg=audit(1163776962.257:13064): arch=40000003 syscall=102 success=yes exit=95 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13065): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776962.257:13065): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776962.257:13065): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776962.257:13065): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13066): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776962.257:13066): avc: denied { create } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776962.257:13066): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.257:13067): avc: denied { write } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=160652 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776962.257:13067): avc: denied { add_name } for pid=11049 comm="udevd" name="class@net@tun0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163776962.257:13067): avc: denied { create } for pid=11049 comm="udevd" name="class@net@tun0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.257:13067): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.337:13068): avc: denied { write } for pid=15073 comm="rename_device" name=".rename_device.lock" dev=tmpfs ino=160657 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.337:13068): arch=40000003 syscall=4 success=yes exit=6272 a0=3 a1=8049769 a2=3ae1 a3=0 items=0 ppid=15072 pid=15073 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rename_device" exe="/lib/udev/rename_device" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776962.337:13068): path="/dev/.rename_device.lock"
+type=AVC msg=audit(1163776962.365:13069): avc: denied { unlink } for pid=15073 comm="rename_device" name=".rename_device.lock" dev=tmpfs ino=160657 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776962.365:13069): arch=40000003 syscall=10 success=yes exit=0 a0=8049750 a1=ffffffff a2=bff9ffd1 a3=6a9ca0 items=0 ppid=15072 pid=15073 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rename_device" exe="/lib/udev/rename_device" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.745:13070): avc: denied { remove_name } for pid=11049 comm="udevd" name="class@net@tun0" dev=tmpfs ino=160653 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776962.745:13070): arch=40000003 syscall=10 success=yes exit=0 a0=bfedb2b8 a1=24bff4 a2=791234 a3=791418 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.745:13071): avc: denied { rmdir } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=160652 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163776962.745:13071): arch=40000003 syscall=40 success=yes exit=0 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776962.913:13072): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.vpnc member=signalIP4Config dest=org.freedesktop.NetworkManager.vpnc spid=15081 tpid=15067 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.917:13073): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=IP4Config dest=org.freedesktop.DBus spid=15067 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.917:13074): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.vpnc member=StateChange dest=org.freedesktop.DBus spid=15067 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.921:13075): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionRoutes dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776962.921:13076): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=14885 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776962.921:13077): avc: denied { create } for pid=6687 comm="NetworkManager" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=AVC msg=audit(1163776962.921:13077): avc: denied { net_raw } for pid=6687 comm="NetworkManager" capability=13 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163776962.921:13077): arch=40000003 syscall=102 success=yes exit=14 a0=1 a1=bfaf32b0 a2=8503fb8 a3=2 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776962.921:13078): avc: denied { ioctl } for pid=6687 comm="NetworkManager" name="[160721]" dev=sockfs ino=160721 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163776962.921:13078): arch=40000003 syscall=54 success=yes exit=0 a0=e a1=890b a2=bfaf3364 a3=8503fb8 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776962.921:13078): path="socket:[160721]"
+type=AVC msg=audit(1163776963.977:13079): avc: denied { execute } for pid=15082 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776963.977:13079): avc: denied { execute_no_trans } for pid=15082 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=AVC msg=audit(1163776963.977:13079): avc: denied { read } for pid=15082 comm="NetworkManager" name="ip" dev=dm-0 ino=9984563 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776963.977:13079): arch=40000003 syscall=11 success=yes exit=0 a0=8503a98 a1=8503a78 a2=bfaf4160 a3=400 items=0 ppid=6687 pid=15082 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ip" exe="/sbin/ip" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776963.977:13079): path="/sbin/ip"
+type=AVC_PATH msg=audit(1163776963.977:13079): path="/sbin/ip"
+type=AVC msg=audit(1163776963.993:13080): avc: denied { write } for pid=6687 comm="NetworkManager" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776963.993:13080): avc: denied { add_name } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776963.993:13080): avc: denied { create } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776963.993:13080): arch=40000003 syscall=5 success=yes exit=14 a0=80892c8 a1=241 a2=1b6 a3=8504600 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776963.993:13081): avc: denied { write } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776963.993:13081): arch=40000003 syscall=4 success=yes exit=97 a0=e a1=b7fa1000 a2=61 a3=61 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776963.993:13081): path="/etc/resolv.conf.tmp"
+type=AVC msg=audit(1163776963.993:13082): avc: denied { remove_name } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163776963.993:13082): avc: denied { rename } for pid=6687 comm="NetworkManager" name="resolv.conf.tmp" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163776963.993:13082): avc: denied { unlink } for pid=6687 comm="NetworkManager" name="resolv.conf" dev=dm-0 ino=9334568 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776963.993:13082): arch=40000003 syscall=38 success=yes exit=0 a0=80892c8 a1=8089313 a2=8094374 a3=808930e items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776963.993:13083): avc: denied { relabelfrom } for pid=12189 comm="restorecond" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163776963.993:13083): avc: denied { relabelto } for pid=12189 comm="restorecond" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776963.993:13083): arch=40000003 syscall=228 success=yes exit=0 a0=4 a1=ba70d3 a2=83853e0 a3=20 items=0 ppid=1 pid=12189 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecond" exe="/usr/sbin/restorecond" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163776964.058:13084): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=LoginBanner dest=org.freedesktop.DBus spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163776964.058:13085): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionStateChange dest=org.freedesktop.DBus spid=6687 tpid=14885 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163776964.062:13086): avc: denied { sigchld } for pid=15086 comm="dbus-daemon" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163776964.062:13086): arch=40000003 syscall=7 success=yes exit=0 a0=3aef a1=bff76c68 a2=1 a3=3aef items=0 ppid=14337 pid=15086 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163776982.831:13087): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776982.831:13087): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776982.831:13087): path="/dev/net/tun"
+type=AVC msg=audit(1163776982.871:13088): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163776982.871:13088): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163776982.871:13088): path="/dev/net/tun"
+type=AVC msg=audit(1163776983.283:13089): avc: denied { read write } for pid=15095 comm="nautilus" name="befw11s4_v4_v1.52.02_000_FCC_code.bin" dev=dm-0 ino=14469650 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776983.283:13089): arch=40000003 syscall=33 success=yes exit=0 a0=88dc870 a1=6 a2=412708 a3=9d items=0 ppid=1 pid=15095 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776987.567:13090): avc: denied { rename } for pid=15096 comm="nautilus" name="befw11s4_v4_v1.52.02_000_FCC_code.bin" dev=dm-0 ino=14469650 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776987.567:13090): arch=40000003 syscall=38 success=yes exit=0 a0=891ff70 a1=88cb070 a2=bd4320 a3=b68d8160 items=0 ppid=1 pid=15096 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163776992.283:13091): avc: denied { unlink } for pid=15097 comm="nautilus" name="befw11s4_v4_v1.52.02_000_FCC_code.bin" dev=dm-0 ino=14469650 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163776992.283:13091): arch=40000003 syscall=10 success=yes exit=0 a0=89c5160 a1=ffffffc3 a2=412708 a3=8755e91 items=0 ppid=1 pid=15097 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163777035.842:13092): user pid=15125 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1163777035.846:13093): user pid=15125 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163777043.974:13094): avc: denied { read } for pid=15158 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777043.974:13094): arch=40000003 syscall=33 success=yes exit=0 a0=bfc4afcb a1=4 a2=da3a64 a3=bfc4afcb items=0 ppid=1 pid=15158 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163777043.974:13095): avc: denied { getattr } for pid=15158 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777043.974:13095): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfc4804c a2=c4cff4 a3=9a0bd70 items=0 ppid=1 pid=15158 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777043.974:13095): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163777117.071:13096): avc: denied { write } for pid=15186 comm="gnome-terminal" name="14281" dev=dm-0 ino=14567723 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163777117.071:13096): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf9868e0 a2=df7770 a3=16 items=0 ppid=1 pid=15186 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163777401.177:13097): user pid=15230 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163777401.181:13098): login pid=15230 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163777401.181:13099): user pid=15230 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163777401.181:13100): user pid=15230 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163777401.189:13101): avc: denied { execute } for pid=15231 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163777401.189:13101): avc: denied { execute_no_trans } for pid=15231 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.189:13101): arch=40000003 syscall=11 success=yes exit=0 a0=8a171b0 a1=8a17358 a2=8a17290 a3=8a17008 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163777401.189:13101): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163777401.189:13102): avc: denied { execute } for pid=15231 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163777401.189:13102): avc: denied { execute_no_trans } for pid=15231 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163777401.189:13102): avc: denied { read } for pid=15231 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.189:13102): arch=40000003 syscall=11 success=yes exit=0 a0=812ad48 a1=812a740 a2=812ad60 a3=812a740 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163777401.189:13102): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163777401.189:13102): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163777401.193:13103): avc: denied { search } for pid=15231 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163777401.193:13103): avc: denied { read } for pid=15231 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.193:13103): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8b4b7f8 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163777401.193:13104): avc: denied { getattr } for pid=15231 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.193:13104): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfc0bd38 a2=8cdff4 a3=8b4b7f8 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163777401.193:13104): path="/proc/net/dev"
+type=AVC msg=audit(1163777401.193:13105): avc: denied { search } for pid=15231 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777401.193:13105): arch=40000003 syscall=33 success=yes exit=0 a0=bfc0c0e4 a1=0 a2=bfc0bfd8 a3=bfc0bfe0 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163777401.193:13106): avc: denied { read append } for pid=15231 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.193:13106): arch=40000003 syscall=5 success=yes exit=3 a0=bfc0c0e4 a1=402 a2=bfc0c2a8 a3=bfc0bfe0 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163777401.193:13107): avc: denied { search } for pid=15231 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163777401.193:13107): avc: denied { read } for pid=15231 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.193:13107): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8b4c348 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163777401.193:13108): avc: denied { getattr } for pid=15231 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.193:13108): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfc0bb90 a2=8cdff4 a3=8b4c348 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163777401.193:13108): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163777401.197:13109): avc: denied { search } for pid=15231 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777401.197:13109): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8b4c348 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163777401.197:13110): avc: denied { lock } for pid=15231 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777401.197:13110): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfc0bfe0 a3=3 items=0 ppid=15230 pid=15231 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163777401.197:13110): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163777401.217:13111): user pid=15230 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163777401.217:13112): user pid=15230 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163777414.850:13113): avc: denied { read } for pid=15233 comm="emacs-x" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777414.850:13113): arch=40000003 syscall=33 success=yes exit=0 a0=bfe5ffc2 a1=4 a2=da3a64 a3=bfe5ffc2 items=0 ppid=15101 pid=15233 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="emacs-x" exe="/usr/bin/emacs-x" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777475.445:13114): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163777475.445:13114): arch=40000003 syscall=100 success=yes exit=0 a0=18 a1=bfcd52ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163777530.661:13115): avc: denied { name_bind } for pid=15243 comm="synergys" src=24800 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163777530.661:13115): avc: denied { node_bind } for pid=15243 comm="synergys" src=24800 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163777530.661:13115): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf8243c0 a2=90170d8 a3=80b1220 items=0 ppid=15101 pid=15243 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="synergys" exe="/usr/bin/synergys" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777708.280:13116): avc: denied { read } for pid=14860 comm="gnome-panel" name=".recently-used.xbel" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777708.280:13116): arch=40000003 syscall=5 success=yes exit=29 a0=8ab6a40 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=14860 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-panel" exe="/usr/bin/gnome-panel" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163777716.449:13117): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163777716.449:13117): arch=40000003 syscall=11 success=yes exit=0 a0=804c35f a1=8f758c8 a2=bfeab04c a3=3 items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777716.533:13118): avc: denied { ioctl } for pid=15256 comm="userhelper" name="[154356]" dev=pipefs ino=154356 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1163777716.533:13118): arch=40000003 syscall=54 success=no exit=-22 a0=1 a1=5401 a2=bfd276f8 a3=bfd27738 items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777716.533:13118): path="pipe:[154356]"
+type=USER_AUTH msg=audit(1163777721.373:13119): user pid=15256 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: authentication acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_ACCT msg=audit(1163777721.373:13120): user pid=15256 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: accounting acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163777721.377:13121): avc: denied { search } for pid=15256 comm="userhelper" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777721.377:13121): arch=40000003 syscall=5 success=no exit=-2 a0=bfd2a338 a1=8000 a2=1b6 a3=9ccbb98 items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.377:13122): avc: denied { search } for pid=15256 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777721.377:13122): arch=40000003 syscall=5 success=no exit=-2 a0=bfd2a338 a1=8000 a2=1b6 a3=9ccbcf0 items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163777721.381:13123): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=AVC msg=audit(1163777721.381:13123): avc: denied { execute_no_trans } for pid=15257 comm="userhelper" name="xauth" dev=dm-0 ino=10326959 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13123): arch=40000003 syscall=11 success=yes exit=0 a0=126681 a1=bfd2b2fc a2=9cc6608 a3=4 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777721.381:13123): path="/usr/bin/xauth"
+type=AVC msg=audit(1163777721.381:13124): avc: denied { search } for pid=15257 comm="xauth" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777721.381:13124): arch=40000003 syscall=195 success=no exit=-2 a0=bfcd15c7 a1=bfcd10dc a2=fa6ff4 a3=bfcd10dc items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.381:13125): avc: denied { write } for pid=15257 comm="xauth" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.381:13125): avc: denied { add_name } for pid=15257 comm="xauth" name=".gdmOFJZIT-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.381:13125): avc: denied { create } for pid=15257 comm="xauth" name=".gdmOFJZIT-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13125): arch=40000003 syscall=5 success=yes exit=2 a0=bfcd15c7 a1=c1 a2=180 a3=ffffffff items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.381:13126): avc: denied { link } for pid=15257 comm="xauth" name=".gdmOFJZIT-c" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13126): arch=40000003 syscall=9 success=yes exit=0 a0=bfcd15c7 a1=bfcd11c6 a2=da3a64 a3=2 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.381:13127): avc: denied { write } for pid=15257 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13127): arch=40000003 syscall=33 success=yes exit=0 a0=bfcd1f0e a1=2 a2=bfcd1af0 a3=0 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.381:13128): avc: denied { read } for pid=15257 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13128): arch=40000003 syscall=5 success=yes exit=2 a0=bfcd1f0e a1=0 a2=1b6 a3=8b8c008 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.381:13129): avc: denied { getattr } for pid=15257 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13129): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfcd183c a2=fa6ff4 a3=8b8c008 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777721.381:13129): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163777721.381:13130): avc: denied { remove_name } for pid=15257 comm="xauth" name=".gdmOFJZIT-c" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.381:13130): avc: denied { unlink } for pid=15257 comm="xauth" name=".gdmOFJZIT-c" dev=dm-0 ino=14469399 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.381:13130): arch=40000003 syscall=10 success=yes exit=0 a0=bfcd11b7 a1=bfcd0dc6 a2=da3a64 a3=bfcd0db6 items=0 ppid=15256 pid=15257 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.389:13131): avc: denied { write } for pid=15256 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.389:13131): avc: denied { add_name } for pid=15256 comm="userhelper" name=".xauthfd6Dm8" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.389:13131): avc: denied { create } for pid=15256 comm="userhelper" name=".xauthfd6Dm8" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.389:13131): arch=40000003 syscall=5 success=yes exit=5 a0=9ccbdfb a1=80c2 a2=180 a3=80c2 items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.389:13132): avc: denied { setattr } for pid=15256 comm="userhelper" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.389:13132): arch=40000003 syscall=207 success=yes exit=0 a0=5 a1=0 a2=0 a3=1265bf items=0 ppid=15255 pid=15256 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163777721.401:13133): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163777721.401:13133): arch=40000003 syscall=11 success=yes exit=0 a0=126681 a1=bfd2b2fc a2=9cc6608 a3=4 items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.401:13134): avc: denied { link } for pid=15258 comm="xauth" name=".xauthfd6Dm8-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.401:13134): arch=40000003 syscall=9 success=yes exit=0 a0=bf843937 a1=bf843536 a2=da3a64 a3=2 items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.401:13135): avc: denied { write } for pid=15258 comm="xauth" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.401:13135): arch=40000003 syscall=33 success=yes exit=0 a0=bf844f0a a1=2 a2=bf843e60 a3=0 items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.401:13136): avc: denied { read } for pid=15258 comm="xauth" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.401:13136): arch=40000003 syscall=5 success=yes exit=2 a0=bf844f0a a1=0 a2=1b6 a3=8ae8008 items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163777721.401:13137): avc: denied { getattr } for pid=15258 comm="xauth" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.401:13137): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf843bac a2=672ff4 a3=8ae8008 items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777721.401:13137): path="/root/.xauthfd6Dm8"
+type=AVC msg=audit(1163777721.405:13138): avc: denied { remove_name } for pid=15258 comm="xauth" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777721.405:13138): avc: denied { unlink } for pid=15258 comm="xauth" name=".xauthfd6Dm8" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.405:13138): arch=40000003 syscall=10 success=yes exit=0 a0=8ae8008 a1=1000 a2=0 a3=8ae808a items=0 ppid=15256 pid=15258 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=USER_START msg=audit(1163777721.453:13139): user pid=15256 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session open acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163777721.597:13140): avc: denied { read } for pid=15259 comm="system-config-s" name=".xauthfd6Dm8" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777721.597:13140): arch=40000003 syscall=33 success=yes exit=0 a0=bf897fa3 a1=4 a2=2eda64 a3=bf897fa3 items=0 ppid=15256 pid=15259 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="system-config-s" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777721.721:13141): avc: denied { dac_override } for pid=15259 comm="system-config-s" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163777721.721:13141): arch=40000003 syscall=5 success=no exit=-2 a0=902dc50 a1=8000 a2=1b6 a3=90211e0 items=0 ppid=15256 pid=15259 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="system-config-s" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777724.001:13142): avc: denied { lock } for pid=14914 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777724.001:13142): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bf8bcea8 a3=0 items=0 ppid=14912 pid=14914 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777724.001:13142): path="/var/run/utmp"
+type=AVC msg=audit(1163777741.434:13143): avc: denied { write } for pid=15262 comm="lokkit" name="sysconfig" dev=dm-0 ino=9329763 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163777741.434:13143): avc: denied { add_name } for pid=15262 comm="lokkit" name="new-iptables-config" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163777741.434:13143): avc: denied { create } for pid=15262 comm="lokkit" name="new-iptables-config" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.434:13143): arch=40000003 syscall=5 success=yes exit=4 a0=805049c a1=241 a2=1b6 a3=8582f20 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.442:13144): avc: denied { write } for pid=15262 comm="lokkit" name="new-iptables-config" dev=dm-0 ino=9330913 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.442:13144): arch=40000003 syscall=4 success=yes exit=1763 a0=4 a1=b7fcf000 a2=6e3 a3=6e3 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777741.442:13144): path="/etc/sysconfig/new-iptables-config"
+type=AVC msg=audit(1163777741.442:13145): avc: denied { remove_name } for pid=15262 comm="lokkit" name="new-iptables-config" dev=dm-0 ino=9330913 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163777741.442:13145): avc: denied { rename } for pid=15262 comm="lokkit" name="new-iptables-config" dev=dm-0 ino=9330913 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163777741.442:13145): avc: denied { unlink } for pid=15262 comm="lokkit" name="iptables-config" dev=dm-0 ino=9332021 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.442:13145): arch=40000003 syscall=38 success=yes exit=0 a0=805049c a1=805047c a2=0 a3=8583092 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.486:13146): avc: denied { write } for pid=15262 comm="lokkit" name="iptables" dev=dm-0 ino=9331367 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.486:13146): arch=40000003 syscall=5 success=yes exit=3 a0=804e5a6 a1=241 a2=1b6 a3=8584038 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.494:13147): avc: denied { setattr } for pid=15262 comm="lokkit" name="iptables" dev=dm-0 ino=9331367 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.494:13147): arch=40000003 syscall=15 success=yes exit=0 a0=804e5a6 a1=180 a2=8584030 a3=8584038 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.494:13148): avc: denied { unlink } for pid=15262 comm="lokkit" name="iptables-config" dev=dm-0 ino=9330913 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.494:13148): arch=40000003 syscall=38 success=yes exit=0 a0=805049c a1=805047c a2=0 a3=8584312 items=0 ppid=15259 pid=15262 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="lokkit" exe="/usr/sbin/lokkit" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.498:13149): avc: denied { execute } for pid=15264 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163777741.498:13149): avc: denied { execute_no_trans } for pid=15264 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163777741.498:13149): avc: denied { read } for pid=15264 comm="sh" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.498:13149): arch=40000003 syscall=11 success=yes exit=0 a0=89bfd90 a1=89bff30 a2=89bfe28 a3=89bfbe8 items=0 ppid=15263 pid=15264 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777741.498:13149): path="/sbin/modprobe"
+type=AVC_PATH msg=audit(1163777741.498:13149): path="/sbin/modprobe"
+type=AVC msg=audit(1163777741.502:13150): avc: denied { read } for pid=15264 comm="modprobe" name="modules.dep" dev=dm-0 ino=13720574 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.502:13150): arch=40000003 syscall=5 success=yes exit=3 a0=963a118 a1=0 a2=1b6 a3=963a300 items=0 ppid=15263 pid=15264 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.594:13151): avc: denied { execute } for pid=15266 comm="service" name="iptables" dev=dm-0 ino=9331831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.594:13151): arch=40000003 syscall=33 success=yes exit=0 a0=863a578 a1=1 a2=1 a3=862d718 items=0 ppid=15265 pid=15266 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="service" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.658:13152): avc: denied { execute_no_trans } for pid=15273 comm="env" name="iptables" dev=dm-0 ino=9331831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163777741.658:13152): avc: denied { read } for pid=15273 comm="env" name="iptables" dev=dm-0 ino=9331831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.658:13152): arch=40000003 syscall=11 success=yes exit=0 a0=bf805efb a1=bf804dc8 a2=9700858 a3=5 items=0 ppid=15266 pid=15273 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777741.658:13152): path="/etc/rc.d/init.d/iptables"
+type=AVC_PATH msg=audit(1163777741.658:13152): path="/etc/rc.d/init.d/iptables"
+type=AVC msg=audit(1163777741.682:13153): avc: denied { ioctl } for pid=15273 comm="iptables" name="iptables" dev=dm-0 ino=9331831 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.682:13153): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfd1f068 a3=bfd1f0a8 items=0 ppid=15266 pid=15273 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777741.682:13153): path="/etc/rc.d/init.d/iptables"
+type=AVC msg=audit(1163777741.702:13154): avc: denied { execute } for pid=15273 comm="iptables" name="iptables" dev=dm-0 ino=9984709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.702:13154): arch=40000003 syscall=33 success=yes exit=0 a0=83689a0 a1=1 a2=2 a3=834f7d8 items=0 ppid=15266 pid=15273 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.786:13155): avc: denied { read } for pid=15273 comm="iptables" name="iptables" dev=dm-0 ino=9984709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.786:13155): arch=40000003 syscall=33 success=yes exit=0 a0=8373188 a1=4 a2=ffffffff a3=8373188 items=0 ppid=15266 pid=15273 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.786:13156): avc: denied { execute_no_trans } for pid=15284 comm="iptables" name="iptables" dev=dm-0 ino=9984709 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.786:13156): arch=40000003 syscall=11 success=yes exit=0 a0=8373188 a1=8372d68 a2=835ab98 a3=8372d38 items=0 ppid=15273 pid=15284 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/sbin/iptables" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777741.786:13156): path="/sbin/iptables"
+type=AVC msg=audit(1163777741.806:13157): avc: denied { create } for pid=15284 comm="iptables" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=rawip_socket
+type=AVC msg=audit(1163777741.806:13157): avc: denied { net_raw } for pid=15284 comm="iptables" capability=13 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163777741.806:13157): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfcd8050 a2=8055864 a3=bfcd8f86 items=0 ppid=15273 pid=15284 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/sbin/iptables" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.806:13158): avc: denied { getopt } for pid=15284 comm="iptables" lport=255 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=rawip_socket
+type=AVC msg=audit(1163777741.806:13158): avc: denied { net_admin } for pid=15284 comm="iptables" capability=12 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163777741.806:13158): arch=40000003 syscall=102 success=yes exit=0 a0=f a1=bfcd8050 a2=8055864 a3=bfcd8f86 items=0 ppid=15273 pid=15284 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/sbin/iptables" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.806:13159): avc: denied { setopt } for pid=15284 comm="iptables" lport=255 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=rawip_socket
+type=SYSCALL msg=audit(1163777741.806:13159): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bfcd8250 a2=8055864 a3=9e49b28 items=0 ppid=15273 pid=15284 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables" exe="/sbin/iptables" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777741.950:13160): avc: denied { read write } for pid=15301 comm="modprobe" name="iptable_filter.ko" dev=dm-0 ino=13720289 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777741.950:13160): arch=40000003 syscall=5 success=yes exit=3 a0=86d10bc a1=2 a2=0 a3=86d10bc items=0 ppid=15273 pid=15301 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.050:13161): avc: denied { lock } for pid=15301 comm="modprobe" name="iptable_filter.ko" dev=dm-0 ino=13720289 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.050:13161): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bf990460 a3=bf990460 items=0 ppid=15273 pid=15301 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777742.050:13161): path="/lib/modules/2.6.18-1.2849.fc6xen/kernel/net/ipv4/netfilter/iptable_filter.ko"
+type=AVC msg=audit(1163777742.050:13162): avc: denied { sys_module } for pid=15301 comm="modprobe" capability=16 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163777742.098:13163): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163777742.098:13163): arch=40000003 syscall=102 success=yes exit=103 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13164): avc: denied { write } for pid=11049 comm="udevd" name="uevent_seqnum" dev=tmpfs ino=1522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.098:13164): arch=40000003 syscall=5 success=yes exit=9 a0=bfee5668 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13165): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13165): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13165): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777742.098:13165): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13166): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13166): avc: denied { create } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777742.098:13166): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13167): avc: denied { write } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=161994 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13167): avc: denied { add_name } for pid=11049 comm="udevd" name="module@iptable_filter" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13167): avc: denied { create } for pid=11049 comm="udevd" name="module@iptable_filter" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.098:13167): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13168): avc: denied { remove_name } for pid=11049 comm="udevd" name="module@iptable_filter" dev=tmpfs ino=161995 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.098:13168): avc: denied { unlink } for pid=11049 comm="udevd" name="module@iptable_filter" dev=tmpfs ino=161995 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.098:13168): arch=40000003 syscall=10 success=yes exit=0 a0=bfedb2b8 a1=24bff4 a2=791234 a3=791418 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.098:13169): avc: denied { rmdir } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=161994 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777742.098:13169): arch=40000003 syscall=40 success=yes exit=0 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SYSCALL msg=audit(1163777742.050:13162): arch=40000003 syscall=129 success=yes exit=0 a0=86d1150 a1=80 a2=86d10bc a3=0 items=0 ppid=15273 pid=15301 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.258:13170): avc: denied { write } for pid=15343 comm="rm" name="subsys" dev=dm-0 ino=14436611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.258:13170): avc: denied { remove_name } for pid=15343 comm="rm" name="iptables" dev=dm-0 ino=14436590 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.258:13170): avc: denied { unlink } for pid=15343 comm="rm" name="iptables" dev=dm-0 ino=14436590 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.258:13170): arch=40000003 syscall=10 success=yes exit=0 a0=bfbabf84 a1=0 a2=805277c a3=bfbaa994 items=0 ppid=15273 pid=15343 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.270:13171): avc: denied { read } for pid=15344 comm="iptables-restor" name="modprobe" dev=proc ino=-268435399 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_modprobe_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.270:13171): arch=40000003 syscall=5 success=yes exit=4 a0=8052b9c a1=0 a2=0 a3=bf8f8ab6 items=0 ppid=15273 pid=15344 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iptables-restor" exe="/sbin/iptables-restore" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.522:13172): avc: denied { add_name } for pid=15358 comm="touch" name="iptables" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163777742.522:13172): avc: denied { create } for pid=15358 comm="touch" name="iptables" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.522:13172): arch=40000003 syscall=5 success=yes exit=0 a0=bfe09f7e a1=8941 a2=1b6 a3=8941 items=0 ppid=15273 pid=15358 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777742.522:13173): avc: denied { write } for pid=15358 comm="touch" name="iptables" dev=dm-0 ino=14436590 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777742.522:13173): arch=40000003 syscall=271 success=yes exit=0 a0=bfe07ea4 a1=0 a2=3bfff4 a3=0 items=0 ppid=15273 pid=15358 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_END msg=audit(1163777886.823:13174): user pid=15256 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session close acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163777906.000:13175): avc: denied { lock } for pid=14914 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777906.000:13175): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bf8bcea8 a3=0 items=0 ppid=14912 pid=14914 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777906.000:13175): path="/var/run/utmp"
+type=AVC msg=audit(1163777929.238:13176): avc: denied { read } for pid=15443 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777929.238:13176): arch=40000003 syscall=33 success=yes exit=0 a0=bfb72fcb a1=4 a2=da3a64 a3=bfb72fcb items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163777929.238:13177): avc: denied { getattr } for pid=15443 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777929.238:13177): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfb718ac a2=d15ff4 a3=86b4d70 items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777929.238:13177): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163777943.743:13178): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163777943.743:13178): arch=40000003 syscall=3 success=yes exit=71 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777943.743:13178): path="/dev/net/tun"
+type=AVC msg=audit(1163777943.855:13179): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163777943.855:13179): arch=40000003 syscall=4 success=yes exit=150 a0=4 a1=805c570 a2=96 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777943.855:13179): path="/dev/net/tun"
+type=AVC msg=audit(1163777959.560:13180): avc: denied { execute } for pid=15443 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777959.560:13180): arch=40000003 syscall=192 success=yes exit=110735360 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777959.560:13180): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163777966.268:13181): avc: denied { execstack } for pid=15443 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1163777966.268:13181): avc: denied { execmem } for pid=15443 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163777966.268:13181): arch=40000003 syscall=125 success=yes exit=0 a0=bfb72000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163777966.376:13182): avc: denied { execmod } for pid=15443 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777966.376:13182): arch=40000003 syscall=125 success=yes exit=0 a0=37cd000 a1=26f000 a2=5 a3=bfb6f1b0 items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777966.376:13182): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163777981.621:13183): avc: denied { write } for pid=15476 comm="gnome-terminal" name="14281" dev=dm-0 ino=14567723 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163777981.621:13183): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bffbef20 a2=df7770 a3=16 items=0 ppid=1 pid=15476 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163777985.761:13184): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=USER_ACCT msg=audit(1163777985.761:13185): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=AVC msg=audit(1163777985.761:13186): avc: denied { search } for pid=15498 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777985.761:13186): arch=40000003 syscall=5 success=no exit=-2 a0=bf891d38 a1=8000 a2=1b6 a3=8dc69a8 items=0 ppid=15478 pid=15498 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts3 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163777985.769:13187): avc: denied { write } for pid=15499 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.769:13187): arch=40000003 syscall=33 success=yes exit=0 a0=bf945987 a1=2 a2=bf945160 a3=0 items=0 ppid=15498 pid=15499 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.769:13188): avc: denied { read } for pid=15499 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.769:13188): arch=40000003 syscall=5 success=yes exit=2 a0=bf945987 a1=0 a2=1b6 a3=95f8008 items=0 ppid=15498 pid=15499 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.769:13189): avc: denied { getattr } for pid=15499 comm="xauth" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.769:13189): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf944eac a2=a59ff4 a3=95f8008 items=0 ppid=15498 pid=15499 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777985.769:13189): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163777985.769:13190): avc: denied { write } for pid=15498 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777985.769:13190): avc: denied { add_name } for pid=15498 comm="su" name=".xauthjIDizz" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777985.769:13190): avc: denied { create } for pid=15498 comm="su" name=".xauthjIDizz" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.769:13190): arch=40000003 syscall=5 success=yes exit=4 a0=8dc6acb a1=80c2 a2=180 a3=80c2 items=0 ppid=15478 pid=15498 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts3 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163777985.805:13191): avc: denied { setattr } for pid=15498 comm="su" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.805:13191): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=1985bf items=0 ppid=15478 pid=15498 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts3 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163777985.809:13192): avc: denied { search } for pid=15500 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163777985.809:13192): arch=40000003 syscall=195 success=no exit=-2 a0=bfa85577 a1=bfa8508c a2=34dff4 a3=bfa8508c items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.809:13193): avc: denied { write } for pid=15500 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777985.809:13193): avc: denied { add_name } for pid=15500 comm="xauth" name=".xauthjIDizz-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777985.809:13193): avc: denied { create } for pid=15500 comm="xauth" name=".xauthjIDizz-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.809:13193): arch=40000003 syscall=5 success=yes exit=2 a0=bfa85577 a1=c1 a2=180 a3=ffffffff items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.809:13194): avc: denied { link } for pid=15500 comm="xauth" name=".xauthjIDizz-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.809:13194): arch=40000003 syscall=9 success=yes exit=0 a0=bfa85577 a1=bfa85176 a2=da3a64 a3=2 items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.809:13195): avc: denied { write } for pid=15500 comm="xauth" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.809:13195): arch=40000003 syscall=33 success=yes exit=0 a0=bfa87983 a1=2 a2=bfa85aa0 a3=0 items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.813:13196): avc: denied { read } for pid=15500 comm="xauth" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.813:13196): arch=40000003 syscall=5 success=yes exit=2 a0=bfa87983 a1=0 a2=1b6 a3=9d2d008 items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163777985.813:13197): avc: denied { getattr } for pid=15500 comm="xauth" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.813:13197): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfa857ec a2=34dff4 a3=9d2d008 items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163777985.813:13197): path="/root/.xauthjIDizz"
+type=AVC msg=audit(1163777985.817:13198): avc: denied { remove_name } for pid=15500 comm="xauth" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163777985.817:13198): avc: denied { unlink } for pid=15500 comm="xauth" name=".xauthjIDizz" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.817:13198): arch=40000003 syscall=10 success=yes exit=0 a0=9d2d008 a1=1000 a2=0 a3=9d2d08a items=0 ppid=15498 pid=15500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163777985.817:13199): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=CRED_ACQ msg=audit(1163777985.817:13200): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=AVC msg=audit(1163777985.825:13201): avc: denied { dac_override } for pid=15501 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163777985.825:13201): arch=40000003 syscall=195 success=yes exit=0 a0=80d2437 a1=bfe6bb80 a2=24bff4 a3=bfe6bbe0 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777985.825:13202): avc: denied { read } for pid=15501 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.825:13202): arch=40000003 syscall=5 success=yes exit=3 a0=8108880 a1=8000 a2=0 a3=8000 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163777985.909:13203): avc: denied { read } for pid=15501 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163777985.909:13203): arch=40000003 syscall=5 success=yes exit=3 a0=8108a60 a1=8000 a2=0 a3=8000 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163777994.954:13204): user pid=15521 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/3 res=failed)'
+type=AVC msg=audit(1163778000.802:13205): avc: denied { read } for pid=15524 comm="tail" name="messages" dev=dm-0 ino=14437053 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778000.802:13205): arch=40000003 syscall=5 success=yes exit=3 a0=bfb97975 a1=8000 a2=0 a3=8000 items=0 ppid=15501 pid=15524 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="tail" exe="/usr/bin/tail" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163778001.254:13206): user pid=15525 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163778001.258:13207): login pid=15525 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163778001.258:13208): user pid=15525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163778001.258:13209): user pid=15525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163778001.278:13210): avc: denied { execute } for pid=15526 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163778001.278:13210): avc: denied { execute_no_trans } for pid=15526 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.278:13210): arch=40000003 syscall=11 success=yes exit=0 a0=88861b0 a1=8886358 a2=8886290 a3=8886008 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778001.278:13210): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163778001.310:13211): avc: denied { execute } for pid=15526 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778001.310:13211): avc: denied { execute_no_trans } for pid=15526 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778001.310:13211): avc: denied { read } for pid=15526 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.310:13211): arch=40000003 syscall=11 success=yes exit=0 a0=89aed48 a1=89ae740 a2=89aed60 a3=89ae740 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778001.310:13211): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163778001.310:13211): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163778001.314:13212): avc: denied { search } for pid=15526 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163778001.314:13212): avc: denied { read } for pid=15526 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.314:13212): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=8cb17f8 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778001.314:13213): avc: denied { getattr } for pid=15526 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.314:13213): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf88a9b8 a2=5f3ff4 a3=8cb17f8 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778001.314:13213): path="/proc/net/dev"
+type=AVC msg=audit(1163778001.314:13214): avc: denied { search } for pid=15526 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778001.314:13214): arch=40000003 syscall=33 success=yes exit=0 a0=bf88ad64 a1=0 a2=bf88ac58 a3=bf88ac60 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778001.314:13215): avc: denied { read append } for pid=15526 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.314:13215): arch=40000003 syscall=5 success=yes exit=3 a0=bf88ad64 a1=402 a2=bf88af28 a3=bf88ac60 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778001.314:13216): avc: denied { search } for pid=15526 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163778001.314:13216): avc: denied { read } for pid=15526 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.314:13216): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=8cb2348 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778001.318:13217): avc: denied { getattr } for pid=15526 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.318:13217): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf88a810 a2=5f3ff4 a3=8cb2348 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778001.318:13217): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163778001.318:13218): avc: denied { search } for pid=15526 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778001.318:13218): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=8cb2348 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778001.318:13219): avc: denied { lock } for pid=15526 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778001.318:13219): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf88ac60 a3=3 items=0 ppid=15525 pid=15526 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778001.318:13219): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163778001.342:13220): user pid=15525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163778001.346:13221): user pid=15525 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163778017.599:13222): avc: denied { read } for pid=15443 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778017.599:13222): arch=40000003 syscall=33 success=yes exit=0 a0=bfb72fcb a1=4 a2=da3a64 a3=bfb72fcb items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163778017.599:13223): avc: denied { getattr } for pid=15443 comm="firefox-bin" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778017.599:13223): arch=40000003 syscall=197 success=yes exit=0 a0=3a a1=bfb6f640 a2=d15ff4 a3=986ab38 items=0 ppid=1 pid=15443 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778017.599:13223): path="/tmp/.gdmOFJZIT"
+type=AVC msg=audit(1163778018.615:13224): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778018.615:13224): arch=40000003 syscall=4 success=yes exit=64 a0=4 a1=805c570 a2=40 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778018.615:13224): path="/dev/net/tun"
+type=AVC msg=audit(1163778018.615:13225): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778018.615:13225): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778018.615:13225): path="/dev/net/tun"
+type=AVC msg=audit(1163778073.379:13226): avc: denied { read } for pid=15558 comm="desktop-effects" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778073.379:13226): arch=40000003 syscall=33 success=yes exit=0 a0=bfa3edd3 a1=4 a2=63da64 a3=bfa3edd3 items=0 ppid=1 pid=15558 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="desktop-effects" exe="/usr/bin/desktop-effects" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778074.775:13227): avc: denied { execmem } for pid=15562 comm="compiz" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778074.775:13227): arch=40000003 syscall=192 success=yes exit=81354752 a0=4d96000 a1=1a000 a2=7 a3=812 items=0 ppid=1 pid=15562 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="compiz" exe="/usr/bin/compiz" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778074.783:13228): avc: denied { execstack } for pid=15562 comm="compiz" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778074.783:13228): arch=40000003 syscall=125 success=yes exit=0 a0=bfaca000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=15562 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="compiz" exe="/usr/bin/compiz" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778075.447:13229): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163778075.447:13229): arch=40000003 syscall=100 success=yes exit=0 a0=18 a1=bfcd52ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163778075.863:13230): avc: denied { execute } for pid=15562 comm="compiz" name="zero" dev=tmpfs ino=1493 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778075.863:13230): arch=40000003 syscall=192 success=yes exit=1273856 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=1 pid=15562 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="compiz" exe="/usr/bin/compiz" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778075.863:13230): path="/dev/zero"
+type=AVC msg=audit(1163778075.871:13231): avc: denied { read } for pid=15562 comm="compiz" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778075.871:13231): arch=40000003 syscall=33 success=yes exit=0 a0=8b5b4c8 a1=4 a2=df7770 a3=8b5b4c8 items=0 ppid=1 pid=15562 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="compiz" exe="/usr/bin/compiz" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778103.237:13232): avc: denied { execheap } for pid=14873 comm="beagle-search" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778103.237:13232): arch=40000003 syscall=125 success=yes exit=0 a0=9dc2000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=14873 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778117.358:13233): avc: denied { execute } for pid=15565 comm="beagle-settings" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778117.358:13233): arch=40000003 syscall=33 success=yes exit=0 a0=8e1d3d0 a1=1 a2=11 a3=8e1d3d0 items=0 ppid=14873 pid=15565 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-settings" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778117.358:13234): avc: denied { read } for pid=15565 comm="beagle-settings" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778117.358:13234): arch=40000003 syscall=33 success=yes exit=0 a0=8e1d3d0 a1=4 a2=ffffffff a3=8e1d3d0 items=0 ppid=14873 pid=15565 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-settings" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778117.358:13235): avc: denied { execute_no_trans } for pid=15565 comm="beagle-settings" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778117.358:13235): arch=40000003 syscall=11 success=yes exit=0 a0=8e1de80 a1=8e1e068 a2=8e1e630 a3=8e1e068 items=0 ppid=14873 pid=15565 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778117.358:13235): path="/usr/bin/mono"
+type=AVC msg=audit(1163778134.295:13236): avc: denied { getattr } for pid=15569 comm="ps" name="tty1" dev=tmpfs ino=1444 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778134.295:13236): arch=40000003 syscall=195 success=yes exit=0 a0=c62840 a1=bfcd6e0c a2=f14ff4 a3=bfcd6e0c items=0 ppid=15533 pid=15569 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts4 comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778134.295:13236): path="/dev/tty1"
+type=AVC msg=audit(1163778221.000:13237): avc: denied { lock } for pid=14914 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778221.000:13237): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bf8bcea8 a3=0 items=0 ppid=14912 pid=14914 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778221.000:13237): path="/var/run/utmp"
+type=USER_AUTH msg=audit(1163778226.432:13238): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=USER_ACCT msg=audit(1163778226.432:13239): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=AVC msg=audit(1163778226.464:13240): avc: denied { create } for pid=15636 comm="su" name=".xauthpHDAX5" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.464:13240): arch=40000003 syscall=5 success=yes exit=4 a0=861bacb a1=80c2 a2=180 a3=80c2 items=0 ppid=15605 pid=15636 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts5 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778226.464:13241): avc: denied { setattr } for pid=15636 comm="su" name=".xauthpHDAX5" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.464:13241): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=28b5bf items=0 ppid=15605 pid=15636 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts5 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778226.472:13242): avc: denied { create } for pid=15638 comm="xauth" name=".xauthpHDAX5-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.472:13242): arch=40000003 syscall=5 success=yes exit=2 a0=bf85db57 a1=c1 a2=180 a3=ffffffff items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778226.472:13243): avc: denied { link } for pid=15638 comm="xauth" name=".xauthpHDAX5-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.472:13243): arch=40000003 syscall=9 success=yes exit=0 a0=bf85db57 a1=bf85d756 a2=da3a64 a3=2 items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778226.472:13244): avc: denied { write } for pid=15638 comm="xauth" name=".xauthpHDAX5" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.472:13244): arch=40000003 syscall=33 success=yes exit=0 a0=bf85e983 a1=2 a2=bf85e080 a3=0 items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778226.472:13245): avc: denied { read } for pid=15638 comm="xauth" name=".xauthpHDAX5" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.472:13245): arch=40000003 syscall=5 success=yes exit=2 a0=bf85e983 a1=0 a2=1b6 a3=8e9c008 items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778226.476:13246): avc: denied { getattr } for pid=15638 comm="xauth" name=".xauthpHDAX5" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.476:13246): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf85ddcc a2=8aaff4 a3=8e9c008 items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778226.476:13246): path="/root/.xauthpHDAX5"
+type=AVC msg=audit(1163778226.496:13247): avc: denied { unlink } for pid=15638 comm="xauth" name=".xauthpHDAX5" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.496:13247): arch=40000003 syscall=10 success=yes exit=0 a0=8e9c008 a1=1000 a2=0 a3=8e9c08a items=0 ppid=15636 pid=15638 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163778226.504:13248): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=CRED_ACQ msg=audit(1163778226.504:13249): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=AVC msg=audit(1163778226.508:13250): avc: denied { read } for pid=15639 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778226.508:13250): arch=40000003 syscall=5 success=yes exit=3 a0=84ab880 a1=8000 a2=0 a3=8000 items=0 ppid=15636 pid=15639 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts5 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163778234.717:13251): user pid=15662 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=USER_ACCT msg=audit(1163778234.717:13252): user pid=15662 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=AVC msg=audit(1163778247.402:13253): avc: denied { execute } for pid=15591 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778247.402:13253): arch=40000003 syscall=192 success=yes exit=42897408 a0=0 a1=2af6e0 a2=5 a3=802 items=0 ppid=1 pid=15591 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778247.402:13253): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163778247.402:13254): avc: denied { execstack } for pid=15591 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1163778247.402:13254): avc: denied { execmem } for pid=15591 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778247.402:13254): arch=40000003 syscall=125 success=yes exit=0 a0=bfa2f000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=15591 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163778247.402:13255): avc: denied { execmod } for pid=15591 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778247.402:13255): arch=40000003 syscall=125 success=yes exit=0 a0=28e9000 a1=26f000 a2=5 a3=bfa2bf30 items=0 ppid=1 pid=15591 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778247.402:13255): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163778335.855:13256): avc: denied { read } for pid=15584 comm="tail" name="messages" dev=dm-0 ino=14437053 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778335.855:13256): arch=40000003 syscall=3 success=yes exit=101 a0=3 a1=bf86d6a4 a2=2000 a3=2000 items=0 ppid=15501 pid=15584 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="tail" exe="/usr/bin/tail" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778335.855:13256): path="/var/log/messages"
+type=AVC msg=audit(1163778366.201:13257): avc: denied { read } for pid=15715 comm="gnome-terminal" name=".gdmOFJZIT" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778366.201:13257): arch=40000003 syscall=33 success=yes exit=0 a0=bf985dd5 a1=4 a2=da3a64 a3=bf985dd5 items=0 ppid=1 pid=15715 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778366.281:13258): avc: denied { write } for pid=15715 comm="gnome-terminal" name="14281" dev=dm-0 ino=14567723 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163778366.281:13258): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf9848e0 a2=df7770 a3=16 items=0 ppid=1 pid=15715 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778366.285:13259): avc: denied { read } for pid=15715 comm="gnome-terminal" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778366.285:13259): arch=40000003 syscall=33 success=yes exit=0 a0=9db9a38 a1=4 a2=df7770 a3=9db9a38 items=0 ppid=1 pid=15715 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_CHAUTHTOK msg=audit(1163778395.927:13260): user pid=15742 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=adding user acct=apache exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/1 res=failed)'
+type=AVC msg=audit(1163778415.932:13261): avc: denied { read } for pid=15584 comm="tail" name="messages" dev=dm-0 ino=14437053 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778415.932:13261): arch=40000003 syscall=3 success=yes exit=68 a0=3 a1=bf86d6a4 a2=2000 a3=2000 items=0 ppid=15501 pid=15584 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="tail" exe="/usr/bin/tail" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778415.932:13261): path="/var/log/messages"
+type=AVC msg=audit(1163778417.000:13262): avc: denied { lock } for pid=14914 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778417.000:13262): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bf8bcea8 a3=0 items=0 ppid=14912 pid=14914 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778417.000:13262): path="/var/run/utmp"
+type=AVC msg=audit(1163778601.220:13263): avc: denied { execute } for pid=15789 comm="sshd" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778601.220:13263): avc: denied { execute_no_trans } for pid=15789 comm="sshd" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778601.220:13263): avc: denied { read } for pid=15789 comm="sshd" name="sshd" dev=dm-0 ino=10315312 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.220:13263): arch=40000003 syscall=11 success=yes exit=0 a0=9f1c3e0 a1=9f20020 a2=9f1c3f8 a3=4 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778601.220:13263): path="/usr/sbin/sshd"
+type=AVC_PATH msg=audit(1163778601.220:13263): path="/usr/sbin/sshd"
+type=AVC msg=audit(1163778601.352:13264): avc: denied { read } for pid=15789 comm="sshd" name="ssh_host_rsa_key" dev=dm-0 ino=9331557 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sshd_key_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.352:13264): arch=40000003 syscall=5 success=yes exit=3 a0=6af425 a1=8000 a2=0 a3=8000 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778601.452:13265): avc: denied { setuid } for pid=15791 comm="sshd" capability=7 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163778601.452:13265): arch=40000003 syscall=208 success=yes exit=0 a0=4a a1=4a a2=4a a3=0 items=0 ppid=15789 pid=15791 auid=500 uid=74 gid=74 euid=74 suid=74 fsuid=74 egid=74 sgid=74 fsgid=74 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163778601.492:13266): user pid=15790 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163778601.492:13267): login pid=15790 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163778601.492:13268): user pid=15790 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163778601.492:13269): user pid=15790 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163778601.496:13270): avc: denied { execute } for pid=15792 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163778601.496:13270): avc: denied { execute_no_trans } for pid=15792 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.496:13270): arch=40000003 syscall=11 success=yes exit=0 a0=81131b0 a1=8113358 a2=8113290 a3=8113008 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778601.496:13270): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163778601.516:13271): avc: denied { execute } for pid=15792 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778601.516:13271): avc: denied { execute_no_trans } for pid=15792 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778601.516:13271): avc: denied { read } for pid=15792 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.516:13271): arch=40000003 syscall=11 success=yes exit=0 a0=8cb0d48 a1=8cb0740 a2=8cb0d60 a3=8cb0740 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778601.516:13271): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163778601.516:13271): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163778601.516:13272): avc: denied { search } for pid=15792 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163778601.516:13272): avc: denied { read } for pid=15792 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.516:13272): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=82bd7f8 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778601.516:13273): avc: denied { getattr } for pid=15792 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.516:13273): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8b31d8 a2=24bff4 a3=82bd7f8 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778601.516:13273): path="/proc/net/dev"
+type=AVC msg=audit(1163778601.516:13274): avc: denied { search } for pid=15792 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778601.516:13274): arch=40000003 syscall=33 success=yes exit=0 a0=bf8b3584 a1=0 a2=bf8b3478 a3=bf8b3480 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778601.516:13275): avc: denied { read append } for pid=15792 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.516:13275): arch=40000003 syscall=5 success=yes exit=3 a0=bf8b3584 a1=402 a2=bf8b3748 a3=bf8b3480 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778601.516:13276): avc: denied { search } for pid=15792 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778601.516:13276): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=82be348 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778601.516:13277): avc: denied { lock } for pid=15792 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.516:13277): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bf8b3480 a3=3 items=0 ppid=15790 pid=15792 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778601.516:13277): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163778601.548:13278): user pid=15790 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163778601.548:13279): user pid=15790 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163778601.820:13280): avc: denied { read } for pid=15789 comm="sshd" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778601.820:13280): arch=40000003 syscall=5 success=yes exit=4 a0=432e73 a1=0 a2=1b6 a3=93afd10 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778602.504:13281): avc: denied { audit_write } for pid=15789 comm="sshd" capability=29 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=USER_LOGIN msg=audit(1163778602.504:13282): user pid=15789 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='acct=kmacmill: exe="/usr/sbin/sshd" (hostname=?, addr=192.168.1.106, terminal=sshd res=failed)'
+type=SYSCALL msg=audit(1163778602.504:13281): arch=40000003 syscall=102 success=yes exit=112 a0=b a1=bfc19c40 a2=30dff4 a3=bfc20680 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_LOGIN msg=audit(1163778602.508:13283): user pid=15789 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='acct=kmacmill: exe="/usr/sbin/sshd" (hostname=?, addr=192.168.1.106, terminal=sshd res=failed)'
+type=USER_AUTH msg=audit(1163778605.384:13284): user pid=15789 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/sshd" (hostname=laptop.localdomain, addr=192.168.1.106, terminal=ssh res=success)'
+type=USER_ACCT msg=audit(1163778605.384:13285): user pid=15789 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/sshd" (hostname=laptop.localdomain, addr=192.168.1.106, terminal=ssh res=success)'
+type=AVC msg=audit(1163778605.428:13286): avc: denied { write } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=key
+type=AVC msg=audit(1163778605.428:13286): avc: denied { link } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=key
+type=SYSCALL msg=audit(1163778605.428:13286): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=1f4 items=0 ppid=15789 pid=15793 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778605.428:13287): avc: denied { audit_control } for pid=15793 comm="sshd" capability=30 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=LOGIN msg=audit(1163778605.428:13288): login pid=15793 uid=0 old auid=500 new auid=500
+type=SYSCALL msg=audit(1163778605.428:13287): arch=40000003 syscall=4 success=yes exit=3 a0=6 a1=bfc24ac8 a2=3 a3=3 items=0 ppid=15789 pid=15793 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_START msg=audit(1163778605.428:13289): user pid=15793 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/sshd" (hostname=laptop.localdomain, addr=192.168.1.106, terminal=ssh res=success)'
+type=CRED_REFR msg=audit(1163778605.428:13290): user pid=15793 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/sshd" (hostname=laptop.localdomain, addr=192.168.1.106, terminal=ssh res=success)'
+type=AVC msg=audit(1163778605.512:13291): avc: denied { setexec } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778605.512:13291): arch=40000003 syscall=4 success=yes exit=35 a0=6 a1=93a6dd8 a2=23 a3=62a751 items=0 ppid=15789 pid=15793 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778605.528:13292): avc: denied { relabelfrom } for pid=15789 comm="sshd" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=AVC msg=audit(1163778605.528:13292): avc: denied { relabelto } for pid=15789 comm="sshd" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778605.528:13292): arch=40000003 syscall=226 success=yes exit=0 a0=6c7df4 a1=62a0d3 a2=93b8f60 a3=23 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778605.540:13293): avc: denied { read } for pid=15789 comm="sshd" name="lastlog" dev=dm-0 ino=14437088 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lastlog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.540:13293): arch=40000003 syscall=5 success=yes exit=7 a0=bfc23f68 a1=8000 a2=0 a3=8000 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_LOGIN msg=audit(1163778605.544:13294): user pid=15789 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='uid=500: exe="/usr/sbin/sshd" (hostname=laptop.localdomain, addr=192.168.1.106, terminal=/dev/pts/8 res=success)'
+type=AVC msg=audit(1163778605.548:13295): avc: denied { write } for pid=15789 comm="sshd" name="lastlog" dev=dm-0 ino=14437088 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:lastlog_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.548:13295): arch=40000003 syscall=5 success=yes exit=7 a0=bfc24238 a1=8042 a2=180 a3=8042 items=0 ppid=8872 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778605.568:13296): avc: denied { entrypoint } for pid=15794 comm="sshd" name="bash" dev=dm-0 ino=13683670 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778605.568:13296): avc: denied { read write } for pid=15794 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778605.568:13296): arch=40000003 syscall=11 success=yes exit=0 a0=93a77e8 a1=bfc23458 a2=93a7420 a3=0 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.568:13296): path="/bin/bash"
+type=AVC msg=audit(1163778605.568:13297): avc: denied { search } for pid=15794 comm="bash" name="/" dev=devpts ino=1 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778605.568:13297): arch=40000003 syscall=5 success=yes exit=3 a0=80cfa3a a1=8802 a2=0 a3=8802 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778605.568:13298): avc: denied { ioctl } for pid=15794 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778605.568:13298): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5401 a2=bfd668f8 a3=bfd66938 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.568:13298): path="/dev/pts/8"
+type=AVC msg=audit(1163778605.588:13299): avc: denied { search } for pid=15794 comm="bash" name="spool" dev=dm-0 ino=14436617 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163778605.588:13299): avc: denied { search } for pid=15794 comm="bash" name="mail" dev=dm-0 ino=14436619 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163778605.588:13299): avc: denied { getattr } for pid=15794 comm="bash" name="kmacmill" dev=dm-0 ino=14437393 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.588:13299): arch=40000003 syscall=195 success=yes exit=0 a0=9dc9e38 a1=bfd66024 a2=457ff4 a3=bfd66024 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.588:13299): path="/var/spool/mail/kmacmill"
+type=AVC msg=audit(1163778605.628:13300): avc: denied { execute } for pid=15798 comm="bash" name="hostname" dev=dm-0 ino=13683750 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778605.628:13300): avc: denied { execute_no_trans } for pid=15798 comm="bash" name="hostname" dev=dm-0 ino=13683750 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778605.628:13300): avc: denied { read } for pid=15798 comm="bash" name="hostname" dev=dm-0 ino=13683750 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.628:13300): arch=40000003 syscall=11 success=yes exit=0 a0=9dcce50 a1=9dcc0a8 a2=9dccf80 a3=9dccbc0 items=0 ppid=15797 pid=15798 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="hostname" exe="/bin/hostname" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.628:13300): path="/bin/hostname"
+type=AVC_PATH msg=audit(1163778605.628:13300): path="/bin/hostname"
+type=AVC msg=audit(1163778605.648:13301): avc: denied { read } for pid=15794 comm="bash" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778605.648:13301): arch=40000003 syscall=5 success=yes exit=3 a0=80d2437 a1=18800 a2=459120 a3=9dcdaa8 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778605.684:13302): avc: denied { execute } for pid=15811 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778605.684:13302): avc: denied { execute_no_trans } for pid=15811 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778605.684:13302): avc: denied { read } for pid=15811 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.684:13302): arch=40000003 syscall=11 success=yes exit=0 a0=9dd54d8 a1=9dd4e48 a2=9dcf728 a3=9dd4ee0 items=0 ppid=15810 pid=15811 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.684:13302): path="/sbin/consoletype"
+type=AVC_PATH msg=audit(1163778605.684:13302): path="/sbin/consoletype"
+type=AVC msg=audit(1163778605.688:13303): avc: denied { getattr } for pid=15811 comm="consoletype" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778605.688:13303): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfeb3ffc a2=c8eff4 a3=bfeb3ffc items=0 ppid=15810 pid=15811 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.688:13303): path="/dev/pts/8"
+type=AVC msg=audit(1163778605.708:13304): avc: denied { read } for pid=15794 comm="bash" name=".bash_profile" dev=dm-0 ino=11884821 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.708:13304): arch=40000003 syscall=5 success=yes exit=3 a0=9dcbac0 a1=8000 a2=0 a3=8000 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778605.708:13305): avc: denied { getattr } for pid=15794 comm="bash" name=".bash_profile" dev=dm-0 ino=11884821 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778605.708:13305): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd668c4 a2=457ff4 a3=9dcbac0 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778605.708:13305): path="/home/kmacmill/.bash_profile"
+type=AVC msg=audit(1163778606.368:13306): avc: denied { getattr } for pid=15794 comm="bash" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778606.368:13306): arch=40000003 syscall=195 success=yes exit=0 a0=9dd2670 a1=bfd66590 a2=457ff4 a3=9dd2670 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778606.368:13306): path="/bin/ls"
+type=AVC msg=audit(1163778606.368:13307): avc: denied { execute } for pid=15794 comm="bash" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778606.368:13307): arch=40000003 syscall=33 success=yes exit=0 a0=9dd2670 a1=1 a2=11 a3=9dd2670 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778606.368:13308): avc: denied { read } for pid=15794 comm="bash" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778606.368:13308): arch=40000003 syscall=33 success=yes exit=0 a0=9dd2670 a1=4 a2=ffffffff a3=9dd2670 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778606.368:13309): avc: denied { execute_no_trans } for pid=15818 comm="bash" name="ls" dev=dm-0 ino=13683768 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:ls_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778606.368:13309): arch=40000003 syscall=11 success=yes exit=0 a0=9dd2670 a1=9dd54f0 a2=9de05c0 a3=9de04f8 items=0 ppid=15794 pid=15818 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="ls" exe="/bin/ls" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778606.368:13309): path="/bin/ls"
+type=AVC msg=audit(1163778612.949:13310): avc: denied { getattr } for pid=15819 comm="top" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13310): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13310): path="/proc/1"
+type=AVC msg=audit(1163778612.949:13311): avc: denied { search } for pid=15819 comm="top" name="1" dev=proc ino=65538 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13311): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=65549 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13311): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13312): avc: denied { getattr } for pid=15819 comm="top" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13312): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13312): path="/proc/2"
+type=AVC msg=audit(1163778612.949:13313): avc: denied { search } for pid=15819 comm="top" name="2" dev=proc ino=131074 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13313): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=131085 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13313): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13314): avc: denied { getattr } for pid=15819 comm="top" name="1865" dev=proc ino=122224642 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13314): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13314): path="/proc/1865"
+type=AVC msg=audit(1163778612.949:13315): avc: denied { search } for pid=15819 comm="top" name="1865" dev=proc ino=122224642 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13315): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=122224653 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13315): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13316): avc: denied { getattr } for pid=15819 comm="top" name="1881" dev=proc ino=123273218 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13316): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13316): path="/proc/1881"
+type=AVC msg=audit(1163778612.949:13317): avc: denied { search } for pid=15819 comm="top" name="1881" dev=proc ino=123273218 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13317): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=123273229 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13317): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13318): avc: denied { getattr } for pid=15819 comm="top" name="1884" dev=proc ino=123469826 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13318): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13318): path="/proc/1884"
+type=AVC msg=audit(1163778612.949:13319): avc: denied { search } for pid=15819 comm="top" name="1884" dev=proc ino=123469826 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13319): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=123469837 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13319): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13320): avc: denied { getattr } for pid=15819 comm="top" name="1896" dev=proc ino=124256258 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13320): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13320): path="/proc/1896"
+type=AVC msg=audit(1163778612.949:13321): avc: denied { search } for pid=15819 comm="top" name="1896" dev=proc ino=124256258 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13321): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=124256269 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13321): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13322): avc: denied { getattr } for pid=15819 comm="top" name="1912" dev=proc ino=125304834 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13322): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13322): path="/proc/1912"
+type=AVC msg=audit(1163778612.949:13323): avc: denied { search } for pid=15819 comm="top" name="1912" dev=proc ino=125304834 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163778612.949:13323): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=125304845 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13323): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13324): avc: denied { getattr } for pid=15819 comm="top" name="1925" dev=proc ino=126156802 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13324): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13324): path="/proc/1925"
+type=AVC msg=audit(1163778612.949:13325): avc: denied { search } for pid=15819 comm="top" name="1925" dev=proc ino=126156802 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13325): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=126156813 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13325): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13326): avc: denied { getattr } for pid=15819 comm="top" name="1959" dev=proc ino=128385026 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13326): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13326): path="/proc/1959"
+type=AVC msg=audit(1163778612.949:13327): avc: denied { search } for pid=15819 comm="top" name="1959" dev=proc ino=128385026 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13327): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=128385037 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13327): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13328): avc: denied { getattr } for pid=15819 comm="top" name="2033" dev=proc ino=133234690 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13328): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13328): path="/proc/2033"
+type=AVC msg=audit(1163778612.949:13329): avc: denied { search } for pid=15819 comm="top" name="2033" dev=proc ino=133234690 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13329): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=133234701 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13329): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13330): avc: denied { getattr } for pid=15819 comm="top" name="2123" dev=proc ino=139132930 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13330): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13330): path="/proc/2123"
+type=AVC msg=audit(1163778612.949:13331): avc: denied { search } for pid=15819 comm="top" name="2123" dev=proc ino=139132930 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13331): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=139132941 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13331): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13332): avc: denied { getattr } for pid=15819 comm="top" name="2142" dev=proc ino=140378114 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13332): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13332): path="/proc/2142"
+type=AVC msg=audit(1163778612.949:13333): avc: denied { search } for pid=15819 comm="top" name="2142" dev=proc ino=140378114 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13333): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=140378125 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13333): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13334): avc: denied { getattr } for pid=15819 comm="top" name="2153" dev=proc ino=141099010 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13334): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13334): path="/proc/2153"
+type=AVC msg=audit(1163778612.949:13335): avc: denied { search } for pid=15819 comm="top" name="2153" dev=proc ino=141099010 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13335): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=141099021 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13335): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.949:13336): avc: denied { getattr } for pid=15819 comm="top" name="2196" dev=proc ino=143917058 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.949:13336): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.949:13336): path="/proc/2196"
+type=AVC msg=audit(1163778612.949:13337): avc: denied { search } for pid=15819 comm="top" name="2196" dev=proc ino=143917058 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.949:13337): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=143917069 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.949:13337): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13338): avc: denied { getattr } for pid=15819 comm="top" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13338): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13338): path="/proc/2216"
+type=AVC msg=audit(1163778612.957:13339): avc: denied { search } for pid=15819 comm="top" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13339): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=145227789 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13339): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13340): avc: denied { getattr } for pid=15819 comm="top" name="2237" dev=proc ino=146604034 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13340): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13340): path="/proc/2237"
+type=AVC msg=audit(1163778612.957:13341): avc: denied { search } for pid=15819 comm="top" name="2237" dev=proc ino=146604034 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13341): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=146604045 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13341): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13342): avc: denied { getattr } for pid=15819 comm="top" name="2248" dev=proc ino=147324930 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13342): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13342): path="/proc/2248"
+type=AVC msg=audit(1163778612.957:13343): avc: denied { search } for pid=15819 comm="top" name="2248" dev=proc ino=147324930 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163778612.957:13343): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=147324941 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13343): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13344): avc: denied { getattr } for pid=15819 comm="top" name="2285" dev=proc ino=149749762 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13344): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13344): path="/proc/2285"
+type=AVC msg=audit(1163778612.957:13345): avc: denied { search } for pid=15819 comm="top" name="2285" dev=proc ino=149749762 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13345): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=149749773 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13345): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13346): avc: denied { getattr } for pid=15819 comm="top" name="2401" dev=proc ino=157351938 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13346): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13346): path="/proc/2401"
+type=AVC msg=audit(1163778612.957:13347): avc: denied { search } for pid=15819 comm="top" name="2401" dev=proc ino=157351938 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13347): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=157351949 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13347): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13348): avc: denied { getattr } for pid=15819 comm="top" name="2723" dev=proc ino=178454530 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13348): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13348): path="/proc/2723"
+type=AVC msg=audit(1163778612.957:13349): avc: denied { search } for pid=15819 comm="top" name="2723" dev=proc ino=178454530 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13349): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=178454541 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13349): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13350): avc: denied { getattr } for pid=15819 comm="top" name="2732" dev=proc ino=179044354 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13350): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13350): path="/proc/2732"
+type=AVC msg=audit(1163778612.957:13351): avc: denied { search } for pid=15819 comm="top" name="2732" dev=proc ino=179044354 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13351): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=179044365 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13351): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.957:13352): avc: denied { getattr } for pid=15819 comm="top" name="2735" dev=proc ino=179240962 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.957:13352): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.957:13352): path="/proc/2735"
+type=AVC msg=audit(1163778612.957:13353): avc: denied { search } for pid=15819 comm="top" name="2735" dev=proc ino=179240962 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.957:13353): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=179240973 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.957:13353): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.965:13354): avc: denied { getattr } for pid=15819 comm="top" name="3150" dev=proc ino=206438402 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.965:13354): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.965:13354): path="/proc/3150"
+type=AVC msg=audit(1163778612.965:13355): avc: denied { search } for pid=15819 comm="top" name="3150" dev=proc ino=206438402 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.965:13355): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=206438413 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.965:13355): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.965:13356): avc: denied { getattr } for pid=15819 comm="top" name="3172" dev=proc ino=207880194 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.965:13356): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.965:13356): path="/proc/3172"
+type=AVC msg=audit(1163778612.965:13357): avc: denied { search } for pid=15819 comm="top" name="3172" dev=proc ino=207880194 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.965:13357): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=207880205 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.965:13357): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.965:13358): avc: denied { getattr } for pid=15819 comm="top" name="3201" dev=proc ino=209780738 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163778612.965:13358): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.965:13358): path="/proc/3201"
+type=AVC msg=audit(1163778612.965:13359): avc: denied { search } for pid=15819 comm="top" name="3201" dev=proc ino=209780738 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163778612.965:13359): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=209780749 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163778612.965:13359): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13360): avc: denied { getattr } for pid=15819 comm="top" name="6659" dev=proc ino=436404226 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13360): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13360): path="/proc/6659"
+type=AVC msg=audit(1163778612.969:13361): avc: denied { search } for pid=15819 comm="top" name="6659" dev=proc ino=436404226 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13361): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=436404237 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13361): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13362): avc: denied { getattr } for pid=15819 comm="top" name="6687" dev=proc ino=438239234 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13362): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13362): path="/proc/6687"
+type=AVC msg=audit(1163778612.969:13363): avc: denied { search } for pid=15819 comm="top" name="6687" dev=proc ino=438239234 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13363): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=438239245 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13363): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13364): avc: denied { getattr } for pid=15819 comm="top" name="14252" dev=proc ino=934019074 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13364): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13364): path="/proc/14252"
+type=AVC msg=audit(1163778612.969:13365): avc: denied { search } for pid=15819 comm="top" name="14252" dev=proc ino=934019074 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir
+type=AVC msg=audit(1163778612.969:13365): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=934019085 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13365): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13366): avc: denied { getattr } for pid=15819 comm="top" name="14333" dev=proc ino=939327490 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13366): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13366): path="/proc/14333"
+type=AVC msg=audit(1163778612.969:13367): avc: denied { search } for pid=15819 comm="top" name="14333" dev=proc ino=939327490 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13367): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=939327501 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13367): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13368): avc: denied { getattr } for pid=15819 comm="top" name="14914" dev=proc ino=977403906 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13368): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13368): path="/proc/14914"
+type=AVC msg=audit(1163778612.969:13369): avc: denied { search } for pid=15819 comm="top" name="14914" dev=proc ino=977403906 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13369): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=977403917 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13369): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13370): avc: denied { getattr } for pid=15819 comm="top" name="14970" dev=proc ino=981073922 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13370): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13370): path="/proc/14970"
+type=AVC msg=audit(1163778612.969:13371): avc: denied { search } for pid=15819 comm="top" name="14970" dev=proc ino=981073922 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13371): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=981073933 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13371): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13372): avc: denied { getattr } for pid=15819 comm="top" name="15125" dev=proc ino=991232002 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13372): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13372): path="/proc/15125"
+type=AVC msg=audit(1163778612.969:13373): avc: denied { search } for pid=15819 comm="top" name="15125" dev=proc ino=991232002 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13373): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=991232013 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:newrole_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13373): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13374): avc: denied { getattr } for pid=15819 comm="top" name="15126" dev=proc ino=991297538 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13374): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13374): path="/proc/15126"
+type=AVC msg=audit(1163778612.969:13375): avc: denied { search } for pid=15819 comm="top" name="15126" dev=proc ino=991297538 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13375): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=991297549 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13375): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778612.969:13376): avc: denied { getattr } for pid=15819 comm="top" name="15713" dev=proc ino=1029767170 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:rpm_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778612.969:13376): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778612.969:13376): path="/proc/15713"
+type=AVC msg=audit(1163778612.969:13377): avc: denied { search } for pid=15819 comm="top" name="15713" dev=proc ino=1029767170 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:rpm_t:s0 tclass=dir
+type=AVC msg=audit(1163778612.969:13377): avc: denied { read } for pid=15819 comm="top" name="stat" dev=proc ino=1029767181 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:rpm_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778612.969:13377): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778613.469:13378): avc: denied { getattr } for pid=15819 comm="top" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778613.469:13378): arch=40000003 syscall=195 success=yes exit=0 a0=9b3783c a1=bff6335c a2=24bff4 a3=bff6335c items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778613.469:13378): path="/proc/2216"
+type=AVC msg=audit(1163778613.469:13379): avc: denied { search } for pid=15819 comm="top" name="2216" dev=proc ino=145227778 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778613.469:13379): arch=40000003 syscall=5 success=yes exit=4 a0=c64780 a1=0 a2=0 a3=c64780 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778613.477:13380): avc: denied { read } for pid=15819 comm="top" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778613.477:13380): arch=40000003 syscall=5 success=yes exit=4 a0=2346d2 a1=0 a2=bff633e8 a3=2346d8 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778613.477:13381): avc: denied { lock } for pid=15819 comm="top" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778613.477:13381): arch=40000003 syscall=221 success=yes exit=0 a0=4 a1=7 a2=bff633a0 a3=0 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778613.477:13381): path="/var/run/utmp"
+type=AVC msg=audit(1163778613.477:13382): avc: denied { write } for pid=15819 comm="top" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778613.477:13382): arch=40000003 syscall=4 success=yes exit=2048 a0=1 a1=8056ba0 a2=800 a3=800 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778613.477:13382): path="/dev/pts/8"
+type=AVC msg=audit(1163778613.477:13383): avc: denied { read } for pid=15819 comm="top" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778613.477:13383): arch=40000003 syscall=3 success=no exit=-11 a0=0 a1=bff63c05 a2=1 a3=1 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778613.477:13383): path="/dev/pts/8"
+type=AVC msg=audit(1163778613.477:13384): avc: denied { ioctl } for pid=15819 comm="top" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778613.477:13384): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=540b a2=0 a3=1 items=0 ppid=15794 pid=15819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="top" exe="/usr/bin/top" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778613.477:13384): path="/dev/pts/8"
+type=AVC msg=audit(1163778633.746:13385): avc: denied { getattr } for pid=15794 comm="bash" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.746:13385): arch=40000003 syscall=195 success=yes exit=0 a0=9de04f8 a1=bfd66590 a2=457ff4 a3=9de04f8 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778633.746:13385): path="/bin/su"
+type=AVC msg=audit(1163778633.746:13386): avc: denied { execute } for pid=15794 comm="bash" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.746:13386): arch=40000003 syscall=33 success=yes exit=0 a0=9de04f8 a1=1 a2=11 a3=9de04f8 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778633.746:13387): avc: denied { read } for pid=15794 comm="bash" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.746:13387): arch=40000003 syscall=33 success=yes exit=0 a0=9de04f8 a1=4 a2=ffffffff a3=9de04f8 items=0 ppid=15793 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778633.746:13388): avc: denied { execute_no_trans } for pid=15820 comm="bash" name="su" dev=dm-0 ino=13683691 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.746:13388): arch=40000003 syscall=11 success=yes exit=0 a0=9de04f8 a1=9de0508 a2=9de05c0 a3=9de71b8 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778633.746:13388): path="/bin/su"
+type=AVC msg=audit(1163778633.754:13389): avc: denied { read } for pid=15820 comm="su" name="shadow" dev=dm-0 ino=9332039 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.754:13389): arch=40000003 syscall=5 success=yes exit=3 a0=40d304 a1=0 a2=1b6 a3=8011aa8 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778633.754:13390): avc: denied { getattr } for pid=15820 comm="su" name="shadow" dev=dm-0 ino=9332039 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778633.754:13390): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bffb8de8 a2=c35ff4 a3=8011aa8 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778633.754:13390): path="/etc/shadow"
+type=AVC msg=audit(1163778637.098:13391): avc: denied { create } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1163778637.098:13391): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bffb8f50 a2=130ff4 a3=0 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778637.098:13392): avc: denied { write } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1163778637.098:13392): avc: denied { nlmsg_relay } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1163778637.098:13392): avc: denied { audit_write } for pid=15820 comm="su" capability=29 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=capability
+type=USER_AUTH msg=audit(1163778637.102:13393): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=SYSCALL msg=audit(1163778637.098:13392): arch=40000003 syscall=102 success=yes exit=112 a0=b a1=bffae1d0 a2=130ff4 a3=bffb4c10 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778637.102:13394): avc: denied { read } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1163778637.102:13394): arch=40000003 syscall=102 success=yes exit=36 a0=c a1=bffae180 a2=130ff4 a3=bffb054c items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163778637.102:13395): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=AVC msg=audit(1163778637.102:13396): avc: denied { write } for pid=15820 comm="su" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.102:13396): arch=40000003 syscall=5 success=yes exit=3 a0=c1e6d2 a1=2 a2=0 a3=c1e6d8 items=0 ppid=15794 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts8 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=USER_START msg=audit(1163778637.102:13397): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=CRED_ACQ msg=audit(1163778637.102:13398): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=AVC msg=audit(1163778637.106:13399): avc: denied { search } for pid=15821 comm="bash" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778637.106:13399): avc: denied { read } for pid=15821 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.106:13399): arch=40000003 syscall=5 success=yes exit=3 a0=9a6ff70 a1=8000 a2=0 a3=8000 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778637.106:13400): avc: denied { getattr } for pid=15821 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.106:13400): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8de094 a2=24bff4 a3=9a6ff70 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778637.106:13400): path="/root/.bashrc"
+type=AVC msg=audit(1163778637.162:13401): avc: denied { execute } for pid=15834 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778637.162:13401): avc: denied { execute_no_trans } for pid=15834 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=AVC msg=audit(1163778637.162:13401): avc: denied { read } for pid=15834 comm="bash" name="consoletype" dev=dm-0 ino=9984625 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.162:13401): arch=40000003 syscall=11 success=yes exit=0 a0=9a82690 a1=9a820c0 a2=9a7cba8 a3=9a82158 items=0 ppid=15833 pid=15834 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778637.162:13401): path="/sbin/consoletype"
+type=AVC_PATH msg=audit(1163778637.162:13401): path="/sbin/consoletype"
+type=AVC msg=audit(1163778637.162:13402): avc: denied { getattr } for pid=15834 comm="consoletype" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778637.162:13402): arch=40000003 syscall=197 success=yes exit=0 a0=0 a1=bfe386cc a2=fe9ff4 a3=bfe386cc items=0 ppid=15833 pid=15834 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778637.162:13402): path="/dev/pts/8"
+type=AVC msg=audit(1163778637.190:13403): avc: denied { read } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.190:13403): arch=40000003 syscall=5 success=yes exit=3 a0=9a70150 a1=8000 a2=0 a3=8000 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778637.190:13404): avc: denied { getattr } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778637.190:13404): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8de02c a2=24bff4 a3=0 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778637.190:13404): path="/root/.bash_history"
+type=AVC msg=audit(1163778643.866:13405): avc: denied { getattr } for pid=15821 comm="bash" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13405): arch=40000003 syscall=195 success=yes exit=0 a0=9a82dd0 a1=bf8ddd60 a2=24bff4 a3=9a82dd0 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778643.866:13405): path="/usr/bin/newrole"
+type=AVC msg=audit(1163778643.866:13406): avc: denied { execute } for pid=15821 comm="bash" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13406): arch=40000003 syscall=33 success=yes exit=0 a0=9a82dd0 a1=1 a2=11 a3=9a82dd0 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778643.866:13407): avc: denied { read } for pid=15821 comm="bash" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13407): arch=40000003 syscall=33 success=yes exit=0 a0=9a82dd0 a1=4 a2=ffffffff a3=9a82dd0 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778643.866:13408): avc: denied { execute_no_trans } for pid=15841 comm="bash" name="newrole" dev=dm-0 ino=10325592 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13408): arch=40000003 syscall=11 success=yes exit=0 a0=9a82dd0 a1=9a819b0 a2=9a7cba8 a3=9a82d08 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778643.866:13408): path="/usr/bin/newrole"
+type=AVC msg=audit(1163778643.866:13409): avc: denied { search } for pid=15841 comm="newrole" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163778643.866:13409): avc: denied { read } for pid=15841 comm="newrole" name="default_type" dev=dm-0 ino=9334403 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13409): arch=40000003 syscall=5 success=yes exit=3 a0=9bc5040 a1=8000 a2=1b6 a3=9bc6c98 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778643.866:13410): avc: denied { getattr } for pid=15841 comm="newrole" name="default_type" dev=dm-0 ino=9334403 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13410): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bff78d40 a2=743ff4 a3=9bc6c98 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778643.866:13410): path="/etc/selinux/strict/contexts/default_type"
+type=AVC msg=audit(1163778643.866:13411): avc: denied { write } for pid=15841 comm="newrole" name="context" dev=selinuxfs ino=5 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778643.866:13411): arch=40000003 syscall=5 success=yes exit=3 a0=bff77f88 a1=8002 a2=0 a3=8002 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778643.866:13412): avc: denied { check_context } for pid=15841 comm="newrole" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security
+type=SYSCALL msg=audit(1163778643.866:13412): arch=40000003 syscall=4 success=yes exit=29 a0=3 a1=9bc6d28 a2=1d a3=bff77f88 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163778645.667:13413): user pid=15841 uid=0 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=USER_ACCT msg=audit(1163778645.667:13414): user pid=15841 uid=0 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=AVC msg=audit(1163778645.667:13415): avc: denied { compute_relabel } for pid=15841 comm="newrole" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security
+type=SYSCALL msg=audit(1163778645.667:13415): arch=40000003 syscall=4 success=yes exit=66 a0=4 a1=9bcd788 a2=42 a3=9bcd788 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778645.667:13416): avc: denied { fowner } for pid=15841 comm="newrole" capability=3 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=capability
+type=AVC msg=audit(1163778645.667:13416): avc: denied { relabelfrom } for pid=15841 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=AVC msg=audit(1163778645.667:13416): avc: denied { relabelto } for pid=15841 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778645.667:13416): arch=40000003 syscall=228 success=yes exit=0 a0=3 a1=a2f0d3 a2=9bcd6a8 a3=24 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778645.667:13417): avc: denied { read } for pid=15842 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778645.667:13417): arch=40000003 syscall=5 success=yes exit=0 a0=9bc5c90 a1=0 a2=a a3=9bc5c90 items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778645.667:13418): avc: denied { write } for pid=15842 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778645.667:13418): arch=40000003 syscall=5 success=yes exit=1 a0=9bc5c90 a1=1 a2=a a3=9bc5c90 items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778645.671:13419): avc: denied { setexec } for pid=15842 comm="newrole" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778645.671:13419): arch=40000003 syscall=4 success=yes exit=29 a0=3 a1=9bcd658 a2=1d a3=a2f751 items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163778645.671:13420): avc: denied { transition } for pid=15842 comm="newrole" name="bash" dev=dm-0 ino=13683670 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=process
+type=AVC msg=audit(1163778645.671:13420): avc: denied { use } for pid=15842 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=fd
+type=AVC msg=audit(1163778645.671:13420): avc: denied { siginh } for pid=15842 comm="bash" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=process
+type=AVC msg=audit(1163778645.671:13420): avc: denied { rlimitinh } for pid=15842 comm="bash" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=process
+type=AVC msg=audit(1163778645.671:13420): avc: denied { noatsecure } for pid=15842 comm="bash" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:sysadm_r:sysadm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778645.671:13420): arch=40000003 syscall=11 success=yes exit=0 a0=9bc6f68 a1=bff7919c a2=9bc6d98 a3=9bc5c90 items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778645.671:13420): path="/dev/pts/8"
+type=AVC_PATH msg=audit(1163778645.671:13420): path="/bin/bash"
+type=AVC msg=audit(1163778645.723:13421): avc: denied { use } for pid=15852 comm="hostname" name="8" dev=devpts ino=10 scontext=staff_u:sysadm_r:hostname_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=fd
+type=SYSCALL msg=audit(1163778645.723:13421): arch=40000003 syscall=11 success=yes exit=0 a0=83064d0 a1=83091e8 a2=8309980 a3=8308440 items=0 ppid=15851 pid=15852 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="hostname" exe="/bin/hostname" subj=staff_u:sysadm_r:hostname_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778645.723:13421): path="/dev/pts/8"
+type=AVC msg=audit(1163778645.755:13422): avc: denied { use } for pid=15865 comm="consoletype" name="8" dev=devpts ino=10 scontext=staff_u:sysadm_r:consoletype_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=fd
+type=SYSCALL msg=audit(1163778645.755:13422): arch=40000003 syscall=11 success=yes exit=0 a0=8312288 a1=8311be0 a2=830bbf0 a3=8311c78 items=0 ppid=15864 pid=15865 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="consoletype" exe="/sbin/consoletype" subj=staff_u:sysadm_r:consoletype_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778645.755:13422): path="/dev/pts/8"
+type=AVC msg=audit(1163778648.635:13423): avc: denied { use } for pid=15842 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=fd
+type=SYSCALL msg=audit(1163778648.635:13423): arch=40000003 syscall=54 success=yes exit=0 a0=ff a1=5410 a2=bfef9f84 a3=bfef9f8c items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778648.635:13423): path="/dev/pts/8"
+type=AVC msg=audit(1163778675.468:13424): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163778675.468:13424): arch=40000003 syscall=100 success=yes exit=0 a0=18 a1=bfcd52ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163778682.377:13425): avc: denied { sigkill } for pid=15880 comm="pkill" scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163778682.377:13425): arch=40000003 syscall=37 success=yes exit=0 a0=37ac a1=9 a2=0 a3=8e790b0 items=0 ppid=15842 pid=15880 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="pkill" exe="/usr/bin/pkill" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13426): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163778682.477:13426): arch=40000003 syscall=102 success=yes exit=99 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13427): avc: denied { write } for pid=11049 comm="udevd" name="uevent_seqnum" dev=tmpfs ino=1522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.477:13427): arch=40000003 syscall=5 success=yes exit=9 a0=bfee5668 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13428): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.477:13428): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.477:13428): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778682.477:13428): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13429): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.477:13429): avc: denied { create } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778682.477:13429): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13430): avc: denied { write } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=166623 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.477:13430): avc: denied { add_name } for pid=11049 comm="udevd" name="class@vc@vcs7" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.477:13430): avc: denied { create } for pid=11049 comm="udevd" name="class@vc@vcs7" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.477:13430): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13431): avc: denied { unlink } for pid=15881 comm="udevd" name="class@vc@vcs7" dev=tmpfs ino=154266 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163778682.477:13431): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dcc a1=1b a2=791234 a3=bfed2dcc items=0 ppid=11049 pid=15881 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13432): avc: denied { getattr } for pid=15881 comm="udevd" name="vcs7" dev=tmpfs ino=154265 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778682.477:13432): arch=40000003 syscall=195 success=yes exit=0 a0=bfed2dc8 a1=bfed2b68 a2=24bff4 a3=bfed2dc8 items=0 ppid=11049 pid=15881 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778682.477:13432): path="/dev/vcs7"
+type=AVC msg=audit(1163778682.477:13433): avc: denied { setattr } for pid=15881 comm="udevd" name="vcs7" dev=tmpfs ino=154265 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778682.477:13433): arch=40000003 syscall=212 success=yes exit=0 a0=bfed2dc8 a1=0 a2=0 a3=bfed2dc8 items=0 ppid=11049 pid=15881 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.477:13434): avc: denied { unlink } for pid=15881 comm="udevd" name="vcs7" dev=tmpfs ino=154265 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778682.477:13434): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dc8 a1=0 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=15881 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.537:13435): avc: denied { append } for pid=15501 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.537:13435): arch=40000003 syscall=5 success=yes exit=3 a0=811c4e0 a1=8401 a2=0 a3=8401 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.537:13436): avc: denied { read } for pid=15501 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.537:13436): arch=40000003 syscall=5 success=yes exit=3 a0=811c4e0 a1=8000 a2=0 a3=8000 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778682.537:13437): avc: denied { write } for pid=15501 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.537:13437): arch=40000003 syscall=5 success=yes exit=3 a0=811c4e0 a1=8201 a2=0 a3=8201 items=0 ppid=15498 pid=15501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1163778682.537:13438): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=AVC msg=audit(1163778682.537:13439): avc: denied { search } for pid=15498 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.537:13439): avc: denied { write } for pid=15498 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.537:13439): avc: denied { remove_name } for pid=15498 comm="su" name=".xauthjIDizz" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778682.537:13439): avc: denied { unlink } for pid=15498 comm="su" name=".xauthjIDizz" dev=dm-0 ino=13127388 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778682.537:13439): arch=40000003 syscall=10 success=yes exit=0 a0=8dc69a8 a1=8dc6a86 a2=199ae8 a3=8dc3008 items=0 ppid=1 pid=15498 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_END msg=audit(1163778682.545:13440): user pid=15498 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/3 res=success)'
+type=AVC msg=audit(1163778683.001:13441): avc: denied { sendto } for pid=15881 comm="udevd" path=002F6F72672F667265656465736B746F702F68616C2F756465765F6576656E74 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=unix_dgram_socket
+type=SYSCALL msg=audit(1163778683.001:13441): arch=40000003 syscall=102 success=yes exit=142 a0=b a1=bfed27a0 a2=791234 a3=8e items=0 ppid=11049 pid=15881 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778683.001:13442): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778683.001:13442): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778683.001:13442): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778683.001:13442): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778683.001:13443): avc: denied { remove_name } for pid=11049 comm="udevd" name="class@vc@vcs7" dev=tmpfs ino=166624 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163778683.001:13443): avc: denied { unlink } for pid=11049 comm="udevd" name="class@vc@vcs7" dev=tmpfs ino=166624 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778683.001:13443): arch=40000003 syscall=10 success=yes exit=0 a0=bfedb2b8 a1=ffffffff a2=791234 a3=791418 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778683.005:13444): avc: denied { rmdir } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=166623 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778683.005:13444): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1163778683.005:13445): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=USER_END msg=audit(1163778683.005:13446): user pid=15636 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/5 res=success)'
+type=USER_END msg=audit(1163778683.381:13447): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session close acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_DISP msg=audit(1163778683.381:13448): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=AVC msg=audit(1163778683.997:13449): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163778683.997:13449): arch=40000003 syscall=102 success=yes exit=93 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778683.997:13450): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778683.997:13450): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778684.001:13451): avc: denied { write } for pid=11049 comm="udevd" name="class@vc@vcs7" dev=tmpfs ino=167046 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778684.001:13451): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778684.005:13452): avc: denied { mknod } for pid=15897 comm="udevd" capability=27 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163778684.005:13452): avc: denied { create } for pid=15897 comm="udevd" name="vcsa7" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778684.005:13452): arch=40000003 syscall=14 success=yes exit=0 a0=bfed2dc4 a1=2180 a2=787 a3=180 items=0 ppid=11049 pid=15897 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778684.005:13453): avc: denied { create } for pid=15897 comm="udevd" name="class@vc@vcsa7" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163778684.005:13453): arch=40000003 syscall=83 success=yes exit=0 a0=9526ccc a1=bfed2dc8 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=15897 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778684.593:13454): avc: denied { unlink } for pid=15909 comm="udevd" name="class@vc@vcs8" dev=tmpfs ino=167555 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163778684.593:13454): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dcc a1=1b a2=791234 a3=bfed2dcc items=0 ppid=11049 pid=15909 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778684.745:13455): avc: denied { create } for pid=15915 comm="udevd" name="class@vc@vcs8" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163778684.745:13455): arch=40000003 syscall=83 success=yes exit=0 a0=9526ccc a1=bfed2dc8 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=15915 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163778701.194:13456): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=failed)'
+type=USER_LOGIN msg=audit(1163778701.194:13457): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=failed)'
+type=USER_AUTH msg=audit(1163778705.602:13458): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_ACCT msg=audit(1163778705.602:13459): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=CRED_ACQ msg=audit(1163778705.606:13460): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: setcred acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=LOGIN msg=audit(1163778705.622:13461): login pid=3285 uid=0 old auid=500 new auid=500
+type=USER_START msg=audit(1163778705.670:13462): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='PAM: session open acct=kmacmill : exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
+type=USER_LOGIN msg=audit(1163778705.670:13463): user pid=3285 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)'
+type=AVC msg=audit(1163778706.358:13464): avc: denied { read } for pid=15931 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778706.358:13464): arch=40000003 syscall=5 success=yes exit=12 a0=80865d5 a1=0 a2=1 a3=d items=0 ppid=3285 pid=15931 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163778706.358:13465): avc: denied { getattr } for pid=15931 comm="gdm-binary" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778706.358:13465): arch=40000003 syscall=196 success=yes exit=0 a0=80865d5 a1=bfd7023c a2=c4eff4 a3=bfd7023c items=0 ppid=3285 pid=15931 auid=500 uid=0 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=500 fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163778706.358:13465): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1163778706.730:13466): avc: denied { read } for pid=15944 comm="xrdb" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778706.730:13466): arch=40000003 syscall=33 success=yes exit=0 a0=bf8fcfce a1=4 a2=da3a64 a3=bf8fcfce items=0 ppid=15931 pid=15944 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xrdb" exe="/usr/bin/xrdb" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778708.231:13467): avc: denied { getattr } for pid=15985 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163778708.231:13467): arch=40000003 syscall=100 success=yes exit=0 a0=5 a1=bff51e8c a2=39cff4 a3=ffffffb8 items=0 ppid=15984 pid=15985 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163778709.227:13468): avc: denied { search } for pid=15985 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778709.227:13468): avc: denied { search } for pid=15985 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778709.227:13468): arch=40000003 syscall=5 success=no exit=-2 a0=8e9ec68 a1=18800 a2=26625c a3=0 items=0 ppid=15984 pid=15985 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163778709.231:13469): avc: denied { read } for pid=15986 comm="dbus-launch" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778709.231:13469): arch=40000003 syscall=33 success=yes exit=0 a0=bf87df80 a1=4 a2=112a64 a3=bf87df80 items=0 ppid=1 pid=15986 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-launch" exe="/usr/bin/dbus-launch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778716.215:13470): avc: denied { read } for pid=14973 comm="bash" name=".bash_logout" dev=dm-0 ino=13061690 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778716.215:13470): arch=40000003 syscall=5 success=yes exit=3 a0=8e0bf08 a1=8000 a2=0 a3=8000 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778716.267:13471): avc: denied { append } for pid=14973 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778716.267:13471): arch=40000003 syscall=5 success=yes exit=3 a0=8e0bec0 a1=8401 a2=0 a3=8401 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778716.267:13472): avc: denied { read } for pid=14973 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778716.267:13472): arch=40000003 syscall=5 success=yes exit=3 a0=8e0bec0 a1=8000 a2=0 a3=8000 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778716.267:13473): avc: denied { write } for pid=14973 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778716.267:13473): arch=40000003 syscall=5 success=yes exit=3 a0=8e0bec0 a1=8201 a2=0 a3=8201 items=0 ppid=14970 pid=14973 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=CRED_DISP msg=audit(1163778716.267:13474): user pid=14970 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1163778716.271:13475): avc: denied { search } for pid=14970 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=AVC msg=audit(1163778716.271:13475): avc: denied { search } for pid=14970 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key
+type=AVC msg=audit(1163778716.271:13475): avc: denied { write } for pid=14970 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=SYSCALL msg=audit(1163778716.271:13475): arch=40000003 syscall=288 success=yes exit=0 a0=3 a1=2abd1691 a2=1f4 a3=0 items=0 ppid=1 pid=14970 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778719.635:13476): avc: denied { write } for pid=15931 comm="gnome-session" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163778719.635:13476): avc: denied { add_name } for pid=15931 comm="gnome-session" name="15931" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163778719.635:13476): avc: denied { create } for pid=15931 comm="gnome-session" name="15931" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163778719.635:13476): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf9a36d0 a2=df7770 a3=0 items=0 ppid=3285 pid=15931 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778719.643:13477): avc: denied { read } for pid=15931 comm="gnome-session" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778719.643:13477): arch=40000003 syscall=5 success=yes exit=16 a0=84ee908 a1=0 a2=1b6 a3=84ee930 items=0 ppid=3285 pid=15931 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778719.643:13478): avc: denied { write } for pid=15931 comm="gnome-session" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778719.643:13478): arch=40000003 syscall=5 success=yes exit=16 a0=84ee908 a1=241 a2=1b6 a3=84f6f10 items=0 ppid=3285 pid=15931 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-session" exe="/usr/bin/gnome-session" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778719.711:13479): avc: denied { read write } for pid=16006 comm="gnome-settings-" name="[169926]" dev=sockfs ino=169926 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=netlink_selinux_socket
+type=SYSCALL msg=audit(1163778719.711:13479): arch=40000003 syscall=11 success=yes exit=0 a0=8ea5760 a1=8ea5098 a2=8ea58c8 a3=8ea50e0 items=0 ppid=16005 pid=16006 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-settings-" exe="/usr/libexec/gnome-settings-daemon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778719.711:13479): path="socket:[169926]"
+type=AVC msg=audit(1163778719.711:13480): avc: denied { sigchld } for pid=16005 comm="dbus-daemon" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778719.711:13480): arch=40000003 syscall=7 success=yes exit=0 a0=3e86 a1=bff51b38 a2=1 a3=3e86 items=0 ppid=15987 pid=16005 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163778720.219:13481): avc: denied { read } for pid=16015 comm="esd" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778720.219:13481): arch=40000003 syscall=5 success=yes exit=14 a0=9e6e258 a1=0 a2=1b6 a3=9e6e278 items=0 ppid=1 pid=16015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="esd" exe="/usr/bin/esd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778724.264:13482): avc: denied { write } for pid=16425 comm="metacity" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163778724.264:13482): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff4a550 a2=df7770 a3=16 items=0 ppid=1 pid=16425 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="metacity" exe="/usr/bin/metacity" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778724.784:13483): avc: denied { execute } for pid=16446 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778724.784:13483): arch=40000003 syscall=33 success=yes exit=0 a0=948f880 a1=1 a2=11 a3=948f880 items=0 ppid=1 pid=16446 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778724.784:13484): avc: denied { read } for pid=16446 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778724.784:13484): arch=40000003 syscall=33 success=yes exit=0 a0=948f880 a1=4 a2=ffffffff a3=948f880 items=0 ppid=1 pid=16446 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagle-search" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778724.784:13485): avc: denied { execute_no_trans } for pid=16446 comm="beagle-search" name="mono" dev=dm-0 ino=10321084 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:mono_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778724.784:13485): arch=40000003 syscall=11 success=yes exit=0 a0=948f698 a1=948f868 a2=948ff70 a3=948f868 items=0 ppid=1 pid=16446 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778724.784:13485): path="/usr/bin/mono"
+type=AVC msg=audit(1163778724.788:13486): avc: denied { execheap } for pid=16446 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=AVC msg=audit(1163778724.788:13486): avc: denied { execmem } for pid=16446 comm="mono" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778724.788:13486): arch=40000003 syscall=125 success=yes exit=0 a0=95a7000 a1=1000 a2=7 a3=1 items=0 ppid=1 pid=16446 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mono" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778726.308:13487): avc: denied { ioctl } for pid=16476 comm="pam_timestamp_c" name="[169789]" dev=pipefs ino=169789 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1163778726.308:13487): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfded278 a3=bfded2b8 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778726.308:13487): path="pipe:[169789]"
+type=AVC msg=audit(1163778726.852:13488): avc: denied { dac_override } for pid=12248 comm="cupsd" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163778726.852:13488): avc: denied { write } for pid=12248 comm="cupsd" name="certs" dev=dm-0 ino=14534810 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163778726.852:13488): avc: denied { remove_name } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163778726.852:13488): avc: denied { unlink } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778726.852:13488): arch=40000003 syscall=10 success=yes exit=0 a0=bfb167c8 a1=0 a2=927ff4 a3=bfb167c8 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778726.884:13489): avc: denied { add_name } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163778726.884:13489): avc: denied { create } for pid=12248 comm="cupsd" name="0" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778726.884:13489): arch=40000003 syscall=5 success=yes exit=9 a0=bfb167c8 a1=80c1 a2=100 a3=80c1 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778726.884:13490): avc: denied { setattr } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778726.884:13490): arch=40000003 syscall=94 success=yes exit=0 a0=9 a1=120 a2=927ff4 a3=21 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778726.884:13491): avc: denied { write } for pid=12248 comm="cupsd" name="0" dev=dm-0 ino=14534809 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:cupsd_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778726.884:13491): arch=40000003 syscall=4 success=yes exit=32 a0=9 a1=911d500 a2=20 a3=911d500 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778726.884:13491): path="/var/run/cups/certs/0"
+type=AVC msg=audit(1163778726.884:13492): avc: denied { append } for pid=12248 comm="cupsd" name="access_log" dev=dm-0 ino=14437015 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:cupsd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778726.884:13492): arch=40000003 syscall=4 success=yes exit=100 a0=8 a1=913d9b0 a2=64 a3=64 items=0 ppid=1 pid=12248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cupsd" exe="/usr/sbin/cupsd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778726.884:13492): path="/var/log/cups/access_log"
+type=USER_AVC msg=audit(1163778726.952:13493): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778726.952:13494): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getDevices dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778726.952:13495): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getWirelessEnabled dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778726.952:13496): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=getDialup dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778726.952:13497): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnections dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.656:13498): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getNetworks dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13499): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnections dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13500): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13501): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13502): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13503): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.NetworkManager.NoDialup dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13504): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.660:13505): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.NetworkManagerInfo.NoNetworks dest=:1.6 spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.848:13506): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.848:13507): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getProperties dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778727.848:13508): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnectionProperties dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163778728.948:13509): avc: denied { net_admin } for pid=6687 comm="NetworkManager" capability=12 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163778728.948:13509): arch=40000003 syscall=54 success=no exit=-95 a0=e a1=8946 a2=bfaf3328 a3=8502ed8 items=0 ppid=1 pid=6687 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AVC msg=audit(1163778728.952:13510): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManagerInfo member=getVPNConnectionProperties dest=org.freedesktop.NetworkManagerInfo spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.952:13511): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.952:13512): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.980:13513): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.6 spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.980:13514): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.Devices member=getDriver dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.984:13515): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager.VPNConnections member=VPNConnectionUpdate dest=org.freedesktop.DBus spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.984:13516): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.984:13517): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager.VPNConnections member=getVPNConnectionProperties dest=org.freedesktop.NetworkManager spid=16462 tpid=6687 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=USER_AVC msg=audit(1163778728.988:13518): user pid=6659 uid=81 auid=500 subj=staff_u:staff_r:staff_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.35 spid=6687 tpid=16462 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
+type=AVC msg=audit(1163778782.323:13519): avc: denied { name_bind } for pid=16535 comm="synergys" src=24800 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163778782.323:13519): avc: denied { node_bind } for pid=16535 comm="synergys" src=24800 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163778782.323:13519): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bffefb90 a2=90400d8 a3=80b1220 items=0 ppid=16509 pid=16535 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="synergys" exe="/usr/bin/synergys" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778813.085:13520): avc: denied { read } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778813.085:13520): arch=40000003 syscall=33 success=yes exit=0 a0=bfad6fcb a1=4 a2=33ea64 a3=bfad6fcb items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163778813.085:13521): avc: denied { getattr } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778813.085:13521): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfad46dc a2=10b0ff4 a3=977bd70 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778813.085:13521): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163778820.602:13522): avc: denied { getattr } for pid=16583 comm="ps" name="tty1" dev=tmpfs ino=1444 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778820.602:13522): arch=40000003 syscall=195 success=yes exit=0 a0=c62840 a1=bffa615c a2=7b0ff4 a3=bffa615c items=0 ppid=16562 pid=16583 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778820.602:13522): path="/dev/tty1"
+type=AVC msg=audit(1163778820.606:13523): avc: denied { ptrace } for pid=16583 comm="ps" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778820.606:13523): arch=40000003 syscall=85 success=yes exit=10 a0=bffa6198 a1=c62840 a2=7f a3=bffa6198 items=0 ppid=16562 pid=16583 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="ps" exe="/bin/ps" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163778845.195:13524): user pid=16587 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163778845.195:13525): user pid=16587 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163778845.195:13526): avc: denied { search } for pid=16587 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778845.195:13526): arch=40000003 syscall=5 success=no exit=-2 a0=bf842ce8 a1=8000 a2=1b6 a3=9a649a8 items=0 ppid=16562 pid=16587 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778845.203:13527): avc: denied { write } for pid=16588 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.203:13527): arch=40000003 syscall=33 success=yes exit=0 a0=bfffc987 a1=2 a2=bfffb020 a3=0 items=0 ppid=16587 pid=16588 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.203:13528): avc: denied { read } for pid=16588 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.203:13528): arch=40000003 syscall=5 success=yes exit=2 a0=bfffc987 a1=0 a2=1b6 a3=8cf7008 items=0 ppid=16587 pid=16588 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.203:13529): avc: denied { getattr } for pid=16588 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.203:13529): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfffad6c a2=711ff4 a3=8cf7008 items=0 ppid=16587 pid=16588 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778845.203:13529): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163778845.207:13530): avc: denied { write } for pid=16587 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778845.207:13530): avc: denied { add_name } for pid=16587 comm="su" name=".xauthI7R4Id" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778845.207:13530): avc: denied { create } for pid=16587 comm="su" name=".xauthI7R4Id" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.207:13530): arch=40000003 syscall=5 success=yes exit=4 a0=9a64acb a1=80c2 a2=180 a3=80c2 items=0 ppid=16562 pid=16587 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778845.207:13531): avc: denied { setattr } for pid=16587 comm="su" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.207:13531): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=1475bf items=0 ppid=16562 pid=16587 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163778845.207:13532): avc: denied { search } for pid=16589 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778845.207:13532): arch=40000003 syscall=195 success=no exit=-2 a0=bfca0f97 a1=bfca0aac a2=24bff4 a3=bfca0aac items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.207:13533): avc: denied { write } for pid=16589 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778845.207:13533): avc: denied { add_name } for pid=16589 comm="xauth" name=".xauthI7R4Id-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778845.207:13533): avc: denied { create } for pid=16589 comm="xauth" name=".xauthI7R4Id-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.207:13533): arch=40000003 syscall=5 success=yes exit=2 a0=bfca0f97 a1=c1 a2=180 a3=ffffffff items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.207:13534): avc: denied { link } for pid=16589 comm="xauth" name=".xauthI7R4Id-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.207:13534): arch=40000003 syscall=9 success=yes exit=0 a0=bfca0f97 a1=bfca0b96 a2=da3a64 a3=2 items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.211:13535): avc: denied { write } for pid=16589 comm="xauth" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.211:13535): arch=40000003 syscall=33 success=yes exit=0 a0=bfca2983 a1=2 a2=bfca14c0 a3=0 items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.211:13536): avc: denied { read } for pid=16589 comm="xauth" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.211:13536): arch=40000003 syscall=5 success=yes exit=2 a0=bfca2983 a1=0 a2=1b6 a3=8879008 items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163778845.211:13537): avc: denied { getattr } for pid=16589 comm="xauth" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.211:13537): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfca120c a2=24bff4 a3=8879008 items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778845.211:13537): path="/root/.xauthI7R4Id"
+type=AVC msg=audit(1163778845.211:13538): avc: denied { remove_name } for pid=16589 comm="xauth" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163778845.211:13538): avc: denied { unlink } for pid=16589 comm="xauth" name=".xauthI7R4Id" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.211:13538): arch=40000003 syscall=10 success=yes exit=0 a0=8879008 a1=1000 a2=0 a3=887908a items=0 ppid=16587 pid=16589 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163778845.211:13539): user pid=16587 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=CRED_ACQ msg=audit(1163778845.211:13540): user pid=16587 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163778845.215:13541): avc: denied { read } for pid=16590 comm="bash" name=".bashrc" dev=dm-0 ino=13127142 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778845.215:13541): arch=40000003 syscall=5 success=yes exit=3 a0=924a880 a1=8000 a2=0 a3=8000 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778851.459:13542): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778851.459:13542): arch=40000003 syscall=3 success=yes exit=59 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778851.459:13542): path="/dev/net/tun"
+type=AVC msg=audit(1163778851.483:13543): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778851.483:13543): arch=40000003 syscall=4 success=yes exit=126 a0=4 a1=805c570 a2=7e a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778851.483:13543): path="/dev/net/tun"
+type=USER_AUTH msg=audit(1163778852.648:13544): user pid=16610 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163778852.648:13545): user pid=16610 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163778885.902:13546): avc: denied { execute } for pid=16541 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778885.902:13546): arch=40000003 syscall=192 success=yes exit=62861312 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778885.902:13546): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163778885.906:13547): avc: denied { read } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778885.906:13547): arch=40000003 syscall=33 success=yes exit=0 a0=bfad6fcb a1=4 a2=33ea64 a3=bfad6fcb items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163778885.906:13548): avc: denied { getattr } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778885.906:13548): arch=40000003 syscall=197 success=yes exit=0 a0=38 a1=bfad1a5c a2=10b0ff4 a3=b057cc8 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778885.906:13548): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163778908.935:13549): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778908.935:13549): arch=40000003 syscall=3 success=yes exit=64 a0=21 a1=baaa9b0 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778908.935:13549): path="inotify"
+type=AVC msg=audit(1163778910.427:13550): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778910.427:13550): arch=40000003 syscall=3 success=yes exit=40 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778910.427:13550): path="/dev/net/tun"
+type=AVC msg=audit(1163778910.463:13551): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163778910.463:13551): arch=40000003 syscall=4 success=yes exit=40 a0=4 a1=805c570 a2=28 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778910.463:13551): path="/dev/net/tun"
+type=USER_CHAUTHTOK msg=audit(1163778947.493:13552): user pid=16655 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=adding user acct=rpcuser exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/2 res=failed)'
+type=AVC msg=audit(1163778951.302:13553): avc: denied { read } for pid=16666 comm="gnome-terminal" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778951.302:13553): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb0dd5 a1=4 a2=da3a64 a3=bfdb0dd5 items=0 ppid=1 pid=16666 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778951.522:13554): avc: denied { write } for pid=16666 comm="gnome-terminal" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163778951.522:13554): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfdaed10 a2=df7770 a3=16 items=0 ppid=1 pid=16666 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778951.522:13555): avc: denied { read } for pid=16666 comm="gnome-terminal" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778951.522:13555): arch=40000003 syscall=33 success=yes exit=0 a0=9feea38 a1=4 a2=df7770 a3=9feea38 items=0 ppid=1 pid=16666 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778955.538:13556): avc: denied { execmem } for pid=16690 comm="gcj-dbtool" scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=staff_u:sysadm_r:rpm_script_t:s0 tclass=process
+type=SYSCALL msg=audit(1163778955.538:13556): arch=40000003 syscall=192 success=yes exit=4096 a0=1000 a1=10000 a2=7 a3=22 items=0 ppid=16689 pid=16690 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:sysadm_r:rpm_script_t:s0 key=(null)
+type=AVC msg=audit(1163778957.002:13557): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778957.002:13557): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778957.002:13557): path="/var/run/utmp"
+type=AVC msg=audit(1163778960.194:13558): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778960.194:13558): arch=40000003 syscall=3 success=yes exit=512 a0=21 a1=baaa9b0 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163778960.194:13558): path="inotify"
+type=AVC msg=audit(1163778977.619:13559): avc: denied { write } for pid=16716 comm="gnome-backgroun" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163778977.619:13559): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf97d9c0 a2=24b770 a3=16 items=0 ppid=1 pid=16716 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-backgroun" exe="/usr/bin/gnome-background-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778988.364:13560): avc: denied { write } for pid=16722 comm="nautilus" name=".recently-used.xbel" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163778988.364:13560): arch=40000003 syscall=33 success=yes exit=0 a0=8e43740 a1=6 a2=7a7708 a3=d8db59 items=0 ppid=1 pid=16722 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163778989.728:13561): avc: denied { read write } for pid=16722 comm="nautilus" name=".gnupg" dev=dm-0 ino=6814310 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_gpg_secret_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163778989.728:13561): arch=40000003 syscall=33 success=yes exit=0 a0=8e43740 a1=6 a2=7a7708 a3=d8db59 items=0 ppid=1 pid=16722 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163779140.914:13562): avc: denied { read } for pid=16431 comm="nautilus" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779140.914:13562): arch=40000003 syscall=33 success=yes exit=0 a0=bf971e36 a1=4 a2=da3a64 a3=bf971e36 items=0 ppid=1 pid=16431 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_CHAUTHTOK msg=audit(1163779141.706:13563): user pid=16751 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=adding user acct=nscd exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=? res=failed)'
+type=SELINUX_ERR msg=audit(1163779144.550:13564): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779144.550:13564): arch=40000003 syscall=11 success=yes exit=0 a0=bfa32bd9 a1=bfa31c98 a2=9df6858 a3=5 items=0 ppid=16756 pid=16763 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="yum-updatesd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779145.310:13565): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779145.310:13565): arch=40000003 syscall=4 success=yes exit=40 a0=4 a1=805c570 a2=28 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779145.310:13565): path="/dev/net/tun"
+type=AVC msg=audit(1163779145.350:13566): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779145.350:13566): arch=40000003 syscall=3 success=yes exit=40 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779145.350:13566): path="/dev/net/tun"
+type=AVC msg=audit(1163779174.000:13567): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779174.000:13567): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779174.000:13567): path="/var/run/utmp"
+type=AVC msg=audit(1163779194.521:13568): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779194.521:13568): arch=40000003 syscall=3 success=yes exit=432 a0=21 a1=b3f42a8 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779194.521:13568): path="inotify"
+type=USER_ACCT msg=audit(1163779202.669:13569): user pid=16786 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163779202.669:13570): login pid=16786 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163779202.681:13571): user pid=16786 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163779202.681:13572): user pid=16786 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163779202.685:13573): avc: denied { execute } for pid=16787 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163779202.685:13573): avc: denied { execute_no_trans } for pid=16787 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779202.685:13573): arch=40000003 syscall=11 success=yes exit=0 a0=97631b0 a1=9763358 a2=9763290 a3=9763008 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779202.685:13573): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163779202.865:13574): avc: denied { execute } for pid=16787 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163779202.865:13574): avc: denied { execute_no_trans } for pid=16787 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163779202.865:13574): avc: denied { read } for pid=16787 comm="sa1" name="sadc" dev=dm-0 ino=11981401 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779202.865:13574): arch=40000003 syscall=11 success=yes exit=0 a0=9a42d48 a1=9a42740 a2=9a42d60 a3=9a42740 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779202.865:13574): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163779202.865:13574): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163779203.349:13575): avc: denied { search } for pid=16787 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163779203.349:13575): avc: denied { read } for pid=16787 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.349:13575): arch=40000003 syscall=5 success=yes exit=3 a0=8050371 a1=0 a2=1b6 a3=900a7f8 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779203.353:13576): avc: denied { getattr } for pid=16787 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.353:13576): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfdb5fe8 a2=92cff4 a3=900a7f8 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779203.353:13576): path="/proc/net/dev"
+type=AVC msg=audit(1163779203.353:13577): avc: denied { search } for pid=16787 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779203.353:13577): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb6394 a1=0 a2=bfdb6288 a3=bfdb6290 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779203.581:13578): avc: denied { read append } for pid=16787 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.581:13578): arch=40000003 syscall=5 success=yes exit=3 a0=bfdb6394 a1=402 a2=bfdb6558 a3=bfdb6290 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779203.681:13579): avc: denied { search } for pid=16787 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163779203.681:13579): avc: denied { read } for pid=16787 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.681:13579): arch=40000003 syscall=5 success=yes exit=4 a0=805037f a1=0 a2=1b6 a3=900b348 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779203.681:13580): avc: denied { getattr } for pid=16787 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.681:13580): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfdb5e40 a2=92cff4 a3=900b348 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779203.681:13580): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163779203.681:13581): avc: denied { search } for pid=16787 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779203.681:13581): arch=40000003 syscall=5 success=no exit=-2 a0=80502a5 a1=0 a2=1b6 a3=900b348 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779203.681:13582): avc: denied { lock } for pid=16787 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779203.681:13582): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfdb6290 a3=3 items=0 ppid=16786 pid=16787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779203.681:13582): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163779204.742:13583): user pid=16786 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163779204.742:13584): user pid=16786 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_CHAUTHTOK msg=audit(1163779227.311:13585): user pid=16808 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=adding user acct=gdm exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=? res=failed)'
+type=USER_CHAUTHTOK msg=audit(1163779227.419:13586): user pid=16809 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=changing user shell acct=gdm exe="/usr/sbin/usermod" (hostname=?, addr=?, terminal=? res=success)'
+type=SELINUX_ERR msg=audit(1163779227.419:13587): security_compute_sid: invalid context staff_u:system_r:nscd_t:s0 for scontext=staff_u:sysadm_r:useradd_t:s0 tcontext=system_u:object_r:nscd_exec_t:s0 tclass=process
+type=AVC msg=audit(1163779227.419:13587): avc: denied { transition } for pid=16810 comm="usermod" name="nscd" dev=dm-0 ino=10327130 scontext=staff_u:sysadm_r:useradd_t:s0 tcontext=staff_u:system_r:nscd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779227.419:13587): arch=40000003 syscall=11 success=yes exit=0 a0=8055a15 a1=bfc38ff4 a2=bfc39008 a3=0 items=0 ppid=16809 pid=16810 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/usr/sbin/nscd" subj=staff_u:system_r:nscd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779227.419:13587): path="/usr/sbin/nscd"
+type=SELINUX_ERR msg=audit(1163779227.571:13588): security_compute_sid: invalid context staff_u:system_r:nscd_t:s0 for scontext=staff_u:sysadm_r:useradd_t:s0 tcontext=system_u:object_r:nscd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779227.571:13588): arch=40000003 syscall=11 success=yes exit=0 a0=8055a15 a1=bfc38ff4 a2=bfc39008 a3=0 items=0 ppid=16809 pid=16811 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/usr/sbin/nscd" subj=staff_u:system_r:nscd_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779227.611:13589): security_compute_sid: invalid context staff_u:system_r:nscd_t:s0 for scontext=staff_u:sysadm_r:useradd_t:s0 tcontext=system_u:object_r:nscd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779227.611:13589): arch=40000003 syscall=11 success=yes exit=0 a0=8055a15 a1=bfc38b94 a2=bfc38ba8 a3=0 items=0 ppid=16809 pid=16812 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/usr/sbin/nscd" subj=staff_u:system_r:nscd_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779227.615:13590): security_compute_sid: invalid context staff_u:system_r:nscd_t:s0 for scontext=staff_u:sysadm_r:useradd_t:s0 tcontext=system_u:object_r:nscd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779227.615:13590): arch=40000003 syscall=11 success=yes exit=0 a0=8055a15 a1=bfc38b94 a2=bfc38ba8 a3=0 items=0 ppid=16809 pid=16813 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/usr/sbin/nscd" subj=staff_u:system_r:nscd_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163779261.749:13591): user pid=16823 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163779261.753:13592): login pid=16823 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163779261.753:13593): user pid=16823 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163779261.753:13594): user pid=16823 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163779261.969:13595): avc: denied { getattr } for pid=16824 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779261.969:13595): arch=40000003 syscall=195 success=yes exit=0 a0=9957120 a1=bf8ec1a0 a2=255ff4 a3=9957120 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779261.969:13595): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163779261.997:13596): avc: denied { execute } for pid=16824 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779261.997:13596): arch=40000003 syscall=33 success=yes exit=0 a0=9957120 a1=1 a2=11 a3=9957120 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779261.997:13597): avc: denied { read } for pid=16824 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779261.997:13597): arch=40000003 syscall=33 success=yes exit=0 a0=9957120 a1=4 a2=ffffffff a3=9957120 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779261.997:13598): avc: denied { execute_no_trans } for pid=16824 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779261.997:13598): arch=40000003 syscall=11 success=yes exit=0 a0=9957120 a1=99573d8 a2=99572f8 a3=9956f98 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779261.997:13598): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163779262.005:13599): avc: denied { ioctl } for pid=16824 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.005:13599): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf873358 a3=bf873398 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779262.005:13599): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163779262.017:13600): avc: denied { execute } for pid=16824 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.017:13600): arch=40000003 syscall=33 success=yes exit=0 a0=8e61990 a1=1 a2=1 a3=8e61c98 items=0 ppid=16823 pid=16824 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779262.017:13601): avc: denied { execute_no_trans } for pid=16825 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.017:13601): arch=40000003 syscall=11 success=yes exit=0 a0=8e61a10 a1=8e61ad8 a2=8e61ae8 a3=8e61758 items=0 ppid=16824 pid=16825 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779262.017:13601): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1163779262.029:13602): avc: denied { execute } for pid=16827 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163779262.029:13602): avc: denied { execute_no_trans } for pid=16827 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163779262.029:13602): avc: denied { read } for pid=16827 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.029:13602): arch=40000003 syscall=11 success=yes exit=0 a0=9563678 a1=9563808 a2=9563720 a3=9563508 items=0 ppid=16825 pid=16827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779262.029:13602): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1163779262.029:13602): path="/sbin/chkconfig"
+type=AVC msg=audit(1163779262.033:13603): avc: denied { read } for pid=16827 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.033:13603): arch=40000003 syscall=5 success=yes exit=3 a0=bfc6ff30 a1=0 a2=ffffffff a3=9971038 items=0 ppid=16825 pid=16827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779262.033:13604): avc: denied { getattr } for pid=16827 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779262.033:13604): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfc6fe9c a2=2e8ff4 a3=bfc6fe9c items=0 ppid=16825 pid=16827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779262.033:13604): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1163779262.573:13605): user pid=16823 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163779262.573:13606): user pid=16823 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163779304.352:13607): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779304.352:13607): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779304.352:13607): path="/dev/net/tun"
+type=AVC msg=audit(1163779304.392:13608): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779304.392:13608): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779304.392:13608): path="/dev/net/tun"
+type=AVC msg=audit(1163779328.941:13609): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163779328.941:13609): arch=40000003 syscall=100 success=yes exit=0 a0=18 a1=bfcd52ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=USER_CHAUTHTOK msg=audit(1163779333.554:13610): user pid=16916 uid=0 auid=500 subj=staff_u:sysadm_r:useradd_t:s0 msg='op=adding user acct=sshd exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=pts/2 res=failed)'
+type=AVC msg=audit(1163779370.000:13611): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779370.000:13611): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779370.000:13611): path="/var/run/utmp"
+type=AVC msg=audit(1163779392.621:13612): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779392.621:13612): arch=40000003 syscall=3 success=yes exit=864 a0=21 a1=b3f42a8 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779392.621:13612): path="inotify"
+type=SELINUX_ERR msg=audit(1163779436.236:13613): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.236:13613): arch=40000003 syscall=11 success=yes exit=0 a0=bf8b2bd7 a1=bf8b2318 a2=87de858 a3=5 items=0 ppid=17379 pid=17386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="setroubleshoot" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.260:13614): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.260:13614): arch=40000003 syscall=11 success=yes exit=0 a0=8c5e0f0 a1=8c76418 a2=8c69620 a3=8c77300 items=0 ppid=17386 pid=17391 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="selinuxenabled" exe="/usr/sbin/selinuxenabled" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.312:13615): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.312:13615): arch=40000003 syscall=11 success=yes exit=0 a0=8c77d18 a1=8c5d0a8 a2=8c69620 a3=8c77ea8 items=0 ppid=17386 pid=17392 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="id" exe="/usr/bin/id" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.420:13616): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.420:13616): arch=40000003 syscall=11 success=yes exit=0 a0=8c7b210 a1=8c5d010 a2=8c69620 a3=8c7b560 items=0 ppid=17393 pid=17394 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.464:13617): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.464:13617): arch=40000003 syscall=11 success=yes exit=0 a0=8c7ba60 a1=8c7bf10 a2=8c69620 a3=8c7b560 items=0 ppid=17393 pid=17395 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.516:13618): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.516:13618): arch=40000003 syscall=11 success=yes exit=0 a0=8c7b1e0 a1=8c7aed8 a2=8c69620 a3=8c7b5c0 items=0 ppid=17386 pid=17396 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rhgb-client" exe="/usr/bin/rhgb-client" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.560:13619): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.560:13619): arch=40000003 syscall=11 success=yes exit=0 a0=8c7af38 a1=8c7a9f8 a2=8c69620 a3=8c7a888 items=0 ppid=17386 pid=17397 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.584:13620): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.584:13620): arch=40000003 syscall=11 success=yes exit=0 a0=8c612b8 a1=8c61288 a2=8c69620 a3=8c611d0 items=0 ppid=17386 pid=17398 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.616:13621): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.616:13621): arch=40000003 syscall=11 success=yes exit=0 a0=8c69870 a1=8c61a78 a2=8c69620 a3=8c78d80 items=0 ppid=17386 pid=17399 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779436.620:13622): security_compute_sid: invalid context staff_u:system_r:setroubleshootd_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:setroubleshootd_exec_t:s0 tclass=process
+type=AVC msg=audit(1163779436.620:13622): avc: denied { transition } for pid=17400 comm="bash" name="setroubleshootd" dev=dm-0 ino=10317833 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=staff_u:system_r:setroubleshootd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779436.620:13622): arch=40000003 syscall=11 success=yes exit=0 a0=85c3670 a1=85c3c38 a2=85c3b78 a3=85c35f0 items=0 ppid=17399 pid=17400 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="setroubleshootd" exe="/usr/bin/python" subj=staff_u:system_r:setroubleshootd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779436.620:13622): path="/usr/sbin/setroubleshootd"
+type=SELINUX_ERR msg=audit(1163779437.084:13623): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779437.084:13623): arch=40000003 syscall=11 success=yes exit=0 a0=8c5f6f8 a1=8c78818 a2=8c69620 a3=8c5f4d8 items=0 ppid=17386 pid=17402 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779438.396:13624): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779438.396:13624): arch=40000003 syscall=3 success=yes exit=384 a0=21 a1=b3f42a8 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779438.396:13624): path="inotify"
+type=AVC msg=audit(1163779438.916:13625): avc: denied { read } for pid=16431 comm="nautilus" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779438.916:13625): arch=40000003 syscall=33 success=yes exit=0 a0=bf971e36 a1=4 a2=da3a64 a3=bf971e36 items=0 ppid=1 pid=16431 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163779440.000:13626): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779440.000:13626): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779440.000:13626): path="/var/run/utmp"
+type=AVC msg=audit(1163779467.294:13627): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779467.294:13627): arch=40000003 syscall=3 success=yes exit=63 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779467.294:13627): path="/dev/net/tun"
+type=AVC msg=audit(1163779467.334:13628): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779467.334:13628): arch=40000003 syscall=4 success=yes exit=133 a0=4 a1=805c570 a2=85 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779467.334:13628): path="/dev/net/tun"
+type=SELINUX_ERR msg=audit(1163779469.862:13629): security_compute_sid: invalid context staff_u:system_r:setroubleshootd_t:s0 for scontext=staff_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779469.862:13629): arch=40000003 syscall=11 success=yes exit=0 a0=5696a4 a1=b79fbbfc a2=bfcd0364 a3=400 items=0 ppid=17401 pid=17409 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sh" exe="/bin/bash" subj=staff_u:system_r:setroubleshootd_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779470.006:13630): security_compute_sid: invalid context staff_u:system_r:setroubleshootd_t:s0 for scontext=staff_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779470.006:13630): arch=40000003 syscall=11 success=yes exit=0 a0=855a690 a1=855a9b0 a2=855a8e0 a3=855a598 items=0 ppid=17409 pid=17410 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="uname" exe="/bin/uname" subj=staff_u:system_r:setroubleshootd_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779491.795:13631): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779491.795:13631): arch=40000003 syscall=11 success=yes exit=0 a0=bf8fcbe0 a1=bf8fb368 a2=85cd858 a3=5 items=0 ppid=17418 pid=17425 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dhcpd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779491.903:13632): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779491.903:13632): arch=40000003 syscall=11 success=yes exit=0 a0=bfbedbdd a1=bfbec688 a2=977f858 a3=5 items=0 ppid=17431 pid=17438 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="dhcrelay" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779492.372:13633): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779492.372:13633): arch=40000003 syscall=11 success=yes exit=0 a0=bf82dbdc a1=bf82d298 a2=9648858 a3=5 items=0 ppid=17445 pid=17452 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="mdmonitor" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779492.424:13634): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779492.424:13634): arch=40000003 syscall=11 success=yes exit=0 a0=bfeacbe0 a1=bfeac118 a2=9056858 a3=5 items=0 ppid=17457 pid=17464 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="mdmpd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779496.260:13635): avc: denied { read } for pid=16431 comm="nautilus" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779496.260:13635): arch=40000003 syscall=33 success=yes exit=0 a0=bf971e36 a1=4 a2=da3a64 a3=bf971e36 items=0 ppid=1 pid=16431 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.453:13636): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.453:13636): arch=40000003 syscall=11 success=yes exit=0 a0=bfff4be1 a1=bfff3a68 a2=9cc9858 a3=5 items=0 ppid=17483 pid=17490 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.481:13637): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.481:13637): arch=40000003 syscall=11 success=yes exit=0 a0=840de80 a1=83f63b0 a2=8402ad8 a3=83f61a8 items=0 ppid=17496 pid=17497 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="runlevel" exe="/sbin/runlevel" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.541:13638): security_compute_sid: invalid context staff_u:system_r:sshd_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=process
+type=AVC msg=audit(1163779508.541:13638): avc: denied { transition } for pid=17498 comm="sshd" name="sshd" dev=dm-0 ino=11066006 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=staff_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163779508.541:13638): arch=40000003 syscall=11 success=yes exit=0 a0=84131f8 a1=8413210 a2=8402ad8 a3=8413098 items=0 ppid=17490 pid=17498 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779508.541:13638): path="/usr/sbin/sshd"
+type=AVC msg=audit(1163779508.693:13639): avc: denied { write } for pid=8872 comm="sshd" name="run" dev=dm-0 ino=14436616 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163779508.693:13639): avc: denied { remove_name } for pid=8872 comm="sshd" name="sshd.pid" dev=dm-0 ino=14436996 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163779508.693:13639): avc: denied { unlink } for pid=8872 comm="sshd" name="sshd.pid" dev=dm-0 ino=14436996 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779508.693:13639): arch=40000003 syscall=10 success=yes exit=0 a0=dd8459 a1=1 a2=dec7ac a3=ffffffff items=0 ppid=1 pid=8872 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.701:13640): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.701:13640): arch=40000003 syscall=11 success=yes exit=0 a0=8417d80 a1=8417350 a2=8402ad8 a3=8417d58 items=0 ppid=17490 pid=17500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.821:13641): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.821:13641): arch=40000003 syscall=11 success=yes exit=0 a0=8416f50 a1=8413898 a2=8402ad8 a3=84167a8 items=0 ppid=17490 pid=17501 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.825:13642): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.825:13642): arch=40000003 syscall=11 success=yes exit=0 a0=8416d58 a1=84137d0 a2=8402ad8 a3=8413648 items=0 ppid=17490 pid=17502 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779508.841:13643): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779508.841:13643): arch=40000003 syscall=11 success=yes exit=0 a0=8416550 a1=8413490 a2=8402ad8 a3=8412d38 items=0 ppid=17490 pid=17503 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sleep" exe="/bin/sleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779511.873:13644): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779511.873:13644): arch=40000003 syscall=11 success=yes exit=0 a0=83fa250 a1=8413068 a2=8402ad8 a3=84133d8 items=0 ppid=17490 pid=17504 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="cp" exe="/bin/cp" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779511.905:13645): avc: denied { setfscreate } for pid=17504 comm="cp" scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=staff_u:sysadm_r:initrc_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779511.905:13645): arch=40000003 syscall=4 success=yes exit=30 a0=3 a1=8e23088 a2=1e a3=a2f748 items=0 ppid=17490 pid=17504 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="cp" exe="/bin/cp" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779511.905:13646): avc: denied { relabelfrom } for pid=17504 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=AVC msg=audit(1163779511.905:13646): avc: denied { relabelto } for pid=17504 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779511.905:13646): arch=40000003 syscall=228 success=yes exit=0 a0=4 a1=a2f0d3 a2=8e23088 a3=1e items=0 ppid=17490 pid=17504 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="cp" exe="/bin/cp" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779511.909:13647): avc: denied { setattr } for pid=17504 comm="cp" name="localtime" dev=dm-0 ino=14537075 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779511.909:13647): arch=40000003 syscall=271 success=yes exit=0 a0=bfe1f564 a1=bfe1f5cc a2=24bff4 a3=0 items=0 ppid=17490 pid=17504 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="cp" exe="/bin/cp" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779511.909:13648): security_compute_sid: invalid context staff_u:system_r:sshd_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779511.909:13648): arch=40000003 syscall=11 success=yes exit=0 a0=8415da0 a1=83fa1e0 a2=8402ad8 a3=83fa250 items=0 ppid=17490 pid=17505 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
+type=SELINUX_ERR msg=audit(1163779511.925:13649): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779511.925:13649): arch=40000003 syscall=11 success=yes exit=0 a0=84115a8 a1=83fa318 a2=8402ad8 a3=8413408 items=0 ppid=17490 pid=17507 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.241:13650): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.241:13650): arch=40000003 syscall=11 success=yes exit=0 a0=bfb8cbe1 a1=bfb8b5f8 a2=893d858 a3=5 items=0 ppid=17510 pid=17517 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.265:13651): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.265:13651): arch=40000003 syscall=11 success=yes exit=0 a0=8d0fe80 a1=8cf83b0 a2=8d04ad8 a3=8cf81a8 items=0 ppid=17523 pid=17524 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="runlevel" exe="/sbin/runlevel" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.269:13652): security_compute_sid: invalid context staff_u:system_r:sshd_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.269:13652): arch=40000003 syscall=11 success=yes exit=0 a0=8d151f8 a1=8d15210 a2=8d04ad8 a3=8d15098 items=0 ppid=17517 pid=17525 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.285:13653): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.285:13653): arch=40000003 syscall=11 success=yes exit=0 a0=8d19d80 a1=8d19380 a2=8d04ad8 a3=8d19de0 items=0 ppid=17517 pid=17527 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.393:13654): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.393:13654): arch=40000003 syscall=11 success=yes exit=0 a0=8d18cc8 a1=8d15898 a2=8d04ad8 a3=8d187a8 items=0 ppid=17517 pid=17528 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.397:13655): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.397:13655): arch=40000003 syscall=11 success=yes exit=0 a0=8d18d58 a1=8d157d0 a2=8d04ad8 a3=8d15648 items=0 ppid=17517 pid=17529 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779512.401:13656): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779512.401:13656): arch=40000003 syscall=11 success=yes exit=0 a0=8d18550 a1=8d15490 a2=8d04ad8 a3=8d14d38 items=0 ppid=17517 pid=17530 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sleep" exe="/bin/sleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779515.405:13657): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779515.405:13657): arch=40000003 syscall=11 success=yes exit=0 a0=8cfc250 a1=8d15068 a2=8d04ad8 a3=8d153d8 items=0 ppid=17517 pid=17531 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="cp" exe="/bin/cp" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779515.409:13658): security_compute_sid: invalid context staff_u:system_r:sshd_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sshd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779515.409:13658): arch=40000003 syscall=11 success=yes exit=0 a0=8d17da0 a1=8cfc1e0 a2=8d04ad8 a3=8cfc250 items=0 ppid=17517 pid=17532 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
+type=SELINUX_ERR msg=audit(1163779515.429:13659): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779515.429:13659): arch=40000003 syscall=11 success=yes exit=0 a0=8d135a8 a1=8cfc318 a2=8d04ad8 a3=8d15408 items=0 ppid=17517 pid=17534 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779535.862:13660): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779535.862:13660): arch=40000003 syscall=11 success=yes exit=0 a0=bfbd3be2 a1=bfbd2e48 a2=868e858 a3=5 items=0 ppid=17540 pid=17547 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="atd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779535.894:13661): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779535.894:13661): arch=40000003 syscall=11 success=yes exit=0 a0=875d988 a1=875d308 a2=874c268 a3=875d978 items=0 ppid=17547 pid=17552 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.002:13662): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.002:13662): arch=40000003 syscall=11 success=yes exit=0 a0=875daa8 a1=875d180 a2=874c268 a3=875c370 items=0 ppid=17547 pid=17553 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.006:13663): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.006:13663): arch=40000003 syscall=11 success=yes exit=0 a0=8742ac0 a1=8742aa8 a2=874c268 a3=87429f0 items=0 ppid=17547 pid=17554 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.010:13664): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.010:13664): arch=40000003 syscall=11 success=yes exit=0 a0=875cf48 a1=8743448 a2=874c268 a3=8744318 items=0 ppid=17547 pid=17555 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.014:13665): security_compute_sid: invalid context staff_u:system_r:crond_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:crond_exec_t:s0 tclass=process
+type=AVC msg=audit(1163779536.014:13665): avc: denied { transition } for pid=17556 comm="bash" name="atd" dev=dm-0 ino=10321554 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=staff_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163779536.014:13665): arch=40000003 syscall=11 success=yes exit=0 a0=8152670 a1=81527e8 a2=8152a70 a3=81525f0 items=0 ppid=17555 pid=17556 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="atd" exe="/usr/sbin/atd" subj=staff_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779536.014:13665): path="/usr/sbin/atd"
+type=SELINUX_ERR msg=audit(1163779536.058:13666): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.058:13666): arch=40000003 syscall=11 success=yes exit=0 a0=8744338 a1=8743d60 a2=874c268 a3=8744508 items=0 ppid=17547 pid=17558 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.530:13667): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.530:13667): arch=40000003 syscall=11 success=yes exit=0 a0=bf855be2 a1=bf8552c8 a2=8a54858 a3=5 items=0 ppid=17561 pid=17568 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="atd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.554:13668): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.554:13668): arch=40000003 syscall=11 success=yes exit=0 a0=8b23988 a1=8b23308 a2=8b12268 a3=8b23a00 items=0 ppid=17568 pid=17573 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.658:13669): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.658:13669): arch=40000003 syscall=11 success=yes exit=0 a0=8b23ac8 a1=8b23180 a2=8b12268 a3=8b22370 items=0 ppid=17568 pid=17574 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.662:13670): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.662:13670): arch=40000003 syscall=11 success=yes exit=0 a0=8b08ac0 a1=8b08aa8 a2=8b12268 a3=8b089f0 items=0 ppid=17568 pid=17575 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.666:13671): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.666:13671): arch=40000003 syscall=11 success=yes exit=0 a0=8b24198 a1=8b09448 a2=8b12268 a3=8b0a318 items=0 ppid=17568 pid=17576 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.670:13672): security_compute_sid: invalid context staff_u:system_r:crond_t:s0-s0:c0.c1023 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:crond_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.670:13672): arch=40000003 syscall=11 success=yes exit=0 a0=8b23670 a1=8b237e8 a2=8b23a70 a3=8b235f0 items=0 ppid=17576 pid=17577 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="atd" exe="/usr/sbin/atd" subj=staff_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=SELINUX_ERR msg=audit(1163779536.674:13673): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779536.674:13673): arch=40000003 syscall=11 success=yes exit=0 a0=8b0a338 a1=8b09d60 a2=8b12268 a3=8b0a508 items=0 ppid=17568 pid=17579 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779538.002:13674): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779538.002:13674): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779538.002:13674): path="/var/run/utmp"
+type=AVC msg=audit(1163779545.711:13675): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779545.711:13675): arch=40000003 syscall=4 success=yes exit=40 a0=4 a1=805c570 a2=28 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779545.711:13675): path="/dev/net/tun"
+type=AVC msg=audit(1163779549.167:13676): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779549.167:13676): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779549.167:13676): path="/dev/net/tun"
+type=SELINUX_ERR msg=audit(1163779552.803:13677): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779552.803:13677): arch=40000003 syscall=11 success=yes exit=0 a0=bf98abdf a1=bf989bf8 a2=9302858 a3=5 items=0 ppid=17597 pid=17604 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="autofs" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779552.835:13678): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779552.835:13678): arch=40000003 syscall=11 success=yes exit=0 a0=9996230 a1=9996398 a2=9997418 a3=99960d0 items=0 ppid=17604 pid=17605 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="basename" exe="/bin/basename" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779555.027:13679): avc: denied { execmem } for pid=17611 comm="gcj-dbtool" scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=staff_u:sysadm_r:rpm_script_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779555.027:13679): arch=40000003 syscall=192 success=yes exit=4096 a0=1000 a1=10000 a2=7 a3=22 items=0 ppid=17610 pid=17611 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="gcj-dbtool" exe="/usr/bin/gcj-dbtool" subj=staff_u:sysadm_r:rpm_script_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779566.768:13680): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779566.768:13680): arch=40000003 syscall=11 success=yes exit=0 a0=bf9e5be1 a1=bf9e5458 a2=897c858 a3=5 items=0 ppid=17651 pid=17658 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779567.416:13681): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779567.416:13681): arch=40000003 syscall=11 success=yes exit=0 a0=bfbc9be1 a1=bfbc8638 a2=95cb858 a3=5 items=0 ppid=17665 pid=17672 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nscd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779569.376:13682): avc: denied { read } for pid=16541 comm="firefox-bin" name="inotify" dev=inotifyfs ino=340 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779569.376:13682): arch=40000003 syscall=3 success=yes exit=416 a0=21 a1=b3f42a8 a2=400 a3=400 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779569.376:13682): path="inotify"
+type=SELINUX_ERR msg=audit(1163779592.862:13683): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779592.862:13683): arch=40000003 syscall=11 success=yes exit=0 a0=8a13448 a1=8a122a8 a2=8a13468 a3=8a132e0 items=0 ppid=17723 pid=17724 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779592.910:13684): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779592.910:13684): arch=40000003 syscall=11 success=yes exit=0 a0=95b48e0 a1=95b5dc8 a2=95bfce8 a3=95b5f58 items=0 ppid=17724 pid=17729 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779592.930:13685): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779592.930:13685): arch=40000003 syscall=11 success=yes exit=0 a0=913feb8 a1=9149e98 a2=9149ce0 a3=913fe50 items=0 ppid=17729 pid=17734 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779592.950:13686): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779592.950:13686): arch=40000003 syscall=11 success=yes exit=0 a0=87d3ea8 a1=87b71f8 a2=87d4f40 a3=87d45a8 items=0 ppid=17739 pid=17740 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779592.982:13687): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779592.982:13687): arch=40000003 syscall=11 success=yes exit=0 a0=87d4d18 a1=87d43e0 a2=87d4f40 a3=87d4e48 items=0 ppid=17734 pid=17741 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.086:13688): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.086:13688): arch=40000003 syscall=11 success=yes exit=0 a0=87d3ac8 a1=87d46d8 a2=87d4f40 a3=87d3858 items=0 ppid=17734 pid=17742 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.090:13689): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.090:13689): arch=40000003 syscall=11 success=yes exit=0 a0=87b9f10 a1=87d3790 a2=87d4f40 a3=87b9e18 items=0 ppid=17734 pid=17743 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.094:13690): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.094:13690): arch=40000003 syscall=11 success=yes exit=0 a0=913e8c0 a1=913ff40 a2=9149ce0 a3=913fe10 items=0 ppid=17729 pid=17744 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.114:13691): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.114:13691): arch=40000003 syscall=11 success=yes exit=0 a0=995b9a8 a1=9973250 a2=9963ce0 a3=99727a8 items=0 ppid=17749 pid=17750 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.142:13692): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.142:13692): arch=40000003 syscall=11 success=yes exit=0 a0=9972c48 a1=9972f20 a2=9963ce0 a3=99727a8 items=0 ppid=17749 pid=17751 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.162:13693): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.162:13693): arch=40000003 syscall=11 success=yes exit=0 a0=995a0e0 a1=995c588 a2=9963ce0 a3=995a010 items=0 ppid=17744 pid=17752 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.194:13694): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SELINUX_ERR msg=audit(1163779593.194:13695): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.194:13695): arch=40000003 syscall=11 success=yes exit=0 a0=995a178 a1=995a2a0 a2=9963ce0 a3=995a148 items=0 ppid=17744 pid=17754 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="grep" exe="/bin/grep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SYSCALL msg=audit(1163779593.194:13694): arch=40000003 syscall=11 success=yes exit=0 a0=9971898 a1=995a2a0 a2=9963ce0 a3=995a158 items=0 ppid=17744 pid=17753 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="lsmod" exe="/sbin/lsmod" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.238:13696): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.238:13696): arch=40000003 syscall=11 success=yes exit=0 a0=995a5c8 a1=99573d0 a2=9963ce0 a3=995a0e0 items=0 ppid=17755 pid=17756 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="grep" exe="/bin/grep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.238:13697): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.238:13697): arch=40000003 syscall=11 success=yes exit=0 a0=9957450 a1=995a2a0 a2=9963ce0 a3=995a270 items=0 ppid=17755 pid=17757 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="awk" exe="/bin/gawk" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.274:13698): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.274:13698): arch=40000003 syscall=11 success=yes exit=0 a0=9974368 a1=9959fe0 a2=9963ce0 a3=9973168 items=0 ppid=17744 pid=17758 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.278:13699): security_compute_sid: invalid context staff_u:system_r:rpcd_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:rpcd_exec_t:s0 tclass=process
+type=AVC msg=audit(1163779593.278:13699): avc: denied { transition } for pid=17759 comm="bash" name="rpc.idmapd" dev=dm-0 ino=10327370 scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=staff_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.278:13699): arch=40000003 syscall=11 success=yes exit=0 a0=8110c08 a1=8110f38 a2=8110e08 a3=8110880 items=0 ppid=17758 pid=17759 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpc.idmapd" exe="/usr/sbin/rpc.idmapd" subj=staff_u:system_r:rpcd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779593.278:13699): path="/usr/sbin/rpc.idmapd"
+type=SELINUX_ERR msg=audit(1163779593.398:13700): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.398:13700): arch=40000003 syscall=11 success=yes exit=0 a0=995a1f8 a1=9973848 a2=9963ce0 a3=9959e18 items=0 ppid=17744 pid=17761 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.410:13701): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.410:13701): arch=40000003 syscall=11 success=yes exit=0 a0=8a13448 a1=8a13248 a2=8a13468 a3=8a131c0 items=0 ppid=17723 pid=17762 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcgssd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.474:13702): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.474:13702): arch=40000003 syscall=11 success=yes exit=0 a0=8a13448 a1=8a132e0 a2=8a13468 a3=8a13040 items=0 ppid=17723 pid=17767 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nfs" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.530:13703): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.530:13703): arch=40000003 syscall=11 success=yes exit=0 a0=9a13160 a1=99fc040 a2=9a03760 a3=9a12fb0 items=0 ppid=17767 pid=17773 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="service" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.550:13704): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.550:13704): arch=40000003 syscall=11 success=yes exit=0 a0=9824ce0 a1=983a920 a2=98257f8 a3=983a758 items=0 ppid=17773 pid=17778 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="basename" exe="/bin/basename" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.554:13705): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.554:13705): arch=40000003 syscall=11 success=yes exit=0 a0=9824d10 a1=983a8c0 a2=98257f8 a3=9824b78 items=0 ppid=17773 pid=17779 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="basename" exe="/bin/basename" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.558:13706): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.558:13706): arch=40000003 syscall=11 success=yes exit=0 a0=9822138 a1=9833288 a2=98257f8 a3=9822188 items=0 ppid=17773 pid=17780 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="env" exe="/bin/env" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779593.558:13707): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779593.558:13707): arch=40000003 syscall=11 success=yes exit=0 a0=bfe4fbdb a1=bfe4e8b8 a2=94d1858 a3=5 items=0 ppid=17773 pid=17780 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcsvcgssd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.434:13708): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.434:13708): arch=40000003 syscall=11 success=yes exit=0 a0=957f448 a1=957e2a8 a2=957f468 a3=957f2e0 items=0 ppid=17786 pid=17787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.454:13709): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.454:13709): arch=40000003 syscall=11 success=yes exit=0 a0=9a7c8e0 a1=9a7ddc8 a2=9a87ce8 a3=9a7df58 items=0 ppid=17787 pid=17792 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.474:13710): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.474:13710): arch=40000003 syscall=11 success=yes exit=0 a0=9df9eb8 a1=9e03e98 a2=9e03ce0 a3=9df9e50 items=0 ppid=17792 pid=17797 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.498:13711): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.498:13711): arch=40000003 syscall=11 success=yes exit=0 a0=985eea8 a1=98421f8 a2=985ff40 a3=985f5a8 items=0 ppid=17802 pid=17803 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.522:13712): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.522:13712): arch=40000003 syscall=11 success=yes exit=0 a0=985fd18 a1=985f3e0 a2=985ff40 a3=985fe48 items=0 ppid=17797 pid=17804 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="usleep" exe="/bin/usleep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.630:13713): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.630:13713): arch=40000003 syscall=11 success=yes exit=0 a0=985eac8 a1=985f6d8 a2=985ff40 a3=985e858 items=0 ppid=17797 pid=17805 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.634:13714): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.634:13714): arch=40000003 syscall=11 success=yes exit=0 a0=9844f10 a1=985e790 a2=985ff40 a3=9844e18 items=0 ppid=17797 pid=17806 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.638:13715): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.638:13715): arch=40000003 syscall=11 success=yes exit=0 a0=9df88c0 a1=9df9f40 a2=9e03ce0 a3=9df9e10 items=0 ppid=17792 pid=17807 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcidmapd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.658:13716): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.658:13716): arch=40000003 syscall=11 success=yes exit=0 a0=929c9a8 a1=92b4250 a2=92a4ce0 a3=92b37a8 items=0 ppid=17812 pid=17813 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.682:13717): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.682:13717): arch=40000003 syscall=11 success=yes exit=0 a0=92b3c48 a1=92b3f20 a2=92a4ce0 a3=92b37a8 items=0 ppid=17812 pid=17814 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.702:13718): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.702:13718): arch=40000003 syscall=11 success=yes exit=0 a0=929b0e0 a1=929d588 a2=92a4ce0 a3=929b010 items=0 ppid=17807 pid=17815 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.706:13719): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.706:13719): arch=40000003 syscall=11 success=yes exit=0 a0=92b2898 a1=929b2a0 a2=92a4ce0 a3=929b158 items=0 ppid=17807 pid=17816 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="lsmod" exe="/sbin/lsmod" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.706:13720): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.706:13720): arch=40000003 syscall=11 success=yes exit=0 a0=929b178 a1=929b2a0 a2=92a4ce0 a3=929b148 items=0 ppid=17807 pid=17817 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="grep" exe="/bin/grep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.714:13721): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.714:13721): arch=40000003 syscall=11 success=yes exit=0 a0=929b5c8 a1=92983d0 a2=92a4ce0 a3=929b0e0 items=0 ppid=17818 pid=17819 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="grep" exe="/bin/grep" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.714:13722): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.714:13722): arch=40000003 syscall=11 success=yes exit=0 a0=9298450 a1=929b2a0 a2=92a4ce0 a3=929b270 items=0 ppid=17818 pid=17820 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="awk" exe="/bin/gawk" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.722:13723): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.722:13723): arch=40000003 syscall=11 success=yes exit=0 a0=92b5368 a1=929afe0 a2=92a4ce0 a3=92b4168 items=0 ppid=17807 pid=17821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.726:13724): security_compute_sid: invalid context staff_u:system_r:rpcd_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:rpcd_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.726:13724): arch=40000003 syscall=11 success=yes exit=0 a0=9628c08 a1=9628f38 a2=9628e08 a3=9628880 items=0 ppid=17821 pid=17822 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpc.idmapd" exe="/usr/sbin/rpc.idmapd" subj=staff_u:system_r:rpcd_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.734:13725): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.734:13725): arch=40000003 syscall=11 success=yes exit=0 a0=929b1f8 a1=92b4848 a2=92a4ce0 a3=929ae18 items=0 ppid=17807 pid=17824 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.742:13726): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.742:13726): arch=40000003 syscall=11 success=yes exit=0 a0=957f448 a1=957f248 a2=957f468 a3=957f1c0 items=0 ppid=17786 pid=17825 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcgssd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.762:13727): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:rpm_script_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.762:13727): arch=40000003 syscall=11 success=yes exit=0 a0=957f448 a1=957f2e0 a2=957f468 a3=957f040 items=0 ppid=17786 pid=17830 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="nfs" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.782:13728): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.782:13728): arch=40000003 syscall=11 success=yes exit=0 a0=9393160 a1=937c040 a2=9383760 a3=9392fb0 items=0 ppid=17830 pid=17836 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="service" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.802:13729): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.802:13729): arch=40000003 syscall=11 success=yes exit=0 a0=8dacce0 a1=8dc2920 a2=8dad7f8 a3=8dc2758 items=0 ppid=17836 pid=17841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="basename" exe="/bin/basename" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.806:13730): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.806:13730): arch=40000003 syscall=11 success=yes exit=0 a0=8dacd10 a1=8dc28c0 a2=8dad7f8 a3=8dacb78 items=0 ppid=17836 pid=17842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="basename" exe="/bin/basename" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.810:13731): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.810:13731): arch=40000003 syscall=11 success=yes exit=0 a0=8daa138 a1=8dbb288 a2=8dad7f8 a3=8daa188 items=0 ppid=17836 pid=17843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="env" exe="/bin/env" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163779594.814:13732): security_compute_sid: invalid context staff_u:sysadm_r:initrc_t:s0 for scontext=staff_u:sysadm_r:initrc_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163779594.814:13732): arch=40000003 syscall=11 success=yes exit=0 a0=bff4abdb a1=bff491b8 a2=996b858 a3=5 items=0 ppid=17836 pid=17843 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rpcsvcgssd" exe="/bin/bash" subj=staff_u:sysadm_r:initrc_t:s0 key=(null)
+type=AVC msg=audit(1163779597.918:13733): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779597.918:13733): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779597.918:13733): path="/dev/net/tun"
+type=AVC msg=audit(1163779597.946:13734): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163779597.946:13734): arch=40000003 syscall=4 success=yes exit=40 a0=4 a1=805c570 a2=28 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779597.946:13734): path="/dev/net/tun"
+type=USER_ACCT msg=audit(1163779801.843:13735): user pid=17860 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163779801.843:13736): login pid=17860 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163779801.855:13737): user pid=17860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163779801.855:13738): user pid=17860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163779801.883:13739): avc: denied { execute } for pid=17861 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163779801.883:13739): avc: denied { execute_no_trans } for pid=17861 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.883:13739): arch=40000003 syscall=11 success=yes exit=0 a0=8ed81b0 a1=8ed8358 a2=8ed8290 a3=8ed8008 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779801.883:13739): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163779801.887:13740): avc: denied { execute } for pid=17861 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163779801.887:13740): avc: denied { execute_no_trans } for pid=17861 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163779801.887:13740): avc: denied { read } for pid=17861 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.887:13740): arch=40000003 syscall=11 success=yes exit=0 a0=87ead48 a1=87ea740 a2=87ead60 a3=87ea740 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779801.887:13740): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163779801.887:13740): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163779801.891:13741): avc: denied { search } for pid=17861 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163779801.891:13741): avc: denied { read } for pid=17861 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.891:13741): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=99be7f8 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779801.891:13742): avc: denied { getattr } for pid=17861 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.891:13742): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfff9928 a2=362ff4 a3=99be7f8 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779801.891:13742): path="/proc/net/dev"
+type=AVC msg=audit(1163779801.891:13743): avc: denied { search } for pid=17861 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779801.891:13743): arch=40000003 syscall=33 success=yes exit=0 a0=bfff9cd4 a1=0 a2=bfff9bc8 a3=bfff9bd0 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779801.919:13744): avc: denied { read append } for pid=17861 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.919:13744): arch=40000003 syscall=5 success=yes exit=3 a0=bfff9cd4 a1=402 a2=bfff9e98 a3=bfff9bd0 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779801.931:13745): avc: denied { search } for pid=17861 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163779801.931:13745): avc: denied { read } for pid=17861 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.931:13745): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=99bf348 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779801.931:13746): avc: denied { getattr } for pid=17861 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.931:13746): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfff9780 a2=362ff4 a3=99bf348 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779801.931:13746): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163779801.931:13747): avc: denied { search } for pid=17861 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779801.931:13747): arch=40000003 syscall=5 success=no exit=-2 a0=8050215 a1=0 a2=1b6 a3=99bf348 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163779801.931:13748): avc: denied { lock } for pid=17861 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163779801.931:13748): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfff9bd0 a3=3 items=0 ppid=17860 pid=17861 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163779801.931:13748): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163779801.951:13749): user pid=17860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163779801.951:13750): user pid=17860 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163779805.239:13751): avc: denied { getattr } for pid=17403 comm="setroubleshootd" name="net" dev=proc ino=-268435432 scontext=staff_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163779805.239:13751): arch=40000003 syscall=195 success=yes exit=0 a0=b79fc1d0 a1=b79fc214 a2=582ff4 a3=b79fc1d9 items=0 ppid=1 pid=17403 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=staff_u:system_r:setroubleshootd_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163779805.239:13751): path="/proc/net"
+type=AVC msg=audit(1163779929.135:13752): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163779929.135:13752): arch=40000003 syscall=100 success=yes exit=0 a0=18 a1=bfcd52ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163780401.988:13753): user pid=17893 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163780401.992:13754): login pid=17893 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163780401.992:13755): user pid=17893 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163780401.992:13756): user pid=17893 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163780402.000:13757): avc: denied { execute } for pid=17894 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163780402.000:13757): avc: denied { execute_no_trans } for pid=17894 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163780402.000:13757): avc: denied { read } for pid=17894 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780402.000:13757): arch=40000003 syscall=11 success=yes exit=0 a0=8695d48 a1=8695740 a2=8695d60 a3=8695740 items=0 ppid=17893 pid=17894 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163780402.000:13757): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163780402.000:13757): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163780402.004:13758): avc: denied { search } for pid=17894 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163780402.004:13758): arch=40000003 syscall=33 success=yes exit=0 a0=bfd52a24 a1=0 a2=bfd52918 a3=bfd52920 items=0 ppid=17893 pid=17894 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163780402.004:13759): avc: denied { read append } for pid=17894 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780402.004:13759): arch=40000003 syscall=5 success=yes exit=3 a0=bfd52a24 a1=402 a2=bfd52be8 a3=bfd52920 items=0 ppid=17893 pid=17894 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163780402.004:13760): avc: denied { lock } for pid=17894 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780402.004:13760): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfd52920 a3=3 items=0 ppid=17893 pid=17894 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163780402.004:13760): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163780402.044:13761): user pid=17893 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163780402.044:13762): user pid=17893 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163780530.068:13763): avc: denied { execute } for pid=16541 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780530.068:13763): arch=40000003 syscall=192 success=yes exit=62861312 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163780530.068:13763): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163780530.392:13764): avc: denied { read } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780530.392:13764): arch=40000003 syscall=33 success=yes exit=0 a0=bfad6fcb a1=4 a2=33ea64 a3=bfad6fcb items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163780530.392:13765): avc: denied { getattr } for pid=16541 comm="firefox-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163780530.392:13765): arch=40000003 syscall=197 success=yes exit=0 a0=46 a1=bfad161c a2=10b0ff4 a3=ae80638 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163780530.392:13765): path="/tmp/.gdm0UWNIT"
+type=USER_ACCT msg=audit(1163781001.082:13766): user pid=17945 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163781001.082:13767): login pid=17945 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163781001.086:13768): user pid=17945 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163781001.086:13769): user pid=17945 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163781001.106:13770): user pid=17945 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163781001.106:13771): user pid=17945 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163781601.151:13772): user pid=17971 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163781601.151:13773): login pid=17971 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163781601.151:13774): user pid=17971 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163781601.151:13775): user pid=17971 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163781601.167:13776): user pid=17971 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163781601.167:13777): user pid=17971 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163782201.209:13778): user pid=17995 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163782201.209:13779): login pid=17995 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163782201.209:13780): user pid=17995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163782201.209:13781): user pid=17995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163782201.253:13782): user pid=17995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163782201.257:13783): user pid=17995 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163782454.417:13784): avc: denied { read } for pid=18033 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782454.417:13784): arch=40000003 syscall=33 success=yes exit=0 a0=bfb38f92 a1=4 a2=da3a64 a3=bfb38f92 items=0 ppid=18032 pid=18033 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163782663.570:13785): avc: denied { execute } for pid=18047 comm="firefox-bin" name="evolution-2.10" dev=dm-0 ino=10329292 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=AVC msg=audit(1163782663.570:13785): avc: denied { execute_no_trans } for pid=18047 comm="firefox-bin" name="evolution-2.10" dev=dm-0 ino=10329292 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=AVC msg=audit(1163782663.570:13785): avc: denied { read } for pid=18047 comm="firefox-bin" name="evolution-2.10" dev=dm-0 ino=10329292 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:evolution_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782663.570:13785): arch=40000003 syscall=11 success=yes exit=0 a0=c32dc7c a1=c32d998 a2=97fc2c0 a3=bfad6d95 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782663.570:13785): path="/usr/bin/evolution-2.10"
+type=AVC_PATH msg=audit(1163782663.570:13785): path="/usr/bin/evolution-2.10"
+type=AVC msg=audit(1163782664.558:13786): avc: denied { search } for pid=18047 comm="evolution" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782664.558:13786): avc: denied { write } for pid=18047 comm="evolution" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163782664.558:13786): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bffbc6c0 a2=df7770 a3=16 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782664.558:13787): avc: denied { read } for pid=18047 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782664.558:13787): arch=40000003 syscall=33 success=yes exit=0 a0=8aee240 a1=4 a2=df7770 a3=8aee240 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782664.582:13788): avc: denied { getattr } for pid=18047 comm="evolution" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782664.582:13788): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bffbc75c a2=758aff4 a3=8aeeb30 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782664.582:13788): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1163782667.450:13789): avc: denied { write } for pid=18051 comm="evolution-data-" name="[214240]" dev=pipefs ino=214240 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163782667.450:13789): arch=40000003 syscall=11 success=yes exit=0 a0=9770f60 a1=9771230 a2=9771248 a3=0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.450:13789): path="pipe:[214240]"
+type=AVC msg=audit(1163782667.626:13790): avc: denied { read } for pid=18051 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.626:13790): arch=40000003 syscall=5 success=yes exit=3 a0=57eb3c a1=0 a2=0 a3=0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.626:13791): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.626:13791): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf806754 a2=595ff4 a3=3 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.626:13791): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1163782667.626:13792): avc: denied { getsched } for pid=18051 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1163782667.626:13792): arch=40000003 syscall=155 success=yes exit=0 a0=4683 a1=b7f228dc a2=19bff4 a3=b7f226d0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.626:13793): avc: denied { search } for pid=18051 comm="evolution-data-" name="locale" dev=dm-0 ino=10311905 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163782667.626:13793): avc: denied { read } for pid=18051 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314034 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.626:13793): arch=40000003 syscall=5 success=yes exit=3 a0=40484c a1=8000 a2=1b6 a3=9604200 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.626:13794): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="locale.alias" dev=dm-0 ino=10314034 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.626:13794): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf806d68 a2=595ff4 a3=9604200 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.626:13794): path="/usr/share/locale/locale.alias"
+type=AVC msg=audit(1163782667.630:13795): avc: denied { read } for pid=18051 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.630:13795): arch=40000003 syscall=5 success=yes exit=3 a0=57eb60 a1=8000 a2=1 a3=bf806c50 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.630:13796): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.630:13796): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=596aa0 a2=595ff4 a3=bf806c50 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.630:13796): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1163782667.630:13797): avc: denied { read } for pid=18051 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782667.630:13797): arch=40000003 syscall=5 success=yes exit=9 a0=960a958 a1=18800 a2=abafc0 a3=960a958 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.630:13798): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782667.630:13798): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf806d6c a2=595ff4 a3=9 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.630:13798): path="/tmp"
+type=AVC msg=audit(1163782667.630:13799): avc: denied { search } for pid=18051 comm="evolution-data-" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782667.630:13799): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782667.630:13799): arch=40000003 syscall=195 success=yes exit=0 a0=960c660 a1=bf806dac a2=595ff4 a3=bf806dac items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.630:13799): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1163782667.630:13800): avc: denied { setattr } for pid=18051 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782667.630:13800): arch=40000003 syscall=30 success=yes exit=0 a0=960c5d0 a1=bf806e04 a2=466ef80 a3=1f4 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.630:13801): avc: denied { read } for pid=18051 comm="evolution-data-" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782667.630:13801): arch=40000003 syscall=5 success=yes exit=9 a0=3d4880 a1=8000 a2=1b6 a3=960cfc0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.630:13802): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782667.630:13802): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf806d8c a2=595ff4 a3=960cfc0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.630:13802): path="/dev/urandom"
+type=AVC msg=audit(1163782667.630:13803): avc: denied { ioctl } for pid=18051 comm="evolution-data-" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782667.630:13803): arch=40000003 syscall=54 success=no exit=-22 a0=9 a1=5401 a2=bf806cec a3=bf806d2c items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.630:13803): path="/dev/urandom"
+type=AVC msg=audit(1163782667.634:13804): avc: denied { search } for pid=18051 comm="evolution-data-" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782667.634:13804): avc: denied { read } for pid=18051 comm="evolution-data-" name="ior" dev=dm-0 ino=15647969 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.634:13804): arch=40000003 syscall=5 success=yes exit=9 a0=960e8d8 a1=0 a2=1b6 a3=960e900 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.634:13805): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="ior" dev=dm-0 ino=15647969 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.634:13805): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bf806418 a2=595ff4 a3=960e900 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.634:13805): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1163782667.634:13806): avc: denied { write } for pid=18051 comm="evolution-data-" name="linc-4651-0-23d6c771c010d" dev=dm-0 ino=14568138 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1163782667.634:13806): avc: denied { connectto } for pid=18051 comm="evolution-data-" name="linc-4651-0-23d6c771c010d" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782667.634:13806): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf806b30 a2=466ef80 a3=0 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.634:13806): path="/tmp/orbit-kmacmill/linc-4651-0-23d6c771c010d"
+type=AVC msg=audit(1163782667.634:13807): avc: denied { write } for pid=18051 comm="evolution-data-" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782667.634:13807): avc: denied { add_name } for pid=18051 comm="evolution-data-" name="linc-4683-0-7ad019c79b7ca" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782667.634:13807): avc: denied { create } for pid=18051 comm="evolution-data-" name="linc-4683-0-7ad019c79b7ca" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163782667.634:13807): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf806b70 a2=466ef80 a3=b7f2269c items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.634:13808): avc: denied { connectto } for pid=18001 comm="gconfd-2" name="linc-4683-0-7ad019c79b7ca" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782667.634:13808): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfa7bbc0 a2=466ef80 a3=0 items=0 ppid=1 pid=18001 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.634:13808): path="/tmp/orbit-kmacmill/linc-4683-0-7ad019c79b7ca"
+type=AVC msg=audit(1163782667.782:13809): avc: denied { write } for pid=18051 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=14567728 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.782:13809): arch=40000003 syscall=5 success=yes exit=16 a0=9614048 a1=42 a2=1c0 a3=9614048 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782667.782:13810): avc: denied { lock } for pid=18051 comm="evolution-data-" name="bonobo-activation-register.lock" dev=dm-0 ino=14567728 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782667.782:13810): arch=40000003 syscall=221 success=yes exit=0 a0=10 a1=7 a2=bf806dcc a3=bf806dcc items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.782:13810): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1163782667.866:13811): avc: denied { getattr } for pid=18051 comm="evolution-data-" name="[214240]" dev=pipefs ino=214240 scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163782667.866:13811): arch=40000003 syscall=197 success=yes exit=0 a0=21 a1=bf806e04 a2=595ff4 a3=9621278 items=0 ppid=1 pid=18051 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.866:13811): path="pipe:[214240]"
+type=AVC msg=audit(1163782667.866:13812): avc: denied { connectto } for pid=18047 comm="evolution" name="linc-4683-0-7ad019c79b7ca" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782667.866:13812): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bffbcb10 a2=466ef80 a3=0 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782667.866:13812): path="/tmp/orbit-kmacmill/linc-4683-0-7ad019c79b7ca"
+type=AVC msg=audit(1163782668.126:13813): avc: denied { getattr } for pid=18047 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782668.126:13813): arch=40000003 syscall=195 success=yes exit=0 a0=8ba8e80 a1=bffbc69c a2=758aff4 a3=4 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782668.126:13813): path="/home/kmacmill/.evolution"
+type=AVC msg=audit(1163782668.126:13814): avc: denied { search } for pid=18047 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782668.126:13814): arch=40000003 syscall=33 success=yes exit=0 a0=8ba8e80 a1=0 a2=bae708 a3=10 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782668.506:13815): avc: denied { getattr } for pid=18047 comm="evolution" name="gtkrc-mail-fonts" dev=dm-0 ino=6814316 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782668.506:13815): arch=40000003 syscall=196 success=yes exit=0 a0=8ba5e08 a1=bffbc98c a2=758aff4 a3=8b019c8 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782668.506:13815): path="/home/kmacmill/.evolution/mail/config/gtkrc-mail-fonts"
+type=AVC msg=audit(1163782668.554:13816): avc: denied { read } for pid=18047 comm="evolution" name="gtkrc-mail-fonts" dev=dm-0 ino=6814316 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782668.554:13816): arch=40000003 syscall=5 success=yes exit=19 a0=8ba5e08 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782668.946:13817): avc: denied { write } for pid=18047 comm="evolution" name="cert8.db" dev=dm-0 ino=6778529 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782668.946:13817): arch=40000003 syscall=5 success=yes exit=19 a0=8b990c0 a1=2 a2=180 a3=2 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782669.114:13818): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782669.114:13818): arch=40000003 syscall=3 success=yes exit=60 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782669.114:13818): path="/dev/net/tun"
+type=AVC msg=audit(1163782669.218:13819): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782669.218:13819): arch=40000003 syscall=4 success=yes exit=60 a0=4 a1=805c570 a2=3c a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782669.218:13819): path="/dev/net/tun"
+type=AVC msg=audit(1163782670.122:13820): avc: denied { append } for pid=18056 comm="evolution" name="journal" dev=dm-0 ino=6782620 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782670.122:13820): arch=40000003 syscall=5 success=yes exit=29 a0=8c039e0 a1=442 a2=1b6 a3=8c03c98 items=0 ppid=1 pid=18056 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782670.866:13821): avc: denied { connectto } for pid=18062 comm="evolution-data-" name="linc-467f-0-732b5c6395bf3" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782670.866:13821): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b7cdfe70 a2=466ef80 a3=0 items=0 ppid=1 pid=18062 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782670.866:13821): path="/tmp/orbit-kmacmill/linc-467f-0-732b5c6395bf3"
+type=AVC msg=audit(1163782671.098:13822): avc: denied { create } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163782671.098:13822): arch=40000003 syscall=102 success=yes exit=20 a0=1 a1=b72deb04 a2=595ff4 a3=b72ded91 items=0 ppid=1 pid=18063 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782671.098:13823): avc: denied { bind } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163782671.098:13823): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b72deb04 a2=595ff4 a3=14 items=0 ppid=1 pid=18063 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782671.098:13824): avc: denied { getattr } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163782671.098:13824): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b72deb04 a2=595ff4 a3=14 items=0 ppid=1 pid=18063 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782671.098:13825): avc: denied { write } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163782671.098:13825): avc: denied { nlmsg_read } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163782671.098:13825): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b72dda3c a2=595ff4 a3=0 items=0 ppid=1 pid=18063 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782671.098:13826): avc: denied { read } for pid=18063 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163782671.098:13826): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b72dda3c a2=595ff4 a3=0 items=0 ppid=1 pid=18063 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782673.558:13827): avc: denied { write } for pid=18047 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163782673.558:13827): avc: denied { add_name } for pid=18047 comm="evolution" name=".evolution-composer.autosave-M1CUIT" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163782673.558:13827): avc: denied { create } for pid=18047 comm="evolution" name=".evolution-composer.autosave-M1CUIT" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782673.558:13827): arch=40000003 syscall=5 success=yes exit=39 a0=8c081e8 a1=80c2 a2=180 a3=80c2 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782673.562:13828): avc: denied { read } for pid=18047 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782673.562:13828): arch=40000003 syscall=5 success=yes exit=40 a0=8c08230 a1=18800 a2=318bd14 a3=8c08230 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782674.022:13829): avc: denied { name_connect } for pid=18068 comm="evolution" dest=993 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163782674.022:13829): avc: denied { send_msg } for pid=18068 comm="evolution" saddr=10.11.14.219 src=37722 daddr=10.11.255.15 dest=993 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163782674.022:13829): arch=40000003 syscall=102 success=no exit=-115 a0=3 a1=aa35aef0 a2=4932550 a3=0 items=0 ppid=1 pid=18068 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782674.054:13830): avc: denied { recv_msg } for pid=15069 comm="vpnc" saddr=10.11.255.15 src=993 daddr=10.11.14.219 dest=37722 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163782674.054:13830): arch=40000003 syscall=4 success=yes exit=60 a0=4 a1=805c570 a2=3c a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163782674.442:13831): avc: denied { write } for pid=18072 comm="evolution-alarm" name="[214306]" dev=pipefs ino=214306 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163782674.442:13831): arch=40000003 syscall=11 success=yes exit=0 a0=97742c0 a1=97715b0 a2=97715c8 a3=0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.442:13831): path="pipe:[214306]"
+type=AVC msg=audit(1163782674.658:13832): avc: denied { read } for pid=18072 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=10509693 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.658:13832): arch=40000003 syscall=5 success=yes exit=3 a0=bfd65d30 a1=0 a2=0 a3=bfd65d30 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.658:13833): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=10509693 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.658:13833): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd65d84 a2=c27fc0 a3=4 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.658:13833): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1163782674.662:13834): avc: denied { execute } for pid=18072 comm="evolution-alarm" name="libeutil.so.0.0.0" dev=dm-0 ino=10509693 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.662:13834): arch=40000003 syscall=192 success=yes exit=7815168 a0=0 a1=33cd0 a2=5 a3=802 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.662:13834): path="/usr/lib/evolution/2.10/libeutil.so.0.0.0"
+type=AVC msg=audit(1163782674.662:13835): avc: denied { read } for pid=18072 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330488 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.662:13835): arch=40000003 syscall=5 success=yes exit=3 a0=c25037 a1=0 a2=c28650 a3=ffffffff items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.662:13836): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="ld.so.cache" dev=dm-0 ino=9330488 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.662:13836): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd65c78 a2=c27fc0 a3=ffffffff items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.662:13836): path="/etc/ld.so.cache"
+type=AVC msg=audit(1163782674.734:13837): avc: denied { read } for pid=18072 comm="evolution-alarm" name="ld-2.5.90.so" dev=dm-0 ino=13716553 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.734:13837): arch=40000003 syscall=125 success=yes exit=0 a0=c27000 a1=1000 a2=1 a3=380 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.734:13837): path="/lib/ld-2.5.90.so"
+type=AVC msg=audit(1163782674.738:13838): avc: denied { getsched } for pid=18072 comm="evolution-alarm" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163782674.738:13838): arch=40000003 syscall=155 success=yes exit=0 a0=4698 a1=b7fc6aec a2=1eeff4 a3=b7fc68e0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.742:13839): avc: denied { read } for pid=18072 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9334508 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.742:13839): arch=40000003 syscall=5 success=yes exit=3 a0=7c58f9d a1=0 a2=1b6 a3=86fc258 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.742:13840): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="nsswitch.conf" dev=dm-0 ino=9334508 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.742:13840): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd65e64 a2=7c70ff4 a3=86fc258 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.742:13840): path="/etc/nsswitch.conf"
+type=AVC msg=audit(1163782674.746:13841): avc: denied { read } for pid=18072 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=4845049 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.746:13841): arch=40000003 syscall=5 success=yes exit=3 a0=bfd61e08 a1=0 a2=1b6 a3=8703888 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.746:13842): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="locale.alias" dev=dm-0 ino=4845049 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.746:13842): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd61a28 a2=7c70ff4 a3=8703888 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.746:13842): path="/usr/share/X11/locale/locale.alias"
+type=AVC msg=audit(1163782674.750:13843): avc: denied { read } for pid=18072 comm="evolution-alarm" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.750:13843): arch=40000003 syscall=33 success=yes exit=0 a0=bfd67c28 a1=4 a2=da3a64 a3=bfd67c28 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.750:13844): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.750:13844): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfd65cbc a2=7c70ff4 a3=8706cc0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.750:13844): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163782674.754:13845): avc: denied { read } for pid=18072 comm="evolution-alarm" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782674.754:13845): arch=40000003 syscall=5 success=yes exit=10 a0=86fc058 a1=18800 a2=c27fc0 a3=86fc058 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.754:13846): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782674.754:13846): arch=40000003 syscall=195 success=yes exit=0 a0=8715768 a1=bfd6631c a2=7c70ff4 a3=bfd6631c items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.754:13846): path="/tmp/orbit-kmacmill"
+type=AVC msg=audit(1163782674.754:13847): avc: denied { setattr } for pid=18072 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782674.754:13847): arch=40000003 syscall=30 success=yes exit=0 a0=8714748 a1=bfd66374 a2=466ef80 a3=1f4 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.754:13848): avc: denied { read } for pid=18072 comm="evolution-alarm" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782674.754:13848): arch=40000003 syscall=5 success=yes exit=10 a0=b7b880 a1=8000 a2=1b6 a3=87147c0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.754:13849): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782674.754:13849): arch=40000003 syscall=197 success=yes exit=0 a0=a a1=bfd662fc a2=7c70ff4 a3=87147c0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.754:13849): path="/dev/urandom"
+type=AVC msg=audit(1163782674.754:13850): avc: denied { ioctl } for pid=18072 comm="evolution-alarm" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163782674.754:13850): arch=40000003 syscall=54 success=no exit=-22 a0=a a1=5401 a2=bfd6625c a3=bfd6629c items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.754:13850): path="/dev/urandom"
+type=AVC msg=audit(1163782674.758:13851): avc: denied { read } for pid=18072 comm="evolution-alarm" name="modules" dev=dm-0 ino=9331073 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163782674.758:13851): arch=40000003 syscall=5 success=yes exit=10 a0=8715b30 a1=18800 a2=b25d07 a3=8715b30 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.758:13852): avc: denied { search } for pid=18072 comm="evolution-alarm" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782674.758:13852): avc: denied { write } for pid=18072 comm="evolution-alarm" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=AVC msg=audit(1163782674.758:13852): avc: denied { connectto } for pid=18072 comm="evolution-alarm" name="15931" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782674.758:13852): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd65d70 a2=df7770 a3=16 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.758:13852): path="/tmp/.ICE-unix/15931"
+type=AVC msg=audit(1163782674.758:13853): avc: denied { read } for pid=18072 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.758:13853): arch=40000003 syscall=33 success=yes exit=0 a0=8717ea8 a1=4 a2=df7770 a3=8717ea8 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.758:13854): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.758:13854): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bfd65e0c a2=7c70ff4 a3=8718798 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.758:13854): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1163782674.762:13855): avc: denied { search } for pid=18072 comm="evolution-alarm" name="gconfd-kmacmill" dev=dm-0 ino=15648282 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782674.762:13855): avc: denied { read } for pid=18072 comm="evolution-alarm" name="ior" dev=dm-0 ino=15647969 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.762:13855): arch=40000003 syscall=5 success=yes exit=11 a0=871b040 a1=0 a2=1b6 a3=871b068 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.766:13856): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="ior" dev=dm-0 ino=15647969 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782674.766:13856): arch=40000003 syscall=197 success=yes exit=0 a0=b a1=bfd65928 a2=7c70ff4 a3=871b068 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.766:13856): path="/tmp/gconfd-kmacmill/lock/ior"
+type=AVC msg=audit(1163782674.766:13857): avc: denied { write } for pid=18072 comm="evolution-alarm" name="linc-4651-0-23d6c771c010d" dev=dm-0 ino=14568138 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163782674.766:13857): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd66040 a2=466ef80 a3=0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.766:13858): avc: denied { write } for pid=18072 comm="evolution-alarm" name="orbit-kmacmill" dev=dm-0 ino=14567718 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782674.766:13858): avc: denied { add_name } for pid=18072 comm="evolution-alarm" name="linc-4698-0-45fa60dbcacd" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163782674.766:13858): avc: denied { create } for pid=18072 comm="evolution-alarm" name="linc-4698-0-45fa60dbcacd" scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163782674.766:13858): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfd66080 a2=466ef80 a3=b7fc68ac items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782674.774:13859): avc: denied { connectto } for pid=18001 comm="gconfd-2" name="linc-4698-0-45fa60dbcacd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782674.774:13859): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfa7bbc0 a2=466ef80 a3=0 items=0 ppid=1 pid=18001 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782674.774:13859): path="/tmp/orbit-kmacmill/linc-4698-0-45fa60dbcacd"
+type=AVC msg=audit(1163782675.022:13860): avc: denied { read } for pid=18072 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782675.022:13860): arch=40000003 syscall=5 success=yes exit=18 a0=7c58afa a1=0 a2=1b6 a3=87446e0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782675.022:13861): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782675.022:13861): arch=40000003 syscall=197 success=yes exit=0 a0=12 a1=bfd61b98 a2=7c70ff4 a3=87446e0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782675.022:13861): path="/proc/meminfo"
+type=AVC msg=audit(1163782675.062:13862): avc: denied { connectto } for pid=18072 comm="evolution-alarm" path=002F746D702F646275732D4F36457A564B53704F4E scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782675.062:13862): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd65f10 a2=703454 a3=0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782675.098:13863): avc: denied { write } for pid=18072 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=14567728 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782675.098:13863): arch=40000003 syscall=5 success=yes exit=19 a0=8757da0 a1=42 a2=1c0 a3=8757da0 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC msg=audit(1163782675.098:13864): avc: denied { lock } for pid=18072 comm="evolution-alarm" name="bonobo-activation-register.lock" dev=dm-0 ino=14567728 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:object_r:staff_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782675.098:13864): arch=40000003 syscall=221 success=yes exit=0 a0=13 a1=7 a2=bfd65f4c a3=bfd65f4c items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782675.098:13864): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=AVC msg=audit(1163782675.110:13865): avc: denied { signal } for pid=18076 comm="evolution-data-" scontext=staff_u:staff_r:staff_evolution_server_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1163782675.110:13865): arch=40000003 syscall=270 success=yes exit=0 a0=4683 a1=4684 a2=21 a3=b7d21bd0 items=0 ppid=1 pid=18076 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-data-" exe="/usr/libexec/evolution-data-server-1.10" subj=staff_u:staff_r:staff_evolution_server_t:s0 key=(null)
+type=AVC msg=audit(1163782675.114:13866): avc: denied { getattr } for pid=18072 comm="evolution-alarm" name="[214306]" dev=pipefs ino=214306 scontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163782675.114:13866): arch=40000003 syscall=197 success=yes exit=0 a0=22 a1=bfd66314 a2=7c70ff4 a3=8762150 items=0 ppid=1 pid=18072 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution-alarm" exe="/usr/libexec/evolution/2.10/evolution-alarm-notify" subj=staff_u:staff_r:staff_evolution_alarm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782675.114:13866): path="pipe:[214306]"
+type=AVC msg=audit(1163782675.118:13867): avc: denied { connectto } for pid=18047 comm="evolution" name="linc-4698-0-45fa60dbcacd" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782675.118:13867): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bffbcb00 a2=466ef80 a3=0 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782675.118:13867): path="/tmp/orbit-kmacmill/linc-4698-0-45fa60dbcacd"
+type=AVC msg=audit(1163782675.886:13868): avc: denied { remove_name } for pid=18066 comm="evolution" name="2289." dev=dm-0 ino=6814000 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163782675.886:13868): avc: denied { unlink } for pid=18066 comm="evolution" name="2289." dev=dm-0 ino=6814000 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782675.886:13868): arch=40000003 syscall=10 success=yes exit=0 a0=8f21198 a1=bae708 a2=bae708 a3=8f21198 items=0 ppid=1 pid=18066 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782677.135:13869): avc: denied { rename } for pid=18066 comm="evolution" name="summary~" dev=dm-0 ino=6811439 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782677.135:13869): arch=40000003 syscall=38 success=yes exit=0 a0=b4091000 a1=8dbaeb8 a2=1dcbd8 a3=8fbae74 items=0 ppid=1 pid=18066 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782677.215:13870): avc: denied { connectto } for pid=18047 comm="evolution" path=002F746D702F646275732D4F36457A564B53704F4E scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163782677.215:13870): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bffbca00 a2=64a454 a3=0 items=0 ppid=1 pid=18047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782687.191:13871): avc: denied { lock } for pid=18094 comm="evolution" name="Outbox" dev=dm-0 ino=6785198 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782687.191:13871): arch=40000003 syscall=221 success=yes exit=0 a0=2c a1=6 a2=b2c8f15c a3=b2c8f15c items=0 ppid=1 pid=18094 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163782687.191:13871): path="/home/kmacmill/.evolution/mail/local/Outbox"
+type=AVC msg=audit(1163782687.703:13872): avc: denied { name_connect } for pid=18094 comm="evolution" dest=25 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:smtp_port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163782687.703:13872): avc: denied { send_msg } for pid=18094 comm="evolution" saddr=10.11.14.219 src=53306 daddr=10.11.255.15 dest=25 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:smtp_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163782687.703:13872): arch=40000003 syscall=102 success=no exit=-115 a0=3 a1=b2c8ef50 a2=1dcbd8 a3=0 items=0 ppid=1 pid=18094 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163782687.739:13873): avc: denied { recv_msg } for pid=15069 comm="vpnc" saddr=10.11.255.15 src=25 daddr=10.11.14.219 dest=53306 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:smtp_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163782687.739:13873): arch=40000003 syscall=4 success=yes exit=60 a0=4 a1=805c570 a2=3c a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163782801.294:13874): user pid=18104 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163782801.298:13875): login pid=18104 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163782801.298:13876): user pid=18104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163782801.298:13877): user pid=18104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163782801.306:13878): avc: denied { read } for pid=18105 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782801.306:13878): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=90897f8 items=0 ppid=18104 pid=18105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163782801.306:13879): avc: denied { getattr } for pid=18105 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782801.306:13879): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfb1e448 a2=99bff4 a3=90897f8 items=0 ppid=18104 pid=18105 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782801.306:13879): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1163782801.318:13880): user pid=18104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163782801.318:13881): user pid=18104 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163782861.326:13882): user pid=18106 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163782861.326:13883): login pid=18106 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163782861.330:13884): user pid=18106 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163782861.330:13885): user pid=18106 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163782861.338:13886): avc: denied { getattr } for pid=18107 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.338:13886): arch=40000003 syscall=195 success=yes exit=0 a0=89ef120 a1=bfa2f470 a2=bccff4 a3=89ef120 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.338:13886): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163782861.394:13887): avc: denied { execute } for pid=18107 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.394:13887): arch=40000003 syscall=33 success=yes exit=0 a0=89ef120 a1=1 a2=11 a3=89ef120 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163782861.394:13888): avc: denied { read } for pid=18107 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.394:13888): arch=40000003 syscall=33 success=yes exit=0 a0=89ef120 a1=4 a2=ffffffff a3=89ef120 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163782861.394:13889): avc: denied { execute_no_trans } for pid=18107 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.394:13889): arch=40000003 syscall=11 success=yes exit=0 a0=89ef120 a1=89ef3d8 a2=89ef2f8 a3=89eef98 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.394:13889): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163782861.406:13890): avc: denied { ioctl } for pid=18107 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.406:13890): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bffe5ac8 a3=bffe5b08 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.406:13890): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163782861.406:13891): avc: denied { execute } for pid=18107 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.406:13891): arch=40000003 syscall=33 success=yes exit=0 a0=8fc6990 a1=1 a2=1 a3=8fc6c98 items=0 ppid=18106 pid=18107 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163782861.410:13892): avc: denied { execute_no_trans } for pid=18108 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.410:13892): arch=40000003 syscall=11 success=yes exit=0 a0=8fc6a10 a1=8fc6ad8 a2=8fc6ae8 a3=8fc6758 items=0 ppid=18107 pid=18108 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.410:13892): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1163782861.426:13893): avc: denied { execute } for pid=18110 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163782861.426:13893): avc: denied { execute_no_trans } for pid=18110 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163782861.426:13893): avc: denied { read } for pid=18110 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.426:13893): arch=40000003 syscall=11 success=yes exit=0 a0=8af0678 a1=8af0808 a2=8af0720 a3=8af0508 items=0 ppid=18108 pid=18110 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.426:13893): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1163782861.426:13893): path="/sbin/chkconfig"
+type=AVC msg=audit(1163782861.426:13894): avc: denied { read } for pid=18110 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.426:13894): arch=40000003 syscall=5 success=yes exit=3 a0=bf857b20 a1=0 a2=ffffffff a3=9c48038 items=0 ppid=18108 pid=18110 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163782861.438:13895): avc: denied { getattr } for pid=18110 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163782861.438:13895): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf857a8c a2=24bff4 a3=bf857a8c items=0 ppid=18108 pid=18110 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163782861.438:13895): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1163782861.462:13896): user pid=18106 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163782861.462:13897): user pid=18106 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163783269.908:13898): avc: denied { create } for pid=18131 comm="evolution" name="commits" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163783269.908:13898): arch=40000003 syscall=39 success=yes exit=0 a0=a8415208 a1=1c0 a2=bae708 a3=0 items=0 ppid=1 pid=18131 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163783401.496:13899): user pid=18141 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163783401.500:13900): login pid=18141 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163783401.500:13901): user pid=18141 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163783401.500:13902): user pid=18141 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163783401.512:13903): user pid=18141 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163783401.512:13904): user pid=18141 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163784001.553:13905): user pid=18172 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163784001.553:13906): login pid=18172 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163784001.553:13907): user pid=18172 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163784001.553:13908): user pid=18172 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163784001.585:13909): user pid=18172 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163784001.585:13910): user pid=18172 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163784601.623:13911): user pid=18208 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163784601.627:13912): login pid=18208 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163784601.627:13913): user pid=18208 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163784601.627:13914): user pid=18208 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163784601.647:13915): user pid=18208 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163784601.647:13916): user pid=18208 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163784917.951:13917): avc: denied { execmem } for pid=18220 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163784917.951:13917): arch=40000003 syscall=192 success=yes exit=81354752 a0=4d96000 a1=1a000 a2=7 a3=812 items=0 ppid=16501 pid=18220 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163784917.951:13918): avc: denied { execstack } for pid=18220 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163784917.951:13918): arch=40000003 syscall=125 success=yes exit=0 a0=bf8aa000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=16501 pid=18220 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163784918.639:13919): avc: denied { execute } for pid=18220 comm="gnome-screensav" name="zero" dev=tmpfs ino=1493 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163784918.639:13919): arch=40000003 syscall=192 success=yes exit=2985984 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=16501 pid=18220 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163784918.639:13919): path="/dev/zero"
+type=USER_ACCT msg=audit(1163785201.692:13920): user pid=18235 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163785201.692:13921): login pid=18235 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163785201.692:13922): user pid=18235 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163785201.692:13923): user pid=18235 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163785201.712:13924): user pid=18235 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163785201.712:13925): user pid=18235 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163785801.758:13926): user pid=18259 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163785801.758:13927): login pid=18259 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163785801.758:13928): user pid=18259 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163785801.758:13929): user pid=18259 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163785801.782:13930): user pid=18259 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163785801.782:13931): user pid=18259 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163786401.823:13932): user pid=18289 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163786401.827:13933): login pid=18289 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163786401.827:13934): user pid=18289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163786401.827:13935): user pid=18289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163786401.859:13936): user pid=18289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163786401.859:13937): user pid=18289 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163786461.863:13938): user pid=18292 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163786461.867:13939): login pid=18292 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163786461.867:13940): user pid=18292 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163786461.867:13941): user pid=18292 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163786461.899:13942): user pid=18292 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163786461.899:13943): user pid=18292 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163787001.941:13944): user pid=18329 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163787001.941:13945): login pid=18329 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163787001.941:13946): user pid=18329 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163787001.941:13947): user pid=18329 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163787001.953:13948): avc: denied { read } for pid=18330 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787001.953:13948): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=8fa9348 items=0 ppid=18329 pid=18330 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163787001.953:13949): avc: denied { getattr } for pid=18330 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787001.953:13949): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfc593e0 a2=caaff4 a3=8fa9348 items=0 ppid=18329 pid=18330 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163787001.953:13949): path="/proc/sys/fs/dentry-state"
+type=CRED_DISP msg=audit(1163787001.961:13950): user pid=18329 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163787001.961:13951): user pid=18329 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163787455.869:13952): avc: denied { execstack } for pid=16541 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=AVC msg=audit(1163787455.869:13952): avc: denied { execmem } for pid=16541 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163787455.869:13952): arch=40000003 syscall=125 success=yes exit=0 a0=bfad5000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163787455.917:13953): avc: denied { execmod } for pid=16541 comm="firefox-bin" name="nprhapengine.so" dev=dm-0 ino=6547712 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787455.917:13953): arch=40000003 syscall=125 success=yes exit=0 a0=14c0000 a1=26f000 a2=5 a3=bfad1fe0 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787455.917:13953): path="/home/kmacmill/.mozilla/plugins/nprhapengine.so"
+type=AVC msg=audit(1163787469.318:13954): avc: denied { read } for pid=18362 comm="evolution" name="summary" dev=dm-0 ino=6815397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787469.318:13954): arch=40000003 syscall=5 success=yes exit=25 a0=91d4610 a1=0 a2=1b6 a3=8c51800 items=0 ppid=1 pid=18362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163787469.318:13955): avc: denied { getattr } for pid=18362 comm="evolution" name="summary" dev=dm-0 ino=6815397 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787469.318:13955): arch=40000003 syscall=197 success=yes exit=0 a0=19 a1=b4090f48 a2=758aff4 a3=8c51800 items=0 ppid=1 pid=18362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787469.318:13955): path="/home/kmacmill/.evolution/mail/imap/kmacmill@pobox-2.corp.redhat.com/folders/INBOX/summary"
+type=AVC msg=audit(1163787469.634:13956): avc: denied { create } for pid=18362 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787469.634:13956): arch=40000003 syscall=5 success=yes exit=43 a0=b4090ff0 a1=242 a2=180 a3=92401d0 items=0 ppid=1 pid=18362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163787469.634:13957): avc: denied { write } for pid=18362 comm="evolution" name="summary~" dev=dm-0 ino=9103731 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787469.634:13957): arch=40000003 syscall=4 success=yes exit=40 a0=2b a1=b219f000 a2=28 a3=28 items=0 ppid=1 pid=18362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787469.634:13957): path="/home/kmacmill/.evolution/mail/imap/kmacmill@pobox-2.corp.redhat.com/folders/INBOX/subfolders/Sent/summary~"
+type=AVC msg=audit(1163787469.658:13958): avc: denied { rename } for pid=18362 comm="evolution" name="summary~" dev=dm-0 ino=9103731 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=AVC msg=audit(1163787469.658:13958): avc: denied { unlink } for pid=18362 comm="evolution" name="summary" dev=dm-0 ino=9103670 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787469.658:13958): arch=40000003 syscall=38 success=yes exit=0 a0=b4090ff0 a1=92401d0 a2=1dcbd8 a3=923f174 items=0 ppid=1 pid=18362 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163787474.018:13959): avc: denied { lock } for pid=18369 comm="evolution" name="Inbox" dev=dm-0 ino=6778778 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787474.018:13959): arch=40000003 syscall=221 success=yes exit=0 a0=19 a1=6 a2=b2c8f1fc a3=b2c8f1fc items=0 ppid=1 pid=18369 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787474.018:13959): path="/home/kmacmill/.evolution/mail/local/Inbox"
+type=AVC msg=audit(1163787480.523:13960): avc: denied { read } for pid=16429 comm="gnome-panel" name=".recently-used.xbel" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787480.523:13960): arch=40000003 syscall=5 success=yes exit=29 a0=8d54aa0 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=16429 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-panel" exe="/usr/bin/gnome-panel" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787490.983:13961): avc: denied { write } for pid=18373 comm="gnome-sound-pro" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163787490.983:13961): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff90f80 a2=df7770 a3=16 items=0 ppid=1 pid=18373 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-sound-pro" exe="/usr/bin/gnome-sound-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787515.609:13962): avc: denied { read } for pid=18373 comm="gnome-sound-pro" name="default.conf" dev=dm-0 ino=9330152 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787515.609:13962): arch=40000003 syscall=5 success=yes exit=20 a0=897d648 a1=0 a2=1b6 a3=89855b0 items=0 ppid=1 pid=18373 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-sound-pro" exe="/usr/bin/gnome-sound-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787515.657:13963): avc: denied { read } for pid=18373 comm="gnome-sound-pro" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787515.657:13963): arch=40000003 syscall=5 success=yes exit=19 a0=f1de73 a1=0 a2=1b6 a3=898fa50 items=0 ppid=1 pid=18373 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-sound-pro" exe="/usr/bin/gnome-sound-properties" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163787527.434:13964): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:userhelper_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163787527.434:13964): arch=40000003 syscall=11 success=yes exit=0 a0=804c35f a1=94df8c8 a2=bf80e1ac a3=3 items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787527.538:13965): avc: denied { ioctl } for pid=18382 comm="userhelper" name="[169789]" dev=pipefs ino=169789 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1163787527.538:13965): arch=40000003 syscall=54 success=no exit=-22 a0=1 a1=5401 a2=bfb54528 a3=bfb54568 items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787527.538:13965): path="pipe:[169789]"
+type=USER_AUTH msg=audit(1163787530.250:13966): user pid=18382 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: authentication acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=USER_ACCT msg=audit(1163787530.250:13967): user pid=18382 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: accounting acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163787530.270:13968): avc: denied { search } for pid=18382 comm="userhelper" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787530.270:13968): arch=40000003 syscall=5 success=no exit=-2 a0=bfb57168 a1=8000 a2=1b6 a3=9752c28 items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.270:13969): avc: denied { search } for pid=18382 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787530.270:13969): arch=40000003 syscall=5 success=no exit=-2 a0=bfb57168 a1=8000 a2=1b6 a3=9752d80 items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163787530.286:13970): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=AVC msg=audit(1163787530.286:13970): avc: denied { execute_no_trans } for pid=18383 comm="userhelper" name="xauth" dev=dm-0 ino=10326959 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.286:13970): arch=40000003 syscall=11 success=yes exit=0 a0=156681 a1=bfb5812c a2=974cda8 a3=4 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787530.286:13970): path="/usr/bin/xauth"
+type=AVC msg=audit(1163787530.338:13971): avc: denied { search } for pid=18383 comm="xauth" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787530.338:13971): arch=40000003 syscall=195 success=no exit=-2 a0=bf99da97 a1=bf99d5ac a2=256ff4 a3=bf99d5ac items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13972): avc: denied { write } for pid=18383 comm="xauth" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.338:13972): avc: denied { add_name } for pid=18383 comm="xauth" name=".gdm0UWNIT-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.338:13972): avc: denied { create } for pid=18383 comm="xauth" name=".gdm0UWNIT-c" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13972): arch=40000003 syscall=5 success=yes exit=2 a0=bf99da97 a1=c1 a2=180 a3=ffffffff items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13973): avc: denied { link } for pid=18383 comm="xauth" name=".gdm0UWNIT-c" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13973): arch=40000003 syscall=9 success=yes exit=0 a0=bf99da97 a1=bf99d696 a2=da3a64 a3=2 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13974): avc: denied { write } for pid=18383 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13974): arch=40000003 syscall=33 success=yes exit=0 a0=bf99ef0e a1=2 a2=bf99dfc0 a3=0 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13975): avc: denied { read } for pid=18383 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13975): arch=40000003 syscall=5 success=yes exit=2 a0=bf99ef0e a1=0 a2=1b6 a3=8f3a008 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13976): avc: denied { getattr } for pid=18383 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13976): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bf99dd0c a2=256ff4 a3=8f3a008 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787530.338:13976): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163787530.338:13977): avc: denied { remove_name } for pid=18383 comm="xauth" name=".gdm0UWNIT-c" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.338:13977): avc: denied { unlink } for pid=18383 comm="xauth" name=".gdm0UWNIT-c" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13977): arch=40000003 syscall=10 success=yes exit=0 a0=bf99d687 a1=bf99d296 a2=da3a64 a3=bf99d286 items=0 ppid=18382 pid=18383 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.338:13978): avc: denied { write } for pid=18382 comm="userhelper" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.338:13978): avc: denied { add_name } for pid=18382 comm="userhelper" name=".xauth6LUkFr" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.338:13978): avc: denied { create } for pid=18382 comm="userhelper" name=".xauth6LUkFr" scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.338:13978): arch=40000003 syscall=5 success=yes exit=5 a0=9752ea3 a1=80c2 a2=180 a3=80c2 items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.362:13979): avc: denied { setattr } for pid=18382 comm="userhelper" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.362:13979): arch=40000003 syscall=207 success=yes exit=0 a0=5 a1=0 a2=0 a3=1565bf items=0 ppid=18381 pid=18382 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="userhelper" exe="/usr/sbin/userhelper" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=SELINUX_ERR msg=audit(1163787530.370:13980): security_compute_sid: invalid context staff_u:staff_r:staff_userhelper_t:s0 for scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
+type=SYSCALL msg=audit(1163787530.370:13980): arch=40000003 syscall=11 success=yes exit=0 a0=156681 a1=bfb5812c a2=974cda8 a3=4 items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.370:13981): avc: denied { link } for pid=18384 comm="xauth" name=".xauth6LUkFr-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.370:13981): arch=40000003 syscall=9 success=yes exit=0 a0=bff94887 a1=bff94486 a2=da3a64 a3=2 items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.374:13982): avc: denied { write } for pid=18384 comm="xauth" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.374:13982): arch=40000003 syscall=33 success=yes exit=0 a0=bff94f0a a1=2 a2=bff94db0 a3=0 items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.374:13983): avc: denied { read } for pid=18384 comm="xauth" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.374:13983): arch=40000003 syscall=5 success=yes exit=2 a0=bff94f0a a1=0 a2=1b6 a3=9ae4008 items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC msg=audit(1163787530.374:13984): avc: denied { getattr } for pid=18384 comm="xauth" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.374:13984): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bff94afc a2=34dff4 a3=9ae4008 items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787530.374:13984): path="/root/.xauth6LUkFr"
+type=AVC msg=audit(1163787530.394:13985): avc: denied { remove_name } for pid=18384 comm="xauth" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163787530.394:13985): avc: denied { unlink } for pid=18384 comm="xauth" name=".xauth6LUkFr" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_userhelper_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.394:13985): arch=40000003 syscall=10 success=yes exit=0 a0=9ae4008 a1=1000 a2=0 a3=9ae408a items=0 ppid=18382 pid=18384 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_userhelper_t:s0 key=(null)
+type=USER_START msg=audit(1163787530.398:13986): user pid=18382 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session open acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163787530.474:13987): avc: denied { append } for pid=18386 comm="system-config-s" name="scsrun.log" dev=dm-0 ino=13061665 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.474:13987): arch=40000003 syscall=5 success=yes exit=3 a0=83c6638 a1=8441 a2=1b6 a3=8441 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="system-config-s" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787530.522:13988): avc: denied { ioctl } for pid=18386 comm="python2" name="scsrun.log" dev=dm-0 ino=13061665 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.522:13988): arch=40000003 syscall=54 success=no exit=-25 a0=1 a1=5401 a2=bfefd968 a3=bfefd9a8 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787530.522:13988): path="/root/scsrun.log"
+type=AVC msg=audit(1163787530.666:13989): avc: denied { read } for pid=18386 comm="python2" name="modules.alias" dev=dm-0 ino=13720583 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.666:13989): arch=40000003 syscall=5 success=yes exit=6 a0=8183418 a1=0 a2=81e1098 a3=0 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787530.702:13990): avc: denied { read } for pid=18386 comm="python2" name="mga.xinf" dev=dm-0 ino=10607363 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787530.702:13990): arch=40000003 syscall=5 success=yes exit=7 a0=820c060 a1=0 a2=a a3=820b002 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787531.198:13991): avc: denied { read } for pid=18386 comm="python2" name=".xauth6LUkFr" dev=dm-0 ino=13127398 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787531.198:13991): arch=40000003 syscall=33 success=yes exit=0 a0=bfefdfc5 a1=4 a2=da3a64 a3=bfefdfc5 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787531.286:13992): avc: denied { dac_override } for pid=18386 comm="python2" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163787531.286:13992): arch=40000003 syscall=5 success=no exit=-2 a0=83dce88 a1=8000 a2=1b6 a3=83d7198 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787531.682:13993): avc: denied { syslog_console } for pid=18386 comm="python2" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
+type=SYSCALL msg=audit(1163787531.682:13993): arch=40000003 syscall=103 success=yes exit=0 a0=8 a1=0 a2=1 a3=aca369 items=0 ppid=18385 pid=18386 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python2" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787539.130:13994): avc: denied { execute } for pid=18392 comm="python2" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163787539.130:13994): avc: denied { execute_no_trans } for pid=18392 comm="python2" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163787539.130:13994): avc: denied { read } for pid=18392 comm="python2" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787539.130:13994): arch=40000003 syscall=11 success=yes exit=0 a0=8750d70 a1=8750b90 a2=bfefdc90 a3=8184d18 items=0 ppid=18386 pid=18392 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787539.130:13994): path="/sbin/modprobe"
+type=AVC_PATH msg=audit(1163787539.130:13994): path="/sbin/modprobe"
+type=AVC msg=audit(1163787539.250:13995): avc: denied { read write } for pid=18392 comm="modprobe" name="snd.ko" dev=dm-0 ino=13720454 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787539.250:13995): arch=40000003 syscall=5 success=yes exit=3 a0=9aec0bc a1=2 a2=0 a3=9aec0bc items=0 ppid=18386 pid=18392 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787539.294:13996): avc: denied { lock } for pid=18392 comm="modprobe" name="snd.ko" dev=dm-0 ino=13720454 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787539.294:13996): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfcd1ec0 a3=bfcd1ec0 items=0 ppid=18386 pid=18392 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787539.294:13996): path="/lib/modules/2.6.18-1.2849.fc6xen/kernel/sound/core/snd.ko"
+type=AVC msg=audit(1163787557.768:13997): avc: denied { write } for pid=18393 comm="system-config-s" name="scsconfig.log" dev=dm-0 ino=13061681 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787557.768:13997): arch=40000003 syscall=5 success=yes exit=3 a0=84c5450 a1=8241 a2=1b6 a3=8241 items=0 ppid=18386 pid=18393 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="system-config-s" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_END msg=audit(1163787563.272:13998): user pid=18382 uid=500 auid=500 subj=staff_u:staff_r:staff_userhelper_t:s0 msg='PAM: session close acct=root : exe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=? res=success)'
+type=AVC msg=audit(1163787586.537:13999): avc: denied { write } for pid=18412 comm="vi" name="modprobe.conf" dev=dm-0 ino=9331083 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787586.537:13999): arch=40000003 syscall=33 success=yes exit=0 a0=9da4040 a1=2 a2=1a4 a3=1 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787586.541:14000): avc: denied { write } for pid=18412 comm="vi" name="etc" dev=dm-0 ino=9329761 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163787586.541:14000): avc: denied { add_name } for pid=18412 comm="vi" name=".modprobe.conf.swp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163787586.541:14000): avc: denied { create } for pid=18412 comm="vi" name=".modprobe.conf.swp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787586.541:14000): arch=40000003 syscall=5 success=yes exit=4 a0=9da6140 a1=80c2 a2=180 a3=80c2 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787586.541:14001): avc: denied { remove_name } for pid=18412 comm="vi" name=".modprobe.conf.swx" dev=dm-0 ino=9331575 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=AVC msg=audit(1163787586.541:14001): avc: denied { unlink } for pid=18412 comm="vi" name=".modprobe.conf.swx" dev=dm-0 ino=9331575 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787586.541:14001): arch=40000003 syscall=10 success=yes exit=0 a0=9da6128 a1=2b3 a2=5 a3=9da6152 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787586.541:14002): avc: denied { write } for pid=18412 comm="vi" name=".modprobe.conf.swp" dev=dm-0 ino=9331140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787586.541:14002): arch=40000003 syscall=4 success=yes exit=4096 a0=4 a1=9db32d8 a2=1000 a3=1 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163787586.541:14002): path="/etc/.modprobe.conf.swp"
+type=AVC msg=audit(1163787586.541:14003): avc: denied { setattr } for pid=18412 comm="vi" name=".modprobe.conf.swp" dev=dm-0 ino=9331140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787586.541:14003): arch=40000003 syscall=15 success=yes exit=0 a0=9da6140 a1=1a4 a2=1a4 a3=1 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163787602.002:14004): user pid=18415 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163787602.002:14005): login pid=18415 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163787602.006:14006): user pid=18415 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163787602.006:14007): user pid=18415 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163787602.010:14008): avc: denied { execute } for pid=18416 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163787602.010:14008): avc: denied { execute_no_trans } for pid=18416 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787602.010:14008): arch=40000003 syscall=11 success=yes exit=0 a0=859f1b0 a1=859f358 a2=859f290 a3=859f008 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163787602.010:14008): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163787602.022:14009): avc: denied { execute } for pid=18416 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163787602.022:14009): avc: denied { execute_no_trans } for pid=18416 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163787602.022:14009): avc: denied { read } for pid=18416 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787602.022:14009): arch=40000003 syscall=11 success=yes exit=0 a0=859fd48 a1=859f740 a2=859fd60 a3=859f740 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163787602.022:14009): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163787602.022:14009): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163787602.026:14010): avc: denied { search } for pid=18416 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787602.026:14010): arch=40000003 syscall=33 success=yes exit=0 a0=bfadefb4 a1=0 a2=bfadeea8 a3=bfadeeb0 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163787602.026:14011): avc: denied { read append } for pid=18416 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787602.026:14011): arch=40000003 syscall=5 success=yes exit=3 a0=bfadefb4 a1=402 a2=bfadf178 a3=bfadeeb0 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163787602.026:14012): avc: denied { search } for pid=18416 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787602.026:14012): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=8901348 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163787602.030:14013): avc: denied { search } for pid=18416 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163787602.030:14013): arch=40000003 syscall=5 success=no exit=-2 a0=8050215 a1=0 a2=1b6 a3=8901348 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163787602.030:14014): avc: denied { lock } for pid=18416 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787602.030:14014): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfadeeb0 a3=3 items=0 ppid=18415 pid=18416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163787602.030:14014): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163787602.038:14015): user pid=18415 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163787602.038:14016): user pid=18415 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163787610.395:14017): avc: denied { rename } for pid=18412 comm="vi" name="modprobe.conf" dev=dm-0 ino=9331083 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787610.395:14017): arch=40000003 syscall=38 success=yes exit=0 a0=9da4040 a1=9da61d8 a2=9da61d8 a3=9da4040 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787610.403:14018): avc: denied { relabelfrom } for pid=18412 comm="vi" name="modprobe.conf" dev=dm-0 ino=9331575 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:etc_t:s0 tclass=file
+type=AVC msg=audit(1163787610.403:14018): avc: denied { relabelto } for pid=18412 comm="vi" name="modprobe.conf" dev=dm-0 ino=9331575 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787610.403:14018): arch=40000003 syscall=226 success=yes exit=0 a0=9da4040 a1=a2f0d3 a2=9da5358 a3=23 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787610.403:14019): avc: denied { setattr } for pid=18412 comm="vi" name="modprobe.conf" dev=dm-0 ino=9331575 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787610.403:14019): arch=40000003 syscall=15 success=yes exit=0 a0=9da4040 a1=81a4 a2=1 a3=0 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163787610.403:14020): avc: denied { unlink } for pid=18412 comm="vi" name="modprobe.conz~" dev=dm-0 ino=9331083 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
+type=SYSCALL msg=audit(1163787610.403:14020): arch=40000003 syscall=10 success=yes exit=0 a0=9da61d8 a1=9da61d8 a2=1 a3=0 items=0 ppid=16590 pid=18412 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163788069.316:14021): avc: denied { getattr } for pid=18433 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163788069.316:14021): arch=40000003 syscall=195 success=yes exit=0 a0=91f4a10 a1=b2c8f0cc a2=758aff4 a3=4 items=0 ppid=1 pid=18433 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788069.316:14021): path="/home/kmacmill/.evolution"
+type=AVC msg=audit(1163788069.316:14022): avc: denied { search } for pid=18433 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163788069.316:14022): arch=40000003 syscall=33 success=yes exit=0 a0=91f4a10 a1=0 a2=bae708 a3=10 items=0 ppid=1 pid=18433 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788069.316:14023): avc: denied { read } for pid=18433 comm="evolution" name="INBOX" dev=dm-0 ino=6809503 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163788069.316:14023): arch=40000003 syscall=5 success=yes exit=25 a0=9215ed0 a1=18800 a2=758c120 a3=9215ed0 items=0 ppid=1 pid=18433 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788070.660:14024): avc: denied { write } for pid=18433 comm="evolution" name="memos" dev=dm-0 ino=6814327 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163788070.660:14024): avc: denied { add_name } for pid=18433 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163788070.660:14024): arch=40000003 syscall=5 success=yes exit=43 a0=b2c8efe0 a1=242 a2=180 a3=9240268 items=0 ppid=1 pid=18433 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788070.676:14025): avc: denied { remove_name } for pid=18433 comm="evolution" name="summary~" dev=dm-0 ino=6815422 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163788070.676:14025): arch=40000003 syscall=38 success=yes exit=0 a0=b2c8efe0 a1=9240268 a2=1dcbd8 a3=8c3c7bc items=0 ppid=1 pid=18433 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163788201.080:14026): user pid=18445 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163788201.080:14027): login pid=18445 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163788201.080:14028): user pid=18445 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163788201.080:14029): user pid=18445 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163788201.100:14030): user pid=18445 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163788201.100:14031): user pid=18445 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163788520.688:14032): avc: denied { write } for pid=16541 comm="firefox-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163788520.688:14032): avc: denied { add_name } for pid=16541 comm="firefox-bin" name="5e6k208m" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163788520.688:14032): avc: denied { create } for pid=16541 comm="firefox-bin" name="5e6k208m" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788520.688:14032): arch=40000003 syscall=5 success=yes exit=23 a0=b999b68 a1=82c1 a2=180 a3=82c1 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788520.688:14033): avc: denied { write } for pid=16541 comm="firefox-bin" name="5e6k208m" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788520.688:14033): arch=40000003 syscall=5 success=yes exit=23 a0=b999b68 a1=8041 a2=180 a3=8041 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788523.588:14034): avc: denied { getattr } for pid=16541 comm="firefox-bin" name="15.pdf" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788523.588:14034): arch=40000003 syscall=195 success=yes exit=0 a0=c76bca8 a1=bfad2d70 a2=10b0ff4 a3=bfad2d70 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788523.588:14034): path="/tmp/15.pdf"
+type=AVC msg=audit(1163788523.588:14035): avc: denied { remove_name } for pid=16541 comm="firefox-bin" name="15.pdf" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163788523.588:14035): avc: denied { unlink } for pid=16541 comm="firefox-bin" name="15.pdf" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788523.588:14035): arch=40000003 syscall=10 success=yes exit=0 a0=c76bca8 a1=0 a2=4a4e304 a3=0 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788523.588:14036): avc: denied { rename } for pid=16541 comm="firefox-bin" name="5e6k208m" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788523.588:14036): arch=40000003 syscall=38 success=yes exit=0 a0=b999b68 a1=bfad2e3c a2=4a4e304 a3=0 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788523.900:14037): avc: denied { read } for pid=18462 comm="evince" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788523.900:14037): arch=40000003 syscall=33 success=yes exit=0 a0=bf852f48 a1=4 a2=da3a64 a3=bf852f48 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788523.900:14038): avc: denied { getattr } for pid=18462 comm="evince" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788523.900:14038): arch=40000003 syscall=197 success=yes exit=0 a0=11 a1=bf85064c a2=f35ff4 a3=8800160 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788523.900:14038): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163788524.032:14039): avc: denied { search } for pid=18462 comm="evince" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163788524.032:14039): avc: denied { write } for pid=18462 comm="evince" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163788524.032:14039): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf850750 a2=df7770 a3=16 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788524.032:14040): avc: denied { read } for pid=18462 comm="evince" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788524.032:14040): arch=40000003 syscall=33 success=yes exit=0 a0=88243f0 a1=4 a2=df7770 a3=88243f0 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788524.032:14041): avc: denied { getattr } for pid=18462 comm="evince" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788524.032:14041): arch=40000003 syscall=197 success=yes exit=0 a0=2a a1=bf8507ec a2=f35ff4 a3=8824ce0 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788524.032:14041): path="/home/kmacmill/.ICEauthority"
+type=AVC msg=audit(1163788524.860:14042): avc: denied { read } for pid=18463 comm="evince" name="15.pdf" dev=dm-0 ino=14469449 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788524.860:14042): arch=40000003 syscall=5 success=yes exit=59 a0=8a07a38 a1=8000 a2=1b6 a3=8a15668 items=0 ppid=16541 pid=18463 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788525.116:14043): avc: denied { create } for pid=18462 comm="evince" name=".recently-used.xbel.Y9V8IT" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788525.116:14043): arch=40000003 syscall=5 success=yes exit=60 a0=8a531e8 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788525.120:14044): avc: denied { write } for pid=18462 comm="evince" name=".recently-used.xbel.Y9V8IT" dev=dm-0 ino=6573261 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788525.120:14044): arch=40000003 syscall=4 success=yes exit=102400 a0=3c a1=8a53c38 a2=19000 a3=19000 items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788525.120:14044): path="/home/kmacmill/.recently-used.xbel.Y9V8IT"
+type=AVC msg=audit(1163788525.120:14045): avc: denied { rename } for pid=18462 comm="evince" name=".recently-used.xbel.Y9V8IT" dev=dm-0 ino=6573261 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=AVC msg=audit(1163788525.120:14045): avc: denied { unlink } for pid=18462 comm="evince" name=".recently-used.xbel" dev=dm-0 ino=11885042 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788525.120:14045): arch=40000003 syscall=38 success=yes exit=0 a0=8a52d98 a1=886f550 a2=7b1708 a3=b7f9e8cc items=0 ppid=16541 pid=18462 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163788526.164:14046): avc: denied { read } for pid=16429 comm="gnome-panel" name=".recently-used.xbel" dev=dm-0 ino=6573261 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163788526.164:14046): arch=40000003 syscall=5 success=yes exit=31 a0=8d54aa0 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=16429 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-panel" exe="/usr/bin/gnome-panel" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163788669.349:14047): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163788669.349:14047): arch=40000003 syscall=3 success=yes exit=94 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788669.349:14047): path="/dev/net/tun"
+type=AVC msg=audit(1163788669.413:14048): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163788669.413:14048): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163788669.413:14048): path="/dev/net/tun"
+type=USER_ACCT msg=audit(1163788801.141:14049): user pid=18478 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163788801.141:14050): login pid=18478 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163788801.141:14051): user pid=18478 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163788801.141:14052): user pid=18478 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163788801.169:14053): user pid=18478 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163788801.169:14054): user pid=18478 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163789401.211:14055): user pid=18502 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163789401.211:14056): login pid=18502 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163789401.211:14057): user pid=18502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163789401.211:14058): user pid=18502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163789401.231:14059): user pid=18502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163789401.231:14060): user pid=18502 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163789555.316:14061): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163789555.316:14061): arch=40000003 syscall=102 success=yes exit=165 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.316:14062): avc: denied { write } for pid=11049 comm="udevd" name="uevent_seqnum" dev=tmpfs ino=1522 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.316:14062): arch=40000003 syscall=5 success=yes exit=9 a0=bfee5668 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.316:14063): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14063): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14063): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163789555.316:14063): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.316:14064): avc: denied { add_name } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14064): avc: denied { create } for pid=11049 comm="udevd" name="queue" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163789555.316:14064): arch=40000003 syscall=39 success=yes exit=0 a0=bfedae8c a1=1ed a2=791234 a3=bfedae8c items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.316:14065): avc: denied { write } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=217561 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14065): avc: denied { add_name } for pid=11049 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14065): avc: denied { create } for pid=11049 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.316:14065): arch=40000003 syscall=5 success=yes exit=9 a0=bfedb2c8 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.316:14066): avc: denied { write } for pid=11049 comm="udevd" name=".udev" dev=tmpfs ino=1521 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14066): avc: denied { remove_name } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.316:14066): avc: denied { rmdir } for pid=11049 comm="udevd" name="failed" dev=tmpfs ino=3876 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163789555.316:14066): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae88 a1=2f2f2f2f a2=791234 a3=bfedae92 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.396:14067): avc: denied { sendto } for pid=18508 comm="udevd" path=002F6F72672F667265656465736B746F702F68616C2F756465765F6576656E74 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=unix_dgram_socket
+type=SYSCALL msg=audit(1163789555.396:14067): arch=40000003 syscall=102 success=yes exit=201 a0=b a1=bfed27a0 a2=791234 a3=c9 items=0 ppid=11049 pid=18508 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.400:14068): avc: denied { remove_name } for pid=11049 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1" dev=tmpfs ino=217562 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.400:14068): avc: denied { unlink } for pid=11049 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1" dev=tmpfs ino=217562 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.400:14068): arch=40000003 syscall=10 success=yes exit=0 a0=bfedb2b8 a1=ffffffff a2=791234 a3=791418 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.400:14069): avc: denied { rmdir } for pid=11049 comm="udevd" name="queue" dev=tmpfs ino=217561 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163789555.400:14069): arch=40000003 syscall=40 success=no exit=-39 a0=bfedae78 a1=2f2f2f2f a2=791234 a3=bfedae82 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.408:14070): avc: denied { execute } for pid=18513 comm="udevd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.408:14070): avc: denied { execute_no_trans } for pid=18513 comm="udevd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.408:14070): avc: denied { read } for pid=18513 comm="udevd" name="modprobe" dev=dm-0 ino=9984520 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.408:14071): avc: denied { mknod } for pid=18511 comm="udevd" capability=27 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163789555.408:14071): avc: denied { add_name } for pid=18511 comm="udevd" name="usbdev4.3_ep00" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
+type=AVC msg=audit(1163789555.408:14071): avc: denied { create } for pid=18511 comm="udevd" name="usbdev4.3_ep00" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163789555.408:14071): arch=40000003 syscall=14 success=yes exit=0 a0=bfed2dc4 a1=2180 a2=181ba02 a3=180 items=0 ppid=11049 pid=18511 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.408:14072): avc: denied { setattr } for pid=18511 comm="udevd" name="usbdev4.3_ep00" dev=tmpfs ino=217621 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163789555.408:14072): arch=40000003 syscall=15 success=yes exit=0 a0=bfed2dc4 a1=2180 a2=791234 a3=0 items=0 ppid=11049 pid=18511 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.408:14073): avc: denied { create } for pid=18511 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1@usbdev4.3_ep00" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163789555.408:14073): arch=40000003 syscall=83 success=yes exit=0 a0=9526ccc a1=bfed2dc8 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=18511 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=SYSCALL msg=audit(1163789555.408:14070): arch=40000003 syscall=11 success=yes exit=0 a0=bfed2e48 a1=bfed23ac a2=9526298 a3=3 items=0 ppid=18512 pid=18513 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163789555.408:14070): path="/sbin/modprobe"
+type=AVC_PATH msg=audit(1163789555.408:14070): path="/sbin/modprobe"
+type=AVC msg=audit(1163789555.412:14074): avc: denied { read } for pid=18513 comm="modprobe" name="modules.dep" dev=dm-0 ino=13720574 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:modules_object_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.412:14074): arch=40000003 syscall=5 success=yes exit=3 a0=9fd4118 a1=0 a2=1b6 a3=9fd4300 items=0 ppid=18512 pid=18513 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.496:14075): avc: denied { rename } for pid=11049 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1@4-1:1.0" dev=tmpfs ino=217572 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.496:14075): arch=40000003 syscall=38 success=yes exit=0 a0=bfedb2b8 a1=bfedb0b8 a2=791234 a3=bfedb0b8 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.484:14076): avc: denied { execute } for pid=18516 comm="udevd" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.508:14077): avc: denied { execute } for pid=18524 comm="udevd" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.484:14076): avc: denied { execute_no_trans } for pid=18516 comm="udevd" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=AVC msg=audit(1163789555.484:14076): avc: denied { read } for pid=18516 comm="udevd" name="pam_console_apply" dev=dm-0 ino=9984592 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_console_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.484:14076): arch=40000003 syscall=11 success=yes exit=0 a0=bfed2e48 a1=bfed23ac a2=9526298 a3=3 items=0 ppid=18511 pid=18516 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pam_console_app" exe="/sbin/pam_console_apply" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163789555.484:14076): path="/sbin/pam_console_apply"
+type=AVC_PATH msg=audit(1163789555.484:14076): path="/sbin/pam_console_apply"
+type=SYSCALL msg=audit(1163789555.508:14077): arch=40000003 syscall=11 success=yes exit=0 a0=bfed2e48 a1=bfed23ac a2=9526298 a3=3 items=0 ppid=18519 pid=18524 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pam_console_app" exe="/sbin/pam_console_apply" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789555.740:14078): avc: denied { read } for pid=18516 comm="pam_console_app" name="console.lock" dev=dm-0 ino=14437305 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:pam_var_console_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789555.740:14078): arch=40000003 syscall=5 success=yes exit=3 a0=804c1fc a1=8000 a2=0 a3=8000 items=0 ppid=18511 pid=18516 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pam_console_app" exe="/sbin/pam_console_apply" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789593.139:14079): avc: denied { execmem } for pid=18532 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163789593.139:14079): arch=40000003 syscall=192 success=yes exit=81354752 a0=4d96000 a1=1a000 a2=7 a3=812 items=0 ppid=16501 pid=18532 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789593.139:14080): avc: denied { execstack } for pid=18532 comm="gnome-screensav" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163789593.139:14080): arch=40000003 syscall=125 success=yes exit=0 a0=bff9b000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=16501 pid=18532 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789593.163:14081): avc: denied { execute } for pid=18532 comm="gnome-screensav" name="zero" dev=tmpfs ino=1493 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163789593.163:14081): arch=40000003 syscall=192 success=yes exit=2953216 a0=0 a1=2000 a2=7 a3=2 items=0 ppid=16501 pid=18532 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163789593.163:14081): path="/dev/zero"
+type=AVC msg=audit(1163789593.167:14082): avc: denied { read } for pid=18532 comm="gnome-screensav" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163789593.167:14082): arch=40000003 syscall=33 success=yes exit=0 a0=bff9ce8e a1=4 a2=da3a64 a3=bff9ce8e items=0 ppid=16501 pid=18532 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163789869.328:14083): avc: denied { send_msg } for pid=18541 comm="evolution" saddr=10.11.14.219 src=37722 daddr=10.11.255.15 dest=993 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163789869.328:14083): arch=40000003 syscall=102 success=yes exit=42 a0=9 a1=aa35aeb0 a2=4932550 a3=0 items=0 ppid=1 pid=18541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163789869.396:14084): avc: denied { recv_msg } for pid=15069 comm="vpnc" saddr=10.11.255.15 src=993 daddr=10.11.14.219 dest=37722 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163789869.396:14084): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163790001.272:14085): user pid=18550 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163790001.276:14086): login pid=18550 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163790001.276:14087): user pid=18550 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163790001.276:14088): user pid=18550 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163790001.292:14089): user pid=18550 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163790001.292:14090): user pid=18550 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163790061.312:14091): user pid=18553 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163790061.312:14092): login pid=18553 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163790061.312:14093): user pid=18553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163790061.312:14094): user pid=18553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163790061.328:14095): avc: denied { getattr } for pid=18554 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.328:14095): arch=40000003 syscall=195 success=yes exit=0 a0=901b120 a1=bf95a210 a2=f08ff4 a3=901b120 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.328:14095): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163790061.328:14096): avc: denied { execute } for pid=18554 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.328:14096): arch=40000003 syscall=33 success=yes exit=0 a0=901b120 a1=1 a2=11 a3=901b120 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163790061.328:14097): avc: denied { read } for pid=18554 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.328:14097): arch=40000003 syscall=33 success=yes exit=0 a0=901b120 a1=4 a2=ffffffff a3=901b120 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163790061.328:14098): avc: denied { execute_no_trans } for pid=18554 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.328:14098): arch=40000003 syscall=11 success=yes exit=0 a0=901b120 a1=901b3d8 a2=901b2f8 a3=901af98 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.328:14098): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163790061.328:14099): avc: denied { ioctl } for pid=18554 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.328:14099): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfaa9d88 a3=bfaa9dc8 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.328:14099): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163790061.332:14100): avc: denied { execute } for pid=18554 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.332:14100): arch=40000003 syscall=33 success=yes exit=0 a0=904f990 a1=1 a2=1 a3=904fc98 items=0 ppid=18553 pid=18554 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163790061.332:14101): avc: denied { execute_no_trans } for pid=18555 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.332:14101): arch=40000003 syscall=11 success=yes exit=0 a0=904fa10 a1=904fad8 a2=904fae8 a3=904f758 items=0 ppid=18554 pid=18555 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.332:14101): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1163790061.336:14102): avc: denied { execute } for pid=18556 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163790061.336:14102): avc: denied { execute_no_trans } for pid=18556 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163790061.336:14102): avc: denied { read } for pid=18556 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.336:14102): arch=40000003 syscall=11 success=yes exit=0 a0=98fd678 a1=98fd808 a2=98fd720 a3=98fd508 items=0 ppid=18555 pid=18556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.336:14102): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1163790061.336:14102): path="/sbin/chkconfig"
+type=AVC msg=audit(1163790061.340:14103): avc: denied { read } for pid=18556 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.340:14103): arch=40000003 syscall=5 success=yes exit=3 a0=bf98f450 a1=0 a2=ffffffff a3=899e038 items=0 ppid=18555 pid=18556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163790061.340:14104): avc: denied { getattr } for pid=18556 comm="chkconfig" name="innd" dev=dm-0 ino=9331492 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790061.340:14104): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf98f3bc a2=9d5ff4 a3=bf98f3bc items=0 ppid=18555 pid=18556 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790061.340:14104): path="/etc/rc.d/init.d/innd"
+type=CRED_DISP msg=audit(1163790061.360:14105): user pid=18553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163790061.360:14106): user pid=18553 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163790189.352:14107): avc: denied { read } for pid=8116 comm="dhclient" name="[31406]" dev=sockfs ino=31406 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=packet_socket
+type=SYSCALL msg=audit(1163790189.352:14107): arch=40000003 syscall=3 success=yes exit=590 a0=6 a1=bf923428 a2=600 a3=9604620 items=0 ppid=8112 pid=8116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790189.352:14107): path="socket:[31406]"
+type=AVC msg=audit(1163790302.383:14108): avc: denied { search } for pid=18577 comm="thunderbird" name="locale" dev=dm-0 ino=10311858 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163790302.383:14108): avc: denied { read } for pid=18577 comm="thunderbird" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14108): arch=40000003 syscall=5 success=yes exit=3 a0=32ab60 a1=8000 a2=1 a3=bfdfd220 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.383:14109): avc: denied { getattr } for pid=18577 comm="thunderbird" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14109): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=342aa0 a2=341ff4 a3=bfdfd220 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.383:14109): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1163790302.383:14110): avc: denied { read } for pid=18577 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14110): arch=40000003 syscall=5 success=yes exit=3 a0=329afa a1=0 a2=1b6 a3=812aa60 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.383:14111): avc: denied { getattr } for pid=18577 comm="thunderbird" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14111): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfdfb398 a2=341ff4 a3=812aa60 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.383:14111): path="/proc/meminfo"
+type=AVC msg=audit(1163790302.383:14112): avc: denied { read } for pid=18577 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14112): arch=40000003 syscall=5 success=yes exit=3 a0=32ab3c a1=0 a2=0 a3=bfdfd480 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.383:14113): avc: denied { getattr } for pid=18577 comm="thunderbird" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.383:14113): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfdfd328 a2=341ff4 a3=3 items=0 ppid=1 pid=18577 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.383:14113): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1163790302.939:14114): avc: denied { read } for pid=18589 comm="thunderbird-bin" name="locale.alias" dev=dm-0 ino=10314034 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.939:14114): arch=40000003 syscall=5 success=yes exit=3 a0=bf8c4d00 a1=0 a2=1b6 a3=8ae5f08 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.939:14115): avc: denied { getattr } for pid=18589 comm="thunderbird-bin" name="locale.alias" dev=dm-0 ino=10314034 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.939:14115): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bf8c4b9c a2=f14ff4 a3=8ae5f08 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.939:14115): path="/usr/share/locale/locale.alias"
+type=AVC msg=audit(1163790302.939:14116): avc: denied { search } for pid=18589 comm="thunderbird-bin" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163790302.939:14116): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bf8c4c70 a2=f14ff4 a3=3 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.947:14117): avc: denied { read } for pid=18589 comm="thunderbird-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.947:14117): arch=40000003 syscall=33 success=yes exit=0 a0=bf8c7f72 a1=4 a2=da3a64 a3=bf8c7f72 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.947:14118): avc: denied { getattr } for pid=18589 comm="thunderbird-bin" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790302.947:14118): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf8c49fc a2=f14ff4 a3=8ad9558 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.947:14118): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163790302.959:14119): avc: denied { read } for pid=18589 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163790302.959:14119): arch=40000003 syscall=5 success=yes exit=10 a0=249880 a1=8000 a2=1b6 a3=8b103c0 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790302.959:14120): avc: denied { getattr } for pid=18589 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163790302.959:14120): arch=40000003 syscall=197 success=yes exit=0 a0=a a1=bf8c495c a2=f14ff4 a3=8b103c0 items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.959:14120): path="/dev/urandom"
+type=AVC msg=audit(1163790302.959:14121): avc: denied { ioctl } for pid=18589 comm="thunderbird-bin" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163790302.959:14121): arch=40000003 syscall=54 success=no exit=-22 a0=a a1=5401 a2=bf8c48bc a3=bf8c48fc items=0 ppid=18584 pid=18589 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790302.959:14121): path="/dev/urandom"
+type=AVC msg=audit(1163790303.447:14122): avc: denied { search } for pid=18600 comm="thunderbird-bin" name=".mozilla" dev=dm-0 ino=6547337 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163790303.447:14122): arch=40000003 syscall=33 success=yes exit=0 a0=9fd2300 a1=0 a2=ab3bdc a3=bfc61b6c items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790303.743:14123): avc: denied { read } for pid=18600 comm="thunderbird-bin" name="xpinstall.js" dev=dm-0 ino=10739315 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790303.743:14123): arch=40000003 syscall=5 success=yes exit=16 a0=9fdb320 a1=8000 a2=0 a3=8000 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790304.003:14124): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790304.003:14124): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790304.003:14124): path="/var/run/utmp"
+type=AVC msg=audit(1163790304.255:14125): avc: denied { getattr } for pid=18600 comm="thunderbird-bin" name="offline.manifest" dev=dm-0 ino=10737672 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790304.255:14125): arch=40000003 syscall=195 success=yes exit=0 a0=a02c418 a1=bfc6107c a2=1113ff4 a3=bfc6107c items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790304.255:14125): path="/usr/lib/thunderbird-1.5.0.7/chrome/offline.manifest"
+type=AVC msg=audit(1163790307.399:14126): avc: denied { read } for pid=18600 comm="thunderbird-bin" name="3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2" dev=dm-0 ino=14437317 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790307.399:14126): arch=40000003 syscall=5 success=yes exit=26 a0=a3055a8 a1=0 a2=735bf000 a3=a2f9c78 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790307.399:14127): avc: denied { getattr } for pid=18600 comm="thunderbird-bin" name="3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2" dev=dm-0 ino=14437317 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790307.399:14127): arch=40000003 syscall=197 success=yes exit=0 a0=1a a1=bfc6024c a2=1113ff4 a3=bfc6024c items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790307.399:14127): path="/var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-x86.cache-2"
+type=AVC msg=audit(1163790309.540:14128): avc: denied { search } for pid=18607 comm="netstat" name="sys" dev=proc ino=-268435429 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir
+type=AVC msg=audit(1163790309.540:14128): avc: denied { search } for pid=18607 comm="netstat" name="net" dev=proc ino=-268435343 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163790309.540:14128): arch=40000003 syscall=33 success=no exit=-2 a0=805f53c a1=4 a2=8064740 a3=8 items=0 ppid=18600 pid=18607 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="netstat" exe="/bin/netstat" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790309.952:14129): avc: denied { create } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163790309.952:14129): arch=40000003 syscall=102 success=yes exit=36 a0=1 a1=b2ffe1d4 a2=1113ff4 a3=0 items=0 ppid=18595 pid=18609 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790309.952:14130): avc: denied { bind } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163790309.952:14130): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b2ffe1d4 a2=1113ff4 a3=24 items=0 ppid=18595 pid=18609 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790309.952:14131): avc: denied { getattr } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163790309.952:14131): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b2ffe1d4 a2=1113ff4 a3=24 items=0 ppid=18595 pid=18609 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790309.952:14132): avc: denied { write } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163790309.952:14132): avc: denied { nlmsg_read } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163790309.952:14132): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b2ffd10c a2=1113ff4 a3=0 items=0 ppid=18595 pid=18609 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790309.952:14133): avc: denied { read } for pid=18609 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163790309.952:14133): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b2ffd10c a2=1113ff4 a3=0 items=0 ppid=18595 pid=18609 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163790486.511:14134): avc: denied { read } for pid=11049 comm="udevd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=netlink_kobject_uevent_socket
+type=SYSCALL msg=audit(1163790486.511:14134): arch=40000003 syscall=102 success=yes exit=214 a0=a a1=bfedb480 a2=791234 a3=0 items=0 ppid=1 pid=11049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163790486.511:14135): avc: denied { unlink } for pid=18623 comm="udevd" name="devices@pci0000:00@0000:00:1d.3@usb4@4-1@4-1:1.0@usbdev4.3_ep01" dev=tmpfs ino=217656 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:device_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163790486.511:14135): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dcc a1=4d a2=791234 a3=bfed2dcc items=0 ppid=11049 pid=18623 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163790486.511:14136): avc: denied { getattr } for pid=18623 comm="udevd" name="usbdev4.3_ep01" dev=tmpfs ino=217655 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163790486.511:14136): arch=40000003 syscall=195 success=yes exit=0 a0=bfed2dc8 a1=bfed2b68 a2=24bff4 a3=bfed2dc8 items=0 ppid=11049 pid=18623 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163790486.511:14136): path="/dev/usbdev4.3_ep01"
+type=AVC msg=audit(1163790486.511:14137): avc: denied { unlink } for pid=18623 comm="udevd" name="usbdev4.3_ep01" dev=tmpfs ino=217655 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163790486.511:14137): arch=40000003 syscall=10 success=yes exit=0 a0=bfed2dc8 a1=0 a2=791234 a3=bfed2dc8 items=0 ppid=11049 pid=18623 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="udevd" exe="/sbin/udevd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163790601.398:14138): user pid=18645 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163790601.402:14139): login pid=18645 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163790601.402:14140): user pid=18645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163790601.402:14141): user pid=18645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163790601.410:14142): avc: denied { search } for pid=18646 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163790601.410:14142): avc: denied { read } for pid=18646 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790601.410:14142): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=9ae77f8 items=0 ppid=18645 pid=18646 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163790601.410:14143): avc: denied { getattr } for pid=18646 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163790601.410:14143): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfce8e18 a2=659ff4 a3=9ae77f8 items=0 ppid=18645 pid=18646 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163790601.410:14143): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1163790601.422:14144): user pid=18645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163790601.422:14145): user pid=18645 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163791047.922:14146): avc: denied { create } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163791047.922:14146): arch=40000003 syscall=102 success=yes exit=50 a0=1 a1=b68a61d4 a2=1113ff4 a3=0 items=0 ppid=18595 pid=18662 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791047.922:14147): avc: denied { bind } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163791047.922:14147): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=b68a61d4 a2=1113ff4 a3=32 items=0 ppid=18595 pid=18662 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791047.922:14148): avc: denied { getattr } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163791047.922:14148): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=b68a61d4 a2=1113ff4 a3=32 items=0 ppid=18595 pid=18662 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791047.922:14149): avc: denied { write } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163791047.922:14149): avc: denied { nlmsg_read } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163791047.922:14149): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=b68a510c a2=1113ff4 a3=0 items=0 ppid=18595 pid=18662 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791047.922:14150): avc: denied { read } for pid=18662 comm="thunderbird-bin" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163791047.922:14150): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=b68a510c a2=1113ff4 a3=0 items=0 ppid=18595 pid=18662 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791086.004:14151): avc: denied { write } for pid=18600 comm="thunderbird-bin" name="tmp" dev=dm-0 ino=14469313 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163791086.004:14151): avc: denied { add_name } for pid=18600 comm="thunderbird-bin" name="nsmail.eml" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163791086.004:14151): avc: denied { create } for pid=18600 comm="thunderbird-bin" name="nsmail.eml" scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791086.004:14151): arch=40000003 syscall=5 success=yes exit=52 a0=ab774e0 a1=82c1 a2=180 a3=82c1 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791086.004:14152): avc: denied { write } for pid=18600 comm="thunderbird-bin" name="nsmail.eml" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791086.004:14152): arch=40000003 syscall=5 success=yes exit=52 a0=ade18e0 a1=8241 a2=180 a3=8241 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791086.012:14153): avc: denied { getattr } for pid=18600 comm="thunderbird-bin" name="nsmail.eml" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791086.012:14153): arch=40000003 syscall=195 success=yes exit=0 a0=ade18e0 a1=bfc5ebf4 a2=1113ff4 a3=bfc5ebf4 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163791086.012:14153): path="/tmp/nsmail.eml"
+type=AVC msg=audit(1163791086.356:14154): avc: denied { read } for pid=18600 comm="thunderbird-bin" name="nsmail.eml" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791086.356:14154): arch=40000003 syscall=5 success=yes exit=49 a0=ae24fd0 a1=8000 a2=0 a3=8000 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163791088.020:14155): avc: denied { remove_name } for pid=18600 comm="thunderbird-bin" name="nscopy.tmp" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163791088.020:14155): avc: denied { unlink } for pid=18600 comm="thunderbird-bin" name="nscopy.tmp" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791088.020:14155): arch=40000003 syscall=10 success=yes exit=0 a0=ae00688 a1=0 a2=1113ff4 a3=ae00688 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163791201.487:14156): user pid=18674 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163791201.487:14157): login pid=18674 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163791201.487:14158): user pid=18674 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163791201.487:14159): user pid=18674 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163791201.507:14160): user pid=18674 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163791201.507:14161): user pid=18674 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163791346.416:14162): avc: denied { write } for pid=18682 comm="nautilus" name=".recently-used.xbel" dev=dm-0 ino=6573261 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791346.416:14162): arch=40000003 syscall=33 success=yes exit=0 a0=8cbd4c8 a1=6 a2=7a7708 a3=d8db59 items=0 ppid=1 pid=18682 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163791347.192:14163): avc: denied { read write } for pid=18682 comm="nautilus" name=".gnupg" dev=dm-0 ino=6814310 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_gpg_secret_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163791347.192:14163): arch=40000003 syscall=33 success=yes exit=0 a0=8cbd4c8 a1=6 a2=7a7708 a3=d8db59 items=0 ppid=1 pid=18682 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163791381.359:14164): avc: denied { unlink } for pid=16431 comm="nautilus" name=".recently-used.xbel" dev=dm-0 ino=6573261 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791381.359:14164): arch=40000003 syscall=38 success=yes exit=0 a0=9045800 a1=8d52e38 a2=7a7708 a3=b7ef9acc items=0 ppid=1 pid=16431 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163791381.519:14165): avc: denied { write } for pid=18707 comm="eog" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163791381.519:14165): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe06e40 a2=df7770 a3=16 items=0 ppid=1 pid=18707 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="eog" exe="/usr/bin/eog" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163791801.585:14166): user pid=18750 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163791801.585:14167): login pid=18750 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163791801.585:14168): user pid=18750 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163791801.585:14169): user pid=18750 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163791801.597:14170): avc: denied { read } for pid=18751 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791801.597:14170): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=8862348 items=0 ppid=18750 pid=18751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163791801.597:14171): avc: denied { getattr } for pid=18751 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163791801.597:14171): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfe1a5a0 a2=a63ff4 a3=8862348 items=0 ppid=18750 pid=18751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163791801.597:14171): path="/proc/sys/fs/dentry-state"
+type=CRED_DISP msg=audit(1163791801.653:14172): user pid=18750 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163791801.653:14173): user pid=18750 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163792170.124:14174): avc: denied { execute } for pid=16541 comm="firefox-bin" name="libflashplayer.so" dev=dm-0 ino=6547382 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_mozilla_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792170.124:14174): arch=40000003 syscall=192 success=yes exit=62861312 a0=0 a1=738dbc a2=5 a3=802 items=0 ppid=1 pid=16541 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792170.124:14174): path="/home/kmacmill/.mozilla/plugins/libflashplayer.so"
+type=AVC msg=audit(1163792170.560:14175): avc: denied { execmem } for pid=16548 comm="firefox-bin" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163792170.560:14175): arch=40000003 syscall=192 success=yes exit=145154048 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=1 pid=16548 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163792401.694:14176): user pid=18789 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163792401.694:14177): login pid=18789 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163792401.694:14178): user pid=18789 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163792401.694:14179): user pid=18789 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163792401.698:14180): avc: denied { execute } for pid=18790 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163792401.698:14180): avc: denied { execute_no_trans } for pid=18790 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792401.698:14180): arch=40000003 syscall=11 success=yes exit=0 a0=8d111b0 a1=8d11358 a2=8d11290 a3=8d11008 items=0 ppid=18789 pid=18790 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163792401.698:14180): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163792401.702:14181): avc: denied { search } for pid=18790 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163792401.702:14181): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=9b3f348 items=0 ppid=18789 pid=18790 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1163792401.710:14182): user pid=18789 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163792401.710:14183): user pid=18789 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163792590.410:14184): avc: denied { read } for pid=18800 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163792590.410:14184): arch=40000003 syscall=5 success=yes exit=23 a0=3d4880 a1=8000 a2=1b6 a3=9828bd8 items=0 ppid=18799 pid=18800 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163792590.414:14185): avc: denied { getattr } for pid=18800 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163792590.414:14185): arch=40000003 syscall=197 success=yes exit=0 a0=17 a1=bfbd0e4c a2=83fff4 a3=9828bd8 items=0 ppid=18799 pid=18800 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792590.414:14185): path="/dev/urandom"
+type=AVC msg=audit(1163792590.414:14186): avc: denied { ioctl } for pid=18800 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163792590.414:14186): arch=40000003 syscall=54 success=no exit=-22 a0=17 a1=5401 a2=bfbd0dac a3=bfbd0dec items=0 ppid=18799 pid=18800 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792590.414:14186): path="/dev/urandom"
+type=AVC msg=audit(1163792590.590:14187): avc: denied { execute } for pid=18802 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1163792590.590:14187): avc: denied { execute_no_trans } for pid=18802 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1163792590.590:14187): avc: denied { read } for pid=18802 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792590.590:14187): arch=40000003 syscall=11 success=yes exit=0 a0=872bf00 a1=872c838 a2=872bbe8 a3=872c838 items=0 ppid=1 pid=18802 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792590.590:14187): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1163792590.590:14187): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1163792590.754:14188): avc: denied { getattr } for pid=18802 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792590.754:14188): arch=40000003 syscall=196 success=yes exit=0 a0=bfee5b18 a1=bfee560c a2=fe4ff4 a3=bfee6759 items=0 ppid=1 pid=18802 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792590.754:14188): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1163792672.087:14189): avc: denied { search } for pid=18818 comm="evince" name=".ICE-unix" dev=dm-0 ino=14567572 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:ice_tmp_t:s0 tclass=dir
+type=AVC msg=audit(1163792672.087:14189): avc: denied { write } for pid=18818 comm="evince" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163792672.087:14189): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff22620 a2=df7770 a3=16 items=0 ppid=1 pid=18818 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792672.127:14190): avc: denied { connectto } for pid=18818 comm="evince" path=002F746D702F646275732D4F36457A564B53704F4E scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=unix_stream_socket
+type=SYSCALL msg=audit(1163792672.127:14190): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff22c00 a2=15f454 a3=15 items=0 ppid=1 pid=18818 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792672.327:14191): avc: denied { getattr } for pid=18819 comm="evince" name="chapter2.pdf" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792672.327:14191): arch=40000003 syscall=195 success=yes exit=0 a0=8dc0f88 a1=b7dc1250 a2=5c3ff4 a3=8da3e78 items=0 ppid=1 pid=18819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792672.327:14191): path="/tmp/chapter2.pdf"
+type=AVC msg=audit(1163792672.655:14192): avc: denied { read } for pid=18819 comm="evince" name="chapter2.pdf" dev=dm-0 ino=14469568 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792672.655:14192): arch=40000003 syscall=5 success=yes exit=19 a0=8e09078 a1=8000 a2=1b6 a3=8e10690 items=0 ppid=1 pid=18819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792673.403:14193): avc: denied { create } for pid=18819 comm="evince" name="QEO7Np" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792673.403:14193): arch=40000003 syscall=5 success=yes exit=20 a0=b3101fb0 a1=80c2 a2=180 a3=80c2 items=0 ppid=1 pid=18819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792673.407:14194): avc: denied { write } for pid=18819 comm="evince" name="QEO7Np" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792673.407:14194): arch=40000003 syscall=4 success=yes exit=4096 a0=14 a1=b29fe000 a2=1000 a3=1000 items=0 ppid=1 pid=18819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792673.407:14194): path="/tmp/QEO7Np"
+type=AVC msg=audit(1163792673.411:14195): avc: denied { unlink } for pid=18819 comm="evince" name="QEO7Np" dev=dm-0 ino=14469571 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792673.411:14195): arch=40000003 syscall=10 success=yes exit=0 a0=b3101fb0 a1=b3103c00 a2=48eeac8 a3=101 items=0 ppid=1 pid=18819 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evince" exe="/usr/bin/evince" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.360:14196): avc: denied { getattr } for pid=18828 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163792869.360:14196): arch=40000003 syscall=195 success=yes exit=0 a0=8eb8d78 a1=b40910cc a2=758aff4 a3=4 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792869.360:14196): path="/home/kmacmill/.evolution"
+type=AVC msg=audit(1163792869.360:14197): avc: denied { search } for pid=18828 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163792869.360:14197): arch=40000003 syscall=33 success=yes exit=0 a0=8eb8d78 a1=0 a2=bae708 a3=10 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.360:14198): avc: denied { read } for pid=18828 comm="evolution" name="summary" dev=dm-0 ino=6814004 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792869.360:14198): arch=40000003 syscall=5 success=yes exit=25 a0=900b940 a1=0 a2=1b6 a3=8fb12b0 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.360:14199): avc: denied { getattr } for pid=18828 comm="evolution" name="summary" dev=dm-0 ino=6814004 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792869.360:14199): arch=40000003 syscall=197 success=yes exit=0 a0=19 a1=b4090f48 a2=758aff4 a3=8fb12b0 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792869.360:14199): path="/home/kmacmill/.evolution/mail/imap/kmacmill@pobox-2.corp.redhat.com/folders/INBOX/summary"
+type=AVC msg=audit(1163792869.360:14200): avc: denied { read } for pid=18828 comm="evolution" name="INBOX" dev=dm-0 ino=6809503 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163792869.360:14200): arch=40000003 syscall=5 success=yes exit=25 a0=8e69830 a1=18800 a2=758c120 a3=8e69830 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.512:14201): avc: denied { write } for pid=18829 comm="evolution" name=".ev-store-summary" dev=dm-0 ino=6815187 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792869.512:14201): arch=40000003 syscall=5 success=yes exit=43 a0=8c05ce0 a1=242 a2=180 a3=8c0d8d8 items=0 ppid=1 pid=18829 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.520:14202): avc: denied { write } for pid=18828 comm="evolution" name="INBOX" dev=dm-0 ino=6809503 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163792869.520:14202): avc: denied { add_name } for pid=18828 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163792869.520:14202): avc: denied { create } for pid=18828 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792869.520:14202): arch=40000003 syscall=5 success=yes exit=44 a0=b4091000 a1=242 a2=180 a3=900b940 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792869.564:14203): avc: denied { remove_name } for pid=18828 comm="evolution" name="summary~" dev=dm-0 ino=6814052 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163792869.564:14203): avc: denied { rename } for pid=18828 comm="evolution" name="summary~" dev=dm-0 ino=6814052 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=AVC msg=audit(1163792869.564:14203): avc: denied { unlink } for pid=18828 comm="evolution" name="summary" dev=dm-0 ino=6814004 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792869.564:14203): arch=40000003 syscall=38 success=yes exit=0 a0=b4091000 a1=900b940 a2=1dcbd8 a3=8ddc404 items=0 ppid=1 pid=18828 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163792876.880:14204): avc: denied { lock } for pid=18832 comm="evolution" name="Inbox" dev=dm-0 ino=6778778 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163792876.880:14204): arch=40000003 syscall=221 success=yes exit=0 a0=19 a1=6 a2=aa35b1fc a3=aa35b1fc items=0 ppid=1 pid=18832 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163792876.880:14204): path="/home/kmacmill/.evolution/mail/local/Inbox"
+type=USER_ACCT msg=audit(1163793001.776:14205): user pid=18844 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163793001.780:14206): login pid=18844 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163793001.780:14207): user pid=18844 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163793001.780:14208): user pid=18844 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163793001.792:14209): avc: denied { search } for pid=18845 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163793001.792:14209): arch=40000003 syscall=5 success=no exit=-2 a0=8050215 a1=0 a2=1b6 a3=9bdc348 items=0 ppid=18844 pid=18845 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=CRED_DISP msg=audit(1163793001.800:14210): user pid=18844 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163793001.800:14211): user pid=18844 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163793601.845:14212): user pid=18872 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163793601.849:14213): login pid=18872 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163793601.849:14214): user pid=18872 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163793601.849:14215): user pid=18872 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_DISP msg=audit(1163793601.869:14216): user pid=18872 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163793601.869:14217): user pid=18872 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_ACCT msg=audit(1163793661.873:14218): user pid=18874 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163793661.877:14219): login pid=18874 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163793661.877:14220): user pid=18874 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163793661.877:14221): user pid=18874 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163793661.881:14222): avc: denied { getattr } for pid=18875 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.881:14222): arch=40000003 syscall=195 success=yes exit=0 a0=82f0120 a1=bfd9fe60 a2=70dff4 a3=82f0120 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163793661.881:14222): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163793661.885:14223): avc: denied { execute } for pid=18875 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.885:14223): arch=40000003 syscall=33 success=yes exit=0 a0=82f0120 a1=1 a2=11 a3=82f0120 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163793661.885:14224): avc: denied { read } for pid=18875 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.885:14224): arch=40000003 syscall=33 success=yes exit=0 a0=82f0120 a1=4 a2=ffffffff a3=82f0120 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163793661.885:14225): avc: denied { execute_no_trans } for pid=18875 comm="bash" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.885:14225): arch=40000003 syscall=11 success=yes exit=0 a0=82f0120 a1=82f03d8 a2=82f02f8 a3=82eff98 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163793661.885:14225): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163793661.885:14226): avc: denied { ioctl } for pid=18875 comm="run-parts" name="run-parts" dev=dm-0 ino=10331890 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.885:14226): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfbe06b8 a3=bfbe06f8 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163793661.885:14226): path="/usr/bin/run-parts"
+type=AVC msg=audit(1163793661.889:14227): avc: denied { execute } for pid=18875 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.889:14227): arch=40000003 syscall=33 success=yes exit=0 a0=93b7990 a1=1 a2=1 a3=93b7c98 items=0 ppid=18874 pid=18875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="run-parts" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163793661.889:14228): avc: denied { execute_no_trans } for pid=18876 comm="run-parts" name="inn-cron-nntpsend" dev=dm-0 ino=9331477 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.889:14228): arch=40000003 syscall=11 success=yes exit=0 a0=93b7a10 a1=93b7ad8 a2=93b7ae8 a3=93b7758 items=0 ppid=18875 pid=18876 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="inn-cron-nntpse" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163793661.889:14228): path="/etc/cron.hourly/inn-cron-nntpsend"
+type=AVC msg=audit(1163793661.893:14229): avc: denied { execute } for pid=18878 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163793661.893:14229): avc: denied { execute_no_trans } for pid=18878 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=AVC msg=audit(1163793661.893:14229): avc: denied { read } for pid=18878 comm="inn-cron-nntpse" name="chkconfig" dev=dm-0 ino=9984485 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sbin_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793661.893:14229): arch=40000003 syscall=11 success=yes exit=0 a0=8e85678 a1=8e85808 a2=8e85720 a3=8e85508 items=0 ppid=18876 pid=18878 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="chkconfig" exe="/sbin/chkconfig" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163793661.893:14229): path="/sbin/chkconfig"
+type=AVC_PATH msg=audit(1163793661.893:14229): path="/sbin/chkconfig"
+type=CRED_DISP msg=audit(1163793661.913:14230): user pid=18874 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163793661.913:14231): user pid=18874 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163793771.128:14232): avc: denied { search } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=key
+type=AVC msg=audit(1163793771.128:14232): avc: denied { search } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=key
+type=AVC msg=audit(1163793771.128:14232): avc: denied { write } for pid=15793 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=key
+type=SYSCALL msg=audit(1163793771.128:14232): arch=40000003 syscall=288 success=yes exit=0 a0=3 a1=1556d8ee a2=1f4 a3=1f4 items=0 ppid=15789 pid=15793 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163793771.148:14233): avc: denied { setattr } for pid=15789 comm="sshd" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.148:14233): arch=40000003 syscall=212 success=yes exit=0 a0=6c7df4 a1=0 a2=0 a3=6c7df4 items=0 ppid=1 pid=15789 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163793771.148:14234): avc: denied { use } for pid=15842 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:sysadm_r:sysadm_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=fd
+type=SYSCALL msg=audit(1163793771.148:14234): arch=40000003 syscall=54 success=yes exit=0 a0=0 a1=5403 a2=bfef9958 a3=80f9f40 items=0 ppid=15841 pid=15842 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts8 comm="bash" exe="/bin/bash" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.148:14234): path="/dev/pts/8"
+type=AVC msg=audit(1163793771.152:14235): avc: denied { getattr } for pid=15794 comm="bash" name=".bash_history" dev=dm-0 ino=6547367 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.152:14235): arch=40000003 syscall=195 success=yes exit=0 a0=9dcac10 a1=bfd66564 a2=457ff4 a3=1 items=0 ppid=1 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.152:14235): path="/home/kmacmill/.bash_history"
+type=AVC msg=audit(1163793771.152:14236): avc: denied { append } for pid=15794 comm="bash" name=".bash_history" dev=dm-0 ino=6547367 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.152:14236): arch=40000003 syscall=5 success=yes exit=3 a0=9de7320 a1=8401 a2=0 a3=8401 items=0 ppid=1 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.152:14237): avc: denied { read } for pid=15794 comm="bash" name=".bash_history" dev=dm-0 ino=6547367 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.152:14237): arch=40000003 syscall=5 success=yes exit=3 a0=9de7320 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.152:14238): avc: denied { write } for pid=15794 comm="bash" name=".bash_history" dev=dm-0 ino=6547367 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.152:14238): arch=40000003 syscall=5 success=yes exit=3 a0=9de7320 a1=8201 a2=0 a3=8201 items=0 ppid=1 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.152:14239): avc: denied { ioctl } for pid=15794 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.152:14239): arch=40000003 syscall=54 success=no exit=-25 a0=ff a1=5410 a2=bfd664a4 a3=bfd664ac items=0 ppid=1 pid=15794 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.152:14239): path=2F6465762F7074732F38202864656C6574656429
+type=AVC msg=audit(1163793771.316:14240): avc: denied { getattr } for pid=15841 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.316:14240): arch=40000003 syscall=231 success=yes exit=36 a0=3 a1=a2f0d3 a2=9bcd788 a3=ff items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.316:14241): avc: denied { relabelfrom } for pid=15841 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
+type=AVC msg=audit(1163793771.316:14241): avc: denied { relabelto } for pid=15841 comm="newrole" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.316:14241): arch=40000003 syscall=228 success=yes exit=0 a0=3 a1=a2f0d3 a2=9bcd658 a3=23 items=0 ppid=15821 pid=15841 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="newrole" exe="/usr/bin/newrole" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.320:14242): avc: denied { ioctl } for pid=15821 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.320:14242): arch=40000003 syscall=54 success=no exit=-25 a0=ff a1=5410 a2=bf8ddd04 a3=bf8ddd0c items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.320:14242): path=2F6465762F7074732F38202864656C6574656429
+type=AVC msg=audit(1163793771.320:14243): avc: denied { write } for pid=15821 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.320:14243): arch=40000003 syscall=4 success=no exit=-5 a0=1 a1=b7f89000 a2=25 a3=25 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.320:14243): path=2F6465762F7074732F38202864656C6574656429
+type=AVC msg=audit(1163793771.320:14244): avc: denied { search } for pid=15821 comm="bash" name="spool" dev=dm-0 ino=14436617 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163793771.320:14244): avc: denied { search } for pid=15821 comm="bash" name="mail" dev=dm-0 ino=14436619 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=dir
+type=AVC msg=audit(1163793771.320:14244): avc: denied { getattr } for pid=15821 comm="bash" name="kmacmill" dev=dm-0 ino=14437393 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.320:14244): arch=40000003 syscall=195 success=yes exit=0 a0=9a6ff70 a1=bf8dd818 a2=24bff4 a3=bf8dd818 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.320:14244): path="/var/spool/mail/kmacmill"
+type=AVC msg=audit(1163793771.320:14245): avc: denied { read } for pid=15821 comm="bash" name="8" dev=devpts ino=10 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:object_r:staff_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163793771.320:14245): arch=40000003 syscall=3 success=yes exit=0 a0=0 a1=bf8dd5cb a2=1 a3=24c420 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.320:14245): path=2F6465762F7074732F38202864656C6574656429
+type=AVC msg=audit(1163793771.320:14246): avc: denied { search } for pid=15821 comm="bash" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163793771.320:14246): avc: denied { getattr } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.320:14246): arch=40000003 syscall=195 success=yes exit=0 a0=9a6f800 a1=bf8de0d4 a2=24bff4 a3=0 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163793771.320:14246): path="/root/.bash_history"
+type=AVC msg=audit(1163793771.340:14247): avc: denied { append } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.340:14247): arch=40000003 syscall=5 success=yes exit=3 a0=9a70150 a1=8401 a2=0 a3=8401 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.360:14248): avc: denied { read } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.360:14248): arch=40000003 syscall=5 success=yes exit=3 a0=9a70150 a1=8000 a2=0 a3=8000 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.372:14249): avc: denied { write } for pid=15821 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793771.372:14249): arch=40000003 syscall=5 success=yes exit=3 a0=9a70150 a1=8201 a2=0 a3=8201 items=0 ppid=15820 pid=15821 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.372:14250): avc: denied { create } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1163793771.372:14250): arch=40000003 syscall=102 success=yes exit=4 a0=1 a1=bffb8e00 a2=130ff4 a3=8004 items=0 ppid=1 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.376:14251): avc: denied { write } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1163793771.376:14251): avc: denied { nlmsg_relay } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=AVC msg=audit(1163793771.376:14251): avc: denied { audit_write } for pid=15820 comm="su" capability=29 scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=capability
+type=CRED_DISP msg=audit(1163793771.376:14252): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=SYSCALL msg=audit(1163793771.376:14251): arch=40000003 syscall=102 success=yes exit=104 a0=b a1=bffae080 a2=130ff4 a3=bffb4ac0 items=0 ppid=1 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=AVC msg=audit(1163793771.376:14253): avc: denied { read } for pid=15820 comm="su" scontext=staff_u:staff_r:staff_xserver_t:s0 tcontext=staff_u:staff_r:staff_xserver_t:s0 tclass=netlink_audit_socket
+type=SYSCALL msg=audit(1163793771.376:14253): arch=40000003 syscall=102 success=yes exit=36 a0=c a1=bffae030 a2=130ff4 a3=bffb03fc items=0 ppid=1 pid=15820 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_xserver_t:s0 key=(null)
+type=USER_END msg=audit(1163793771.376:14254): user pid=15820 uid=500 auid=500 subj=staff_u:staff_r:staff_xserver_t:s0 msg='PAM: session close acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/8 res=success)'
+type=AVC msg=audit(1163793882.003:14255): avc: denied { read } for pid=18900 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163793882.003:14255): arch=40000003 syscall=33 success=yes exit=0 a0=bf8b0f92 a1=4 a2=da3a64 a3=bf8b0f92 items=0 ppid=18899 pid=18900 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794112.281:14256): avc: denied { execute } for pid=16590 comm="bash" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794112.281:14256): arch=40000003 syscall=33 success=yes exit=0 a0=9261e70 a1=1 a2=11 a3=9261e70 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794112.281:14257): avc: denied { read } for pid=16590 comm="bash" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794112.281:14257): arch=40000003 syscall=33 success=yes exit=0 a0=9261e70 a1=4 a2=ffffffff a3=9261e70 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794114.237:14258): avc: denied { execute_no_trans } for pid=18920 comm="bash" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794114.237:14258): arch=40000003 syscall=11 success=yes exit=0 a0=925eac8 a1=925eab8 a2=9257740 a3=925e028 items=0 ppid=16590 pid=18920 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794114.237:14258): path="/etc/rc.d/init.d/httpd"
+type=AVC msg=audit(1163794114.249:14259): avc: denied { ioctl } for pid=18920 comm="httpd" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794114.249:14259): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfa5ded8 a3=bfa5df18 items=0 ppid=16590 pid=18920 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794114.249:14259): path="/etc/rc.d/init.d/httpd"
+type=AVC msg=audit(1163794116.229:14260): avc: denied { sys_ptrace } for pid=18931 comm="pidof" capability=19 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=AVC msg=audit(1163794116.229:14260): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.229:14260): arch=40000003 syscall=85 success=yes exit=10 a0=bff11a48 a1=8b621e0 a2=1000 a3=8b62028 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.229:14261): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.229:14261): arch=40000003 syscall=85 success=no exit=-2 a0=bff11a48 a1=8b631e8 a2=1000 a3=8b62058 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.233:14262): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.233:14262): arch=40000003 syscall=85 success=yes exit=12 a0=bff11a48 a1=8b84b10 a2=1000 a3=8b829c8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.233:14263): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.233:14263): arch=40000003 syscall=85 success=yes exit=13 a0=bff11a48 a1=8b86b20 a2=1000 a3=8b82a80 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.233:14264): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.233:14264): arch=40000003 syscall=85 success=yes exit=11 a0=bff11a48 a1=8b87cd0 a2=1000 a3=8b87b28 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.233:14265): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.233:14265): arch=40000003 syscall=85 success=yes exit=39 a0=bff11a48 a1=8b88cd8 a2=1000 a3=8b87b58 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14266): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14266): arch=40000003 syscall=85 success=yes exit=15 a0=bff11a48 a1=8b89ce0 a2=1000 a3=8b87ba8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14267): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14267): arch=40000003 syscall=85 success=yes exit=13 a0=bff11a48 a1=8b8ace8 a2=1000 a3=8b87bf8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14268): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14268): arch=40000003 syscall=85 success=yes exit=34 a0=bff11a48 a1=8b8bcf0 a2=1000 a3=8b87c48 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14269): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14269): arch=40000003 syscall=85 success=yes exit=14 a0=bff11a48 a1=8b8cd28 a2=1000 a3=8b8ccf8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14270): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14270): arch=40000003 syscall=85 success=yes exit=38 a0=bff11a48 a1=8b90f08 a2=1000 a3=8b8ddf8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14271): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:apmd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14271): arch=40000003 syscall=85 success=yes exit=15 a0=bff11a48 a1=8b91f10 a2=1000 a3=8b8de48 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14272): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14272): arch=40000003 syscall=85 success=yes exit=15 a0=bff11a48 a1=8b92f48 a2=1000 a3=8b92f18 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14273): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:inetd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14273): arch=40000003 syscall=85 success=yes exit=16 a0=bff11a48 a1=8b95120 a2=1000 a3=8b93f80 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14274): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14274): arch=40000003 syscall=85 success=yes exit=27 a0=bff11a48 a1=8b96128 a2=1000 a3=8b93fe8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.237:14275): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:gpm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.237:14275): arch=40000003 syscall=85 success=yes exit=13 a0=bff11a48 a1=8b982f8 a2=1000 a3=8b98138 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14276): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14276): arch=40000003 syscall=85 success=yes exit=15 a0=bff11a48 a1=8b99300 a2=1000 a3=8b98168 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14277): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14277): arch=40000003 syscall=85 success=yes exit=12 a0=bff11a48 a1=8b9a308 a2=1000 a3=8b981b8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14278): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14278): arch=40000003 syscall=85 success=yes exit=33 a0=bff11a48 a1=8b9b310 a2=1000 a3=8b98208 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14279): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14279): arch=40000003 syscall=85 success=yes exit=19 a0=bff11a48 a1=8ba16b8 a2=1000 a3=8ba0518 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14280): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xenconsoled_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14280): arch=40000003 syscall=85 success=yes exit=21 a0=bff11a48 a1=8ba26c0 a2=1000 a3=8ba0568 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14281): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xend_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14281): arch=40000003 syscall=85 success=yes exit=15 a0=bff11a48 a1=8ba36c8 a2=1000 a3=8ba05a8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14282): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14282): arch=40000003 syscall=85 success=yes exit=35 a0=bff11a48 a1=8ba6898 a2=1000 a3=8ba5708 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.241:14283): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:getty_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.241:14283): arch=40000003 syscall=85 success=yes exit=14 a0=bff11a48 a1=8ba78a0 a2=1000 a3=8ba5770 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.245:14284): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.245:14284): arch=40000003 syscall=85 success=yes exit=39 a0=bff11a48 a1=8badc08 a2=1000 a3=8ba99e8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.245:14285): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.245:14285): arch=40000003 syscall=85 success=yes exit=35 a0=bff11a48 a1=8bafc18 a2=1000 a3=8badad0 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.245:14286): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.245:14286): arch=40000003 syscall=85 success=yes exit=13 a0=bff11a48 a1=8bba010 a2=1000 a3=8bb7ec0 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.245:14287): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_ssh_agent_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.245:14287): arch=40000003 syscall=85 success=yes exit=18 a0=bff11a48 a1=8bbc1a8 a2=1000 a3=8bb7f88 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.249:14288): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:pam_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.249:14288): arch=40000003 syscall=85 success=yes exit=25 a0=bff11a48 a1=8bce950 a2=1000 a3=8bcd7a0 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.249:14289): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_mozilla_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.249:14289): arch=40000003 syscall=85 success=yes exit=32 a0=bff11a48 a1=8bd6ce0 a2=1000 a3=8bd5b58 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.249:14290): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.249:14290): arch=40000003 syscall=85 success=yes exit=7 a0=bff11a48 a1=8bdae88 a2=1000 a3=8bd9cf8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.249:14291): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.249:14291): arch=40000003 syscall=85 success=yes exit=14 a0=bff11a48 a1=8be0058 a2=1000 a3=8bdeed8 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.253:14292): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
+type=SYSCALL msg=audit(1163794116.253:14292): arch=40000003 syscall=85 success=yes exit=13 a0=bff11a48 a1=8be1060 a2=1000 a3=8bdef30 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.253:14293): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:system_r:rpcd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.253:14293): arch=40000003 syscall=85 success=yes exit=20 a0=bff11a48 a1=8be2068 a2=1000 a3=8bdef88 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.253:14294): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_server_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.253:14294): arch=40000003 syscall=85 success=yes exit=39 a0=bff11a48 a1=8be6200 a2=1000 a3=8be3160 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.253:14295): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_evolution_alarm_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.253:14295): arch=40000003 syscall=85 success=yes exit=50 a0=bff11a48 a1=8be83b8 a2=1000 a3=8be7238 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.253:14296): avc: denied { ptrace } for pid=18931 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_thunderbird_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.253:14296): arch=40000003 syscall=85 success=yes exit=9 a0=bff11a48 a1=8beb588 a2=1000 a3=8be7368 items=0 ppid=18930 pid=18931 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.285:14297): avc: denied { ptrace } for pid=18932 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:hplip_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.285:14297): arch=40000003 syscall=85 success=yes exit=15 a0=bfb45e88 a1=88a3f48 a2=1000 a3=88a3f18 items=0 ppid=18930 pid=18932 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794116.285:14298): avc: denied { ptrace } for pid=18932 comm="pidof" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:xfs_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794116.285:14298): arch=40000003 syscall=85 success=yes exit=12 a0=bfb45e88 a1=88ab308 a2=1000 a3=88a91b8 items=0 ppid=18930 pid=18932 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="pidof" exe="/sbin/killall5" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794117.818:14299): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794117.818:14299): arch=40000003 syscall=4 success=yes exit=133 a0=4 a1=805c570 a2=85 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794117.818:14299): path="/dev/net/tun"
+type=AVC msg=audit(1163794117.818:14300): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794117.818:14300): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794117.818:14300): path="/dev/net/tun"
+type=AVC msg=audit(1163794126.150:14301): avc: denied { dac_override } for pid=16590 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794126.150:14301): arch=40000003 syscall=195 success=yes exit=0 a0=9261e40 a1=bfb3fc64 a2=573ff4 a3=9261e52 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794129.714:14302): avc: denied { read } for pid=18937 comm="gnome-terminal" name=".ICEauthority" dev=dm-0 ino=6574784 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794129.714:14302): arch=40000003 syscall=33 success=yes exit=0 a0=9c66a38 a1=4 a2=df7770 a3=9c66a38 items=0 ppid=1 pid=18937 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794147.003:14303): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794147.003:14303): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794147.003:14303): path="/var/run/utmp"
+type=AVC msg=audit(1163794172.261:14304): avc: denied { getattr } for pid=19009 comm="ls" name="rndc.key" dev=dm-0 ino=9330789 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:dnssec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794172.261:14304): arch=40000003 syscall=196 success=yes exit=0 a0=bfa889d0 a1=9063944 a2=24bff4 a3=8 items=0 ppid=16590 pid=19009 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="ls" exe="/bin/ls" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794172.261:14304): path="/etc/rndc.key"
+type=AVC msg=audit(1163794189.118:14305): avc: denied { execute } for pid=16590 comm="bash" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794189.118:14305): arch=40000003 syscall=33 success=yes exit=0 a0=924b250 a1=1 a2=11 a3=924b250 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794189.118:14306): avc: denied { read } for pid=16590 comm="bash" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794189.118:14306): arch=40000003 syscall=33 success=yes exit=0 a0=924b250 a1=4 a2=ffffffff a3=924b250 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.550:14307): avc: denied { execute_no_trans } for pid=19011 comm="bash" name="semodule" dev=dm-0 ino=10325888 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.550:14307): arch=40000003 syscall=11 success=yes exit=0 a0=925dbe0 a1=9249808 a2=9257740 a3=9261e10 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794194.550:14307): path="/usr/sbin/semodule"
+type=AVC msg=audit(1163794194.594:14308): avc: denied { execute } for pid=19011 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.594:14308): arch=40000003 syscall=33 success=yes exit=0 a0=c75905 a1=1 a2=c7b21c a3=8fef510 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.646:14309): avc: denied { read } for pid=19011 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.646:14309): arch=40000003 syscall=33 success=yes exit=0 a0=8fef628 a1=4 a2=c7b21c a3=8fef628 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.650:14310): avc: denied { write } for pid=19011 comm="semodule" name="modules" dev=dm-0 ino=9395255 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794194.650:14310): arch=40000003 syscall=33 success=yes exit=0 a0=8fef6c8 a1=7 a2=c7b21c a3=8fef628 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.654:14311): avc: denied { read } for pid=19011 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.654:14311): arch=40000003 syscall=5 success=yes exit=3 a0=8fef5f0 a1=0 a2=e4e120 a3=8fef3e0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.658:14312): avc: denied { lock } for pid=19011 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.658:14312): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=c7b21c a3=5 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794194.658:14312): path="/etc/selinux/strict/modules/semanage.trans.LOCK"
+type=AVC msg=audit(1163794194.658:14313): avc: denied { write } for pid=19011 comm="semodule" name="modules" dev=dm-0 ino=9334534 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794194.658:14313): avc: denied { add_name } for pid=19011 comm="semodule" name="tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794194.658:14313): avc: denied { create } for pid=19011 comm="semodule" name="tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794194.658:14313): arch=40000003 syscall=39 success=yes exit=0 a0=8fef6f8 a1=1c0 a2=c7b21c a3=8fef6f8 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.674:14314): avc: denied { add_name } for pid=19011 comm="semodule" name="base.linked.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794194.674:14314): avc: denied { create } for pid=19011 comm="semodule" name="base.linked.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.674:14314): arch=40000003 syscall=5 success=yes exit=5 a0=bff43c08 a1=241 a2=81a4 a3=81a4 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794194.690:14315): avc: denied { write } for pid=19011 comm="semodule" name="base.linked.tmp" dev=dm-0 ino=9331140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.690:14315): arch=40000003 syscall=4 success=yes exit=4192 a0=5 a1=bff42ba8 a2=1060 a3=1060 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794194.690:14315): path="/etc/selinux/strict/modules/tmp/base.linked.tmp"
+type=AVC msg=audit(1163794194.986:14316): avc: denied { remove_name } for pid=19011 comm="semodule" name="base.linked.tmp" dev=dm-0 ino=9331140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794194.986:14316): avc: denied { rename } for pid=19011 comm="semodule" name="base.linked.tmp" dev=dm-0 ino=9331140 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794194.986:14316): arch=40000003 syscall=38 success=yes exit=0 a0=bff43c08 a1=bff44cb8 a2=c7b21c a3=0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163794201.951:14317): user pid=19014 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163794201.951:14318): login pid=19014 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163794201.951:14319): user pid=19014 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163794201.951:14320): user pid=19014 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163794201.963:14321): avc: denied { execute } for pid=19015 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794201.963:14321): avc: denied { execute_no_trans } for pid=19015 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794201.963:14321): avc: denied { read } for pid=19015 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794201.963:14321): arch=40000003 syscall=11 success=yes exit=0 a0=95c5d48 a1=95c5740 a2=95c5d60 a3=95c5740 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794201.963:14321): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163794201.963:14321): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163794201.963:14322): avc: denied { search } for pid=19015 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163794201.963:14322): avc: denied { read } for pid=19015 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794201.963:14322): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=9af87f8 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794201.963:14323): avc: denied { getattr } for pid=19015 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794201.963:14323): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfac13e8 a2=24bff4 a3=9af87f8 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794201.963:14323): path="/proc/net/dev"
+type=AVC msg=audit(1163794201.963:14324): avc: denied { search } for pid=19015 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794201.963:14324): arch=40000003 syscall=33 success=yes exit=0 a0=bfac1794 a1=0 a2=bfac1688 a3=bfac1690 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794201.963:14325): avc: denied { read append } for pid=19015 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794201.963:14325): arch=40000003 syscall=5 success=yes exit=3 a0=bfac1794 a1=402 a2=bfac1958 a3=bfac1690 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794201.963:14326): avc: denied { lock } for pid=19015 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794201.963:14326): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfac1690 a3=3 items=0 ppid=19014 pid=19015 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794201.963:14326): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163794202.027:14327): user pid=19014 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163794202.027:14328): user pid=19014 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163794205.023:14329): avc: denied { lock } for pid=19011 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.023:14329): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=6 a2=c7b21c a3=5 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794205.023:14329): path="/etc/selinux/strict/modules/semanage.read.LOCK"
+type=AVC msg=audit(1163794205.055:14330): avc: denied { write } for pid=19011 comm="semodule" name="previous" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.055:14330): avc: denied { remove_name } for pid=19011 comm="semodule" name="base.linked" dev=dm-0 ino=9334715 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.055:14330): avc: denied { unlink } for pid=19011 comm="semodule" name="base.linked" dev=dm-0 ino=9334715 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.055:14330): arch=40000003 syscall=10 success=yes exit=0 a0=bff46b09 a1=0 a2=e4cff4 a3=bff46b09 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.107:14331): avc: denied { write } for pid=19011 comm="semodule" name="modules" dev=dm-0 ino=9334945 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.107:14331): avc: denied { remove_name } for pid=19011 comm="semodule" name="thunderbird.pp" dev=dm-0 ino=9334946 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794205.107:14331): arch=40000003 syscall=10 success=yes exit=0 a0=bff46959 a1=0 a2=e4cff4 a3=bff46959 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.623:14332): avc: denied { rmdir } for pid=19011 comm="semodule" name="modules" dev=dm-0 ino=9334945 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794205.623:14332): arch=40000003 syscall=40 success=yes exit=0 a0=bff46b09 a1=b7f3d688 a2=e4cff4 a3=bff46b09 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.631:14333): avc: denied { remove_name } for pid=19011 comm="semodule" name="previous" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.631:14333): avc: denied { rmdir } for pid=19011 comm="semodule" name="previous" dev=dm-0 ino=9334708 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794205.631:14333): arch=40000003 syscall=40 success=yes exit=0 a0=8ff3b58 a1=b7f3d688 a2=e4cff4 a3=8ff3b58 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.631:14334): avc: denied { rename } for pid=19011 comm="semodule" name="active" dev=dm-0 ino=9395239 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794205.631:14334): arch=40000003 syscall=38 success=yes exit=0 a0=8fef6a0 a1=8ff3b58 a2=c7b21c a3=bff46cb8 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.631:14335): avc: denied { write } for pid=19011 comm="semodule" name="policy" dev=dm-0 ino=9334538 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.631:14335): avc: denied { add_name } for pid=19011 comm="semodule" name="policy.21.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.631:14335): avc: denied { create } for pid=19011 comm="semodule" name="policy.21.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.631:14335): arch=40000003 syscall=5 success=yes exit=6 a0=bff3fac8 a1=241 a2=1a4 a3=1a4 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.647:14336): avc: denied { write } for pid=19011 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9334698 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.647:14336): arch=40000003 syscall=4 success=yes exit=4192 a0=6 a1=bff3ea68 a2=1060 a3=1060 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794205.647:14336): path="/etc/selinux/strict/policy/policy.21.tmp"
+type=AVC msg=audit(1163794205.759:14337): avc: denied { write } for pid=19017 comm="gnome-terminal" name="15931" dev=dm-0 ino=14567724 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:ice_tmp_t:s0 tclass=sock_file
+type=SYSCALL msg=audit(1163794205.759:14337): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe1f580 a2=df7770 a3=16 items=0 ppid=1 pid=19017 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-terminal" exe="/usr/bin/gnome-terminal" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.667:14338): avc: denied { remove_name } for pid=19011 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9334698 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:policy_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.667:14338): avc: denied { rename } for pid=19011 comm="semodule" name="policy.21.tmp" dev=dm-0 ino=9334698 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=AVC msg=audit(1163794205.667:14338): avc: denied { unlink } for pid=19011 comm="semodule" name="policy.21" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.667:14338): arch=40000003 syscall=38 success=yes exit=0 a0=bff3fac8 a1=bff42c08 a2=c7b21c a3=0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.783:14339): avc: denied { write } for pid=19011 comm="semodule" name="files" dev=dm-0 ino=9334527 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.783:14339): avc: denied { add_name } for pid=19011 comm="semodule" name="homedir_template.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.783:14339): avc: denied { create } for pid=19011 comm="semodule" name="homedir_template.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.783:14339): arch=40000003 syscall=5 success=yes exit=6 a0=bff3fac8 a1=241 a2=1a4 a3=1a4 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.799:14340): avc: denied { write } for pid=19011 comm="semodule" name="homedir_template.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.799:14340): arch=40000003 syscall=4 success=yes exit=2138 a0=6 a1=bff3ea68 a2=85a a3=85a items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794205.799:14340): path="/etc/selinux/strict/contexts/files/homedir_template.tmp"
+type=AVC msg=audit(1163794205.799:14341): avc: denied { remove_name } for pid=19011 comm="semodule" name="homedir_template.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.799:14341): avc: denied { rename } for pid=19011 comm="semodule" name="homedir_template.tmp" dev=dm-0 ino=9331805 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=AVC msg=audit(1163794205.799:14341): avc: denied { unlink } for pid=19011 comm="semodule" name="homedir_template" dev=dm-0 ino=9330752 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.799:14341): arch=40000003 syscall=38 success=yes exit=0 a0=bff3fac8 a1=bff43c08 a2=c7b21c a3=0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.819:14342): avc: denied { unlink } for pid=19011 comm="semodule" name="seusers" dev=dm-0 ino=9334539 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.819:14342): arch=40000003 syscall=38 success=yes exit=0 a0=bff3fac8 a1=bff41c08 a2=c7b21c a3=0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.819:14343): avc: denied { write } for pid=19011 comm="semodule" name="contexts" dev=dm-0 ino=9334400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.819:14343): avc: denied { add_name } for pid=19011 comm="semodule" name="netfilter_contexts.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.819:14343): avc: denied { create } for pid=19011 comm="semodule" name="netfilter_contexts.tmp" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.819:14343): arch=40000003 syscall=5 success=yes exit=6 a0=bff3fac8 a1=241 a2=1a4 a3=1a4 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.819:14344): avc: denied { write } for pid=19011 comm="semodule" name="netfilter_contexts.tmp" dev=dm-0 ino=9334539 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.819:14344): arch=40000003 syscall=4 success=yes exit=4192 a0=6 a1=bff3ea68 a2=1060 a3=1060 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794205.819:14344): path="/etc/selinux/strict/contexts/netfilter_contexts.tmp"
+type=AVC msg=audit(1163794205.819:14345): avc: denied { remove_name } for pid=19011 comm="semodule" name="netfilter_contexts.tmp" dev=dm-0 ino=9334539 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_context_t:s0 tclass=dir
+type=AVC msg=audit(1163794205.819:14345): avc: denied { rename } for pid=19011 comm="semodule" name="netfilter_contexts.tmp" dev=dm-0 ino=9334539 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=AVC msg=audit(1163794205.819:14345): avc: denied { unlink } for pid=19011 comm="semodule" name="netfilter_contexts" dev=dm-0 ino=9334535 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:default_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.819:14345): arch=40000003 syscall=38 success=yes exit=0 a0=bff3fac8 a1=bff40c08 a2=c7b21c a3=0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794205.871:14346): avc: denied { execute } for pid=19018 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794205.871:14346): avc: denied { execute_no_trans } for pid=19018 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794205.871:14346): avc: denied { read } for pid=19018 comm="semodule" name="load_policy" dev=dm-0 ino=10325048 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.871:14346): arch=40000003 syscall=11 success=yes exit=0 a0=8fef520 a1=d26a0c0 a2=0 a3=0 items=0 ppid=19011 pid=19018 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794205.871:14346): path="/usr/sbin/load_policy"
+type=AVC_PATH msg=audit(1163794205.871:14346): path="/usr/sbin/load_policy"
+type=AVC msg=audit(1163794205.935:14347): avc: denied { read } for pid=19018 comm="load_policy" name="policy.21" dev=dm-0 ino=9334698 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794205.935:14347): arch=40000003 syscall=5 success=yes exit=3 a0=bfd15358 a1=8000 a2=0 a3=8000 items=0 ppid=19011 pid=19018 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794206.019:14348): avc: denied { load_policy } for pid=19018 comm="load_policy" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security
+type=MAC_POLICY_LOAD msg=audit(1163794206.019:14348): policy loaded auid=500
+type=SYSCALL msg=audit(1163794206.019:14348): arch=40000003 syscall=4 success=yes exit=2111036 a0=4 a1=b7d97000 a2=20363c a3=bfd14288 items=0 ppid=19011 pid=19018 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="load_policy" exe="/usr/sbin/load_policy" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794206.135:14349): avc: denied { ptrace } for pid=15988 comm="dbus-daemon" scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:staff_r:staff_dbusd_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794206.135:14349): arch=40000003 syscall=85 success=yes exit=16 a0=a45fce a1=b7edab58 a2=fff a3=b7eddeba items=0 ppid=1 pid=15988 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163794206.151:14350): avc: denied { execute } for pid=19024 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794206.151:14350): avc: denied { execute_no_trans } for pid=19024 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794206.151:14350): avc: denied { read } for pid=19024 comm="semodule" name="setfiles" dev=dm-0 ino=9984601 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794206.243:14351): avc: denied { getattr } for pid=6659 comm="dbus-daemon" name="/" dev=dm-0 ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
+type=SYSCALL msg=audit(1163794206.243:14351): arch=40000003 syscall=100 success=yes exit=0 a0=15 a1=bfcd50ac a2=c4eff4 a3=ffffffb8 items=0 ppid=1 pid=6659 auid=500 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=SYSCALL msg=audit(1163794206.151:14350): arch=40000003 syscall=11 success=yes exit=0 a0=8fef550 a1=d292770 a2=0 a3=0 items=0 ppid=19011 pid=19024 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="setfiles" exe="/sbin/setfiles" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794206.151:14350): path="/sbin/setfiles"
+type=AVC_PATH msg=audit(1163794206.151:14350): path="/sbin/setfiles"
+type=AVC msg=audit(1163794206.375:14352): avc: denied { read } for pid=19024 comm="setfiles" name="policy.21" dev=dm-0 ino=9334698 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:policy_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794206.375:14352): arch=40000003 syscall=5 success=yes exit=3 a0=bf8e8f97 a1=8000 a2=1b6 a3=8fd73e0 items=0 ppid=19011 pid=19024 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="setfiles" exe="/sbin/setfiles" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794206.643:14353): avc: denied { lock } for pid=19011 comm="semodule" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794206.643:14353): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=8 a2=c7b21c a3=8fef3e0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794206.643:14353): path="/etc/selinux/strict/modules/semanage.read.LOCK"
+type=AVC msg=audit(1163794207.187:14354): avc: denied { search } for pid=15987 comm="dbus-daemon" name="kmacmill" dev=dm-0 ino=6547202 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794207.187:14354): avc: denied { search } for pid=15987 comm="dbus-daemon" name=".local" dev=dm-0 ino=6815703 scontext=staff_u:staff_r:staff_dbusd_t:s0 tcontext=staff_u:object_r:staff_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794207.187:14354): arch=40000003 syscall=5 success=no exit=-2 a0=8ebe028 a1=18800 a2=0 a3=0 items=0 ppid=1 pid=15987 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=staff_u:staff_r:staff_dbusd_t:s0 key=(null)
+type=AVC msg=audit(1163794207.727:14355): avc: denied { read } for pid=19045 comm="genhomedircon" name="semanage.read.LOCK" dev=dm-0 ino=9334533 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794207.727:14355): arch=40000003 syscall=33 success=yes exit=0 a0=9207d10 a1=4 a2=28021c a3=9207d10 items=0 ppid=19011 pid=19045 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794207.727:14356): avc: denied { write } for pid=19045 comm="genhomedircon" name="modules" dev=dm-0 ino=9333979 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:selinux_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794207.727:14356): arch=40000003 syscall=33 success=yes exit=0 a0=9206598 a1=7 a2=28021c a3=9207d10 items=0 ppid=19011 pid=19045 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794207.855:14357): avc: denied { write } for pid=19045 comm="genhomedircon" name="file_contexts.homedirs" dev=dm-0 ino=9334712 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:file_context_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794207.855:14357): arch=40000003 syscall=5 success=yes exit=3 a0=921b508 a1=8241 a2=1b6 a3=921b548 items=0 ppid=19011 pid=19045 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="genhomedircon" exe="/usr/bin/python" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794208.071:14358): avc: denied { lock } for pid=19011 comm="semodule" name="semanage.trans.LOCK" dev=dm-0 ino=9334536 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794208.071:14358): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=8 a2=c7b21c a3=8fef3e0 items=0 ppid=16590 pid=19011 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="semodule" exe="/usr/sbin/semodule" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794208.071:14358): path="/etc/selinux/strict/modules/semanage.trans.LOCK"
+type=AVC msg=audit(1163794209.147:14359): avc: denied { getattr } for pid=18600 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=9331954 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794209.147:14359): arch=40000003 syscall=195 success=yes exit=0 a0=10fb5e0 a1=bfc616ac a2=1113ff4 a3=0 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794209.147:14359): path="/etc/localtime"
+type=AVC msg=audit(1163794209.639:14360): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794209.639:14360): arch=40000003 syscall=4 success=yes exit=105 a0=4 a1=805c570 a2=69 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794209.639:14360): path="/dev/net/tun"
+type=AVC msg=audit(1163794209.639:14361): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794209.639:14361): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794209.639:14361): path="/dev/net/tun"
+type=AVC msg=audit(1163794209.999:14362): avc: denied { lock } for pid=16476 comm="pam_timestamp_c" name="utmp" dev=dm-0 ino=14436583 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794209.999:14362): arch=40000003 syscall=221 success=yes exit=0 a0=3 a1=7 a2=bfded3d8 a3=0 items=0 ppid=16467 pid=16476 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794209.999:14362): path="/var/run/utmp"
+type=USER_AUTH msg=audit(1163794210.195:14363): user pid=19046 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=USER_ACCT msg=audit(1163794210.195:14364): user pid=19046 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=AVC msg=audit(1163794210.211:14365): avc: denied { write } for pid=19046 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:staff_r:staff_su_t:s0 tclass=key
+type=AVC msg=audit(1163794210.211:14365): avc: denied { link } for pid=19046 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key
+type=SYSCALL msg=audit(1163794210.211:14365): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=0 items=0 ppid=19025 pid=19046 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts6 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163794210.211:14366): avc: denied { search } for pid=19046 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794210.211:14366): arch=40000003 syscall=5 success=no exit=-2 a0=bf8c2d58 a1=8000 a2=1b6 a3=9111200 items=0 ppid=19025 pid=19046 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts6 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163794210.255:14367): avc: denied { write } for pid=19047 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.255:14367): arch=40000003 syscall=33 success=yes exit=0 a0=bfd8df2b a1=2 a2=bfd8cbd0 a3=0 items=0 ppid=19046 pid=19047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.255:14368): avc: denied { read } for pid=19047 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.255:14368): arch=40000003 syscall=5 success=yes exit=2 a0=bfd8df2b a1=0 a2=1b6 a3=95b7008 items=0 ppid=19046 pid=19047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.255:14369): avc: denied { getattr } for pid=19047 comm="xauth" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.255:14369): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfd8c91c a2=24fff4 a3=95b7008 items=0 ppid=19046 pid=19047 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794210.255:14369): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163794210.259:14370): avc: denied { write } for pid=19046 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794210.259:14370): avc: denied { add_name } for pid=19046 comm="su" name=".xauthSGkEvM" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794210.259:14370): avc: denied { create } for pid=19046 comm="su" name=".xauthSGkEvM" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.259:14370): arch=40000003 syscall=5 success=yes exit=4 a0=9111323 a1=80c2 a2=180 a3=80c2 items=0 ppid=19025 pid=19046 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts6 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163794210.259:14371): avc: denied { setattr } for pid=19046 comm="su" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.259:14371): arch=40000003 syscall=207 success=yes exit=0 a0=4 a1=0 a2=0 a3=1785bf items=0 ppid=19025 pid=19046 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts6 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14372): avc: denied { search } for pid=19048 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794210.263:14372): arch=40000003 syscall=195 success=no exit=-2 a0=bfc74897 a1=bfc743ac a2=3b7ff4 a3=bfc743ac items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14373): avc: denied { write } for pid=19048 comm="xauth" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794210.263:14373): avc: denied { add_name } for pid=19048 comm="xauth" name=".xauthSGkEvM-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794210.263:14373): avc: denied { create } for pid=19048 comm="xauth" name=".xauthSGkEvM-c" scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14373): arch=40000003 syscall=5 success=yes exit=2 a0=bfc74897 a1=c1 a2=180 a3=ffffffff items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14374): avc: denied { link } for pid=19048 comm="xauth" name=".xauthSGkEvM-c" dev=dm-0 ino=13127386 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14374): arch=40000003 syscall=9 success=yes exit=0 a0=bfc74897 a1=bfc74496 a2=da3a64 a3=2 items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14375): avc: denied { write } for pid=19048 comm="xauth" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14375): arch=40000003 syscall=33 success=yes exit=0 a0=bfc75f27 a1=2 a2=bfc74dc0 a3=0 items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14376): avc: denied { read } for pid=19048 comm="xauth" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14376): arch=40000003 syscall=5 success=yes exit=2 a0=bfc75f27 a1=0 a2=1b6 a3=8363008 items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC msg=audit(1163794210.263:14377): avc: denied { getattr } for pid=19048 comm="xauth" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14377): arch=40000003 syscall=197 success=yes exit=0 a0=2 a1=bfc74b0c a2=3b7ff4 a3=8363008 items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794210.263:14377): path="/root/.xauthSGkEvM"
+type=AVC msg=audit(1163794210.263:14378): avc: denied { remove_name } for pid=19048 comm="xauth" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
+type=AVC msg=audit(1163794210.263:14378): avc: denied { unlink } for pid=19048 comm="xauth" name=".xauthSGkEvM" dev=dm-0 ino=13127382 scontext=staff_u:staff_r:staff_xauth_t:s0 tcontext=staff_u:object_r:user_home_dir_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.263:14378): arch=40000003 syscall=10 success=yes exit=0 a0=8363008 a1=1000 a2=0 a3=836308a items=0 ppid=19046 pid=19048 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="xauth" exe="/usr/bin/xauth" subj=staff_u:staff_r:staff_xauth_t:s0 key=(null)
+type=USER_START msg=audit(1163794210.263:14379): user pid=19046 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=CRED_ACQ msg=audit(1163794210.263:14380): user pid=19046 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=AVC msg=audit(1163794210.467:14381): avc: denied { read } for pid=19049 comm="bash" name=".bash_profile" dev=dm-0 ino=13127141 scontext=staff_u:staff_r:staff_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.467:14381): arch=40000003 syscall=5 success=yes exit=3 a0=8946f98 a1=8000 a2=0 a3=8000 items=0 ppid=19046 pid=19049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794210.519:14382): avc: denied { read } for pid=19049 comm="bash" name=".bash_history" dev=dm-0 ino=13127151 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794210.519:14382): arch=40000003 syscall=5 success=yes exit=3 a0=8946db8 a1=8000 a2=0 a3=8000 items=0 ppid=19046 pid=19049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163794226.832:14383): user pid=19079 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=USER_ACCT msg=audit(1163794226.832:14384): user pid=19079 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/6 res=success)'
+type=AVC msg=audit(1163794274.759:14385): avc: denied { relabelfrom } for pid=19114 comm="chcon" name="httpd" dev=dm-0 ino=10321419 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794274.759:14385): avc: denied { relabelto } for pid=19114 comm="chcon" name="httpd" dev=dm-0 ino=10321419 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:myapache_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794274.759:14385): arch=40000003 syscall=226 success=yes exit=0 a0=bfc8094c a1=a2f0d3 a2=980bcb0 a3=25 items=0 ppid=16590 pid=19114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="chcon" exe="/usr/bin/chcon" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794283.224:14386): avc: denied { dac_override } for pid=16590 comm="bash" capability=1 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794283.224:14386): arch=40000003 syscall=195 success=no exit=-2 a0=925e198 a1=bfb405b0 a2=573ff4 a3=925e198 items=0 ppid=16587 pid=16590 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794290.516:14387): avc: denied { write } for pid=19116 comm="su" name="access" dev=selinuxfs ino=6 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794290.516:14387): arch=40000003 syscall=5 success=yes exit=3 a0=bfbb4178 a1=8002 a2=0 a3=8002 items=0 ppid=16590 pid=19116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=AVC msg=audit(1163794290.516:14388): avc: denied { compute_av } for pid=19116 comm="su" scontext=staff_u:staff_r:staff_su_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security
+type=SYSCALL msg=audit(1163794290.516:14388): arch=40000003 syscall=4 success=yes exit=58 a0=3 a1=8f99ef0 a2=3a a3=8f99ef0 items=0 ppid=16590 pid=19116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="su" exe="/bin/su" subj=staff_u:staff_r:staff_su_t:s0 key=(null)
+type=USER_AUTH msg=audit(1163794290.516:14389): user pid=19116 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163794290.516:14390): user pid=19116 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_START msg=audit(1163794290.564:14391): user pid=19116 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=CRED_ACQ msg=audit(1163794290.568:14392): user pid=19116 uid=0 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163794295.109:14393): avc: denied { execute } for pid=19149 comm="service" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.109:14393): arch=40000003 syscall=33 success=yes exit=0 a0=8333a98 a1=1 a2=1 a3=832a2b0 items=0 ppid=19119 pid=19149 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="service" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794295.145:14394): avc: denied { execute_no_trans } for pid=19156 comm="env" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794295.145:14394): avc: denied { read } for pid=19156 comm="env" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.145:14394): arch=40000003 syscall=11 success=yes exit=0 a0=bfbbec09 a1=bfbbde68 a2=954e858 a3=5 items=0 ppid=19149 pid=19156 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794295.145:14394): path="/etc/rc.d/init.d/httpd"
+type=AVC_PATH msg=audit(1163794295.145:14394): path="/etc/rc.d/init.d/httpd"
+type=AVC msg=audit(1163794295.149:14395): avc: denied { ioctl } for pid=19156 comm="httpd" name="httpd" dev=dm-0 ino=9330356 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.149:14395): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bfa60da8 a3=bfa60de8 items=0 ppid=19149 pid=19156 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794295.149:14395): path="/etc/rc.d/init.d/httpd"
+type=AVC msg=audit(1163794295.217:14396): avc: denied { read } for pid=19161 comm="grep" name="httpd.conf" dev=dm-0 ino=9331739 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.217:14396): arch=40000003 syscall=5 success=yes exit=3 a0=bfd94f88 a1=8000 a2=0 a3=8000 items=0 ppid=19156 pid=19161 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="grep" exe="/bin/grep" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794295.233:14397): avc: denied { execute } for pid=19163 comm="bash" name="httpd" dev=dm-0 ino=10321419 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:myapache_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794295.233:14397): avc: denied { execute_no_trans } for pid=19163 comm="bash" name="httpd" dev=dm-0 ino=10321419 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:myapache_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794295.233:14397): avc: denied { read } for pid=19163 comm="bash" name="httpd" dev=dm-0 ino=10321419 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:myapache_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.233:14397): arch=40000003 syscall=11 success=yes exit=0 a0=a0e5d30 a1=a0e5df8 a2=a0e6130 a3=a0e5cb0 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794295.233:14397): path="/usr/sbin/httpd"
+type=AVC_PATH msg=audit(1163794295.233:14397): path="/usr/sbin/httpd"
+type=AVC msg=audit(1163794295.561:14398): avc: denied { read } for pid=19163 comm="httpd" name="modules" dev=dm-0 ino=9331255 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163794295.561:14398): avc: denied { read } for pid=19163 comm="httpd" name="mod_auth_basic.so" dev=dm-0 ino=10639225 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.561:14398): arch=40000003 syscall=5 success=yes exit=4 a0=88fb550 a1=0 a2=424150 a3=88fb550 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794295.617:14399): avc: denied { execute } for pid=19163 comm="httpd" name="mod_auth_basic.so" dev=dm-0 ino=10639225 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794295.617:14399): arch=40000003 syscall=192 success=yes exit=1146880 a0=0 a1=30bc a2=5 a3=802 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794295.617:14399): path="/usr/lib/httpd/modules/mod_auth_basic.so"
+type=AVC msg=audit(1163794296.193:14400): avc: denied { read } for pid=19163 comm="httpd" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.193:14400): arch=40000003 syscall=5 success=yes exit=5 a0=40ae73 a1=0 a2=1b6 a3=8943f90 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.193:14401): avc: denied { node_bind } for pid=19163 comm="httpd" src=80 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:unspec_node_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794296.193:14401): avc: denied { net_bind_service } for pid=19163 comm="httpd" capability=10 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794296.193:14401): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfa206d0 a2=1951e8 a3=88bc790 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.193:14402): avc: denied { read } for pid=19163 comm="httpd" name="logs" dev=dm-0 ino=9330432 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163794296.193:14402): avc: denied { append } for pid=19163 comm="httpd" name="error_log" dev=dm-0 ino=14437040 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.193:14402): arch=40000003 syscall=5 success=yes exit=7 a0=88ec580 a1=8441 a2=1b6 a3=8441 items=0 ppid=19162 pid=19163 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.281:14403): avc: denied { write } for pid=19164 comm="httpd" name="run" dev=dm-0 ino=14436616 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794296.281:14403): avc: denied { add_name } for pid=19164 comm="httpd" name="httpd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794296.281:14403): avc: denied { create } for pid=19164 comm="httpd" name="httpd.pid" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.281:14403): arch=40000003 syscall=5 success=yes exit=9 a0=8966818 a1=8241 a2=1a4 a3=8241 items=0 ppid=1 pid=19164 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.297:14404): avc: denied { write } for pid=19164 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.297:14404): arch=40000003 syscall=4 success=yes exit=6 a0=9 a1=899a788 a2=6 a3=6 items=0 ppid=1 pid=19164 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794296.297:14404): path="/var/run/httpd.pid"
+type=AVC msg=audit(1163794296.301:14405): avc: denied { setuid } for pid=19165 comm="httpd" capability=7 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794296.301:14405): arch=40000003 syscall=213 success=yes exit=0 a0=30 a1=108 a2=1 a3=bfa204d0 items=0 ppid=19164 pid=19165 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.329:14406): avc: denied { write } for pid=19168 comm="touch" name="subsys" dev=dm-0 ino=14436611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163794296.329:14406): avc: denied { add_name } for pid=19168 comm="touch" name="httpd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163794296.329:14406): avc: denied { create } for pid=19168 comm="touch" name="httpd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.329:14406): arch=40000003 syscall=5 success=yes exit=0 a0=bfee1f80 a1=8941 a2=1b6 a3=8941 items=0 ppid=19156 pid=19168 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794296.337:14407): avc: denied { write } for pid=19168 comm="touch" name="httpd" dev=dm-0 ino=14436997 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794296.337:14407): arch=40000003 syscall=271 success=yes exit=0 a0=bfee0b64 a1=0 a2=eb5ff4 a3=0 items=0 ppid=19156 pid=19168 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794300.201:14408): avc: denied { read } for pid=19178 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794300.201:14408): arch=40000003 syscall=33 success=yes exit=0 a0=bf85af92 a1=4 a2=11ea64 a3=bf85af92 items=0 ppid=19177 pid=19178 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794307.389:14409): avc: denied { read } for pid=19165 comm="httpd" name="noindex.html" dev=dm-0 ino=14436695 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794307.389:14409): arch=40000003 syscall=5 success=yes exit=11 a0=89afad8 a1=8000 a2=0 a3=8000 items=0 ppid=19164 pid=19165 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794313.622:14410): avc: denied { read } for pid=19188 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794313.622:14410): arch=40000003 syscall=5 success=yes exit=3 a0=90ddfc8 a1=8000 a2=0 a3=8000 items=0 ppid=19181 pid=19188 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794313.622:14411): avc: denied { ioctl } for pid=19188 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794313.622:14411): arch=40000003 syscall=54 success=no exit=-25 a0=0 a1=5401 a2=bfc40298 a3=bfc402d8 items=0 ppid=19181 pid=19188 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794313.622:14411): path="/var/run/httpd.pid"
+type=AVC msg=audit(1163794313.626:14412): avc: denied { kill } for pid=19164 comm="httpd" capability=5 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794313.626:14412): arch=40000003 syscall=37 success=yes exit=0 a0=ffffb524 a1=f a2=422ff4 a3=899a788 items=0 ppid=1 pid=19164 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794313.646:14413): avc: denied { remove_name } for pid=19164 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794313.646:14413): avc: denied { unlink } for pid=19164 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794313.646:14413): arch=40000003 syscall=10 success=yes exit=0 a0=8966960 a1=8966960 a2=16a004 a3=8966960 items=0 ppid=1 pid=19164 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794313.790:14414): avc: denied { write } for pid=19195 comm="rm" name="subsys" dev=dm-0 ino=14436611 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163794313.790:14414): avc: denied { remove_name } for pid=19195 comm="rm" name="httpd" dev=dm-0 ino=14436997 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=AVC msg=audit(1163794313.790:14414): avc: denied { unlink } for pid=19195 comm="rm" name="httpd" dev=dm-0 ino=14436997 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:object_r:var_lock_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794313.790:14414): arch=40000003 syscall=10 success=yes exit=0 a0=bf911f73 a1=0 a2=805277c a3=bf9116f4 items=0 ppid=19188 pid=19195 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="rm" exe="/bin/rm" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794336.055:14415): avc: denied { read } for pid=19210 comm="httpd" name="resolv.conf" dev=dm-0 ino=9330239 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794336.055:14415): arch=40000003 syscall=5 success=yes exit=5 a0=2f3e73 a1=0 a2=1b6 a3=82ebf90 items=0 ppid=19209 pid=19210 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794336.059:14416): avc: denied { node_bind } for pid=19210 comm="httpd" src=80 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:unspec_node_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794336.059:14416): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf852d10 a2=7ff1e8 a3=8264790 items=0 ppid=19209 pid=19210 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="httpd" exe="/usr/sbin/httpd" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794336.095:14417): avc: denied { add_name } for pid=19217 comm="touch" name="httpd" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794336.095:14417): arch=40000003 syscall=5 success=yes exit=0 a0=bfb8ef80 a1=8941 a2=1b6 a3=8941 items=0 ppid=19203 pid=19217 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="touch" exe="/bin/touch" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794345.112:14418): avc: denied { execute } for pid=19119 comm="bash" name="run_init" dev=dm-0 ino=10337905 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794345.112:14418): arch=40000003 syscall=33 success=yes exit=0 a0=9464518 a1=1 a2=11 a3=9464518 items=0 ppid=19116 pid=19119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794345.112:14419): avc: denied { read } for pid=19119 comm="bash" name="run_init" dev=dm-0 ino=10337905 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794345.112:14419): arch=40000003 syscall=33 success=yes exit=0 a0=9464518 a1=4 a2=ffffffff a3=9464518 items=0 ppid=19116 pid=19119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794348.308:14420): avc: denied { execute_no_trans } for pid=19238 comm="bash" name="run_init" dev=dm-0 ino=10337905 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794348.308:14420): arch=40000003 syscall=11 success=yes exit=0 a0=9465dc0 a1=9465df0 a2=9466610 a3=9468960 items=0 ppid=19119 pid=19238 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="run_init" exe="/usr/sbin/run_init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794348.308:14420): path="/usr/sbin/run_init"
+type=AVC msg=audit(1163794352.940:14421): avc: denied { audit_write } for pid=19238 comm="run_init" capability=29 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=USER_AUTH msg=audit(1163794352.940:14422): user pid=19238 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=SYSCALL msg=audit(1163794352.940:14421): arch=40000003 syscall=102 success=yes exit=128 a0=b a1=bff3a160 a2=a47ff4 a3=bff40ba0 items=0 ppid=19119 pid=19238 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="run_init" exe="/usr/sbin/run_init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163794352.940:14423): user pid=19238 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163794352.972:14424): avc: denied { setexec } for pid=19238 comm="run_init" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794352.972:14424): arch=40000003 syscall=4 success=yes exit=30 a0=3 a1=8f8f4a0 a2=1e a3=a2f751 items=0 ppid=19119 pid=19238 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="run_init" exe="/usr/sbin/run_init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794352.972:14425): avc: denied { transition } for pid=19238 comm="run_init" name="open_init_pty" dev=dm-0 ino=10316125 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process
+type=AVC msg=audit(1163794352.972:14425): avc: denied { siginh } for pid=19238 comm="open_init_pty" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process
+type=AVC msg=audit(1163794352.972:14425): avc: denied { rlimitinh } for pid=19238 comm="open_init_pty" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process
+type=AVC msg=audit(1163794352.972:14425): avc: denied { noatsecure } for pid=19238 comm="open_init_pty" scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794352.972:14425): arch=40000003 syscall=11 success=yes exit=0 a0=804921d a1=bff451b4 a2=bff451c4 a3=bff451b4 items=0 ppid=19119 pid=19238 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="open_init_pty" exe="/usr/sbin/open_init_pty" subj=system_u:system_r:initrc_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794352.972:14425): path="/usr/sbin/open_init_pty"
+type=AVC msg=audit(1163794352.992:14426): avc: denied { read write } for pid=19239 comm="httpd" name="7" dev=devpts ino=9 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:initrc_devpts_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794352.992:14426): arch=40000003 syscall=11 success=yes exit=0 a0=942a08e a1=bfd85ff8 a2=bfd86004 a3=bfd86e94 items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794352.992:14427): avc: denied { search } for pid=19239 comm="httpd" name="etc" dev=dm-0 ino=9329761 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794352.992:14427): arch=40000003 syscall=33 success=no exit=-2 a0=901e4f a1=4 a2=904fc0 a3=0 items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794352.992:14428): avc: denied { read } for pid=19239 comm="httpd" name="ld.so.cache" dev=dm-0 ino=9330488 scontext=system_u:system_r:myapache_t:s0 tcontext=staff_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794352.992:14428): arch=40000003 syscall=5 success=yes exit=3 a0=902037 a1=0 a2=0 a3=ffffffff items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794352.992:14429): avc: denied { getattr } for pid=19239 comm="httpd" name="ld.so.cache" dev=dm-0 ino=9330488 scontext=system_u:system_r:myapache_t:s0 tcontext=staff_u:object_r:ld_so_cache_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794352.992:14429): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfa8a340 a2=904fc0 a3=ffffffff items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794352.992:14429): path="/etc/ld.so.cache"
+type=AVC msg=audit(1163794352.992:14430): avc: denied { search } for pid=19239 comm="httpd" name="lib" dev=dm-0 ino=13716385 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=AVC msg=audit(1163794352.992:14430): avc: denied { read } for pid=19239 comm="httpd" name="libm.so.6" dev=dm-0 ino=13716419 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163794352.992:14430): avc: denied { read } for pid=19239 comm="httpd" name="libm-2.5.90.so" dev=dm-0 ino=13716401 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794352.992:14430): arch=40000003 syscall=5 success=yes exit=3 a0=b7f0666b a1=0 a2=19e a3=b7f0666b items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794353.008:14431): avc: denied { getattr } for pid=19239 comm="httpd" name="libm-2.5.90.so" dev=dm-0 ino=13716401 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794353.008:14431): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfa8a3a4 a2=904fc0 a3=4 items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794353.008:14431): path="/lib/i686/nosegneg/libm-2.5.90.so"
+type=AVC msg=audit(1163794353.008:14432): avc: denied { execute } for pid=19239 comm="httpd" name="libm-2.5.90.so" dev=dm-0 ino=13716401 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:shlib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794353.008:14432): arch=40000003 syscall=192 success=yes exit=7204864 a0=0 a1=26080 a2=5 a3=802 items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794353.008:14432): path="/lib/i686/nosegneg/libm-2.5.90.so"
+type=AVC msg=audit(1163794353.012:14433): avc: denied { search } for pid=19239 comm="httpd" name="usr" dev=dm-0 ino=10311841 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794353.012:14433): arch=40000003 syscall=5 success=yes exit=3 a0=b7f10c9f a1=0 a2=53f a3=b7f10c9f items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794353.012:14434): avc: denied { read } for pid=19239 comm="httpd" name="libldap-2.3.so.0" dev=dm-0 ino=10318754 scontext=system_u:system_r:myapache_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163794353.012:14434): arch=40000003 syscall=5 success=yes exit=3 a0=b7f069aa a1=0 a2=1b2 a3=b7f069aa items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794353.016:14435): avc: denied { read } for pid=19239 comm="httpd" name="ld-2.5.90.so" dev=dm-0 ino=13716553 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:ld_so_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794353.016:14435): arch=40000003 syscall=125 success=yes exit=0 a0=904000 a1=1000 a2=1 a3=380 items=0 ppid=19238 pid=19239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794353.016:14435): path="/lib/ld-2.5.90.so"
+type=AVC msg=audit(1163794368.013:14436): avc: denied { audit_write } for pid=19240 comm="run_init" capability=29 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=capability
+type=USER_AUTH msg=audit(1163794368.013:14437): user pid=19240 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=SYSCALL msg=audit(1163794368.013:14436): arch=40000003 syscall=102 success=yes exit=128 a0=b a1=bfd7f790 a2=a47ff4 a3=bfd861d0 items=0 ppid=19119 pid=19240 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="run_init" exe="/usr/sbin/run_init" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163794368.013:14438): user pid=19240 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163794368.065:14439): avc: denied { search } for pid=19248 comm="httpd" name="httpd" dev=dm-0 ino=9330261 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.065:14439): avc: denied { getattr } for pid=19248 comm="httpd" name="httpd.conf" dev=dm-0 ino=9331739 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.065:14439): arch=40000003 syscall=195 success=yes exit=0 a0=8e98020 a1=bfe2040c a2=b8aff4 a3=8000 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.065:14439): path="/etc/httpd/conf/httpd.conf"
+type=AVC msg=audit(1163794368.065:14440): avc: denied { read } for pid=19248 comm="httpd" name="httpd.conf" dev=dm-0 ino=9331739 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.065:14440): arch=40000003 syscall=5 success=yes exit=3 a0=8e98020 a1=8000 a2=1b6 a3=8000 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.065:14441): avc: denied { getattr } for pid=19248 comm="httpd" name="httpd" dev=dm-0 ino=9330261 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.065:14441): arch=40000003 syscall=195 success=yes exit=0 a0=8e99188 a1=bfe201ec a2=b8aff4 a3=8000 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.065:14441): path="/etc/httpd"
+type=AVC msg=audit(1163794368.065:14442): avc: denied { read } for pid=19248 comm="httpd" name="modules" dev=dm-0 ino=9331255 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163794368.065:14442): avc: denied { search } for pid=19248 comm="httpd" name="httpd" dev=dm-0 ino=10640259 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.065:14442): avc: denied { read } for pid=19248 comm="httpd" name="mod_auth_basic.so" dev=dm-0 ino=10639225 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.065:14442): arch=40000003 syscall=5 success=yes exit=4 a0=8ea2550 a1=0 a2=b8c150 a3=8ea2550 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.065:14443): avc: denied { getattr } for pid=19248 comm="httpd" name="mod_auth_basic.so" dev=dm-0 ino=10639225 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.065:14443): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfe1fb20 a2=1e1fc0 a3=5 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.065:14443): path="/usr/lib/httpd/modules/mod_auth_basic.so"
+type=AVC msg=audit(1163794368.065:14444): avc: denied { execute } for pid=19248 comm="httpd" name="mod_auth_basic.so" dev=dm-0 ino=10639225 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_modules_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.065:14444): arch=40000003 syscall=192 success=yes exit=6766592 a0=0 a1=30bc a2=5 a3=802 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.065:14444): path="/usr/lib/httpd/modules/mod_auth_basic.so"
+type=AVC msg=audit(1163794368.077:14445): avc: denied { read } for pid=19248 comm="httpd" name="conf.d" dev=dm-0 ino=9330352 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.077:14445): arch=40000003 syscall=5 success=yes exit=4 a0=8ebd788 a1=18800 a2=1e1fc0 a3=8ebd768 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14446): avc: denied { search } for pid=19248 comm="httpd" name="sbin" dev=dm-0 ino=10311842 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.089:14446): avc: denied { getattr } for pid=19248 comm="httpd" name="suexec" dev=dm-0 ino=10321423 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_suexec_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.089:14446): arch=40000003 syscall=195 success=yes exit=0 a0=d76b1e a1=bfe2068c a2=b8aff4 a3=73b170 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.089:14446): path="/usr/sbin/suexec"
+type=AVC msg=audit(1163794368.089:14447): avc: denied { create } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163794368.089:14447): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfe203f4 a2=b8aff4 a3=8e6378b items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14448): avc: denied { bind } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163794368.089:14448): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfe203f4 a2=b8aff4 a3=3 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14449): avc: denied { getattr } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163794368.089:14449): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfe203f4 a2=b8aff4 a3=3 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14450): avc: denied { write } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=AVC msg=audit(1163794368.089:14450): avc: denied { nlmsg_read } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163794368.089:14450): arch=40000003 syscall=102 success=yes exit=20 a0=b a1=bfe1f32c a2=b8aff4 a3=ffffffb8 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14451): avc: denied { read } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=netlink_route_socket
+type=SYSCALL msg=audit(1163794368.089:14451): arch=40000003 syscall=102 success=yes exit=188 a0=11 a1=bfe1f32c a2=b8aff4 a3=ffffffb8 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14452): avc: denied { create } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=udp_socket
+type=SYSCALL msg=audit(1163794368.089:14452): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfe20300 a2=b8aff4 a3=8edd850 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14453): avc: denied { connect } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=udp_socket
+type=SYSCALL msg=audit(1163794368.089:14453): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe20300 a2=b8aff4 a3=3 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14454): avc: denied { getattr } for pid=19248 comm="httpd" laddr=0000:0000:0000:0000:0000:0000:0000:0001 lport=33036 faddr=0000:0000:0000:0000:0000:0000:0000:0001 fport=80 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=udp_socket
+type=SYSCALL msg=audit(1163794368.089:14454): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfe20300 a2=b8aff4 a3=3 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14455): avc: denied { create } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794368.089:14455): arch=40000003 syscall=102 success=yes exit=3 a0=1 a1=bfe20560 a2=8fe1e8 a3=8e63900 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14456): avc: denied { read } for pid=19248 comm="httpd" name="nsswitch.conf" dev=dm-0 ino=9334508 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.089:14456): arch=40000003 syscall=5 success=yes exit=5 a0=b72f9d a1=0 a2=1b6 a3=8eddcd0 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14457): avc: denied { getattr } for pid=19248 comm="httpd" name="nsswitch.conf" dev=dm-0 ino=9334508 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.089:14457): arch=40000003 syscall=197 success=yes exit=0 a0=5 a1=bfe203a4 a2=b8aff4 a3=8eddcd0 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.089:14457): path="/etc/nsswitch.conf"
+type=AVC msg=audit(1163794368.089:14458): avc: denied { search } for pid=19248 comm="httpd" name="lib" dev=dm-0 ino=13716385 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.089:14458): arch=40000003 syscall=5 success=yes exit=5 a0=b7f9495c a1=0 a2=150 a3=b7f9495c items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14459): avc: denied { search } for pid=19248 comm="httpd" name="www" dev=dm-0 ino=14436677 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.089:14459): avc: denied { getattr } for pid=19248 comm="httpd" name="html" dev=dm-0 ino=14436704 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.089:14459): arch=40000003 syscall=195 success=yes exit=0 a0=8ed4198 a1=bfe204bc a2=b8aff4 a3=8000 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.089:14459): path="/var/www/html"
+type=AVC msg=audit(1163794368.089:14460): avc: denied { read } for pid=19248 comm="httpd" name="resolv.conf" dev=dm-0 ino=9330239 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.089:14460): arch=40000003 syscall=5 success=yes exit=5 a0=b72e73 a1=0 a2=1b6 a3=8eeaf90 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.089:14461): avc: denied { getattr } for pid=19248 comm="httpd" name="resolv.conf" dev=dm-0 ino=9330239 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.089:14461): arch=40000003 syscall=197 success=yes exit=0 a0=5 a1=bfe1dd04 a2=b8aff4 a3=8eeaf90 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.089:14461): path="/etc/resolv.conf"
+type=AVC msg=audit(1163794368.097:14462): avc: denied { setopt } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794368.097:14462): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bfe206f0 a2=8fe1e8 a3=8e63900 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.097:14463): avc: denied { bind } for pid=19248 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794368.097:14463): avc: denied { name_bind } for pid=19248 comm="httpd" src=80 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794368.097:14463): avc: denied { node_bind } for pid=19248 comm="httpd" src=80 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:unspec_node_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794368.097:14463): avc: denied { net_bind_service } for pid=19248 comm="httpd" capability=10 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794368.097:14463): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfe20710 a2=8fe1e8 a3=8e63790 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.097:14464): avc: denied { listen } for pid=19248 comm="httpd" lport=80 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794368.097:14464): arch=40000003 syscall=102 success=yes exit=0 a0=4 a1=bfe20710 a2=8fe1e8 a3=8e638e0 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.097:14465): avc: denied { read } for pid=19248 comm="httpd" name="logs" dev=dm-0 ino=9330432 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=lnk_file
+type=AVC msg=audit(1163794368.097:14465): avc: denied { search } for pid=19248 comm="httpd" name="log" dev=dm-0 ino=14436604 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.097:14465): avc: denied { search } for pid=19248 comm="httpd" name="httpd" dev=dm-0 ino=14436676 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.097:14465): avc: denied { append } for pid=19248 comm="httpd" name="error_log" dev=dm-0 ino=14437040 scontext=system_u:system_r:myapache_t:s0 tcontext=user_u:object_r:httpd_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.097:14465): arch=40000003 syscall=5 success=yes exit=7 a0=8e93580 a1=8441 a2=1b6 a3=8441 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.097:14466): avc: denied { read } for pid=19248 comm="httpd" name="filesystems" dev=proc ino=-268435452 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.097:14466): arch=40000003 syscall=5 success=yes exit=9 a0=e870b0 a1=8000 a2=0 a3=8000 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.101:14467): avc: denied { read } for pid=19248 comm="httpd" name="localtime" dev=dm-0 ino=9331954 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.101:14467): arch=40000003 syscall=5 success=yes exit=9 a0=b725e0 a1=0 a2=1b6 a3=8f351b8 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.101:14468): avc: denied { getattr } for pid=19248 comm="httpd" name="localtime" dev=dm-0 ino=9331954 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.101:14468): arch=40000003 syscall=197 success=yes exit=0 a0=9 a1=bfe1c3e8 a2=b8aff4 a3=8f351b8 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.101:14468): path="/etc/localtime"
+type=AVC msg=audit(1163794368.105:14469): avc: denied { create } for pid=19248 comm="httpd" key=0 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=sem
+type=SYSCALL msg=audit(1163794368.105:14469): arch=40000003 syscall=117 success=yes exit=458753 a0=2 a1=0 a2=1 a3=380 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.105:14470): avc: denied { unix_write } for pid=19248 comm="httpd" key=0 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=sem
+type=AVC msg=audit(1163794368.105:14470): avc: denied { write } for pid=19248 comm="httpd" key=0 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=sem
+type=SYSCALL msg=audit(1163794368.105:14470): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=70001 a2=0 a3=110 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.105:14471): avc: denied { setattr } for pid=19248 comm="httpd" key=0 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=sem
+type=SYSCALL msg=audit(1163794368.105:14471): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=70001 a2=0 a3=101 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.105:14472): avc: denied { destroy } for pid=19248 comm="httpd" key=0 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=sem
+type=SYSCALL msg=audit(1163794368.105:14472): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=70001 a2=0 a3=100 items=0 ppid=19247 pid=19248 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.117:14473): avc: denied { search } for pid=19249 comm="httpd" name="sbin" dev=dm-0 ino=10311842 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.117:14473): arch=40000003 syscall=195 success=yes exit=0 a0=d76b1e a1=bfe2068c a2=b8aff4 a3=73b170 items=0 ppid=19248 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14474): avc: denied { read } for pid=19249 comm="httpd" name="urandom" dev=tmpfs ino=1972 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794368.125:14474): arch=40000003 syscall=5 success=yes exit=9 a0=8f7bcb a1=0 a2=8ec810 a3=14 items=0 ppid=19248 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14475): avc: denied { read } for pid=19249 comm="httpd" name="run" dev=dm-0 ino=9330354 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
+type=SYSCALL msg=audit(1163794368.125:14475): arch=40000003 syscall=195 success=no exit=-2 a0=8f0d818 a1=bfe2053c a2=b8aff4 a3=10 items=0 ppid=19248 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14476): avc: denied { write } for pid=19249 comm="httpd" name="run" dev=dm-0 ino=14436616 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.125:14476): avc: denied { add_name } for pid=19249 comm="httpd" name="httpd.pid" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.125:14476): avc: denied { create } for pid=19249 comm="httpd" name="httpd.pid" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.125:14476): arch=40000003 syscall=5 success=yes exit=9 a0=8f0d818 a1=8241 a2=1a4 a3=8241 items=0 ppid=19248 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14477): avc: denied { write } for pid=19249 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.125:14477): arch=40000003 syscall=4 success=yes exit=6 a0=9 a1=8f417b8 a2=6 a3=6 items=0 ppid=19248 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794368.125:14477): path="/var/run/httpd.pid"
+type=AVC msg=audit(1163794368.125:14478): avc: denied { setgid } for pid=19250 comm="httpd" capability=6 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794368.125:14478): arch=40000003 syscall=214 success=yes exit=0 a0=30 a1=0 a2=8fe060 a3=bfe20510 items=0 ppid=19249 pid=19250 auid=500 uid=0 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14479): avc: denied { search } for pid=19250 comm="httpd" name="sys" dev=proc ino=-268435429 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.125:14479): avc: denied { search } for pid=19250 comm="httpd" name="kernel" dev=proc ino=-268435417 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
+type=AVC msg=audit(1163794368.125:14479): avc: denied { read } for pid=19250 comm="httpd" name="ngroups_max" dev=proc ino=-268435370 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794368.125:14479): arch=40000003 syscall=5 success=yes exit=9 a0=b72766 a1=0 a2=a a3=8ee1128 items=0 ppid=19249 pid=19250 auid=500 uid=0 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14480): avc: denied { search } for pid=19250 comm="httpd" name="etc" dev=dm-0 ino=9329761 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794368.125:14480): arch=40000003 syscall=5 success=yes exit=9 a0=6b42d8 a1=0 a2=1b6 a3=8f49d48 items=0 ppid=19249 pid=19250 auid=500 uid=0 gid=48 euid=0 suid=0 fsuid=0 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14481): avc: denied { setuid } for pid=19250 comm="httpd" capability=7 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=capability
+type=SYSCALL msg=audit(1163794368.125:14481): arch=40000003 syscall=213 success=yes exit=0 a0=30 a1=108 a2=1 a3=bfe20510 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794368.125:14482): avc: denied { accept } for pid=19250 comm="httpd" lport=80 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794376.422:14483): avc: denied { read } for pid=19263 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794376.422:14483): arch=40000003 syscall=33 success=yes exit=0 a0=bf816f92 a1=4 a2=da3a64 a3=bf816f92 items=0 ppid=19262 pid=19263 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794381.358:14484): avc: denied { tcp_recv } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=35667 daddr=127.0.0.1 dest=80 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:netif_t:s0 tclass=netif
+type=AVC msg=audit(1163794381.358:14484): avc: denied { tcp_recv } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=35667 daddr=127.0.0.1 dest=80 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=node
+type=AVC msg=audit(1163794381.358:14484): avc: denied { recv_msg } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=35667 daddr=127.0.0.1 dest=80 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
+type=AVC msg=audit(1163794381.358:14484): avc: denied { tcp_send } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=80 daddr=127.0.0.1 dest=35667 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:netif_t:s0 tclass=netif
+type=AVC msg=audit(1163794381.358:14484): avc: denied { tcp_send } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=80 daddr=127.0.0.1 dest=35667 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=node
+type=AVC msg=audit(1163794381.358:14484): avc: denied { send_msg } for pid=16548 comm="firefox-bin" saddr=127.0.0.1 src=80 daddr=127.0.0.1 dest=35667 netif=lo scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794381.358:14484): arch=40000003 syscall=102 success=no exit=-115 a0=3 a1=b7cdbff0 a2=4932550 a3=0 items=0 ppid=1 pid=16548 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=SYSCALL msg=audit(1163794368.125:14482): arch=40000003 syscall=102 success=yes exit=10 a0=5 a1=bfe20500 a2=8fe1e8 a3=8f47c28 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794381.362:14485): avc: denied { getattr } for pid=19250 comm="httpd" laddr=0000:0000:0000:0000:0000:ffff:7f00:0001 lport=80 faddr=0000:0000:0000:0000:0000:ffff:7f00:0001 fport=35667 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794381.362:14485): arch=40000003 syscall=102 success=yes exit=0 a0=6 a1=bfe204f0 a2=8fe1e8 a3=8f47c28 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794381.362:14486): avc: denied { read } for pid=19250 comm="httpd" name="[220857]" dev=sockfs ino=220857 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794381.362:14486): arch=40000003 syscall=3 success=yes exit=387 a0=a a1=8f53f18 a2=1f40 a3=8f47c28 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794381.362:14486): path="socket:[220857]"
+type=AVC msg=audit(1163794381.362:14487): avc: denied { getattr } for pid=19250 comm="httpd" name="noindex.html" dev=dm-0 ino=14436695 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794381.362:14487): arch=40000003 syscall=195 success=yes exit=0 a0=8f56a78 a1=bfe2027c a2=b8aff4 a3=8170 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794381.362:14487): path="/var/www/error/noindex.html"
+type=AVC msg=audit(1163794381.366:14488): avc: denied { read } for pid=19250 comm="httpd" name="noindex.html" dev=dm-0 ino=14436695 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794381.366:14488): arch=40000003 syscall=5 success=yes exit=11 a0=8f56b00 a1=8000 a2=0 a3=8000 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794381.366:14489): avc: denied { write } for pid=19250 comm="httpd" name="[220857]" dev=sockfs ino=220857 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794381.366:14489): arch=40000003 syscall=146 success=yes exit=4153 a0=a a1=bfe1de78 a2=2 a3=2 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794381.366:14489): path="socket:[220857]"
+type=AVC msg=audit(1163794381.366:14490): avc: denied { shutdown } for pid=19250 comm="httpd" laddr=0000:0000:0000:0000:0000:ffff:7f00:0001 lport=80 faddr=0000:0000:0000:0000:0000:ffff:7f00:0001 fport=35667 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794381.366:14490): arch=40000003 syscall=102 success=yes exit=0 a0=d a1=bfe20300 a2=8fe1e8 a3=8f47dc0 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794381.370:14491): avc: denied { read } for pid=19250 comm="httpd" name="[220847]" dev=pipefs ino=220847 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=fifo_file
+type=SYSCALL msg=audit(1163794381.370:14491): arch=40000003 syscall=3 success=no exit=-11 a0=5 a1=bfe20563 a2=1 a3=1 items=0 ppid=19249 pid=19250 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794381.370:14491): path="pipe:[220847]"
+type=USER_AUTH msg=audit(1163794389.543:14492): user pid=19266 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: authentication acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=USER_ACCT msg=audit(1163794389.543:14493): user pid=19266 uid=0 auid=500 subj=staff_u:staff_r:staff_t:s0 msg='PAM: accounting acct=kmacmill : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/2 res=success)'
+type=AVC msg=audit(1163794389.559:14494): avc: denied { kill } for pid=19249 comm="httpd" capability=5 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=capability
+type=AVC msg=audit(1163794389.559:14494): avc: denied { signal } for pid=19249 comm="httpd" scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:system_r:myapache_t:s0 tclass=process
+type=SYSCALL msg=audit(1163794389.559:14494): arch=40000003 syscall=37 success=yes exit=0 a0=ffffb4cf a1=f a2=b8aff4 a3=8f417b8 items=0 ppid=1 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794389.647:14495): avc: denied { write } for pid=19249 comm="httpd" name="run" dev=dm-0 ino=14436616 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794389.647:14495): avc: denied { remove_name } for pid=19249 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
+type=AVC msg=audit(1163794389.647:14495): avc: denied { unlink } for pid=19249 comm="httpd" name="httpd.pid" dev=dm-0 ino=14436960 scontext=system_u:system_r:myapache_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794389.647:14495): arch=40000003 syscall=10 success=yes exit=0 a0=8f0d960 a1=8f0d960 a2=d7f004 a3=8f0d960 items=0 ppid=1 pid=19249 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:myapache_t:s0 key=(null)
+type=AVC msg=audit(1163794669.408:14496): avc: denied { getattr } for pid=19286 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794669.408:14496): arch=40000003 syscall=195 success=yes exit=0 a0=8e69188 a1=aa35b0cc a2=758aff4 a3=4 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794669.408:14496): path="/home/kmacmill/.evolution"
+type=AVC msg=audit(1163794669.408:14497): avc: denied { search } for pid=19286 comm="evolution" name=".evolution" dev=dm-0 ino=6776355 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794669.408:14497): arch=40000003 syscall=33 success=yes exit=0 a0=8e69188 a1=0 a2=bae708 a3=10 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794669.408:14498): avc: denied { read } for pid=19286 comm="evolution" name="summary" dev=dm-0 ino=6814052 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794669.408:14498): arch=40000003 syscall=5 success=yes exit=25 a0=8fe0700 a1=0 a2=1b6 a3=9238950 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794669.408:14499): avc: denied { getattr } for pid=19286 comm="evolution" name="summary" dev=dm-0 ino=6814052 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794669.408:14499): arch=40000003 syscall=197 success=yes exit=0 a0=19 a1=aa35af48 a2=758aff4 a3=9238950 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794669.408:14499): path="/home/kmacmill/.evolution/mail/imap/kmacmill@pobox-2.corp.redhat.com/folders/INBOX/summary"
+type=AVC msg=audit(1163794669.408:14500): avc: denied { read } for pid=19286 comm="evolution" name="INBOX" dev=dm-0 ino=6809503 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794669.408:14500): arch=40000003 syscall=5 success=yes exit=25 a0=91e8710 a1=18800 a2=758c120 a3=91e8710 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794669.408:14501): avc: denied { send_msg } for pid=19286 comm="evolution" saddr=10.11.14.219 src=37722 daddr=10.11.255.15 dest=993 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794669.408:14501): arch=40000003 syscall=102 success=yes exit=42 a0=9 a1=aa35aeb0 a2=4932550 a3=0 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794669.472:14502): avc: denied { recv_msg } for pid=15069 comm="vpnc" saddr=10.11.255.15 src=993 daddr=10.11.14.219 dest=37722 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163794669.472:14502): arch=40000003 syscall=4 success=yes exit=52 a0=4 a1=805c570 a2=34 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163794670.312:14503): avc: denied { write } for pid=19286 comm="evolution" name="fedora-devel" dev=dm-0 ino=6814265 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163794670.312:14503): avc: denied { add_name } for pid=19286 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163794670.312:14503): avc: denied { create } for pid=19286 comm="evolution" name="summary~" scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794670.312:14503): arch=40000003 syscall=5 success=yes exit=43 a0=aa35afd0 a1=242 a2=180 a3=9269aa8 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794670.312:14504): avc: denied { write } for pid=19286 comm="evolution" name="summary~" dev=dm-0 ino=6814465 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794670.312:14504): arch=40000003 syscall=4 success=yes exit=40 a0=2b a1=b219f000 a2=28 a3=28 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794670.312:14504): path="/home/kmacmill/.evolution/mail/imap/kmacmill@pobox-2.corp.redhat.com/folders/INBOX/subfolders/lists/subfolders/fedora-devel/summary~"
+type=AVC msg=audit(1163794670.320:14505): avc: denied { remove_name } for pid=19286 comm="evolution" name="summary~" dev=dm-0 ino=6814465 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=dir
+type=AVC msg=audit(1163794670.320:14505): avc: denied { rename } for pid=19286 comm="evolution" name="summary~" dev=dm-0 ino=6814465 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=AVC msg=audit(1163794670.320:14505): avc: denied { unlink } for pid=19286 comm="evolution" name="summary" dev=dm-0 ino=6812263 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794670.320:14505): arch=40000003 syscall=38 success=yes exit=0 a0=aa35afd0 a1=9269aa8 a2=1dcbd8 a3=8f952f0 items=0 ppid=1 pid=19286 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163794674.004:14506): avc: denied { lock } for pid=19290 comm="evolution" name="Inbox" dev=dm-0 ino=6778778 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=staff_u:object_r:staff_evolution_home_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794674.004:14506): arch=40000003 syscall=221 success=yes exit=0 a0=19 a1=6 a2=b40911fc a3=b40911fc items=0 ppid=1 pid=19290 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794674.004:14506): path="/home/kmacmill/.evolution/mail/local/Inbox"
+type=USER_ACCT msg=audit(1163794801.068:14507): user pid=19295 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163794801.068:14508): login pid=19295 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163794801.072:14509): user pid=19295 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163794801.072:14510): user pid=19295 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163794801.076:14511): avc: denied { execute } for pid=19296 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=AVC msg=audit(1163794801.076:14511): avc: denied { execute_no_trans } for pid=19296 comm="sh" name="sa1" dev=dm-0 ino=12865251 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.076:14511): arch=40000003 syscall=11 success=yes exit=0 a0=93561b0 a1=9356358 a2=9356290 a3=9356008 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sa1" exe="/bin/bash" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794801.076:14511): path="/usr/lib/sa/sa1"
+type=AVC msg=audit(1163794801.080:14512): avc: denied { execute } for pid=19296 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794801.080:14512): avc: denied { execute_no_trans } for pid=19296 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=AVC msg=audit(1163794801.080:14512): avc: denied { read } for pid=19296 comm="sa1" name="sadc" dev=dm-0 ino=12865253 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.080:14512): arch=40000003 syscall=11 success=yes exit=0 a0=9779d48 a1=9779740 a2=9779d60 a3=9779740 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794801.080:14512): path="/usr/lib/sa/sadc"
+type=AVC_PATH msg=audit(1163794801.080:14512): path="/usr/lib/sa/sadc"
+type=AVC msg=audit(1163794801.080:14513): avc: denied { search } for pid=19296 comm="sadc" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
+type=AVC msg=audit(1163794801.080:14513): avc: denied { read } for pid=19296 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.080:14513): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=89747f8 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794801.080:14514): avc: denied { getattr } for pid=19296 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.080:14514): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfd4be78 a2=b16ff4 a3=89747f8 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794801.080:14514): path="/proc/net/dev"
+type=AVC msg=audit(1163794801.080:14515): avc: denied { search } for pid=19296 comm="sadc" name="sa" dev=dm-0 ino=14607631 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794801.080:14515): arch=40000003 syscall=33 success=yes exit=0 a0=bfd4c224 a1=0 a2=bfd4c118 a3=bfd4c120 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794801.080:14516): avc: denied { read append } for pid=19296 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.080:14516): arch=40000003 syscall=5 success=yes exit=3 a0=bfd4c224 a1=402 a2=bfd4c3e8 a3=bfd4c120 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794801.084:14517): avc: denied { search } for pid=19296 comm="sadc" name="fs" dev=proc ino=-268435428 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
+type=AVC msg=audit(1163794801.084:14517): avc: denied { read } for pid=19296 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.084:14517): arch=40000003 syscall=5 success=yes exit=4 a0=80502ef a1=0 a2=1b6 a3=8975348 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794801.084:14518): avc: denied { getattr } for pid=19296 comm="sadc" name="dentry-state" dev=proc ino=-268435230 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.084:14518): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfd4bcd0 a2=b16ff4 a3=8975348 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794801.084:14518): path="/proc/sys/fs/dentry-state"
+type=AVC msg=audit(1163794801.084:14519): avc: denied { search } for pid=19296 comm="sadc" name="rpc" dev=proc ino=-268433616 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163794801.084:14519): arch=40000003 syscall=5 success=no exit=-2 a0=8050215 a1=0 a2=1b6 a3=8975348 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163794801.084:14520): avc: denied { lock } for pid=19296 comm="sadc" name="sa17" dev=dm-0 ino=14600257 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysstat_log_t:s0 tclass=file
+type=SYSCALL msg=audit(1163794801.084:14520): arch=40000003 syscall=143 success=yes exit=0 a0=3 a1=6 a2=bfd4c120 a3=3 items=0 ppid=19295 pid=19296 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163794801.084:14520): path="/var/log/sa/sa17"
+type=CRED_DISP msg=audit(1163794801.096:14521): user pid=19295 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163794801.096:14522): user pid=19295 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163794809.593:14523): avc: denied { write } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794809.593:14523): arch=40000003 syscall=4 success=yes exit=105 a0=4 a1=805c570 a2=69 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794809.593:14523): path="/dev/net/tun"
+type=AVC msg=audit(1163794809.593:14524): avc: denied { read } for pid=15069 comm="vpnc" name="tun" dev=tmpfs ino=1473 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163794809.593:14524): arch=40000003 syscall=3 success=yes exit=52 a0=4 a1=805c5a0 a2=1000 a3=805c5a0 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163794809.593:14524): path="/dev/net/tun"
+type=AVC msg=audit(1163795269.282:14525): avc: denied { send_msg } for pid=19323 comm="evolution" saddr=10.11.14.219 src=37722 daddr=10.11.255.15 dest=993 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163795269.282:14525): arch=40000003 syscall=102 success=yes exit=43 a0=9 a1=b2c8eee0 a2=4932550 a3=0 items=0 ppid=1 pid=19323 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="evolution" exe="/usr/bin/evolution-2.10" subj=staff_u:staff_r:staff_mozilla_t:s0 key=(null)
+type=AVC msg=audit(1163795269.294:14526): avc: denied { recv_msg } for pid=15069 comm="vpnc" saddr=10.11.255.15 src=993 daddr=10.11.14.219 dest=37722 netif=tun0 scontext=staff_u:staff_r:staff_mozilla_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
+type=SYSCALL msg=audit(1163795269.294:14526): arch=40000003 syscall=4 success=yes exit=151 a0=4 a1=805c570 a2=97 a3=bfd587e4 items=0 ppid=15067 pid=15069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="vpnc" exe="/usr/sbin/vpnc" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1163795334.190:14527): avc: denied { search } for pid=19330 comm="open-browser.sh" name="locale" dev=dm-0 ino=10311858 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=AVC msg=audit(1163795334.190:14527): avc: denied { read } for pid=19330 comm="open-browser.sh" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.190:14527): arch=40000003 syscall=5 success=yes exit=3 a0=b72b60 a1=8000 a2=1 a3=bfab8b30 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.194:14528): avc: denied { getattr } for pid=19330 comm="open-browser.sh" name="locale-archive" dev=dm-0 ino=11588566 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.194:14528): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=b8aaa0 a2=b89ff4 a3=bfab8b30 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.194:14528): path="/usr/lib/locale/locale-archive"
+type=AVC msg=audit(1163795334.194:14529): avc: denied { read } for pid=19330 comm="open-browser.sh" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.194:14529): arch=40000003 syscall=5 success=yes exit=3 a0=b71afa a1=0 a2=1b6 a3=8e6aa60 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.194:14530): avc: denied { getattr } for pid=19330 comm="open-browser.sh" name="meminfo" dev=proc ino=-268435454 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.194:14530): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfab6ca8 a2=b89ff4 a3=8e6aa60 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.194:14530): path="/proc/meminfo"
+type=AVC msg=audit(1163795334.194:14531): avc: denied { read } for pid=19330 comm="open-browser.sh" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.194:14531): arch=40000003 syscall=5 success=yes exit=3 a0=b72b3c a1=0 a2=0 a3=bfab8d90 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.194:14532): avc: denied { getattr } for pid=19330 comm="open-browser.sh" name="gconv-modules.cache" dev=dm-0 ino=10386358 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=staff_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.194:14532): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfab8c38 a2=b89ff4 a3=3 items=0 ppid=18600 pid=19330 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="open-browser.sh" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.194:14532): path="/usr/lib/gconv/gconv-modules.cache"
+type=AVC msg=audit(1163795334.210:14533): avc: denied { read } for pid=19332 comm="gnome-open" name="locale.alias" dev=dm-0 ino=10314034 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.210:14533): arch=40000003 syscall=5 success=yes exit=3 a0=40484c a1=8000 a2=1b6 a3=920ec80 items=0 ppid=19331 pid=19332 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.214:14534): avc: denied { search } for pid=19332 comm="gnome-open" name="nscd" dev=dm-0 ino=14436932 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163795334.214:14534): arch=40000003 syscall=102 success=no exit=-2 a0=3 a1=bfe91640 a2=95eff4 a3=3 items=0 ppid=19331 pid=19332 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.214:14535): avc: denied { read } for pid=19332 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163795334.214:14535): arch=40000003 syscall=5 success=yes exit=23 a0=3d4880 a1=8000 a2=1b6 a3=9217be8 items=0 ppid=19331 pid=19332 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.214:14536): avc: denied { getattr } for pid=19332 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163795334.214:14536): arch=40000003 syscall=197 success=yes exit=0 a0=17 a1=bfe918fc a2=95eff4 a3=9217be8 items=0 ppid=19331 pid=19332 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.214:14536): path="/dev/urandom"
+type=AVC msg=audit(1163795334.214:14537): avc: denied { ioctl } for pid=19332 comm="gnome-open" name="urandom" dev=tmpfs ino=1972 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
+type=SYSCALL msg=audit(1163795334.214:14537): arch=40000003 syscall=54 success=no exit=-22 a0=17 a1=5401 a2=bfe9185c a3=bfe9189c items=0 ppid=19331 pid=19332 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-open" exe="/usr/bin/gnome-open" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.214:14537): path="/dev/urandom"
+type=AVC msg=audit(1163795334.306:14538): avc: denied { read } for pid=19337 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.306:14538): arch=40000003 syscall=33 success=yes exit=0 a0=bff70f74 a1=4 a2=da3a64 a3=bff70f74 items=0 ppid=19336 pid=19337 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.306:14539): avc: denied { getattr } for pid=19337 comm="mozilla-xremote" name=".gdm0UWNIT" dev=dm-0 ino=14469400 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.306:14539): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bff6e4ac a2=4a7ff4 a3=9b2aab0 items=0 ppid=19336 pid=19337 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="mozilla-xremote" exe="/usr/lib/firefox-2.0/mozilla-xremote-client" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.306:14539): path="/tmp/.gdm0UWNIT"
+type=AVC msg=audit(1163795334.414:14540): avc: denied { search } for pid=19340 comm="sed" name="locale" dev=dm-0 ino=10311858 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=dir
+type=SYSCALL msg=audit(1163795334.414:14540): arch=40000003 syscall=5 success=yes exit=3 a0=f34b60 a1=8000 a2=1 a3=bf940af0 items=0 ppid=19338 pid=19340 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="sed" exe="/bin/sed" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC msg=audit(1163795334.418:14541): avc: denied { getattr } for pid=19334 comm="firefox" name="en-US.jar" dev=dm-0 ino=10385588 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.418:14541): arch=40000003 syscall=195 success=yes exit=0 a0=87fb608 a1=bf8cb788 a2=6b2ff4 a3=87fbaa0 items=0 ppid=1 pid=19334 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox" exe="/bin/bash" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.418:14541): path="/usr/lib/firefox-2.0/chrome/en-US.jar"
+type=AVC msg=audit(1163795334.418:14542): avc: denied { execute } for pid=19334 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1163795334.418:14542): avc: denied { execute_no_trans } for pid=19334 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=AVC msg=audit(1163795334.418:14542): avc: denied { read } for pid=19334 comm="firefox" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.418:14542): arch=40000003 syscall=11 success=yes exit=0 a0=87fbf10 a1=87fc900 a2=87fbbf8 a3=87fc900 items=0 ppid=1 pid=19334 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.418:14542): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC_PATH msg=audit(1163795334.418:14542): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1163795334.462:14543): avc: denied { getattr } for pid=19334 comm="firefox-bin" name="firefox-bin" dev=dm-0 ino=10379247 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:mozilla_exec_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795334.462:14543): arch=40000003 syscall=196 success=yes exit=0 a0=bfb12748 a1=bfb1223c a2=f10ff4 a3=bfb14750 items=0 ppid=1 pid=19334 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0/firefox-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795334.462:14543): path="/usr/lib/firefox-2.0/firefox-bin"
+type=AVC msg=audit(1163795338.318:14544): avc: denied { getattr } for pid=18600 comm="thunderbird-bin" name="localtime" dev=dm-0 ino=9331954 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795338.318:14544): arch=40000003 syscall=195 success=yes exit=0 a0=10fb5e0 a1=bfc60370 a2=1113ff4 a3=0 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=AVC_PATH msg=audit(1163795338.318:14544): path="/etc/localtime"
+type=AVC msg=audit(1163795354.383:14545): avc: denied { read } for pid=18600 comm="thunderbird-bin" name="en-US.jar" dev=dm-0 ino=10737661 scontext=staff_u:staff_r:staff_thunderbird_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795354.383:14545): arch=40000003 syscall=5 success=yes exit=56 a0=a015638 a1=8000 a2=0 a3=8000 items=0 ppid=18595 pid=18600 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="thunderbird-bin" exe="/usr/lib/thunderbird-1.5.0.7/thunderbird-bin" subj=staff_u:staff_r:staff_thunderbird_t:s0 key=(null)
+type=USER_ACCT msg=audit(1163795401.162:14546): user pid=19347 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=LOGIN msg=audit(1163795401.162:14547): login pid=19347 uid=0 old auid=4294967295 new auid=0
+type=USER_START msg=audit(1163795401.162:14548): user pid=19347 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=CRED_ACQ msg=audit(1163795401.162:14549): user pid=19347 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=AVC msg=audit(1163795401.170:14550): avc: denied { read } for pid=19348 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795401.170:14550): arch=40000003 syscall=5 success=yes exit=3 a0=80502e1 a1=0 a2=1b6 a3=90c57f8 items=0 ppid=19347 pid=19348 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC msg=audit(1163795401.170:14551): avc: denied { getattr } for pid=19348 comm="sadc" name="dev" dev=proc ino=-268434164 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
+type=SYSCALL msg=audit(1163795401.170:14551): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfa14b38 a2=3baff4 a3=90c57f8 items=0 ppid=19347 pid=19348 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="sadc" exe="/usr/lib/sa/sadc" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)
+type=AVC_PATH msg=audit(1163795401.170:14551): path="/proc/net/dev"
+type=CRED_DISP msg=audit(1163795401.178:14552): user pid=19347 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
+type=USER_END msg=audit(1163795401.182:14553): user pid=19347 uid=0 auid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session close acct=root : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
diff --git a/sepolgen/tests/test_data/short.log b/sepolgen/tests/test_data/short.log
new file mode 100644
index 0000000..723f9ca
--- /dev/null
+++ b/sepolgen/tests/test_data/short.log
@@ -0,0 +1,15 @@
+type=AVC msg=audit(1162850331.422:978): avc: denied { ioctl } for pid=6314 comm="pam_timestamp_c" name="[96391]" dev=pipefs ino=96391 scontext=staff_u:staff_r:pam_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
+type=SYSCALL msg=audit(1162850331.422:978): arch=40000003 syscall=54 success=no exit=-22 a0=2 a1=5401 a2=bfb6479c a3=bfb647dc items=0 ppid=6311 pid=6314 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="pam_timestamp_c" exe="/sbin/pam_timestamp_check" subj=staff_u:staff_r:pam_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850331.422:978): path="pipe:[96391]"
+type=AVC msg=audit(1162850332.318:979): avc: denied { read } for pid=6306 comm="beagled" name=".gdmDOM7HT" dev=dm-0 ino=14469552 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850332.318:979): arch=40000003 syscall=33 success=yes exit=0 a0=bfdb2fde a1=4 a2=4db18a64 a3=bfdb2fde items=0 ppid=1 pid=6306 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850333.186:980): avc: denied { read } for pid=6306 comm="beagled" name="max_user_instances" dev=proc ino=-268435218 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850333.186:980): arch=40000003 syscall=5 success=yes exit=24 a0=11833c a1=0 a2=1 a3=8aeffb8 items=0 ppid=1 pid=6306 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="beagled" exe="/usr/bin/mono" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850335.022:981): avc: denied { read write } for pid=6336 comm="clock-applet" name="bonobo-activation-register.lock" dev=dm-0 ino=5434689 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850335.022:981): arch=40000003 syscall=5 success=yes exit=13 a0=9c0e840 a1=42 a2=1c0 a3=9c0e840 items=0 ppid=1 pid=6336 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clock-applet" exe="/usr/libexec/clock-applet" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC msg=audit(1162850335.022:982): avc: denied { lock } for pid=6336 comm="clock-applet" name="bonobo-activation-register.lock" dev=dm-0 ino=5434689 scontext=staff_u:staff_r:staff_t:s0 tcontext=user_u:object_r:user_tmp_t:s0 tclass=file
+type=SYSCALL msg=audit(1162850335.022:982): arch=40000003 syscall=221 success=yes exit=0 a0=d a1=7 a2=bf991e3c a3=bf991e3c items=0 ppid=1 pid=6336 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="clock-applet" exe="/usr/libexec/clock-applet" subj=staff_u:staff_r:staff_t:s0 key=(null)
+type=AVC_PATH msg=audit(1162850335.022:982): path="/tmp/orbit-kmacmill/bonobo-activation-register.lock"
+type=USER_AUTH msg=audit(1162850343.419:983): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: authentication acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=USER_ACCT msg=audit(1162850343.419:984): user pid=6377 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
+type=AVC msg=audit(1162850343.419:985): avc: denied { search } for pid=6377 comm="su" name="root" dev=dm-0 ino=13127137 scontext=staff_u:staff_r:staff_su_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir
diff --git a/sepolgen/tests/test_interfaces.py b/sepolgen/tests/test_interfaces.py
new file mode 100644
index 0000000..674ccb9
--- /dev/null
+++ b/sepolgen/tests/test_interfaces.py
@@ -0,0 +1,282 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.access as access
+import sepolgen.interfaces as interfaces
+import sepolgen.policygen as policygen
+import sepolgen.refparser as refparser
+import sepolgen.refpolicy as refpolicy
+
+class TestParam(unittest.TestCase):
+ def test(self):
+ p = interfaces.Param()
+ p.name = "$1"
+ self.assertEqual(p.name, "$1")
+ self.assertRaises(ValueError, p.set_name, "$N")
+ self.assertEqual(p.num, 1)
+ self.assertEqual(p.type, refpolicy.SRC_TYPE)
+
+class TestAVExtractPerms(unittest.TestCase):
+ def test(self):
+ av = access.AccessVector(['foo', 'bar', 'file', 'read'])
+ params = { }
+ ret = interfaces.av_extract_params(av, params)
+ self.assertEqual(ret, 0)
+ self.assertEqual(params, { })
+
+ av.src_type = "$1"
+ ret = interfaces.av_extract_params(av, params)
+ self.assertEqual(ret, 0)
+ p = params["$1"]
+ self.assertEqual(p.name, "$1")
+ self.assertEqual(p.type, refpolicy.SRC_TYPE)
+ self.assertEqual(p.obj_classes, refpolicy.IdSet(["file"]))
+
+ params = { }
+ av.tgt_type = "$1"
+ av.obj_class = "process"
+ ret = interfaces.av_extract_params(av, params)
+ self.assertEqual(ret, 0)
+ p = params["$1"]
+ self.assertEqual(p.name, "$1")
+ self.assertEqual(p.type, refpolicy.SRC_TYPE)
+ self.assertEqual(p.obj_classes, refpolicy.IdSet(["process"]))
+
+ params = { }
+ av.tgt_type = "$1"
+ av.obj_class = "dir"
+ ret = interfaces.av_extract_params(av, params)
+ self.assertEqual(ret, 1)
+ p = params["$1"]
+ self.assertEqual(p.name, "$1")
+ self.assertEqual(p.type, refpolicy.SRC_TYPE)
+ self.assertEqual(p.obj_classes, refpolicy.IdSet(["dir"]))
+
+ av.src_type = "bar"
+ av.tgt_type = "$2"
+ av.obj_class = "dir"
+ ret = interfaces.av_extract_params(av, params)
+ self.assertEqual(ret, 0)
+ p = params["$2"]
+ self.assertEqual(p.name, "$2")
+ self.assertEqual(p.type, refpolicy.TGT_TYPE)
+ self.assertEqual(p.obj_classes, refpolicy.IdSet(["dir"]))
+
+interface_example = """
+interface(`files_search_usr',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir search;
+ allow { domain $1 } { usr_t usr_home_t } : { file dir } { read write getattr };
+ typeattribute $1 file_type;
+
+ if (foo) {
+ allow $1 foo : bar baz;
+ }
+
+ if (bar) {
+ allow $1 foo : bar baz;
+ } else {
+ allow $1 foo : bar baz;
+ }
+')
+
+interface(`files_list_usr',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir { read getattr };
+
+ optional_policy(`
+ search_usr($1)
+ ')
+
+ tunable_policy(`foo',`
+ whatever($1)
+ ')
+
+')
+
+interface(`files_exec_usr_files',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir read;
+ allow $1 usr_t:lnk_file { read getattr };
+ can_exec($1,usr_t)
+ can_foo($1)
+
+')
+"""
+
+simple_interface = """
+interface(`foo',`
+ gen_require(`
+ type usr_t;
+ ')
+ allow $1 usr_t : dir { create add_name };
+ allow $1 usr_t : file { read write };
+')
+"""
+
+test_expansion = """
+interface(`foo',`
+ gen_require(`
+ type usr_t;
+ ')
+ allow $1 usr_t : dir { create add_name };
+ allow $1 usr_t : file { read write };
+')
+
+interface(`map', `
+ gen_require(`
+ type bar_t;
+ ')
+ allow $1 bar_t : file read;
+ allow $2 bar_t : file write;
+
+ foo($2)
+')
+
+interface(`hard_map', `
+ gen_require(`
+ type baz_t;
+ ')
+ allow $1 baz_t : file getattr;
+ allow $2 baz_t : file read;
+ allow $3 baz_t : file write;
+
+ map($1, $2)
+ map($2, $3)
+
+ # This should have no effect
+ foo($2)
+')
+"""
+
+def compare_avsets(l, avs_b):
+ avs_a = access.AccessVectorSet()
+ avs_a.from_list(l)
+
+ a = list(avs_a)
+ b = list(avs_b)
+
+ a.sort()
+ b.sort()
+
+ if len(a) != len(b):
+ return False
+
+
+ for av_a, av_b in zip(a, b):
+ if av_a != av_b:
+ return False
+
+ return True
+
+
+class TestInterfaceSet(unittest.TestCase):
+ def test_simple(self):
+ h = refparser.parse(simple_interface)
+ i = interfaces.InterfaceSet()
+ i.add_headers(h)
+
+ self.assertEquals(len(i.interfaces), 1)
+ for key, interface in i.interfaces.items():
+ self.assertEquals(key, interface.name)
+ self.assertEquals(key, "foo")
+ self.assertEquals(len(interface.access), 2)
+
+ # Check the access vectors
+ comp_avs = [["$1", "usr_t", "dir", "create", "add_name"],
+ ["$1", "usr_t", "file", "read", "write"]]
+ ret = compare_avsets(comp_avs, interface.access)
+ self.assertTrue(ret)
+
+ # Check the params
+ self.assertEquals(len(interface.params), 1)
+ for param in interface.params.values():
+ self.assertEquals(param.type, refpolicy.SRC_TYPE)
+ self.assertEquals(param.name, "$1")
+ self.assertEquals(param.num, 1)
+ self.assertEquals(param.required, True)
+
+ def test_expansion(self):
+ h = refparser.parse(test_expansion)
+ i = interfaces.InterfaceSet()
+ i.add_headers(h)
+
+ self.assertEquals(len(i.interfaces), 3)
+ for key, interface in i.interfaces.items():
+ self.assertEquals(key, interface.name)
+ if key == "foo":
+ comp_avs = [["$1", "usr_t", "dir", "create", "add_name"],
+ ["$1", "usr_t", "file", "read", "write"]]
+ self.assertTrue(compare_avsets(comp_avs, interface.access))
+ elif key == "map":
+ comp_avs = [["$2", "usr_t", "dir", "create", "add_name"],
+ ["$2", "usr_t", "file", "read", "write"],
+ ["$1", "bar_t", "file", "read"],
+ ["$2", "bar_t", "file", "write"]]
+ self.assertTrue(compare_avsets(comp_avs, interface.access))
+ elif key == "hard_map":
+ comp_avs = [["$1", "baz_t", "file", "getattr"],
+ ["$2", "baz_t", "file", "read"],
+ ["$3", "baz_t", "file", "write"],
+
+ ["$2", "usr_t", "dir", "create", "add_name"],
+ ["$2", "usr_t", "file", "read", "write"],
+ ["$1", "bar_t", "file", "read"],
+ ["$2", "bar_t", "file", "write"],
+
+ ["$3", "usr_t", "dir", "create", "add_name"],
+ ["$3", "usr_t", "file", "read", "write"],
+ ["$2", "bar_t", "file", "read"],
+ ["$3", "bar_t", "file", "write"]]
+ self.assertTrue(compare_avsets(comp_avs, interface.access))
+
+
+ def test_export(self):
+ h = refparser.parse(interface_example)
+ i = interfaces.InterfaceSet()
+ i.add_headers(h)
+ f = open("output", "w")
+ i.to_file(f)
+ f.close()
+
+ i2 = interfaces.InterfaceSet()
+ f = open("output")
+ i2.from_file(f)
+ if_status = [False, False, False]
+ for ifv in i2.interfaces.values():
+ if ifv.name == "files_search_usr":
+ if_status[0] = True
+ if ifv.name == "files_list_usr":
+ if_status[1] = True
+ if ifv.name == "files_exec_usr_files":
+ if_status[2] = True
+
+ self.assertEquals(if_status[0], True)
+ self.assertEquals(if_status[1], True)
+ self.assertEquals(if_status[2], True)
diff --git a/sepolgen/tests/test_matching.py b/sepolgen/tests/test_matching.py
new file mode 100644
index 0000000..63e89ed
--- /dev/null
+++ b/sepolgen/tests/test_matching.py
@@ -0,0 +1,144 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.matching as matching
+import sepolgen.refparser as refparser
+import sepolgen.interfaces as interfaces
+import sepolgen.access as access
+
+class TestMatch(unittest.TestCase):
+ def test(self):
+ a = matching.Match()
+ a.dist = 100
+ a.info_dir_change = True
+
+ b = matching.Match()
+ b.dist = 100
+ b.info_dir_change = True
+
+ self.assertEquals(a, b)
+ b.info_dir_change = False
+ self.assertEquals(cmp(a, b), 1)
+ self.assertEquals(cmp(b, a), -1)
+
+ b.dist = 200
+
+ self.assertEquals(cmp(a, b), -1)
+ self.assertEquals(cmp(b, a), 1)
+
+class TestMatchList(unittest.TestCase):
+ def test_append(self):
+ ml = matching.MatchList()
+ ml.threshold = 100
+
+ a = matching.Match()
+ a.dist = 100
+ ml.append(a)
+ self.assertEqual(len(ml), 1)
+
+ a = matching.Match()
+ a.dist = 200
+ ml.append(a)
+ self.assertEqual(len(ml), 1)
+ self.assertEqual(len(ml.bastards), 1)
+
+ ml.allow_info_dir_change = False
+ a = matching.Match()
+ a.dist = 0
+ a.info_dir_change = True
+ ml.append(a)
+ self.assertEqual(len(ml), 1)
+ self.assertEqual(len(ml.bastards), 2)
+
+ def test_sort(self):
+ ml = matching.MatchList()
+ ml.threshold = 100
+
+ a = matching.Match()
+ a.dist = 100
+ ml.append(a)
+
+ b = matching.Match()
+ b.dist = 5
+ ml.append(b)
+
+ c = matching.Match()
+ c.dist = 0
+ ml.append(c)
+
+ l = [c, b, a]
+
+ ml.sort()
+
+ for x, y in zip(l, ml):
+ self.assertEqual(x, y)
+
+ self.assertEquals(ml.best(), c)
+
+
+test_expansion = """
+interface(`foo',`
+ gen_require(`
+ type usr_t;
+ ')
+ allow $1 usr_t : dir { create add_name };
+ allow $1 usr_t : file { read write };
+')
+
+interface(`map', `
+ gen_require(`
+ type bar_t;
+ ')
+ allow $1 bar_t : file read;
+ allow $2 bar_t : file write;
+
+ foo($2)
+')
+
+interface(`hard_map', `
+ gen_require(`
+ type baz_t;
+ ')
+ allow $1 baz_t : file getattr;
+ allow $2 baz_t : file read;
+ allow $3 baz_t : file write;
+
+ map($1, $2)
+ map($2, $3)
+
+ # This should have no effect
+ foo($2)
+')
+"""
+
+class AccessMatcher(unittest.TestCase):
+ def test_search(self):
+ h = refparser.parse(test_expansion)
+ i = interfaces.InterfaceSet()
+ i.add_headers(h)
+
+ a = access.AccessVector(["foo_t", "usr_t", "dir", "create"])
+ m = matching.AccessMatcher()
+ ml = matching.MatchList()
+
+ ans = m.search_ifs(i, a, ml)
+
+
+ pass
diff --git a/sepolgen/tests/test_module.py b/sepolgen/tests/test_module.py
new file mode 100644
index 0000000..94fb428
--- /dev/null
+++ b/sepolgen/tests/test_module.py
@@ -0,0 +1,35 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.module as module
+import os
+
+class TestModuleCompiler(unittest.TestCase):
+ def test(self):
+ package = "module_compile_test.pp"
+ mc = module.ModuleCompiler()
+ mc.create_module_package("module_compile_test.te", refpolicy=True)
+ os.stat(package)
+ os.unlink(package)
+
+ mc.refpolicy = True
+ mc.create_module_package("module_compile_test.te", refpolicy=False)
+ os.stat(package)
+ os.unlink(package)
diff --git a/sepolgen/tests/test_objectmodel.py b/sepolgen/tests/test_objectmodel.py
new file mode 100644
index 0000000..3db241c
--- /dev/null
+++ b/sepolgen/tests/test_objectmodel.py
@@ -0,0 +1,44 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.objectmodel
+
+class TestInfoFlow(unittest.TestCase):
+ def test_from_file(self):
+ info = sepolgen.objectmodel.PermMappings()
+ fd = open("perm_map")
+ info.from_file(fd)
+
+ pm = info.get("filesystem", "mount")
+ self.assertEquals(pm.perm, "mount")
+ self.assertEquals(pm.dir, sepolgen.objectmodel.FLOW_WRITE)
+ self.assertEquals(pm.weight, 1)
+
+ self.assertRaises(KeyError, info.get, "filesystem", "foo")
+
+ pm = info.getdefault("filesystem", "foo")
+ self.assertEquals(pm.perm, "foo")
+ self.assertEquals(pm.dir, sepolgen.objectmodel.FLOW_BOTH)
+ self.assertEquals(pm.weight, 5)
+
+ pm = info.getdefault("foo", "bar")
+ self.assertEquals(pm.perm, "bar")
+ self.assertEquals(pm.dir, sepolgen.objectmodel.FLOW_BOTH)
+ self.assertEquals(pm.weight, 5)
diff --git a/sepolgen/tests/test_policygen.py b/sepolgen/tests/test_policygen.py
new file mode 100644
index 0000000..58d1adf
--- /dev/null
+++ b/sepolgen/tests/test_policygen.py
@@ -0,0 +1,31 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.policygen as policygen
+
+class PolicyGenerator(unittest.TestCase):
+ def __init__(self):
+ g = policygen.PolicyGenerator()
+
+
+
+
+
+
diff --git a/sepolgen/tests/test_refparser.py b/sepolgen/tests/test_refparser.py
new file mode 100644
index 0000000..c5f7278
--- /dev/null
+++ b/sepolgen/tests/test_refparser.py
@@ -0,0 +1,120 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.refparser as refparser
+import sepolgen.refpolicy as refpolicy
+
+interface_example = """########################################
+## <summary>
+## Search the content of /etc.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_search_usr',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir search;
+ allow { domain $1 } { usr_t usr_home_t } : { file dir } { read write getattr };
+ typeattribute $1 file_type;
+
+ if (foo) {
+ allow $1 foo : bar baz;
+ }
+
+ if (bar) {
+ allow $1 foo : bar baz;
+ } else {
+ allow $1 foo : bar baz;
+ }
+')
+
+########################################
+## <summary>
+## List the contents of generic
+## directories in /usr.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_list_usr',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir { read getattr };
+
+ optional_policy(`
+ search_usr($1)
+ ')
+
+ tunable_policy(`foo',`
+ whatever($1)
+ ')
+
+')
+
+########################################
+## <summary>
+## Execute generic programs in /usr in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_exec_usr_files',`
+ gen_require(`
+ type usr_t;
+ ')
+
+ allow $1 usr_t:dir read;
+ allow $1 usr_t:lnk_file { read getattr };
+ can_exec($1,usr_t)
+ can_foo($1)
+
+')
+"""
+
+class TestParser(unittest.TestCase):
+ def test_interface_parsing(self):
+ h = refparser.parse(interface_example)
+ #print ""
+ #refpolicy.print_tree(h)
+ #self.assertEquals(len(h.interfaces), 3)
+
+ name = "files_search_usr"
+ #i = h.interfaces[name]
+ #self.assertEquals(i.name, name)
+ #self.assertEquals(len(i.rules), 1)
+ #rule = i.rules[0]
+ #self.assertTrue(isinstance(rule, refpolicy.AVRule))
+
+
+
diff --git a/sepolgen/tests/test_refpolicy.py b/sepolgen/tests/test_refpolicy.py
new file mode 100644
index 0000000..8c87189
--- /dev/null
+++ b/sepolgen/tests/test_refpolicy.py
@@ -0,0 +1,168 @@
+# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+#
+# Copyright (C) 2006 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import unittest
+import sepolgen.refpolicy as refpolicy
+import selinux
+
+class TestIdSet(unittest.TestCase):
+ def test_set_to_str(self):
+ s = refpolicy.IdSet(["read", "write", "getattr"])
+ self.assertEquals(s.to_space_str(), "{ read write getattr }")
+ s = refpolicy.IdSet()
+ s.add("read")
+ self.assertEquals(s.to_space_str(), "read")
+
+class TestSecurityContext(unittest.TestCase):
+ def test_init(self):
+ sc = refpolicy.SecurityContext()
+ sc = refpolicy.SecurityContext("user_u:object_r:foo_t")
+
+ def test_from_string(self):
+ context = "user_u:object_r:foo_t"
+ sc = refpolicy.SecurityContext()
+ sc.from_string(context)
+ self.assertEquals(sc.user, "user_u")
+ self.assertEquals(sc.role, "object_r")
+ self.assertEquals(sc.type, "foo_t")
+ self.assertEquals(sc.level, None)
+ if selinux.is_selinux_mls_enabled():
+ self.assertEquals(str(sc), context + ":s0")
+ else:
+ self.assertEquals(str(sc), context)
+ self.assertEquals(sc.to_string(default_level="s1"), context + ":s1")
+
+ context = "user_u:object_r:foo_t:s0-s0:c0-c255"
+ sc = refpolicy.SecurityContext()
+ sc.from_string(context)
+ self.assertEquals(sc.user, "user_u")
+ self.assertEquals(sc.role, "object_r")
+ self.assertEquals(sc.type, "foo_t")
+ self.assertEquals(sc.level, "s0-s0:c0-c255")
+ self.assertEquals(str(sc), context)
+ self.assertEquals(sc.to_string(), context)
+
+ sc = refpolicy.SecurityContext()
+ self.assertRaises(ValueError, sc.from_string, "abc")
+
+ def test_equal(self):
+ sc1 = refpolicy.SecurityContext("user_u:object_r:foo_t")
+ sc2 = refpolicy.SecurityContext("user_u:object_r:foo_t")
+ sc3 = refpolicy.SecurityContext("user_u:object_r:foo_t:s0")
+ sc4 = refpolicy.SecurityContext("user_u:object_r:bar_t")
+
+ self.assertEquals(sc1, sc2)
+ self.assertNotEquals(sc1, sc3)
+ self.assertNotEquals(sc1, sc4)
+
+class TestObjecClass(unittest.TestCase):
+ def test_init(self):
+ o = refpolicy.ObjectClass(name="file")
+ self.assertEquals(o.name, "file")
+ self.assertTrue(isinstance(o.perms, set))
+
+class TestAVRule(unittest.TestCase):
+ def test_init(self):
+ a = refpolicy.AVRule()
+ self.assertEquals(a.rule_type, a.ALLOW)
+ self.assertTrue(isinstance(a.src_types, set))
+ self.assertTrue(isinstance(a.tgt_types, set))
+ self.assertTrue(isinstance(a.obj_classes, set))
+ self.assertTrue(isinstance(a.perms, set))
+
+ def test_to_string(self):
+ a = refpolicy.AVRule()
+ a.src_types.add("foo_t")
+ a.tgt_types.add("bar_t")
+ a.obj_classes.add("file")
+ a.perms.add("read")
+ self.assertEquals(a.to_string(), "allow foo_t bar_t:file read;")
+
+ a.rule_type = a.DONTAUDIT
+ a.src_types.add("user_t")
+ a.tgt_types.add("user_home_t")
+ a.obj_classes.add("lnk_file")
+ a.perms.add("write")
+ # This test might need to go because set ordering is not guaranteed
+ self.assertEquals(a.to_string(),
+ "dontaudit { foo_t user_t } { user_home_t bar_t }:{ lnk_file file } { read write };")
+
+class TestTypeRule(unittest.TestCase):
+ def test_init(self):
+ a = refpolicy.TypeRule()
+ self.assertEquals(a.rule_type, a.TYPE_TRANSITION)
+ self.assertTrue(isinstance(a.src_types, set))
+ self.assertTrue(isinstance(a.tgt_types, set))
+ self.assertTrue(isinstance(a.obj_classes, set))
+ self.assertEquals(a.dest_type, "")
+
+ def test_to_string(self):
+ a = refpolicy.TypeRule()
+ a.src_types.add("foo_t")
+ a.tgt_types.add("bar_exec_t")
+ a.obj_classes.add("process")
+ a.dest_type = "bar_t"
+ self.assertEquals(a.to_string(), "type_transition foo_t bar_exec_t:process bar_t;")
+
+
+class TestParseNode(unittest.TestCase):
+ def test_walktree(self):
+ # Construct a small tree
+ h = refpolicy.Headers()
+ a = refpolicy.AVRule()
+ a.src_types.add("foo_t")
+ a.tgt_types.add("bar_t")
+ a.obj_classes.add("file")
+ a.perms.add("read")
+
+ ifcall = refpolicy.InterfaceCall(ifname="allow_foobar")
+ ifcall.args.append("foo_t")
+ ifcall.args.append("{ file dir }")
+
+ i = refpolicy.Interface(name="foo")
+ i.children.append(a)
+ i.children.append(ifcall)
+ h.children.append(i)
+
+ a = refpolicy.AVRule()
+ a.rule_type = a.DONTAUDIT
+ a.src_types.add("user_t")
+ a.tgt_types.add("user_home_t")
+ a.obj_classes.add("lnk_file")
+ a.perms.add("write")
+ i = refpolicy.Interface(name="bar")
+ i.children.append(a)
+ h.children.append(i)
+
+class TestHeaders(unittest.TestCase):
+ def test_iter(self):
+ h = refpolicy.Headers()
+ h.children.append(refpolicy.Interface(name="foo"))
+ h.children.append(refpolicy.Interface(name="bar"))
+ h.children.append(refpolicy.ClassMap("file", "read write"))
+ i = 0
+ for node in h:
+ i += 1
+ self.assertEqual(i, 3)
+
+ i = 0
+ for node in h.interfaces():
+ i += 1
+ self.assertEqual(i, 2)
+
